Category Archives: Civil Liberties

IAB’s Major Statement on Internet Privacy

Posted on November 14, 2014 by Michael Froomkin

Looks like the IAB is being all Habermasian again:

IAB Statement on Internet Confidentiality

In 1996, the IAB and IESG recognized that the growth of the Internet depended on users having confidence that the network would protect their private information. RFC 1984 documented this need. Since that time, we have seen evidence that the capabilities and activities of attackers are greater and more pervasive than previously known. The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.

Newly designed protocols should prefer encryption to cleartext operation. There may be exceptions to this default, but it is important to recognize that protocols do not operate in isolation. Information leaked by one protocol can be made part of a more substantial body of information by cross-correlation of traffic observation. There are protocols which may as a result require encryption on the Internet even when it would not be a requirement for that protocol operating in isolation.

We recommend that encryption be deployed throughout the protocol stack since there is not a single place within the stack where all kinds of communication can be protected.

The IAB urges protocol designers to design for confidential operation by default. We strongly encourage developers to include encryption in their implementations, and to make them encrypted by default. We similarly encourage network and service operators to deploy encryption where it is not yet deployed, and we urge firewall policy administrators to permit encrypted traffic.

We believe that each of these changes will help restore the trust users must have in the Internet. We acknowledge that this will take time and trouble, though we believe recent successes in content delivery networks, messaging, and Internet application deployments demonstrate the feasibility of this migration. We also acknowledge that many network operations activities today, from traffic management and intrusion detection to spam prevention and policy enforcement, assume access to cleartext payload. For many of these activities there are no solutions yet, but the IAB will work with those affected to foster development of new approaches for these activities which allow us to move to an Internet where traffic is confidential by default.

Posted in Internet, Surveillance | Comments Off on IAB’s Major Statement on Internet Privacy

Anyone Interested in Data Anonymization or Differential Privacy Should Read This

Posted on October 16, 2014 by Michael Froomkin

Riding with the Stars: Passenger Privacy in the NYC Taxicab:

Larry Flynt’s Hustler Club is in a fairly isolated location in Hell’s Kitchen, and no doubt experiences significant cab traffic in the early hours of the morning. I ran a query to pull out all pickups that occurred outside the club after midnight and before 6am, and mapped the drop-off coordinates to see if I could pinpoint individuals who frequented the establishment. The map below shows my results – the yellow points correspond to drop-offs that are closely clustered, implying a frequent customer.

The potential consequences of this analysis cannot be overstated. Go ahead, zoom in. You will see that the GPS coordinates are terrifyingly precise. Using this freely-obtainable, easily-created map, one can find out where many of Hustler’s customers live, as there are only a handful of locations possible for each point. Add a little local knowledge, and, well, it’s not rocket science. “I was working late at the office” no longer cuts it: Big Brother is watching.

Even without suspicions or knowledge of the neighborhood, I was able to pinpoint certain individuals with high probability.

Differential privacy — blurring the info — can work here. Note however, that for differential privacy to work, it must be applied with a very clear idea of the future uses that could be made of the data. This is often not at all easy.

Posted in Surveillance | 1 Comment

Ferguson’s Backstory

Posted on August 18, 2014 by Michael Froomkin

Amazing Whitepaper by ArchCity Defenders, a legal aid organization representing indigent defendants in the St. Louis metropolitan area, on how Ferguson police/prosecutors/judiciary are in league to milk poor defendants of large fines on the basis of petty offenses.

Among the shocking bits — yes it’s still possible to be shocked — are

  • Plea bargains offered to defendants rich enough to hire lawyers, but not to pro se defendants
  • the systematic closing of courtrooms to the public,
  • prohibiting defendants from bringing their children to court (and in at least one case charging the defendant for child neglect for leaving the child outside)
  • starting trials 30 minutes before time on summons and locking doors to court five minutes after the official hour, “a practice that could easily lead a defendant arriving even slightly late to receive an additional charge for failure to appear.”

There’s actually a lot more – well worth a read. Note in particular that Ferguson was one of only three municipalities in the greater St. Louis metro area singled out by Arch City Defenders for a particularly abusive practices; this is not business as usual but nor is it an isolated phenomenon.

(Spotted via Daily Kos).

Posted in Civil Liberties, Law: Criminal Law | 5 Comments

Social Cost of Fighting Face Recognition

Posted on July 24, 2014 by Michael Froomkin

dazzle1It’s large:

Because here is the essence of CV dazzle’s strangeness: The very thing that makes you invisible to computers makes you glaringly obvious to other humans.

via Anti-Surveillance Camouflage for Your Face – The Atlantic.

Posted in Surveillance | Comments Off on Social Cost of Fighting Face Recognition

All Comms Are Being Monitored

Posted on June 6, 2014 by Michael Froomkin

More evidence that the cypherpunks were right, this time in the Guardian:

Vodafone, one of the world’s largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.

–Juliette Garside, Vodafone reveals existence of secret wires that allow state surveillance. Wires allow agencies to listen to or record live conversations, in what privacy campaigners are calling a ‘nightmare scenario’

Posted in Surveillance | 1 Comment

Reset The Net

Posted on June 5, 2014 by Michael Froomkin

reset-the-net

Posted in Internet, Surveillance | Comments Off on Reset The Net