Building Privacy into the Infrastructure: Towards a New Identity Management Architecture comes to what I fear some of my friends in the privacy community will find to be an unacceptable conclusion.
I’ll be presenting it at the Privacy Law Scholars Conference in Washington next week. Hopefully, since many attendees are in fact friends, they won’t bring brickbats.
In a Wall Street Journal debate today I argue that drones should not be allowed to overfly private property without the inhabitant’s consent due to the privacy risks, the consequent erosion of the 4th Amendment, and other dangers. This echoes some of the arguments in Self-Defense Against Robots and Drones, the recent Connecticut Law Review article I wrote with Zak Colangelo.
Ryan Calo gives the other side, arguing that overflights should be allowed in order to spur innovation. I think the WSJ sees him as the Bolshevik here, as they sum up the debate like this:
A. Michael Froomkin, the Laurie Silvers and Mitchell Rubenstein distinguished professor of law at the University of Miami School of Law, says that drones pose a huge threat to security and privacy, and that property owners should be able to keep them from flying over their land. Ryan Calo, an assistant professor of law at the University of Washington, says decisions about where and when drones can fly should be made collectively, not by individual landowners.
Who would have imagined I’d be the right-winger in a debate on the pages of the Wall Street Journal? I suspect that my former boss, Judge Stephen F. Williams, would be quite amused, although he’d probably describe it as vindication.
Magistrate Judge James Orenstein of the E.D.N.Y has issued a 50-page order in a case similar to the Apple v FBI case that has been in the news. In this case too, the government sought to have Apple defeat the passcode security limit on an iPhone so the government could extract the data pursuant to a valid search warrant.
The opinion is a slam-dunk win for Apple, rejecting the government’s All Writs Act (AWA) request on multiple grounds. Among them is that Apple does not meet the test in the leading Supreme Court precedent, New York Telephone due to Apple’s distance from the alleged crime and the burden to Apple of complying. There’s two constitutional arguments: one on separation of powers, that an absence of prohibition by Congress should not be treated as permission, and one on the implications of the government’s expansive view of the AWA, under which any of us could be conscripted to do things we might hate doing to help the government in investigations or worse. (Judge Orenstein gives the I hope extreme example of a drug company forced to produce an execution drug against its will if the government has no other source of supply.)
Apple also wins on discretionary grounds.
This opinion is a thoughtful and on just about all points persuasive work, and it should be influential as these cases trundle through the legal system.
The government’s attempt to get Apple to build a bespoke operating system so they can brute force access to an iPhone without it erasing its data has led the media to some of us who were in the first round of the crypto wars. Today was my turn. A few seconds on CBS in the Morning, ink in a nice explainer by Steve Lohr in the New York Times. I also spoke to the LA Times and the Wall St. Journal, but I haven’t seen what if anything they made of it.
I presume they found me because I wrote the first US legal article on law and encryption: The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution. There’s also a shorter sequel that some find easier to read, It Came From Planet Clipper.
The Apple case potentially raises at least these major legal issues:
- To what extent the government can use the All Writs Act to compel people unrelated to a case to provide unwilling technical support–here, Apple says, 12-40 man-weeks of expert engineering–to the government’s efforts to disable a security system in order to effectuate a search warrant or similar court order;
- Whether ordering a firm to write code (here, a bespoke phone OS), is a form of compelled speech violating the First Amendment
- Whether ordering a firm to digitally sign that code (or anything else) is an impermissible form of compelled speech
- Whether if a court can issue this order requiring assistance to disable a security system without violating the Constitutions, it follows that Congress could also legislate to forbid people from building strong security systems that the government cannot break into unassisted — and, most critically, whether that would mean the government could forbid the deployment of strong cryptographic tools without back doors. (This last issue was the main subject of the two articles I linked to above. It’s not a simple question.)
Although the Apple issue likely will be decided on non-constitutional grounds, the parties are making a record on the constitutional issues with an eye to a set of appeals that could go as far as the Supreme Court. The issues are important and interesting, so the media is right to treat this as a big deal.
Concerned by sneaky updates to Windows telemetry on my Win 7 boxes … the object of which seems to be to degrade their privacy to a level equal to Window 10 minus the always-on eavesdropping of Cortana (No Thanks!)…I am running this batch file from an elevated command prompt to clean things up. I adapted it and slimmed it down from the to my eye excessive version at wildersecurity.com.
Text of the key parts of the file below if your system blocks downloads of .bat files, as well it might.
“If you think privacy is unimportant for you because you have nothing to hide, you might as well say free speech is unimportant for you because you have nothing useful to say.” (source)
I have seen this attributed to Edward Snowden but I’ve also seen it said that his original was “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” (Snowden in this reddit interview.) Either way it’s good.
The new Ashley Madison Hack lookup tool is at https://ashley.cynic.al/.
As the site notes, just because an email is in there doesn’t prove the person who uses it signed up. But I would find it at least suggestive once we have some evidence that the DB itself is the real thing. (I suppose this doesn’t suffice.)
Thirty-six million — 36 million! — names in the hacked Ashley Madison database? Perhaps North Americans really are not that different from the French when it comes to affairs, just sneakier.
That said, (unlike some and some more) I don’t look forward to an orgy of outing with much pleasure, and think it likely will hurt more people than it helps. I guess I believe that at least in some cases, although certainly not all, the pig really is happier than Socrates.