Category Archives: Law: Privacy

We Predicted This One Years Ago

Accused bank robber wants NSA phone records for his defense

One of the exceptionally odd things about about the revelations about the NSA metadata and phone records revelations is that I, not to mention various other Cypherpunk fellow travelers, predicted all this 15 years ago.

In fact, we predicted it so long ago, that almost no one seems to remember we did.

I have to say, though, that this is the first story I’ve seen on the subject that made me smile. So that’s something.

Unfortunately, this may not be the perfect test case:

Prosecutor Michael Gilfarb told the judge that even if the information is available, it may be irrelevant depending on whether Brown carried a phone.

Brown’s wife, Vesta Murat Brown, who testified for the prosecution Wednesday morning, told jurors that her husband didn’t have a cellphone at the time but sometimes borrowed phones from her, other family members or friends.

But even if it isn’t, it won’t be long:

Local lawyers said they anticipate there will be many more requests for this kind of information now that defense attorneys know the information may have been preserved.

Posted in Law: Privacy | 2 Comments

Meme Watch: “Pocket Stasi”

I think the phrase “pocket Stasi”, meaning a cell phone that tracks and surveils you too much, has legs.

I first ran in to it yesterday, in a review of the Moto X flagged by David Farber’s email list:

… essentially, it’s the world’s most sophisticated cluster of sensors you can wear on your person, and it’s going to know every single thing you do, whether it’s driving, sleeping or taking a walk around the block. Google is betting that you will love your pocket Stasi so much you’ll never want to be without it—and Google is right.

I don’t know what the first use might be – maybe LibrarianShipwreck, The Stasi Agent in Your Pocket?

Yes, it trivializes the horror of the Stasi — totalizing sensors are bad, but not as bad as a secret police, nor is Google a pipeline direct to one. But I still think the phrase has legs.

Posted in Android, Law: Privacy | Leave a comment

A Note From the Surveillance Society

This, spotted at a local fast foodery, is depressing:

Since when is it the rule that if you don’t want to be on camera, you must be up to no good?

And no, I do not find the concept of a “burrito-cam” comforting in any way shape or form.

Posted in Civil Liberties, Law: Privacy | 1 Comment

Big Brother is WWWatching You (feat. George Orwell)

Rap News 15:

Good stuff! Lots of cute in-jokes too.

Spotted via BoingBoing.

Posted in Civil Liberties, Cryptography, Internet, Law: Privacy | Leave a comment

Privacy and the Lumpen Consumertariate

The Secret Shopper by Willie Osterweil has a bit too much jarring Marxist jargon for me to feel in tune with it, but it makes some provocative points about the institution of the “Secret Shopper” — the folks hired by management to go to stores and pretend to be customers and then report on the quality of the service.

Stripped of (some of) the cant, the conclusion is that the mystery shoppers are tools of conformity:

Mystery shoppers are miniature thought police, affective pinkertons, mercenary management to whom real management outsources the legwork of everyday psychic control. They are sent in to break the avenues of refusal available to workers, to enforce the arbitrary standards dreamed up by marketers, bureaucrats, and MBAs that so deaden the experience of everyday life under late capitalism. … All just for a little extra cash for the weekend.

Producing identification with the bosses; smashing labor; and making solidarity difficult through contract labor, precarity, and remote working are key features of neoliberal workplace organization. But central to this vision, too, is workplace surveillance. … Heightened workplace surveillance helps build a workplace where no time is wasted, where all effort is put directly into the production of the bosses’ product. But it transforms more than just the bottom line.

The threat of the ever-present spy, the fear that the woman who forgot her ID in the car but swears she’s 18 is actually a scab employed by your boss, means you trust no one, expecting them all to be against you, out to catch you breaking management’s rules, which you now enforce with paranoiac efficiency. Surveillance, ultimately, isn’t about stopping crime. It’s about making police.

I think that even if you are OK with Taylorized service jobs, this critique ties somehow to the importance of privacy in other realms — or the need for concern about the upcoming Dossier Society — more generally. Data is a way to watch you too.

Posted in Law: Privacy, Shopping | 1 Comment

Obama Unveils “Consumer Privacy Bill of Rights”

Today the the Obama Administration is unveiling its new “Consumer Privacy Bill of Rights” (quoted in full at the end of this post) which they tout “as part of a comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled.” [Update: The White House issued this ‘white paper’, Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy that it says provides the background for the proposal. Despite the January cover date, I think it’s new, suggesting that there may have been some last-minute tussle about the contents?] [Update2: White House “Fact Sheet” on ‘Consumer Privacy Bill of Rights’.]

But as far as I can tell from my initial read, this is only a first step towards rules with a tooth or two. Next, our friends at NTIA (the people who gave you the modern ICANN), will be “conven[ing] Internet companies and consumer advocates to develop enforceable codes of conduct that comply with the Consumer Privacy Bill of Rights, building on strong enforcement by the Federal Trade Commission. The Administration will also work with Congress to enact comprehensive privacy legislation based on the rights outlined here.” Good luck with that in this Congress.

NTIA does have a strong and smart leader right now, Lawrence E. Strickling, the Assistant Secretary for Communications and Information, so this could be good. On the other hand, Strickling has shown willingness to carry the trademark lobby’s water on some ICANN issues (what else is new?), so this bears watching. On the good side, the administration is asking for enforceable legislation, not some blurry new public-private partnership. And the Commerce Department wrote a pretty good requirements document for what the policy should look like in its recent National Strategy for Trusted Identities in Cyberspace (April 2011). That document envisioned an “Identity Ecosystem” described as a system that will enhance privacy and civil liberties:

The Identity Ecosystem will use privacy-enhancing technology and policies to inhibit the ability of service providers to link an individual’s transactions, thus ensuring that no one service provider can gain a complete picture of an individual’s life in cyberspace. By default, only the minimum necessary information will be shared in a transaction. For example, the Identity Ecosystem will allow a consumer to provide her age during a transaction without also providing her birth date, name, address, or other identifying data.

In addition to privacy protections, the Identity Ecosystem will preserve online anonymity and pseudonymity, including anonymous browsing.

However, while setting out the outlines of how such a system might work in theory, the Strategy did not attempt to explain key aspects of how its ambitious goals might be attained in practice. Instead it sets out a ten-year roadmap, in which the first three to five years require “standardization of policy and technology” based on the twin pillars of underlying reliable offline credentials and private-sector leadership. Worse, only one month later, however, the White House released its International Strategy For Cyberspace, a document that while by no means all bad (it extolled the Internet’s benefits and opportunities), also warned darkly of the Internet’s dangers:

Extortion, fraud, identity theft, and child exploitation can threaten users’ confidence in online commerce, social networks and even their personal safety The theft of intellectual property threatens national competitiveness and the innovation that drives it These challenges transcend national borders; low costs of entry to cyberspace and the ability to establish an anonymous virtual presence can also lead to “safe havens” for criminals, with or without a state’s knowledge Cybersecurity threats can even endanger international peace and security more broadly, as traditional forms of conflict are extended into cyberspace.

And it is this latter document, not the better Identity Management paper from a month earlier, that gets cited in today’s press release about the “Consumer Privacy Bill of Rights”. Which vision will prevail – the primarily pro-privacy vision or the Internet-as-danger vision? The Administration’s press release sounds some positive notes, for example this one:

Achieving privacy policies for a Global, Open Internet: U.S. companies doing business on the global Internet depend on the free flow of information across borders. The Administration’s plan lays the groundwork for increasing interoperability between the U.S. data privacy framework and those of our trading partners.

At very hurried first glance the Consumer Privacy Bill of Rights idea seems based on principles that actually sound good…but may not be quite as great as they sound:

American Internet users should have the right to control personal information about themselves. Based on globally accepted privacy principles originally developed in the United States, the Consumer Privacy Bill of Rights is a comprehensive statement of the rights consumers should expect and the obligations to which companies handling personal data should commit. These rights include the right to control how personal data is used, the right to avoid having information collected in one context and then used for an unrelated purpose, the right to have information held securely, and the right to know who is accountable for the use or misuse of an individual’s personal data.

Does this mean the US will catch up with the EU’s data protection regime? I can’t tell for sure, but my first guess is “no”. To say that these are “obligations to which companies handling personal data should commit” is carefully not to say that these are obligations to which corporations will be required to adhere. At least not yet. Or at most only sectorally, rather than generally. Meanwhile, though, we’re going to kick the can down the road a bit, and “convene stakeholders including industry and privacy advocates to develop enforceable codes of conduct that implement the principles in the Consumer Privacy Bill of Rights for specific industry sectors.” But only those rules that “will keep up with, and not hamper, the pace of innovation.” So if your business model is, like Facebook or Google, based on using consumer information, then what?

There is one thing everyone agrees on – that companies should keep their promises about privacy and that the FTC can enforce on them when they do not – and this will remain a major enforcement tool. That’s good as afar as it goes, but in most cases that is only as far as your carefully drafted EULA.

The Administration seems to envision a legislative proposal, I would imagine after the election. It will set out the “basic principles the Administration believes should be reflected in a privacy law” which will on the one hand involve proposing “clear and actionable rights” while also providing “a way for companies to be confident that they are respecting these rights through an FTC-approved enforcement safe harbor.”

Let the food fight begin?

Here is the advance text of the Obama administration’s “Consumer Privacy Bill of Rights”:

Continue reading

Posted in Law: Privacy | Leave a comment

Bus-based Cameras to Watch Cars

We’re clearly moving towards a tipping point on total traffic surveillance. Here’s SF’s contribution:

Big Brother will be watching you.

Within the next 15 months, every one of Muni’s 819 buses will be outfitted with cameras capable of snapping photos of vehicles illegally travelling or parking in The City’s transit-only lanes. Any car caught on tape will be subject to fines of up to $115.

Since 2008, about 30 Muni buses have been equipped with the cameras. And even though the rollout has been modest so far, the results have been telling, said John Haley, transit director of the San Francisco Municipal Transportation Agency, which operates Muni.

“The cameras have been instrumental in changing driver behavior,” said Haley. “When cars see a bus coming, they get the hell out of the way now.”

Muni expanding camera program to nab drivers in transit-only lanes

Spotted via Slashdot, San Francisco Enlists Bus Cameras For Traffic Law Enforcement.

So both government and private industry (insurance) will be watching us. Parents following kids are next (cellphone based apps already provide a form of this service, but it’s easier to ditch the phone than the car). Then we start monitoring people parked near bars. Eventually we move to predictive models of traffic violation. Then maybe we start modeling other crimes, like drug buys and curb crawling. (Pity it doesn’t work for insider trading.) Meanwhile the huge databases are constructed for use by law enforcement, and discovery in civil suits. Even if all this remains on balance benign in rule-of-law democracies, it invites small-scale abuses.

And in autocracies we can expect large-scale abuses on a grand scale. That’s a serious problem that doesn’t get thought about nearly enough as we build and then export the technologies.

Posted in Law: Privacy | 1 Comment