Discourse.net

FBI Wiretapping Scandal: Am I Reading this Right?

People who remember J. Edgar Hoover's FBI will not be surprised to read FBI broke law for years in phone record searches in today's Washington Post. The illegal searches were justified by fake emergencies. When an internal whistle blower started asking questions, they were justified by illegal (“blanket”) authorizations (the FBI used to accept that search authorizations, even retroactive emergency ones, must be justified in writing and particularized).

Nor will readers with any sense of history be surprised to learn that the FBI says there is nothing to worry about, move along:

FBI officials said they are confident that the safeguards enacted in 2007 have ended the problems.

However, readers who recall the Post when it was a newspaper will perhaps be a little startled that the Post keeps referring to the illegal requests and faked paperwork as “technical” violations of the law. Readers whose memory goes back to, oh, 1972, may also wonder how it is that this fact appears in the next-to-last paragraph of a fairly long story:

Among those whose phone records were searched improperly were journalists for The Washington Post and the New York Times, according to interviews with government officials.

And then there is this gem, which will startle all but the most harden cynic:

lawyers have now concluded there was no need for the after-the-fact approval process.

So, no paper trail next time! (Could this be the new procedures enacted in 2007?)

All that's left is the 5pm Friday night press release that an investigation has determined that no discipline is warranted … except maybe for the whistle blower.

Privacy is More About Control than About Content

Does the latest silly PR campaign on Facebook tell us something about changing attitudes towards privacy? The viral campaign is to have women change their 'status' to a color — the color of their bra — ostensibly because this this will 'raise awareness' of breast cancer. I'll leave it to others to dissect the merits of the campaign. (Although this line is pretty good: Telling the world your bra color does not raise awareness of breast cancer. It raises awareness of your bra color.) What interests me is the privacy angle.

In Black and white and red all over – what do those bra-color facebook updates tell us about privacy?, Prof. Wenger argues that the right frame to think about the privacy issue is 'spheres':

A fundamental notion in privacy is the idea of different spheres. This can be described as the classic public/private spheres, …

… I wonder how to analyze the mass voluntary participation of thousands of people engaged in a group sharing of a highly intimate piece of information. This is being done by women, who are particularly vulnerable to privacy attacks (especially relating to their intimate lives). And remember, facebook’s privacy default status is now that updates are open to the world! It’s striking to see crowds happily helping to assemble their own digital dossiers.

Here at the fringes of the public sphere, we're into spheres, but I wonder if that's the very best way to think about it. That said, there's clearly something going on here. As noted by the BBC, How online life distorts privacy rights for all, routinized online disclosure of facts once seen as private can reinforce changing conceptions of what's public and what's private. (Assuming, that is, that people, and especially those now young, continue to collapse the psychological distance between the virtual and real. But, back to the BBC:)

People who post intimate details about their lives on the internet undermine everybody else's right to privacy, claims an academic.

Dr Kieron O'Hara has called for people to be more aware of the impact on society of what they publish online.

“If you look at privacy in law, one important concept is a reasonable expectation of privacy,” he said.

“As more private lives are exported online, reasonable expectations are diminishing.”

If I were in a quibbling mood, I'd suggest that the online behavior is actually somewhat less significant than this suggests both because I think it reflects something going on anyway out in the regular world (“meetspace” or “meatspace”) and because I think for most people the privacy implications of adding color or phrase in a Facebook listing is much less than it seems.

But I think that the real issue is that this is the wrong tempest in the wrong teapot.

To me the significant aspect about the Facebook incident, and to a large extent the issues that the BBC news story discusses, is that people are posting items about themselves. They control what to release and, initially, where. They decide whether to tell the truth. Is Jane Doe really wearing a chainmail bra? To me, that assertion is much less of a privacy issue than if Richard Roe is secretly photographing Jane with an infrared detector. If Jane is bragging about her SCA chops or perhaps even making it all up, she's in control of her data, at least initially.

True, important issues do arise when the self-reported information is republished, packaged, re-used in ways that Jane doesn't expect (or, worse, had taken reasonable precautions to prevent), and these can be thorny problems. Nevertheless, in a First Amendment world where we protect the right to repeat of the truth, or what in good faith is reasonably believed to be the truth, many of these problems have an easy legal if sometimes uncomfortable social resolution.

No, the issues we should be worried about are involuntary or coerced exposure of personal data, including intimate information, not voluntary clothing self-disclosure. This is especially true in a world in which many people in the US are less in the thrall of nudity or partial nudity taboos than might have been the case fifty years ago (although I suspect there are many variations here by decade and nation), but other people both here and abroad remain very much concerned about body image privacy.

Thus, rather than worry about self-reported textual color information on Facebook, I think privacy scholars and advocates should be thinking hard about a much more important real-world problem: whether the US and other governments are going to mandate digital strip-searches as a condition of air travel. Even if the 'option' of a full-body search exists, few will opt for it because it too is intrusive, and because there's no guarantee it won't be so slow as to result in a missed flight.

It seems to me that the intrusion into privacy is much more severe for those who experience having some stranger use real-life X-ray specs on them as an invasion of bodily privacy than anything anyone could ever do to themselves on Facebook. How the full-body scanners are implemented will effect the extent of the privacy problem; some have suggested, for example, that the people viewing the images might be off-site somewhere where they would not be able to see the subject of the scan (or, conveniently, vice-versa), and they would text or radio in the all-clear or not depending on what they saw. There are also issues as to what measures will prevent storing the images.

Anything that creates some distance will make linking pictures to people harder, but it won't make it impossible. And of course it is only a matter of time before some enterprising scanning agent figures out how to take pictures of a digitally nude celebrity and sell them to the highest bidder. Entrepreneurs take note: both celebritybodyscan.com and celebrityairportscan.com have already been registered.

We don't yet know the details of how TSA proposes to manage the new scanners, and it is not obvious that TSA will disgorge the information willingly, so it is good to see that the Electronic Privacy Information Center has filed a Freedom of Information Act lawsuit to try to get more information about the program. Unfortunately, I suspect that many of the most interesting parts about how the images will be handled will fall under FOIA exception (b) which protects from disclosure all information “specifically authorized under criteria established by an Executive order to be kept secret in the interest of national defense or foreign policy and …are in fact properly classified pursuant to such Executive order.”

To me, privacy is not primarily about no one knowing things about me. Rather, it is about my ability to control what information I choose to make known about me and to whom, and to some degree to control — or in some circumstances at the very least stay informed — about the further sharing of that information. And that's why digital strip searches, a coerced privacy invasion by the government for what may or may not be a reasonable means to enhance the safety of all air travelers in the wake of the underwear bomber — seems a much bigger deal than self-reported possibly fictional underwear colors.

Get Your Files

Via Talkleft, Records the Government Keeps On You:

The Forensic Scientist Blog has a list of the top six files the government keeps on you, how to obtain them, and why you should have them.

Cateories: The FBI, CIA, Homeland Security, Earnings Records, Criminal Records and Court Records. According to the blog, if your FBI record is under 50 pages, it's free.

How many years before the government has one mega-file, or an efficient and easy-to-collate distributed file, on each of us?

LEOs Got 8 Million (!) Geo-Location Data from Verizion in a Year

Chris Soghoian posts a bombshell or two at slight paranoia: 8 Million Reasons for Real Surveillance Oversight

Executive Summary

Sprint Nextel provided law enforcement agencies with its customers' (GPS) location information over 8 million times between September 2008 and October 2009. This massive disclosure of sensitive customer information was made possible due to the roll-out by Sprint of a new, special web portal for law enforcement officers.

The evidence documenting this surveillance program comes in the form of an audio recording of Sprint's Manager of Electronic Surveillance, who described it during a panel discussion at a wiretapping and interception industry conference, held in Washington DC in October of 2009.

It is unclear if Federal law enforcement agencies' extensive collection of geolocation data should have been disclosed to Congress pursuant to a 1999 law that requires the publication of certain surveillance statistics — since the Department of Justice simply ignores the law, and has not provided the legally mandated reports to Congress since 2004.

(Spotted via Ed Felton, Soghoian: 8 Million Reasons for Real Surveillance Oversight).

As Chris Soghoian says, it is really staggering that law enforcement could make so many requests in a year or so and even more staggering that such a sea change in the government/privacy balance could happen with no public notice or debate.

Email Snooping States Claim for Tortious Intrusion Upon Seclusion

Evan Brown at Internet Cases has a good writeup of Steinbach v. Village of Forest Park, No. 06-4215, 2009 WL 2605283 (N.D. Ill. Aug. 25, 2009) which holds that email snooping can be a tortious intrusion upon seclusion.

My e-home is my (cyber) castle.

Threat Models

Stewart Baker, ex-DHS guru, ex-NSA General Counsel, writes,

We're actually closer to 1984 than most people realize. Antidemocratic forces have the ability to turn on cameras in our homes and offices — to monitor our every action and every keystroke. That's the lesson of the ghostnet report.

The ghostnet report is about large-scale zombie computer networks. So there's the tiniest bit of hyperbole here, since the cameras being turned on in your home to which Baker refers are, so far, web cams. (The more interesting question to me is which cell phones can be turned on remotely, but the ghostnet report doesn't discuss that.)

Baker wants to sound like an optimist: he tells us he's confident that “the 1984ish powers aren't being exercised by the US government or NSA”. I actually share this confidence: Why zombie millions of computers, leave traces and create a host of fourth amendment issues, when the NSA can instead intercept all your packets at the switch?

Twitter to Verifty Accounts of Bigshots

Twitter announces an upcoming beta test of 'verified' accounts that will bear a “special seal”:

The experiment will begin with public officials, public agencies, famous artists, athletes, and other well known individuals at risk of impersonation. We hope to verify more accounts in the future but due to the resources required, verification will begin only with a small set.

While this announcement is motivated by the publicity given to the Tony La Russa case (see Twitter Defamation, Sec. 230 and the Dendrite Principles), Twitter also says,

Reports this week that Twitter has settled a law suit and officially agreed to pay legal fees for an impersonation complaint that was taken care of by our support staff in accordance with our Terms are erroneous. Twitter has not settled, nor do we plan to settle or pay.

Off to Berkeley for Privacy Law Scholars Conference.

I'm off to Berkeley to attend the Privacy Law Scholars Conference 2009. I'll be in transit much of today, starting too early, but touching down by lunch time — California time. Then BART and a little inter-modal, and if all goes well, I'll be there.

Should be fun — last year's conference at GW was tremendous. (I'm the discussant/moderator for a paper by the incandescent Paul Ohm.)

I'll be back late Sunday as I'm staying on Saturday to see some people I don't get to see often enough. In light of my plans for the rest of the summer that no longer seems as relaxing as I thought it would be when I bought the tickets lo these many months ago.

Privacy Myopia, Economics of

I was talking with someone after lunch today at the Internet Identity Workshop (#IIW), and mentioned the privacy myopia problem. That drew a blank. So I thought I'd reprint here something I wrote a few years ago, so that I could point him, and others, to it. Obviously, the P3P stuff is dated, but there are other technologies and apps trying to fill the gap.

This is an excerpt from The Death of Privacy?, 52 STAN L. REV. 1461 (2000). If you want the footnotes, you'll have to download the original...

The economics of privacy myopia

Under current ideas of property in information, consumers are in a poor legal position to complain about the sale of data concerning themselves.¹⁷² The original alienation of personal data may have occurred with the consumer’s acquiescence or explicit consent. Every economic transaction has at least two parties; in most cases, the facts of the transaction belong equally to both. As evidenced by the existence of the direct mail industry, both sides to a transaction generally are free to sell details about the transaction to any interested third party.

There are exceptions to the default rule of joint and several ownership of the facts of a transaction, but they are relatively minor. Sometimes the law creates a special duty of confidentiality binding one of the parties to silence. Examples include fiduciary duties and a lawyer’s duty to keep a client’s confidence. Overall, the number of transactions in which confidentiality is the legal default is relatively small compared to the total number of transactions in the United States.

In theory, the parties to a transaction can always contract for confidentiality. This is unrealistic due because consumers suffer from privacy myopia: they will sell their data too often and too cheaply. Modest assumptions about consumer privacy myopia suggest that even Americans who place a high value on information privacy will sell their privacy bit by bit for frequent flyer miles. Explaining this requires a brief detour into stylized microeconomics.

Assume that a representative consumer engages in a large number of transactions. Assume further that the basic consumer-related details of these transactions—consumer identity, item purchased, cost of item, place and time of sale—are of roughly equivalent value across transactions for any consumer and between consumers, and that the marginal value of the data produced by each transaction is low on its own. In other words, assume we are limiting the discussion to ordinary consumer transactions, not extraordinary private ones, such as the purchase of anticancer drugs. Now assume that aggregation adds value: Once a consumer profile reaches a given size, the aggregate value of that consumer profile is greater than the sum of the value of the individual data. Most heroically, assume that once some threshold has been reached the value of additional data to a potential profiler remains linear and does not decline. Finally, assume that data brokers or profile compilers are able to buy consumer data from merchants at low transactions costs, because the parties are repeat players who engage in numerous transactions involving substantial amounts of data. Consumers, however, are unaware of the value of their aggregated data to a profile compiler. With one possible exception, the assumption that the value of consumer data never declines, these all seem to be very tame assumptions.

In an ordinary transaction, a consumer will value a datum at its marginal value in terms of lost privacy. In contrast, a merchant, who is selling it to a profiler, will value it at or near its average value as part of a profile. Because, according to our assumptions, the average value of a single datum is greater than the marginal value of that datum (remember, aggregation adds value), a consumer will always be willing to sell data at a price a merchant is willing to pay.

The ultimate effect of consumer privacy myopia depends upon a number of things. First, it depends on the intrusiveness of the profile. If the profile creates a privacy intrusion that is noticeably greater than disclosing an occasional individual fact—that is, if aggregation not only adds value but aggravation—then privacy myopia is indeed a problem. I suspect that this is, in fact, the case and that many people share my intuition. It is considerably more intrusive to find strangers making assumptions about me, be they true or painfully false, than it is to have my name and address residing in a database restricted to the firms from which I buy. On the other hand, if people who object to being profiled are unusual, and aggregation does not cause harm to most people’s privacy, the main consequence of privacy myopia is greatly reduced. For some, it is only distributional. Consumers who place a low value on their information privacy—people for whom their average valuation is less than the average valuation of a profiler—would have agreed to sell their privacy even if they were aware of the long-run consequences. The only harm to them is that they have not extracted the highest price possible. But consumers who place a high value on information privacy will be more seriously harmed by their information myopia. Had they been aware of the average value of each datum, they might have preferred not to sell.

Unfortunately, if the marginal value¹⁷⁵ to the consumer of a given datum is small, then the value of not disclosing that datum will in most cases be lower than either the cost of negotiating a confidentiality clause (if that option even exists), or the cost of forgoing the entire transaction. Thus, in the ordinary case, absent anything terribly revealing about the datum, privacy clauses are unlikely to appear in standard form contracts, and consumers will accept this.

Furthermore, changing the law to make consumers the default owners of information about their economic activity is unlikely to produce large numbers of confidentiality clauses in the agora. In most cases, all it will do is move some of the consumer surplus from information buyers to information producers or sellers as the standard contracts forms add a term in which the consumer conveys rights to the information in exchange for a frequent flyer mile or two.

In short, if consumers are plausibly myopic about the value of a datum— focusing on its marginal value rather than its average value, which is difficult to measure—but profilers are not and the data are more valuable in aggregate, then there will be substantial over-disclosure of personal data even when consumers care about their informational privacy.

If this stylized story is even somewhat accurate, it has unfortunate implications for many proposals to change the default property rules regarding ownership of personal data in ordinary transactions. The sale will tend to happen even if the consumer has a sole entitlement to the data. It also suggests that European-style data protection rules should have only a limited effectiveness, primarily for highly sensitive personal data. The European Union’s data protection directive allows personal data to be collected for reuse and resale if the data subject agrees; the privacy myopia story suggests that customers will ordinarily agree except when disclosing particularly sensitive personal facts with a high marginal value.

On the other hand, the privacy myopia story suggests several questions for further research. For example, the myopia story suggests that we need to know how difficult it is to measure the value of privacy and, once that value has been calculated, how difficult it is to educate consumers to value data at its average rather than marginal value. Can information provide a corrective lense? Or, perhaps consumers already have the ability to value the privacy interest in small amounts of data if they consider the long term consequences of disclosure.

Consumers sometimes have an interest in disclosure of information. For example, proof of credit-worthiness tends to improve the terms upon which lenders offer credit. The myopia story assumes this feature away. It would be interesting to try to measure the relative importance of privacy and disclosure as intermediate and final goods. If the intermediate good aspect of informational privacy and disclosure substantially outweighed their final good aspect, the focus on blocking disclosure advocated in this article might be misguided. European data-protection rules, which focus on requiring transparency regarding the future uses of gathered data, might be the best strategy.

It would also be useful to know much more about the economics of data profiling. In particular, it would be helpful to know how much data it takes to make a profile valuable—at what point does the whole exceed the sum of the data parts? Additionally, it would be important to know whether profilers regularly suffer from data overload, and to what extent there are diminishing returns to scale for a single subject’s personal data. Furthermore, it could be useful to know whether there might be increasing returns to scale as the number of consumers profiled increases. If there are increasing returns to scale over any relevant part of the curve, the marginal consumer would be worth extra. It might follow that in an efficient market, profilers would be willing to pay more for data about the people who are most concerned about informational privacy.

There has already been considerable work on privacy-enhancing technologies for electronic transactions. There seems to be a need for more research, however, to determine which types of transactions are best suited to using technologies such as information intermediaries. The hardest work, will involve finding ways to apply privacy-enhancing technologies to those transactions that are not naturally suited to them.

Perhaps the most promising avenue is to design contracts and technologies that undercut the assumptions in the myopia story. For example, one might seek to lower the transaction costs of modifying standard form contracts, or of specifying restrictions on reuse of disclosed data. The lower the cost of contracting for privacy, the greater the chance that such a cost will be less than the marginal value of the data (note that merely lowering it below average cost fails to solve the underlying problem, because sales will still happen in that price range). If technologies, such as P3P, reduce the marginal transactions costs involved in negotiating the release of personal data to near zero, even privacy myopics will be able to express their privacy preferences in the P3P-compliant part of the marketplace.

DataBase State (UK)

A quarter of the UK's largest public-sector database projects, including the ID cards register, are fundamentally flawed and violate European data protection laws, according to DataBase State, a report published today. The report also fingers the UK's national DNA database and the Contactpoint index of all children in England as particularly flawed.

Funded by the Joseph Rowntree Reform Trust, the report identifies 46 UK government databases and systems, more than half of which it says fail tests of privacy or effectiveness, and thus could be illegal under European privacy law.

Skype Security Considerations

Financial Cryptography: Skype: the gloss is losing its shine has lots of food for thought.

I just wish financialcryptography.com would format its RSS feed in a way my reader could parse better…

My Privacy Damages: A Whole Dollar

Florida settles lawsuit — and I get $1.

Yes, one whole dollar for the State of Florida illegally selling personal info from my drivers' license to marketing firms.

Abbreviated Survey of US Anonymity Law

Over the weekend, I posted drafts of two chapters I wrote for a forthcoming book on anonymity and privacy around the world. Here's the back story on Anonymity and the Law in the United States.

I had originally agreed to write one piece — Identity Cards and Identity Romanticism — and then the book's editor, the incomparably wonderful Ian Kerr, asked me to write a survey of US law on anonymity. I thought it would be do-able, and I very much wanted to repay Ian for all his many kindnesses over the years.

But it wasn't easy. The problem wasn't so much that the US law in the area is chaotic, I'm used to that. Nor was it mainly that (after I'd agreed) they sent me an outline of the topic they hoped I would cover, a list which went well outside my comfort zone into areas like criminal procedure and juries, because I'm up for learning new things. No, the problem was the @#$@# word limit. I had to compress everything into tiny little spaces. I hated doing that. I found it excruciating, in fact. And it results in generalizations which while not, I hope, erroneous are on occasion not as precise as I'd ideally like.

Anonymity and the Law in the United States

This book chapter for “Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society” (New York: Oxford University Press, 2009) — a forthcoming comparative examination of approaches to the regulation of anonymity edited by Ian Kerr — surveys the patchwork of U.S. laws regulating anonymity and concludes the overall U.S. policy towards anonymity remains primarily situational, largely reactive, and slowly evolving.

Anonymous speech, particularly on political or religious matters, enjoys a privileged position under the U.S. Constitution. Regulation of anonymous speech requires a particularly strong justification to survive judicial review but no form of speech is completely immune from regulation. Anonymity is presumptively disfavored for witnesses, defendants, and jurors during criminal trials; the regulation of anonymity in civil cases is more complex. Plaintiffs demonstrating sufficiently good cause may proceed anonymously; conversely, defendants with legitimate reasons may be able to shield their identities from discovery.

Despite growing public concern about privacy issues, the United States federal government has developed a number of post 9/11 initiatives designed to limit the scope of anonymous behavior and communication. Even so, the background norm that the government should not be able to compel individuals to reveal their identity without real cause retains force. On the other hand, legislatures and regulators seem reluctant to intervene to protect privacy, much less anonymity, from what are seen as market forces. Although the law imposes few if any legal obstacles to the domestic use of privacy-enhancing technology such as encryption it also requires little more than truth in advertising for most privacy destroying technologies.

I do think there's some value to a survey like this, especially in a collection where it will appear right next to similar surveys from lawyers in other countries. So I'm not sorry to have done it. But it's a little more of a laundry list than my usual work.

EFF Fighting the Good Fight on Wiretap Case Immunity

The Electronic Frontier Foundation filed a reply brief yesterday in response to the federal government's and telecoms' motion for dismissal or summary judgment in an ongoing lawsuit against the telecoms for their (alleged) participation in illegal warrantless surveillance. The case is captioned “In re National Security Agency Telecommunications Records Litigation, Mdl No. 1791”.

This is the suit that motivated the immunity provisions of the FISA amendments. But they were drafted in a very very odd way that leaves some substantial daylight for challenges. And the great lawyers at EFF have done a first-rate job of running for daylight.

[Disclosure: In addition to serving on EFF's Advisory Board, I had a minor role in assisting the EFF legal team on one of the issues.]

CDT's Jim Demsey Nominated to Privacy and Civil Liberties Oversight Board

I used to think that Jim Dempsy was a good guy, someone who believed in protecting personal privacy.

Could I have been seriously mistaken? The evidence is pretty damning: President Bush has just nominated him to be on the Privacy and Civil Liberties Oversight Board.

There are, fortunately, three other possibilities.

First, the Privacy and Civil Liberties Oversight Board could have had all of its jurisdiction taken away, so this is a meaningless appointment. (Indeed, for a long time the Bush administration made sure that it never met.) But surely that's not it: the Board actually has more heft than it used to, thanks to amendments in H.R. 1 passed last year.

Second, the appointment could be a lame duck's petard planted under the next administration: 'Take that Obama! Not only will we burrow into the senior ranks of the bureaucracy, but we'll stack the independent oversight board with people who'll give you tsursis! Heh heh heh.' After all, the appointment won't take effect until the Senate acts, and it lasts for five years. That means basically none of anything Dempsey does while on Board will be on Bush's watch.

Or, maybe, it's one of these:

Interviewed on the Viacom v. Google Discovery Decision

I was interviewed today for this afternoon's edition of Marketplace; of course you never know if they'll use it or not.

The topic was the strange — and to my mind wrongly decided — decision ordering massive disclosure of user YouTube video-viewing records in Viacom v. Google. For a very good explanation of most of the problems with the decision see EFF's Kurt Opsahl's discussion at Court Ruling Will Expose Viewing Habits of YouTube Users.

Based on the cursory discussion in the decision, I don't think the Judge read the Video Privacy Protection Act (aka “the Bork Bill”) right.

The decision is, if anything, worse than Opsahl says, in that the court also orders disclosure of information relating to “private” videos — videos marked for limited distribution — including the title and information about who uploaded them. While it may be the case that some of these videos are trying to share copyright protected materials under the radar, it is undoubtedly the case that many of these videos are (1) truly private and of very limited distribution and (2) the author would be identifiable from the associated information ordered to be disclosed. (The order also is opaque as to what sort of precautions if any Viacom would be required to take to prevent leakage of this data.)

There are some procedural obstacles to getting an immediate interlocutory appeal of this decision, but assuming they can be surmounted I think there's a strong chance of reversal before the 2nd Circuit.

This is only one of the first in what is sure to be a long series of fishing expeditions in the increasingly elaborate databases being created about our online behavior. It will get worse once our ISPs start tracking our every move in order, they will say, to better advertise to us. Video viewing records have the peculiar advantage of being protected by an unusually powerful statute, the so-called 'Bork Bill'. Many other records won't have that (although some will have ECPA), and that is an issue which needs urgent attention.

Hello + B-e-Id Card

Dear readers of Discourse.net,

I would like to thank Michael for inviting me to be a guest. It is an honor. His kind, generous and ridiculously positive introduction is much appreciated. It might have set expectations that will leave most readers surprised, disappointed, even disgusted with my posts. But this will not stop me.

True to this prediction, I will start with a confession. I am Belgian. (1) But do not worry. None of my posts will be about Belgium (except this one, too late now).

Most people think Belgium is pretty insignificant. The Daily show expressed this sentiment in a couple of episodes where John Stewart suddenly screamed that he “hates” Belgium.(2) The irony being that it is absurd to hate Belgium. Why would anyone hate something so small and harmless? (mind you, this is a cunning tactic that has been very effective for us)

To Belgium’s defense, a quick note on one of Belgium’s many wonderful accomplishments [drums rolling]: the Belgian identity card. This prestigious, much lauded project was introduced a few years ago (notice the Microsoft connection).

In fact, I was about to use my very own “electronic-Belgian-ID-card” to file Belgian taxes on line the other day. But I changed my mind upon discovering that I need to buy a card reader for my pc (or wait for a 24 code card to be mailed by snail mail). Also, recollection of the security and privacy issues did not help either. Yesterday, a new report was presented at the e-Identity conference in the Hague further detailing the huge security issues involved. Hey, at least its better for our government to fail than not to try at all. Or is it? Solutions for the card are in the works. So are the invoices by the various e-security companies. This brings me back to filing my taxes.

More about Belgium, European soccer, copyright law & the music industry, taxes and laments on the strong euro in future post.

(1) note by author: country still exists until further notice, June 13 2008.
(2) a link to the clip would of course be more effective but could not locate it on the Web

Questions About FBI Location Monitoring and Data Grabbing

Ryan Singel, Secret Spy Court Repeatedly Questions FBI Wiretap Network.

Don't have time to post about this except to say that this is potentially a really big deal both for location privacy and for the use of routine pen-register orders to get much more than a phone number — if the FBI has really been doing this stuff.

This article describes important questions. We need the answers.

Who Owns Transaction Information?

Although I usually couldn't care less about celebrity gossip, I was very interested to see this article (in the India Times, no less!), TomKat threaten to sue baby store over leaked shopping details.

Basically, these two celebs claim a right of privacy and a violation of their right of publicity because a store they shop at has been blabbing the details of their purchases.

I'm interested in this because back when I was writing one of the early articles about digital certificates, The Essential Role of Trusted Third Parties in Electronic Commerce, 75 Ore. L. Rev. 49 (1996), I had a heck of a time finding relevant law on the subject of the ownership of transaction information, a problem that persisted into the writing of The Death of Privacy?, 52 STAN L. REV. 1461 (2000). I finally concluded that for ordinary transactions, where there was no special duty of confidentiality (e.g. lawyer, doctor) or celebrity with a special right of publicity, the basic rule was that customer and merchant both own the facts and can do what they wish with them.

The right of publicity claim is a narrow one: the shop can't claim endorsement by the celebrity (e.g. by using their images in an ad), but that doesn't amount to a gag order. For example, the shopkeeper can certainly brag to customers so long as s/he doesn't imply or claim an endorsment.

But the privacy claim? Absent either a contractual or legal duty, it's just not there. Maybe it should be, but that will take a change in the law.

Side Benefit of the Transparent Society?

Via RB: CCTV, Get Out Clause and iMovie,

What’s a band to do if it hasn’t got the cash to make its own music video and lives in a country with extremely high levels of CCTV? Well, Get Out Clause used state CCTV cameras and their rights to access information to create this clip,

Unable to afford to make their own music video the band set up and performed their music in front of 80 of the 1,300 CCTV cameras used by British state security - one camera was even on a bus…

Now comes the good part: the band used the UK Data Protection Act - that’s the UK equivalent of US reader’s access to information laws - to request all the footage the state collected of them…

And then they turned the footage into a music video.

(The song is ok, but not as inventive as their social engineering.)

Privacy Work-Around

From PogoWasRight.org:

In 2003, the chief librarian of the city of Santa Cruz, Calif., was able to warn her patrons about whether the FBI had served a National Security Letter (NSL) demanding information about who was reading what books. She managed that task despite specific provisions in the USA Patriot Act at the time that prohibited librarians or booksellers from revealing to anyone that they'd been issued an NSL.

So, how did the librarian get the word out? By regularly reporting to the library board that no NSL had been issued to any of the city's 10 branches, which was perfectly legal. Everyone knew that if the chief librarian failed to report that nothing had happened, then indeed an NSL had been served.

I like it. Better yet, it would be hard to legislate around this workaround…

The Senate Is To Blame Too

Daily Kos reports that Sen. Feingold's on reverse targeting failed 38-57. Here's the summary of the amendment:

Prohibits the government from getting around FISA's court order requirement by wiretapping an individual overseas when it is really interested in a person in the U.S. with whom that supposed foreign target is communicating.

In other words, the amendment would stop spying on you and me in the guise of a foreign terrorism case. Senate doesn't care.

The DINOs voted to undermine the Fourth Amendment: Rockefeller, Feinstein, Johnson, Landrieu and Lincoln.

GWB is the primary reason why the country is in two wars, an economic slump, and a civil liberties disaster. But the Senate bears much of the blame too.

Congress Bestirs Itself on Satellite Monitoring

Congress is worried about satellite spying.

September 6, 2007

The Honorable Michael Chertoff
Department of Homeland Security
Washington, D.C. 20528

Mr. Charles Allen
Office of Intelligence and Analysis
Department of Homeland Security
245 Murray Lane
Washington, D.C. 20528

Dear Secretary Chertoff and Assistant Secretary Allen:

As you know, our Committee held a hearing today on “Turning Spy Satellites on the Homeland.” The Department's new National Applications Office (NAO), charged with overseeing such a program and scheduled to begin operations on October 1, raises very serious privacy and civil liberties concerns.

We are so concerned that, as the Department's authorizing Committee, we are calling for a moratorium on the program until the many Constitutional, legal and organizational questions it raises are answered.

Today's testimony made clear that there is effectively no legal framework governing the domestic use of satellite imagery for the various purposes envisioned by the Department. Without this legal framework, the Department runs the risk of creating a program that - while well-intended - could be misused and violate Americans' Constitutional rights. The Department's failure to include its Privacy Officer and the Civil Rights and Civil Liberties Officer before this July, almost two years after planning for the NAO began, only heightens our sense of concern. Privacy and civil liberties simply cannot remain an afterthought at the Department.

We ask that you provide the Committee with the written legal framework under which the NAO will operate, the standard operating procedures (SOPs) for the NAO - particularly those SOPs that will be used for requests by State, local, and tribal law enforcement, the privacy and civil liberties safeguards that will accompany any use of satellite imagery, and an analysis of how the program conforms with Posse Comitatus.

The use of geospatial information from military intelligence satellites may turn out to be a valuable tool in protecting the homeland. But until the Committee receives those written documents and has had a full opportunity to review them, offer comments, and help shape appropriate procedures and protocols, we cannot and will not support the expanded use of satellite imagery by the NAO.

We appreciate your agreement to provide these materials requested above and look forward to working together to assure the American people that their privacy and civil liberties will be protected.

Sincerely,

Bennie G. Thompson
Chairman

Jane Harman
Chair
Subcommittee on Intelligence, Information Sharing, & Terrorism Risk Assessment

Christopher P. Carney
Chairman
Subcommittee on Management, Investigations & Oversight

And they have good reasons to be worried.

US Spy Satellites Now Spying on Us

Gary Farber wants to know why I haven't written anything about this WSJ scoop: the Homeland Security Administration is going to make spy satellite imagery available to civilian law enforcement.

Access to the high-tech surveillance tools would, for the first time, allow Homeland Security and law-enforcement officials to see real-time, high-resolution images and data, which would allow them, for example, to identify smuggler staging areas, a gang safehouse, or possibly even a building being used by would-be terrorists to manufacture chemical weapons.

….Unlike electronic eavesdropping, which is subject to legislative and some judicial control, this use of spy satellites is largely uncharted territory. Although the courts have permitted warrantless aerial searches of private property by law-enforcement aircraft, there are no cases involving the use of satellite technology.

I guess it's because I saw it coming. Back in 2000 I wrote:

Unless social, legal, or technical forces intervene, it is conceivable that there will be no place on earth where an ordinary person will be able to avoid surveillance. In this possible future, public places will be watched by terrestrial cameras and even by satellites. Facial and voice recognition software, cell phone position monitoring, smart transport, and other science-fictionlike developments will together provide full and perhaps real time information on everyone’s location. Homes and bodies will be subject to senseenhanced viewing. All communications, save perhaps some encrypted messages, will be scannable and sortable. Copyright protection “snitchware” and Internet-based user tracking will generate full dossiers of reading and shopping habits. The move to web-based commerce, combined with the fight against money laundering and tax evasion, will make it possible to assemble a complete economic profile of every consumer. All documents, whether electronic, photocopied, or (perhaps) even privately printed, will have invisible markings making it possible to trace the author. Workplaces will not only be observed by camera, but also anything involving computer use will be subject to detailed monitoring, analyzed for both efficiency and inappropriate use. As the cost of storage continues to drop, enormous databases will be created, or disparate distributed databases linked, allowing data to be cross-referenced in increasingly sophisticated ways.

In this very possible future, indeed perhaps in our present, there may be nowhere to hide and little that can stay hidden.


…

Once the sole property of governments, high-quality satellite photographs in the visible spectrum are now available for purchase. The sharpest pictures on sale today are able to distinguish objects two meters long,148 with a competing one-meter resolution service planned for later this year.

Meanwhile, governments are using satellites to regulate behavior. Satellite tracking is being used to monitor convicted criminals on probation, parole, home detention, or work release. Convicts carry a small tracking device that receives coordinates from global positioning satellites (“GPS”) and communicates them to a monitoring center. The cost for this service is low, about $12.50 per target per day.

Meanwhile, the United Kingdom is considering the adoption of a GPSbased system, already field tested in the Netherlands and Spain, to prevent speeding. Cars would be fitted with GPS monitors that would pinpoint the car’s exact location, link with a computer built into the car containing a database of national roads, identify the applicable speed limit, and instruct a governor built into the vehicle to stop the fuel supply if the car exceeds a certain speed.GPS systems allow a receiver to determine its location by reference to satellites, but do not actually transmit the recipient’s location to anyone.154 The onboard computer could, however, permanently record everywhere the car goes, if sufficient storage were provided. The United Kingdom proposal also calls for making speed restrictions contextual, allowing traffic engineers to slow down traffic in school zones, after accidents, or during bad weather.155 This contextual control requires a means to load updates into the computer; indeed, unless the United Kingdom wished to freeze its speed limits for all time, some sort of update feature would be essential. Data integrity validation usually relies upon two-way communication. Once the speed control system and a central authority are communicating, the routine downloading of vehicle travel histories would become a real possibility. And even without two-way communication, satellite-control over a vehicle’s fuel supply would allow immobilizing vehicles for purposes other than traffic control. For example, cars could be stopped for riot control or if being chased by police, parents would have a new way of “grounding” children, and hackers would have a new target.

That a government can track a device designed to be visible by satellite does not, of course, necessarily mean that an individual without one could be tracked by satellite in the manner depicted by the film Enemy of the State. However, a one-meter resolution suggests that it should be possible to track a single vehicle if a satellite were able to provide sufficient images, and satellite technology is improving rapidly.

The public record does not disclose how accurate secret spy satellites might be, nor what parts of the spectrum they monitor other than visible light. The routine privacy consequences of secret satellites is limited, because governments tend to believe that using the results in anything less than extreme circumstances tends to disclose their capabilities. As the private sector catches up with governments, however, technologies developed for national security purposes will gradually become available for new uses.

I am afraid that I am not enjoying being proved right, not in the tiniest bit.

Notes

148. See SPIN-2 High Resolution Satellite Imagery .

149. The improved pictures will come from the Ikonos satellite. See Ikonos, Carterra Ortho Products Technical Specs .

150. See Joseph Rose, Satellite Offenders, WIRED, Jan. 13, 1999 .

151. See Gary Fields, Satellite “Big Brother” Eyes Parolees, Apr. 8, 1999, USA TODAY, at 10A.

152. See Satellites in the Driving Seat, BBC NEWS, Jan. 4, 2000 (reporting that half of the users in the test said they would be willing to adopt the system voluntarily).

153. See Jon Hibbs, Satellite Puts the Brake on Speeding Drivers, TELEGRAPH, Jan. 4, 2000 ; “Spy in the Sky” Targets Speeders, BBC NEWS, Jan. 4, 2000 .

154. See WATCHING ME, WATCHING YOU, supra note 61.

155. See Hibbs, supra note 153.

I Predicted This Years Ago

Inside Bay Area - Lawyers dig into FasTrak data reports that civil and divorce lawyers are using commuter records to make their cases,

As the number of cash-free bridge commuters rises, so do the ranks of divorce lawyers and other civil attorneys who have subpoenaed, and received, personal driving records from the agency that oversees the regional e-toll system.

Subpoenas that MediaNews obtained under the state Public Records Act turned up several cases over the last two years in which the Metropolitan Transportation Commission released FasTrak subscriber records in civil disputes.

The records include logs of the date, exact time and bridge where a car using FasTrak rolls through a toll plaza at any of the eight Bay Area spans.

“Part of the reason Fred has not had success … is that he takes too much time off,” claimed a woman who sought her husband's toll activity in one divorce case. “His transponder records … will show how little he works.”

I predicted this a long time ago when I wrote about technology and privacy, notably in The Death of Privacy?, 52 Stan L. Rev. 1461 (2000).

Here's the table of contents:

INTRODUCTION

I. PRIVACY-DESTROYING TECHNOLOGIES
  A. Routinized Low-Tech Data Collection
    1. By the United States Government
    2. Transactional data
  B. Ubiquitous Surveillance
    1. Public spaces
      a. Cameras
      b. Cell phone monitoring
      c. Vehicle monitoring
    2. Monitoring in the home and office
      a. Workplace surveillance
      b. Electronic communications monitoring
      c. Online tracking
      d. Hardware
    3. Biometrics
    4. Sense-enhanced searches
      a. Looking down: satellite monitoring
      b. Seeing through walls
      c. Seeing through clothes
      d. Seeing everything: smart dust

II. RESPONDING TO PRIVACY-DESTROYING TECHNOLOGIES
   A. The Constraints
     1. The economics of privacy myopia
     2. First Amendment
      a. The First Amendment in public places
      b. The First Amendment and transactional data
     3. Fear
   B. Making Privacy Rules Within the Constraints
     1. Nonlegal proposals
      a. “Self-regulation.”
      b. PETs and other self-help
     2. Using law to change the defaults
      a. Transactional data-oriented solutions
      b. Tort law and other approaches to public data collection
      c. Classic data protection law

III. IS INFORMATION PRIVACY DEAD?

Gattica in the Courtroom

Here's an interesting privacy case from the Washington state Supreme Court: State v. Athan. There's a majority opinion, a a concurrence, a dissent and another dissent. (Warning: links are only good for 90 days.)

Here's the news summary, Licking an envelope gives up privacy right to saliva

Police who obtained a murder suspect's DNA by tricking him into licking an envelope didn't violate any privacy laws, even though the letter was from a fake law firm, the [Washington] state Supreme Court ruled Thursday.

In a 6-3 ruling, the court held there is no state or federal privacy interest in the spit used to seal a person's mail.

Licking an envelope, the majority wrote, is “analogous to a person spitting on the sidewalk or leaving a cigarette butt in an ashtray.”

It also didn't matter that Seattle detectives got the DNA sample by posing as lawyers preparing a class-action lawsuit.

Even though pretending to be a lawyer is illegal under state law, police didn't violate the suspect's rights and didn't gather any privileged or confidential information, the court held.

The decision upholds the second-degree murder conviction of John Athan, a Palisades Park, N.J., man found to have killed a 13-year-old girl in Seattle in 1982, when he was 14. The girl's murder went unsolved for years, until cold-case detectives fooled Athan into licking the envelope and sending it back to police.

Even so, the court seems to have given up a number of hostages to fortune:

In Thursday's ruling, the court's majority said collecting Athan's saliva from the envelope did not raise the same privacy concerns as would forced collections of blood or urine.

“There is no subjective expectation of privacy in discarded genetic material just as there is no subjective expectation of privacy in fingerprints or footprints left in a public place,” the court ruled.

Athan also wasn't protected by attorney-client privilege in the case because the saliva used to seal the envelope is not an actual “communication,” the court said.

Although Athan believed he was sending the letter to a lawyer, detectives were allowed to open the mail because their names were listed - albeit as fake attorneys - on the original letter, the court ruled.

We'll be seeing more and more issues like this.

Two Pieces of Very Good Legal News From Florida

He was once known as “Chain Gang Charlie” Crist for his tough law and order stands, but in the face of strong troglodyte opposition from Florida Attorney General Bill McCollum, Florida Governor Charlie Crist has pushed through a set of reforms to Flordia's felon disenfranchisement rules. Now, instead of making it virtually impossible for felons to get their right to vote (and to hold state licensees for a wide variety of trades), it will merely be slow (15 years!) for non-violent offenders, and slow and difficult for violent offenders. This is a major issue as the state has almost a million persons who have been found guilty of felonies, and about half of them are black (although blacks are about 14% of our total population). That a Republican governor would do this, because it's the right thing, is amazing. Florida still remains well behind states with more civilized penal policies, but this is a huge step in the right direction. Details at the Miami Herald, Felon rights on faster track.

Also in today's news, a welcome and very powerful ruling by our Supreme Court. In Re: Amendments To Florida Rule Of Judicial Administration 2.420—Sealing Of Court Records And Dockets. (April 5, 2007) says in the strongest terms that state courts must not “superseal” civil cases in trial courts — ever. “Supersealing” was a procedure that removed any trace of a matter from the public docket, even its docket number and title. As the court notes, it was a set of practices “that, however unintentional, were clearly offensive to the spirit of laws and rules that ultimately rest on Florida’s well-established public policy of government in the sunshine.” The Court's decision does not prevent the sealing of substantive civil case records in appropriate cases after appropriate process. Also, the issue of criminal and appellate cases is left for another day, pending study by the appropriate committees (in criminal cases there are additional issues relating to protecting informants, for example).

A great day for the State of Florida! (And if the last election were held today, I'd vote for Crist.)

[Bonus good news: Condo tenant wins fight to keep mezuzah.]

Is Your ISP Marketing You?

Ars Technica has a very provocative story, claiming that Your ISP may be selling your web clicks:

David Cancel, the CTO of the web market research firm Compete Incorporated, raised eyebrows at the Open Data 2007 Conference in New York when he revealed that many Internet service providers sell the clickstream data of their users. Clickstream data includes every web site visited by each user and in which order they were clicked.

The data is not sold with accompanying user name or information, but merely as a numerical user value. However, it is still theoretically possible to tie this information to a specific ISP account. Cancel told Ars that his company licenses the data from ISPs for millions of dollars.

If this is true, I think consumers will rightly be upset to learn that they're being spied on by their ISPs, even if the data is not easily tied to them. And I can't even begin to understand what ISPs were thinking about doing this without disclosing it. If it's true.

I'd call Bell South and ask them, but somehow I doubt that the call center has a script for this one.

Why Google Is Scary

Nelson's Weblog: googleSearchHistory

Did you know that for years Google has been keeping a record of every search you do? And did you know they're now associating your search history with your Google login for other services like Gmail, Calendar, and the like? Surprise! It's Search History. And now it's being used to personalize your search results.

I don't like Google aggregating this data about me. It is possible to opt out. You can turn off search history recording in the settings page. You can also edit your history, including removing it entirely.

…

Update Tuesday, Feb 6: the instructions above let you remove the search history that you can access via the search history product. However, Google is logging your search history in other places for other purposes. See Google's privacy FAQ and privacy policy for more info on those other forms of search history.

Nothing to fear! Of course! Nothing to fear!

Is that a Loonie in Your Pocket or is Someone Else Glad to See Me?

Canadian coins bugged, U.S. security agency says: They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies.

Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence. ...

"On at least three separate occasions between October 2005 and January 2006, cleared defence contractors' employees travelling through Canada have discovered radio frequency transmitters embedded in Canadian coins placed on their persons," the report says. ...

Bugging a coin with an RFID is a weird way to track people since they are likely to spend the coins.

Could this be a mad scientist economist doing a study on the velocity of money? Where's George on Canadian steroids?

TSA Violated Privacy Law

Ed Hasbrouck has been talking about this issue for a long time. Today, the Washington Post has an update, Report Says TSA Violated Privacy Law:

Secure Flight, the U.S. government's stalled program to screen domestic air passengers against terrorism watch lists, violated federal law during a crucial test phase, according to a report to be issued today by the Homeland Security Department's privacy office.

The agency found that by gathering passenger data from commercial brokers in 2004 without notifying the passengers, the program violated a 1974 Privacy Act requirement that the public be made aware of any changes in a federal program that affects the privacy of U.S. citizens. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match [the Transportation Security Administration's] public announcements," the report states.

It took two reporters -- Ellen Nakashima and Del Quentin Wilber -- to fail to answer all the interesting questions. First, is anyone going to be held accountable? Second, are these potential criminal violations or not? It doesn't sound like it:

TSA spokeswoman Ellen Howe said the agency has "already implemented or is in the process of implementing" the recommendations contained in the privacy office report. She said the report's conclusions were not surprising, adding that they were "very similar" to those reached last year by the General Accounting Office, the government's auditing arm.

And, the Post makes no mention of what appear to be the follow-on illegalities.

On this stuff, you're much better off reading blogs than the Post. Is Brad DeLong right? Is the paper (as opposed to online) Post toast?

Is That a Razr in Your Pocket, or is the FBI Glad to See Me?

Be afraid.

FBI taps cell phone mic as eavesdropping tool. The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations.

The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

...

The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone.

Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set.

...

It seems the bugging software can downloaded remotely, without the cops ever touching the phone. And once the handset's software is compromised, even pushing the "off" button won't stop it from acting as a bug.

The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call."

Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone."

J. Edgar would have loved this one.

I wonder what the effects are on battery life, however: If my battery suddenly seems to die on me more quickly is that a sign I need a new one, or that I'm being bugged?

Memo to all lawyers: take the battery out of your cell phone when having sensitive conversations.

Gen. Odom (Reagan NSA Chief) Pulls No Punches

I don't know what the Augusta (GA) Metro Spirit is exactly, but its national security blog landed an interview with Lt. Gen. William Odom (Ret.), Reagan's NSA chief speaks out. It's a doozy:

Retired general asks, What’s wrong with cutting and running?
By Corey Pein

Metro Spirit: What are your feelings on the NSA’s program of warrantless wiretapping of American citizens?

William Odom: It didn’t happen under my watch. And I’m still puzzled why somebody hasn’t tried to impeach the president for doing it. Any conservative in the United States who values his life [ought to be outraged]. In fact, the South seceded in defense of minority rights — why the hell have they forgotten them now? Ben Franklin said, “somebody who values security over liberty deserves neither.”

MS: What do you say to people, and there are plenty here in Augusta, who say that cutting and running from Iraq is traitorous act?

WO: Well, just tell ‘em they’re full of shit. They're traitors. You know what lemmings are? Yeah, they’re lemmings. We went to war for our enemies’ best interests. You ask those people why it makes sense that we went to war to advance the interests of Iran and Al Qaeda.

Homeland Security Privacy Meeting in Miami Dec 6

DHS is having a meeting of its Data Privacy and Integrity Committee here in Miami and I am really really annoyed that I'm going to hve to miss this: DHS: Privacy Office - DHS Data Privacy and Integrity Committee Meeting Information

Privacy Office - DHS Data Privacy and Integrity Committee Meeting Information

The quarterly meeting of the DHS Data Privacy and Integrity Advisory Committee will be held on December 6, 2006 at:

Eden Roc Hotel
Mona Lisa Ballroom
4525 Collins Avenue
Miami Beach, FL 33140

Public Sessions

Mona Lisa Ballroom
8:00 a.m. – 11:15 a.m.
12:15 p.m. – 2:30 p.m.

Details of Meeting

• Official Invitation, (PDF, 1 page –118 KB)
• Agenda, (PDF,2 pages – 253 KB)
• Federal Register Notice

Public Comments

2:00 p.m. - 2:30 p.m.

Registration and Attendance

Any member of the public who wishes to attend the public session is requested to provide his or her name by 2:00 p.m. EST, Friday, December 1, 2006, to:

The DHS Privacy Advisory Committee
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Email: privacycommittee@dhs.gov
Phone: 571-227-3813
Fax: 571-227-4171

Everyone who plans to attend is respectfully requested to be present and seated by 7:45 a.m. for the morning session and 12:00 p.m. for the afternoon session. Registration is requested to assist in the preparation of meeting materials and seating arrangements. Attendance information, including names of members of the public attending, are to be made public as part of the official meeting minutes.

Persons with disabilities who require special assistance are asked to indicate this in their admittance request, and are encouraged to identify anticipated special needs as early as possible.

Contact Information

The DHS Privacy Advisory Committee
The Privacy Office
U.S. Department of Homeland Security
Washington, DC 20528
Email: privacycommittee@dhs.gov
Phone: 571-227-3813
Fax: 571-227-4171

Britons and Their Speed Cameras

Cameras Catch Speeding Britons and Lots of Grief: Technology has moved on considerably since the 1990s, when the first speed cameras were installed in Britain. Now, in addition to the standard cameras that photograph the speeding cars’ license plates, there are cameras that can accurately photograph drivers’ faces — so that they cannot claim someone else was driving at the time — and cameras that work in teams, calculating average speeds along a stretch of road.

Of course, for every ingenious new camera, there is an ingenious new camera-thwarting device. These include constantly-updating G.P.S. equipment that alerts drivers to camera locations and a special material that, when sprayed on a license plate, is said to make it impervious to flash photographs.

There are also the low-tech methods of covering a license plate with mud or altering its letters with black electrical tape

Privacy Illusions

As the world is abuz with discussion of AOL's boneheaded release of identifiable customer searches (see here for an example of what can be found) here's an only tangentially relevant animated cartoon about government eavesdropping. Whether you should be more worried about public or private snooping is a very tough question. And ultimately maybe not a meaningful one, as the government can buy or demand private records...

I was interviewed my NPR's Marketplace about the AOL fiasco this morning, so you may find me on your radio somewhere. [Update: they used a small soundbite.]

No-Spy Video

Progress Now has an amusing No-Spy Video. Catchy tune, ok film. Important issue.

Time to Think the Unthinkable

It used to be that having the NSA spy domestically was one of the unthinkable acts that one believed administrations understood were out of bounds. Sort of like the indefinite detention of US citizens in military prisons, or the torturing and killing of prisoners, or 'rendering' them to countries that torture.

Well, all bets, gloves, illusions are off.

It is time, therefore, to start asking if this administration is doing other things that were previously 'unthinkable'.

Today brings suggestions that the administration spied on one or more journalists, and perhaps also on an occasional Democratic candidate and party operative. But don't stop there. For example, someone should ask whether the new 'anything goes without a warrant if it's important enough' standard for snooping extends to tax returns and to census data. It's hard, after all, to imagine a legal theory that would allow the NSA to ignore FISA that would not also apply to all that delicious data just sitting there, even if it is hedged with statutory protections. That's just Congress, after all, nothing serious.

Suggestions for other previously unthinkable questions that should be asked -- not that we can trust any statement we get from this administration -- painfully welcomed.

The first wheel comes off

I have a lot to say about the NSA spy case, but am finding it hard to say properly.

Spy Court Judge Quits In Protest

[U.S. District Judge James] Robertson indicated privately to colleagues in recent conversations that he was concerned that information gained from warrantless NSA surveillance could have then been used to obtain FISA warrants. FISA court Presiding Judge Colleen Kollar-Kotelly, who had been briefed on the spying program by the administration, raised the same concern in 2004 and insisted that the Justice Department certify in writing that it was not occurring.

"They just don't know if the product of wiretaps were used for FISA warrants -- to kind of cleanse the information," said one source, who spoke on the condition of anonymity because of the classified nature of the FISA warrants. "What I've heard some of the judges say is they feel they've participated in a Potemkin court."

Miami Announces Plan for Random ID Checks

Miami cops go 'in-your-face' to deter terrorists - U.S. Security: Miami police announced Monday they will stage random shows of force at hotels, banks and other public places to keep terrorists guessing and remind people to be vigilant.

Deputy Police Chief Frank Fernandez said officers might, for example, surround a bank building, check the IDs of everyone going in and out and hand out leaflets about terror threats.

Leaving aside the obvious point that this won't deter terrorists, who will obviously have some sort of fake ID, and who by implication have already braved the cameras that are always running in banks, this plan sounds like an organized series of illegal suspicionless search.

We accept the dragnet approach to stopping cars on the roads due to the legal rule (legal fiction?) that driving is a 'privilege, and hence more regulable than, well, walking.

But that rule doesn't apply to walking. Although the devil is always in the details, so one needs to know more before taking any firm stands, I don't see the legal (or constitutional) justification for this dragnet approach to pedestrians.

If so, this plan is ripe for challenge, although I wonder if the 11th Circuit is likely to be the most hospitable place for such a law suit.

(Related post: ID Card Required to Ride a Public Bus?)

Update: I'm told that both the police official and the ACLU official quoted in the story now say the article is all wrong.

Ten Ways to Protect Your Privacy

EPIC's Chris Hoofnagle (who has great taste in jackets, IMHO), posts his Consumer Privacy Top 10--things US consumers can do to safeguard their privacy. What's great about this list is that, unlike so many I've seen, it's actually realistic and do-able.

Well, nine out of ten anyway (number six isn't actually practical unless your tolerance for travail in doing things like getting phone service is much greater than mine).

I Predicted The Rise of Masks in Public

Years ago, in writing about privacy in public places and the rise of ubiquitous camera surveillance -- a state now nearly achieved in parts of the UK and the US, and coming to a lamppost near you -- I predicted that masks would become a hot fashion accessory. And sure enough, in the UK someone is selling Hoodie sweatshirts with integrated masks. (spotted via Boing Boing)

I don't know what the law is in the UK, but in the US we have mask laws in many states (written originally to stamp out the KKK), that prohibit the wearing of masks in public. These laws are enforced somewhat erratically -- they never seem to apply on Oct. 31. And some courts have ruled them unconstitutional, although others have upheld them.

There have been a few cases since I wrote The Death of Privacy?, which is a general survey of technological threats to privacy and possible responses, but if you would like a brief discussion of the legal issues relating to masks you will find them in Section II.B.1.b.

Florida Privacy Committee Issues Final Report

The Florida Supreme Court's Committee on Privacy and Court Records has issued its final report:

1. Cover and Contents
2. Part 1
3. Part 2
4. Part 3
5. Part 4
6. Part 5

There's been a fair amount of press attention too. Here's a sampling:

• Palm Beach Post, State panel urges rules on data collection
• Gainesville Sun (AP), State panel supports goal of Internet access to court records

For a taste of the state clerk's spin on all this (their reps wrote one of the dissents), see this article from Manatee county (Bradenton Herald).

More on Cell Phone Paranoia

Since we're doing such a good line is worrying about cell phones this week, here are two more items to tickle the fancy.

First, Michael Zimmer writes about Public Surveillence via Cellphone, pointing to a Wired article on some work at MIT:

Eagle's Reality Mining project logged 350,000 hours of data over nine months about the location, proximity, activity and communication of volunteers, and was quickly able to guess whether two people were friends or just co-workers. It also found that MBA students actually do spend $45,000 a year to build monster Rolodexes, and that first-year college students -- even those who attend MIT -- lead chaotic lives.

He and his team were able to create detailed views of life at the Media Lab, by observing how late people stayed at the lab, when they called one another and how much sleep students got.

Given enough data, Eagle's algorithms were able to predict what people -- especially professors and Media Lab employees -- would do next and be right up to 85 percent of the time.

Ben Hyde noticed the same Wired story and supplements it with this amazing story:

A few years back the Irish cellphone company discovered that they had neglected to discard ten years of this data. Traces of every cell phone user in Ireland for a decade!

Every Cellphone a Walking Bug?

In what may not be tinfoil, Mark Odell reports in the Financial Times, a reliable newspaper, that in the UK at least, governments can turn cellphones into spy microphones,

If ordered to do so, mobile telephone operators can also tap any calls, but more significantly they can also remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call, giving security services the perfect bugging device. “We have inadvertently started carrying our own trackable ID card in the form of the mobile phone,” said Sandra Bell, head of the homeland security department at the Royal United Services Institute.

The source is “LONDON BOMB ATTACKS: Use of mobile helped police keep tabs on suspect and brother” (sub. req.) published Aug. 2, 2005. It is available on Westlaw (Westlaw acct. req.).

14.9 Minutes Left

CNN interviewed me for more than 20 minutes. According to the transcript of 'Paula Zahn Now' this is what survived:

MESERVE: The prospect of more surveillance and interlocking systems puts privacy experts on edge. They worry about whether information and some of those intimate images will be recorded, archived, searched and shared.

A. MICHAEL FROOMKIN, UNIVERSITY OF MIAMI LAW SCHOOL: Are those tapes ever going to leak? How secure are they going to be? Are they going to be encrypted? Who's going to have access to the tapes? Are they going to be passing them around for office parties?

Could have been worse.

First Coverage of Privacy and Court Records Committee Meeting

The first coverage of the Privacy Committee meeting is out:

• Dara Kam, Panel urges state Supreme Court to decide on Web records
• Anthony Colarossi, Panel advises putting court records online

I'm Home

Well, that was an exciting meeting. Lots of close votes all of a sudden. It will be interesting to see how it plays in the newspapers in the next couple of days. (It was, of course, an open meeting.)

I will post a link to our final report when it becomes available — could be a week or more as there's some final tinkering to do.

Final Privacy Committee Meeting

I'm off to Orlando today for the final in-person meeting of the Florida Supreme Court's committee on Privacy and Court records. The staff has done a superb drafting job, but the committee's conclusions are a rapidly moving target so it could be a busy day.

Snooper Nation

Most employers read staff's email:

MORE THAN 55 per cent of US companies snoop on their staff's private email and over 60 per cent are planning to hire more spies, according to a 2005 survey by the American Management Association and Columbus, an Ohio-based training and consulting firm The ePolicy Institute.

Generally speaking, if the staff has advance notice this is legal. (In some cases it may be legal without the notice either.)

Think about what this means for the social compact.

And be warned.

iPods as a "Cocoon of Solipsism"

The wonderful Ian Kerr, a man who organizes one heck of conference and generally fizzes with ideas, notes that a principal in a private school in Australia has banned pupils from using iPods because he believes that “iPod-toting children were isolating themselves into a cocoon of solipsism.”

Ian comments that,

one common conception of “privacy” is as a kind of “space” that enables intellectual consumption/exploration/achievement by allowing people to be “more or less inaccessible to others, either on the spatial, psychological or informational plane.”

And, on that view, iPods generate privacy, which we should see as a good. On the other hand, Ian (who has transcended the shift-key) continues,

ever since nicholas negroponte coined the concept of the “daily me” (referring to people's growing desire for only that information & news that pertained to them individually), much attention has been paid to network technologies and their ability to isolate rather than connect people.

after years of thinking about this, i still have no firm point of view on this subject — it is interesting to note that the article on the iPod referred also to the Blog as a technology used by “ego-centric 'social minimizers'” — but i do think it is worth raising the question whether these technologies are tools of that sort, or whether their use is better understood as a symptom of deeper social ills.

As Ian suggests, the iPod can be seen as a tune-out, turn-off technology, but it can also be described “as the last resort means of achieving intellectual solitude” in “the booming, buzzing confusion of technosociety”.

Personally, having children who seem quite capable of tuning me out without any technological help whatsoever, I have some trouble getting worked up about this. And being relatively libertarian on most social issues, I think whether people choose to be communitarian or solipsistic at various times of the day is their business. What's more, just because someone chooses to tune out for even a few hours per day does not mean that this activity defines them; people are complicated and can move between moods and roles during a day, and during a life.

Florida Committee on Privacy & Court Records Update

I have been very negligent in not linking to the draft report of the Florida Committee on Privacy and Court Records. Comments are open for two more days at the Florida Courts website.

The committee's very able Chair, Jon Mills has written a short article summarizing the issues.

Opting-Out of Tracking Cookies

If you have not done so recently, it's a good idea to visit the tracking cookie opt-out page. With a few clicks you can block cookies from Doubleclick and six other Internet tracking/marketers. Ironically, you must allow the site to set a “no thanks” cookie, so cookie blockers must be turned off to make this work.

If you use more than one browser, you'll also need to repeat the exercise for each one.

Update: Ed Bott has even better suggestions.

News Coverage of Fl SCt Privacy Committee Meeting

Two news articles on what I did yesterday, Palm Beach Post, Panel agrees on Internet access to court documents in Florida and Orlando Sentinel, Panel wants records online.

The Future is Here and Your DNA Has Been Subpoenaed

Declan McCullagh has finally fixed the RSS for his Politechbot list so I guess I'm reading it again. Here's a fascinating item originating from an email from Ethan Ackerman that I'm taking the liberty of quoting in full because it raises so many issues.

Cops covertly acquired tissue of BTK suspect's relative — from medical lab: In developments straight out of GATTACA's handshake scene, A Kansas City Star report indicates that the suspected “BTK” killer was tentatively linked to crime scene evidence by acquiring genetic material from the suspect's daughter's medical records - the tissue samples being taken without her knowledge.

http://www.kansascity.com/mld/kansascity/news/nation/11035826.htm

The article goes on to give a brief but factually accurate explanation of how a request for “medical records” is entirely within the framework of the federal medical privacy laws (HIPAA), and also gives a likely source of the tissue - a routine pap smear. The article suggests that a judge issued a secret order for the records, though the article does not state if it was a formal 4th Amendment “probable cause” warrant, or some lesser standard subpoena, or even go into whether the police were required to acquire an order under HIPAA (there are circumstances where agents can just the recordholder.)

BUT the article also doesn't raise the fact that what was apparently requested was NOT “health information” - what HIPAA protects - but actual tissue from the suspect's daughter's file samples.

I'm operating on a few words from one article here, so the facts aren't definitive, but this seems quite an interesting breach of privacy expectations, independent of how it may legally turn out.

On one hand, court-compelled physical examinations have been ruled Constitutionally sound (thus, you can be compelled to give a tissue sample, or even forcibly sampled.) On the other hand, how many American women even know labs keep pap smear samples, much less would think it reasonable that their pap smears would one day be turned over to police to tentatively connect their sons or daughters to crimes?

Don't Send the Ransom Note in Color

Government Uses Color Laser Printer Technology to Track Documents. As the item notes, the fact that this is being done isn't news, but the stuff about how they do was new to me. Link to PC World story.

Update (10/23): Ed Felton has thoughtful thoughts on this.

Sarasota HeraldTrib Reports on Privacy Commitee

Pretty good article by Robert Patrick of the Sarasota Herald Tribune, Decision on records due in 11 months, summarizing last week's meeting of the Florida Courts' Privacy Committee, and the very ambitious tasks that lie ahead of us.

For the Civil Libertarian In Your Life

More On Privacy and Court Records

Just a few semi-random notes from the meeting I'm attending in Tampa on privacy and court records.

• Florida's open records law doesn't apply to judicial committees. Thus, although the meetings are open to the public and there's even a court reporter here writing down everything said during the two days (hired by a private law firm for its own benefit; I guess it's cheaper than sending a lawyer), groups of us are allowed to dine together socially without violating the law. Executive branch committees can't do that in Florida without violating the Open Meetings laws. Alas, it was raining last night so a group of us dined in the hotel. Good food, but no way the state's per diem will cover the bill.

• The Committee has an impressive amount of expertise. Many of the members are veterans not just of the bench and of judicial administration reforms but of several previous court committees on high tech subjects. One thing that I can’t help noticing, however, is how the dominant presentational style is North or Central Florida, rather than the South Florida I'm used to. That means people are frequently soft-spoken, vaguely Southern, almost always over-modest. Even the judges are remarkably kind and pleasant, which is not inevitable in my experience (is this a side-effect of an elected bench? Or just smart selecting by the committee organizers?).

• One of the speakers, Susan Larson, pointed us to a comprehensive web site she maintains on Public Access to Court Records, which looks like a treasure trove of material about what other jurisdictions are doing.

• I am not very impressed with the abilities of many of Florida's politicians. I am impressed with the quality of the state (not local!) bureaucracy. My dealings with people in the Secretary of State's office a few years ago on digital signature matters was a happy surprise. The people from the Supreme Court Clerk's office are even more impressive.

• The problems that the committee is charged with solving are even more complicated than I feared, especially given the thicket of relevant federal and Florida constitutional provisions (and separation of powers issuess…), statutes, rules of court, and issues of relations between courts and regional court clerks (who are separately elected and powerful local officials).

Privacy and Court Records

I'm off to Tampa early this morning for two days for the inaugural meeting of the Florida Supreme Court Committee on Privacy and Court Records.

If the truth be told, I suspect that the fundamental problem which the Committee is supposed to solve is a typical tragic choice, one with no pure solution. Thus, when first asked to serve, I expressed reluctance. But when pressed, I capitulated: service on committees like this is part of the social contract I think ought to apply to law professors.

So here I am. If there's a way to preserve the tradition of the fullest practicable public access to court records (a First Amendment right, and maybe a due process right too) in an age of cheap online full text access and also fully to protect the reasonable privacy interests of people caught up in Family Court or the like (especially pro se's who often disclose too much about themselves in their filings), I have yet to hear of it.

Some compromises are better than others, but they have resource implications that may be a tough sell in Florida. (Indeed the whole issue is quite political in this state as the revenues from selling electronic access accrue to the offices of the clerks of the regional courts, and they may well object to anything that threatens this revenue stream to their offices or imposes expensive redaction duties.)

Background reading, if you are so minded, begins with the Florida Judicial Management Council Privacy and Electronic Access to Court Records—Report and Recommendations (Dec. 17, 2001) and Florida Report of the Study Committee on Public Records (Feb. 15, 2003).

RFID Tags in $20 Bills? Nah.

RFID tags are big news these days, and for good reason. But I'm fairly sure that if there were any truth to this claim that RFID tags were snuck into the new $20 bills and that the RFID Tags in New US Notes Explode When You Try to Microwave Them, I'd have heard about it. Slashdot ran the story, but I still think it's not so.

In contrast, RFID tags are going to be embedded in Euros. Which I think is supremely stupid, and an invitation to high-tech targeted mugging. Plus hiding cash under the mattress won't work if the burglars have an RFID detector. No word yet on what happens when you microwave a new-model Euro.

Something New to Worry About: Loss-of-Identity Theft

The ever-wonderful RISKS Digest brings warnings of Loss of Identity Theft

I was recently the executor of a relative's estate and was shocked to discover that I was able to cancel his private health insurance, his veteran's health benefits, one dozen credit cards, and all of his retirement direct deposit payments with simple phone calls. At no time did anyone ask me to prove that I was who I said I was or whether I had executor power over his estate. I simply presented a plausible sounding story, knew his social security number and his account numbers and was able to close his accounts over the phone. To make it even more interesting our last names are not even the same!

German Court of First Instance Issues Major Ruling Upholding Right Against Government Surveillance on Sidewalks

disLEXia 3000 blog reports on what sounds like a major German court decision on privacy in public places.

Court: leave unobserved areas for pedestrians
Heise is reporting that a german court just ordered a shop to stop complete camera surveillance of the sidewalk/ambulatory around their premises. The court upheld that this even is the case if the sidewalk is owned by the shop but used by the general public for passage.

In any cases there must exist a “tunnel” of unsurveillanced ground where people can pass through.

If this judgment is upheld major parts of our cities should see dismantling of thousands of cameras.

Oh, how I wish I read German! The Heise article gets mangled less than usual by the Babelfish (see extended entry), but it's still mangled. And there appear to be a court decision and a decision of Privacy Commissioners somewhere too…

For starters, I'd like to know the legal basis of this decision. Is it the German Constitution? A statute? A local ordinance? Something at the Euro-level (surely not the toothless data protection directive)?

Here's the babelfish rendering of the Hesse article:

Judgement limits video monitoring

For the public accessible sidewalks may be supervised not completely with video cameras. This decided the district court Berlin center on Thursday. The judgement could have signal effect, because in opinion of the data-security commissioners the video monitoring of public areas takes ever more over hand.

The judge forbade , an animated and arcade belonging to the business to the culture department store Dussmann at the citizens of Berlin Friedrichstrasse surface covering from electronic eyes beschatten to leave. Maximally the sidewalk may be taken to an extent by a meter in the camera visor, is called it in the arbitral award with the file reference 16 C 427/02. A complete monitoring of the passage considered the court also illegal if the controlled ranges in the property of a private business. In any case unobserved tunnel for passanten is to be kept free.

The judgement is a Schlappe for the Dussmann group, since it offers safety engineering and building management also as service. Had complained a citizen of Berlin journalist, who felt hurt with the course to the work and to administrative authorities in center by the constantly running along camera in its fundamental rights. It was supported by the Humanisti union. The speaker of the citizen right organization, Nile Leopold, was pleased opposite heise on-line about the erstrittenen “partial success”. Now not only Dussmann would have DaimlerChrysler in “its” quarter at the Potsdamer place the imported system, but for example also for video monitoring completely to consider and arrange new.

Completely Leopold is content however not yet. For the citizen is not recognizable his opinion after with the permitted monitoring area of a meter “, to which extent a camera films”. The Humanisti union therefore examines whether it is to forestall Dussmann and request for their part an appointment. “the judge saw further clearance with the decision”, believes Leopold to have determined. Penetrating of the video monitoring into ever more public areas is altogether violently disputed. The police and the Ministers of the Interior see therein a suitable means for effective prosecution, while data-security commissioners are afraid the structure of uncontrollable video archives and possible couplings with biometric methods of analysis for the identification of individuals. (Stefan Krempl) / (ad/c't)