Monthly Archives: February 2014

New Privacy Paper: Mass Surveillance as Privacy Pollution

Posted on February 24, 2014 by Michael Froomkin

I just uploaded a draft of my new paper, Regulating Mass Surveillance as Privacy Pollution: Learning from Environmental Impact Statements to SSRN. Be the first on your block to read it!

US law has remarkably little to say about mass surveillance in public, a failure which has allowed the surveillance to grow at an alarming rate – a rate that is only set to increase. This article proposes ‘Privacy Impact Notices’ (PINs) — modeled on Environmental Impact Statements — as an initial solution to this problem.

Data collection in public (and in the home via public spaces) resembles an externality imposed on the person whose privacy is reduced involuntarily; it can also be seen as a market failure caused by an information asymmetry. Current doctrinal legal tools available to respond to the deployment of mass surveillance technologies are limited and inadequate. The article proposes that — as a first step towards figuring out how to understand, value, and ultimately regulate this mass-privacy-destroying behavior — we should borrow from the environmental movement and require anyone planning a large-scale public data collection program to file a Privacy Impact Notice (PIN). The PIN proposal is contrasted to the existing much more limited federal privacy analysis requirement, known as Privacy Impact Assessments. The bulk of the article then explains how PINs would work and defends the idea against three predictable critiques (the claim that there is a First Amendment right to data collection, the claim that EISs are a poor policy tool not worthy of emulation, and the claim that notice-based regimes are in general worthless). It argues that PINs have applications to surveillance and data-collection in online public spaces such as Facebook, Twitter, and other virtual spaces. It also considers what the PINs proposal would have to offer towards addressing the now-notorious problem of the NSA’s drift-net surveillance of telephone conversations, emails, and web-based communications.

Modeling mass surveillance disclosure regulations on an updated form of environmental impact statement will help protect everyone’s privacy: Mandating disclosure and impact analysis by those proposing to watch us in and through public spaces will enable an informed conversation about privacy in public. Additionally, the need to build consideration of the consequences of surveillance into project planning, as well as the danger of bad publicity arising from excessive surveillance proposals, will act as a counterweight to the adoption of mass data collection projects, just as it did in the environmental context. In the long run, well-crafted disclosure and analysis rules could pave the way for more systematic protection for privacy – as it did in the environmental context. Effective US regulation of mass surveillance will require that we know a great deal about who and what is being recorded and about the costs and benefits of personal information acquisition and uses. At present we know relatively little about how to measure these; a privacy equivalent of environmental impact statements will not only provide case studies, but occasions to grow expertise.

I welcome your comments. I really mean that.

And if you are a law review editor, I’ll be sending it out soon…

Posted in Writings | 4 Comments

Evidence that ‘Thinking With Your Gut’ Works?

Posted on February 21, 2014 by Michael Froomkin

The right gut bacteria can make you more or less stressful, and perhaps more or less clever too:

And now evidence is emerging that these tiny organisms may also have a profound impact on the brain too. They are a living augmentation of your body – and like any enhancement, this means they could, in principle, be upgraded.

His team tested the effects of two strains of bacteria, finding that one improved cognition in mice. His team is now embarking on human trials, to see if healthy volunteers can have their cognitive abilities enhanced or modulated by tweaking the gut microbiome.

— BBC, Body bacteria: Can your gut bugs make you smarter?, via Slashdot, Gut Bacteria Affect the Brain.

Apparently a very monotonous diet reduces the variety of gut bacteria. I’m just waiting to hear that processed food was a long-term Communist plot to make us dumber.

Posted in Science/Medicine | 4 Comments

Iodine – Could be Handy

Posted on February 19, 2014 by Michael Froomkin

Meet Iodine:

iodine by Kryo

iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed.

It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.

Compared to other DNS tunnel implementations, iodine offers:

Higher performance
iodine uses the NULL type that allows the downstream data to be sent without encoding. Each DNS reply can contain over a kilobyte of compressed payload data.
Portability
iodine runs on many different UNIX-like systems as well as on Win32. Tunnels can be set up between two hosts no matter their endianness or operating system.
Security
iodine uses challenge-response login secured by MD5 hash. It also filters out any packets not coming from the IP used when logging in.
Less setup
iodine handles setting IP number on interfaces automatically, and up to 16 users can share one server at the same time. Packet size is automatically probed for maximum downstream throughput.

See the README, the CHANGELOG and the man page

Wiki, bug tracker, source browser and more is available at our trac page. iodine is released under the ISC license.

Test your DNS setup here: http://code.kryo.se/iodine/check-it/

Free wifi in hostile environments like some other universities? And airports and cafes?

Posted in Software | Comments Off on Iodine – Could be Handy

Turtles All the Way Down

Posted on February 18, 2014 by Michael Froomkin

I nominate this for second-silliest US political ad to make reference to a turtle:

The candidate, Dwayne Stovall, is a Tea Party guy trying to unseat Sen. John Cornyn (R-Tx) in a primary…although the ad seems to be as much about someone and something else.

The holder of the turtle-reference championship, of course, remains the wonderful and bizarre ad by Mike Gravel in 2007 as part of his quixotic campaign for the Presidency.

Posted in 2014 Election | Comments Off on Turtles All the Way Down

Text Missing from Firefox 27.0.x Tabs (Solved) (Updated)

Posted on February 15, 2014 by Michael Froomkin

TLDR: FF27.0.x + FEBE 7.3.0.1 causes text (but not icons) in FF tabs in additional FF windows to vanish after FF restart. Solution: upgrade to FEBE 8.0 beta. Do not blame Tab Mix Plus. Update: see below.

Long version: After upgrading to Firefox 27.0 (and FF 27.0.1) I began to experience an annoying bug. I am in the habit of having a lot of tabs open at once. Thanks to Tab Mix Plus, one of my very favorite addons, I can have the tabs arranged in multiple rows and they stay big enough to have an idea of which is which.

I also tend to have at least two firefox windows open, one for each monitor. I also use the session manager in TM+ to restore my tabs when I close and re-open firefox.

After the upgrade to FF 27.0, I found that the text was vanishing from the tabs when I did a re-open. The icons were there, but the rest was blank. This didn’t happen in the first window I opened, but it was happening in the second window, and every new window. The problem didn’t happen if I closed all the tabs before shutting down firefox. It did happen whether I used TM+’s session manager of FF’s native session manager (yes, I even if I unchecked the setting the in FF privacy manager that tells it to forget my browsing history).

I figured this was a Tab Mix Plus issue. The extension is so powerful that it regularly has issues when I update Firefox. But his time, disabling TM+ didn’t solve the problem.

So it was time to start disabling all my many other extensions in the hope of finding the culprit. This is tedious, even doing half at at time, but it did reveal that the source of my problem was FEBE, the Firefox Environment Backup Extension. Upgrading to FEBE version 8.0beta solved the problem. The beta actually looks a lot better than the old version (the author says it is a complete rewrite and I believe it). It seems noticeably faster, and (hooray!) it allows you to add incompatible add-ons to the ignore list from an interactive dialog as the backup is happening, rather than having to go to the preferences after the backup is over.

If you are updating FEBE from an old version be sure to delete existing FEBE preferences before the update. Tools > FEBE > FEBE Options > Advanced > Clear FEBE preferences.

After the install, whether or not this a new install, you MUST go to Tools > FEBE > FEBE Options. The only option that absolutely must be set is your Backup destination directory under the Where to backup tab. Without this it will not work.

Update: Having tried to fix this on a second computer, I have to agree with commentator parabel that in fact TM+ is involved in some way. With FEBE updated to the beta, I was only able to get a second window to open properly — but not a third. Disabling TM+ solves the problem, but I lose all the TM+ functionality.

Update 2: As noted by commentator John, installing Tab Mix Plus version 4.1.3.1 seems to fix the problem. Yay!

Posted in Software | 8 Comments

Did AG Eric Holder Commit Perjury? Whose Head Should Roll?

Posted on February 12, 2014 by Michael Froomkin

David Kravitz’s Wired article, How Obama Officials Cried ‘Terrorism’ to Cover Up a Paperwork Error begins like this:

After seven years of litigation, two trips to a federal appeals court and $3.8 million worth of lawyer time, the public has finally learned why a wheelchair-bound Stanford University scholar was cuffed, detained and denied a flight from San Francisco to Hawaii: FBI human error.

FBI agent Kevin Kelley was investigating Muslims in the San Francisco Bay Area in 2004 when he checked the wrong box on a terrorism form, erroneously placing Rahinah Ibrahim on the no-fly list.

What happened next was the real shame. Instead of admitting to the error, high-ranking President Barack Obama administration officials spent years covering it up. Attorney General Eric Holder, Director of National Intelligence James Clapper, and a litany of other government officials claimed repeatedly that disclosing the reason Ibrahim was detained, or even acknowledging that she’d been placed on a watch list, would cause serious damage to the U.S. national security. Again and again they asserted the so-called “state secrets privilege” to block the 48-year-old woman’s lawsuit, which sought only to clear her name.

The article includes a link to Attorney General Eric Holder’s declaration in Ibrahim v. DHS. It’s pretty awful — even worse than the article makes it sound. Here are the last two paragraphs (emphasis added):

16. On September 23, 2009, I announced a new Executive Branch policy governing the assertion and defense of the state secrets privilege in litigation. Under this policy, the Department of Justice will defend an assertion of the state secrets privilege in litigation, and seek dismissal of a claim on that basis, only when necessary to protect against the risk of significant hann to national security. See Exhibit 1 (State Secrets Policy),§ l(A). The policy provides further that an application of a privilege assertion must be narrowly tailored and that dismissal be sought pursuant to the privilege assertion only when necessary to prevent significant harm to national security. !d. § 1(B). Moreover, “[t]he Department will not defend an invocation of the privilege in order to: (i) conceal violations of the law, inefficiency, or administrative error; (ii) prevent embarrassment to a person, organization, or agency of the United States Government; (iii) restrain competition; or (iv) prevent or delay the release of information the release of which would not reasonably be expected to cause significant harm to national security.” !d. § 1(C). The policy also establishes detailed procedures for review of a proposed assertion of the state secrets privilege in a particular case. !d. § 2. Those procedures require submissions by the relevant Government departments or agencies specifying “(i) the nature of the information that must be protected from unauthorized disclosure; (ii) the significant harm to national security that disclosure can reasonably be expected to cause; [and] (iii) the reason why unauthorized disclosure is reasonably likely to cause such harm.” ld § 2(A). Based on my personal consideration of the matter, I have determined that the requirements for an assertion and defense of the state secrets privilege have been met in this case in accord with the September 2009 State Secrets Policy.

I declare under penalty of perjury that the foregoing is true and correct.

I think someone should lose their job over this. Perhaps that someone is the person who misinformed the Attorney General as to the facts of the case, perhaps not. In any event, Attorney General Eric Holder owes us all an explanation as to why that someone is not him.

Posted in 9/11 & Aftermath, Law: Ethics, Law: Right to Travel | 8 Comments