Tag: privacy

Government Control of Language and Other Protocols

It might be tempting to laugh at France’s ban on words like “Facebook” and Twitter” in the media. France’s Conseil Supérieur de l’Audiovisuel recently ruled that specific references to these sites (in stories not about them) would violate a 1992 law banning “secret” advertising. The council was created in 1989 to ensure fairness in French audiovisual communications, such as in allocation of television time to political candidates, and to protect children from some types of programming.

Sure, laugh at the French. But not for too long. The United States has similarly busy-bodied regulators, who, for example, have primly regulated such advertising themselves. American regulators carefully oversee non-secret advertising, too. Our government nannies equal the French in usurping parents’ decisions about children’s access to media. And the Federal Communications Commission endlessly plays footsie with speech regulation.

In the United States, banning words seems too blatant an affront to our First Amendment, but the United States has a fairly lively “English only” movement. Somehow, regulating an entire communications protocol doesn’t have the same censorious stink.

So it is that our Federal Communications Commission asserts a right to regulate the delivery of Internet service. The protocols on which the Internet runs are communications protocols, remember. Withdraw private control of them and you’ve got a more thoroughgoing and insidious form of speech control: it may look like speech rights remain with the people, but government controls the medium over which the speech travels.

The government has sought to control protocols in the past and will continue to do so in the future. The “crypto wars,” in which government tried to control secure communications protocols, merely presage struggles of the future. Perhaps the next battle will be over BitCoin, an online currency that is resistant to surveillance and confiscation. In BitCoin, communications and value transfer are melded together. To protect us from the scourge of illegal drugs and the recently manufactured crime of “money laundering,” governments will almost certainly seek to bar us from trading with one another and transferring our wealth securely and privately.

So laugh at France. But don’t laugh too hard. Leave the smugness to them.

House Approps Strips TSA of Strip-Search Funds

The fiscal 2012 Department of Homeland Security spending bill is starting to make its way through the process, and the House Appropriations Committee said in a release today that “the bill does not provide $76 million requested by the President for 275 additional advanced inspection technology (AIT) scanners nor the 535 staff requested to operate them.”

If the House committee’s approach carries the day, there won’t be 275 more strip-search machines in our nation’s airports. No word on whether the committee will defund the operations of existing strip-search machines.

Saving money and reducing privacy invasion? Sounds like a win-win.

Want Privacy? We Start by Blinding You!

As I noted earlier, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law held a hearing this morning entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.” In it, Sentor Richard Blumenthal (D-CT) engaged in a fascinating colloquy with Google’s Alan Davidson.

Blumenthal pursued Davidson about the year-old incident in which Google’s Street View cars collected data on the location of WiFi nodes and mistakenly gathered snippets of “payload data”—that is, the data traveling over open WiFi networks in the moments when their Street View cars were passing by.

Some payload data may have contained personal information including passwords. Google has meekly been working with data protection authorities around the world since then, hoping once and for all to delete this unneeded and unwanted data.

Blumenthal was prosecutorial in tone, but made a classic prosecutor’s error: He asked questions to which he didn’t know the answers.

Isn’t “payload data” extremely valuable for mapping WiFi networks?, queried Senator Blumenthal.

Davidson’s answer, and the consensus of panelists: Ummmm, no, not really.

(If you were to map pay phones, it wouldn’t matter whether people were talking on them, either, or what they were saying.)

Despite looking foolish, Senator Blumenthal persisted, asking Davidson whether collecting “payload data” should be illegal. Davidson demurred, but it’s a fascinating question.

Should it be against the law to collect data from open WiFi networks? That is, to observe radio signals passing your location on a public street? Should the government determine when you can collect radio signals, or what bands of the radio spectrum you may observe? What should you be allowed to do with information carried on a radio signal that you inadvertently capture?

If the government should have this power, the same logic would support making it illegal to collect photons that arrive at your eyes or that enter your camera lens. The government might proscribe collecting sound waves that come to your ears or microphone.

Laws against observing the world around you would certainly protect privacy! Let the government blind us all, and privacy will flourish. But this is not privacy protection anyone should want.

To understand privacy, you have to understand a little physics. As I said in an earlier comment on Google’s collection of open WiFi data:

Given the way radio works, and the common security/privacy response—encryption—it’s hard to characterize data sent in the clear as private. The people operating them may have wanted their communications to be private. They may have thought their communications were private. But they were sending out their communications in the clear, by radio—like a little radio station broadcasting to anyone in range.

Trying to protect privacy in unencrypted radio broadcasts (like public displays or publically made sounds) is like trying to reverse the flow of a river—it’s a huge engineering project. Senator Blumenthal would start to protect your privacy by blinding you to the world around you. Then narrow exceptions would determine what radio signals, lights, and sounds you are allowed to observe…

Want Privacy? Increase Government Surveillance!

This morning, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law had a hearing entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.”

Among the witnesses was Deputy Assistant Attorney General Jason Weinstein from the Department of Justice’s Criminal Division. Weinstein made a gallingly Orwellian pitch: If you want privacy protection, increase government surveillance.

From his written statement:

ISPs may choose not to store IP records, may adopt a network architecture that frustrates their ability to track IP assignments and network transactions back to a specific account or device, or may store records for only a very short period of time. In many cases, these records are the only evidence that allows us to investigate and assign culpability for crimes committed on the Internet. In 2006, forty-nine Attorneys General wrote to Congress to express “grave concern” about “the problem of insufficient data retention policies by Internet Service Providers.”

Without more customer data retention by ISPs, and without greater government access to this data, the government won’t be able to prosecute crimes, some of which threaten privacy, Weinstein said in his spoken comments.

So there you have it. Turn more data over to the government so we can protect your privacy. War is peace. Freedom is slavery.

Record Number of Americans Targeted by National Security Letters

The latest report to Congress on the Justice Department’s use of foreign intelligence surveillance powers has just been released, and it shows a truly stunning increase in the number of Americans whose sensitive phone, Internet, and banking records were obtained by the FBI — without judicial oversight — pursuant to National Security Letters. In 2009, a total of 14,788 NSL requests were issued targeting U.S. persons — a number that excludes requests for “basic subscriber information” as opposed to phone or e-mail logs — and 6,114 different Americans were affected by those demands for information. In 2010, the number of NSL requests targeting Americans rose to 24,287.

What’s really shocking, however, is the number of people affected. A whopping 14,212 American citizens and permanent residents had records of their financial, telephone, and online activity seized last year.  The previous record, set in 2005, was 9,475. Were you one of those 14,212? If so, what did the FBI get? Thanks to the gag orders that come with NSLs, you will almost certainly never get to find out. But even if the Bureau decides there’s no reason to continue investigating you, whatever data they obtained — lists of phone numbers, credit card purchases, financial transactions, e-mail correspondents, or IP addresses visited — are likely to remain in a massive government database indefinitely

This pattern suggests that the Bureau is doing broader but shallower investigation — sweeping more people into the information vacuum, but issuing fewer requests per person, presumably because the results of the initial request provide few grounds for further scrutiny.  Needless to say, the overwhelming majority of those people are not terrorists — and, indeed, are probably guilty of nothing more than a second- or third-degree connection to the subject of an investigation. Remember, as expiring Patriot Act provisions come up for reauthorization at the end of this month: These tools are fundamentally not about spying on terrorists. The government has always had ample power to do that. They’re about authority to spy on the innocent.

The ‘Privacy Bill of Rights’ Is in the Bill of Rights

Every lover of liberty and the Constitution should be offended by the moniker “Privacy Bill of Rights” appended to regulatory legislation Senators John Kerry (D-MA) and John McCain (R-AZ) introduced yesterday. As C|Net’s Declan McCullagh points out, the legislation exempts the federal government and law enforcement:

[T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.

The real “Privacy Bill of Rights” is in the Bill of Rights. It’s the Fourth Amendment.

It takes a lot of gall to put the moniker “Privacy Bill of Rights” on legislation that reduces liberty in the information economy while the Fourth Amendment remains tattered and threadbare. Nevermind “reasonable expectations”: the people’s right to be secure against unreasonable searches and seizures is worn down to the nub.

Senators Kerry and McCain should look into the privacy consequences of the Internal Revenue Code. How is privacy going to fare under Obamacare? How is the Department of Homeland Security doing with its privacy efforts? What is an “administrative search”?

McCullagh was good enough to quote yours truly on the new effort from Sens. Kerry and McCain: “If they want to lead on the privacy issue, they’ll lead by getting the federal government’s house in order.”

Surveillance, San Francisco-Style

San Francisco’s Entertainment Commission will soon be considering a jaw-dropping attack on privacy and free assembly. Here are some of the rules the Commission may adopt for any gathering of people expected to reach 100 or more:

3. All occupants of the premises shall be ID Scanned (including patrons, promoters, and performers, etc.). ID scanning data shall be maintained on a data storage system for no less than 15 days and shall be made available to local law enforcement upon request.

4. High visibility cameras shall be located at each entrance and exit point of the premises. Said cameras shall maintain a recorded data base for no less than fifteen (15 days) and made available to local law enforcement upon request.

Would you recognize a police state if you lived in one? How about a police city? The First Amendment right to peaceably assemble takes a big step back when your identity data and appearance are captured for law enforcement to use at whim simply because you showed up. (ht: PrivacyActivism.org)