Category Archives: Surveillance

Dystopian Fiction in Everyday Life

The Tampa Bay Times has the scoop on a new surveillance plan in Pasco County, Florida.  The Sheriff’s Department there is targeting people for enhanced police scrutiny based on what it claims is an “unbiased, evidence-based risk assessment designed to identify prolific offenders in our community.”

“As a result of this designation,” the Sheriff’s office warns targeted residents, “we will go to great efforts to encourage change in your life through enhanced support and increased accountability.”

Naturally, there’s a federal lawsuit.

Indeed, last year, the paper reports, “a Tampa Bay Times investigation revealed that the Sheriff’s Office creates lists of people it considers likely to break the law based on criminal histories, social networks and other unspecified intelligence. The agency sends deputies to their homes repeatedly, often without a search warrant or probable cause for an arrest.”  In addition, there’s “a separate program that uses schoolchildren’s grades, attendance records and abuse histories to label them potential future criminals.”

To rub salt in the wound, the Sheriff’s Office has a video telling the program’s victims of increased harassment that inclusion is “good news” because it will give them opportunities to receive “assistance”. A hint of what that looks like comes in its letter to the surveilled, which warns, “Our desire to help you will not hinder us from holding you fully accountable for your choices and actions,” and promises that recipients’ names and criminal histories with get sent to local, state and federal law enforcement agencies to ensure “the highest level of accountability” for any future crimes they commit.

Spotted via Crooks & Liars’s Susie Madrak, Dept. Of Pre-Crime: Florida Sheriff Harassing Pre-Criminals — What could possibly go wrong, other than civil rights violations?. Photo Licensed via Creative Commons Attribution 4.0 International License by Fabius Maximus Blog

Posted in Law: Criminal Law, Law: Privacy, Surveillance | 5 Comments

10 Things You Can Do to Protect e-Privacy & Autonomy

At UM’s Data Privacy Day event I made 10 suggestions about what you can do to protect your e-privacy and autonomy.  Here they are:

  1. Trust cyber-civil liberties NGOs like EFF to recommend things to use and to do. If you take away nothing else, remember this URL: Eff.org.
    1. Use EFF’s Privacy Badger browser plugin.
    2. Take their audit – Panopticlick – of how unique your browser fingerprint is.  Unique fingerprints are a way you can be tracked. Block cookies and super-cookies.
    3. Use their Https Everywhere tool
    4. Find the EFF surveillance self-defense guide. It offers advice tailored for different groups that might have greater / lesser needs for privacy/defense (e.g. LGBTQ, activists, journalists, lawyers, activists).
  2. Use VPNs — virtual private networks.  And only use good ones – be careful about jurisdiction and policies:
    1. The UM off-campus VPN is a valuable service, and good to protect against third parties … but not against UM. Does UM log your usage? Do they record your originating IP#? The sites you visit? Despite some frantic Google searches, I can’t tell — it seems they don’t say. I think therefore you have to assume they do. And if were the UM General Counsel my first instinct would probably be to say they need to do the logging to protect themselves.
    2. Is your VPN service dirt-cheap or free? Does the service cost only a few dollars for a lifetime service? There’s probably a reason for that and your browsing history may be the actual product that the company is selling to others.
        1. Look for establishment in a democratic country with a strong commitment to the rule of law.  Without that, even the best promises in the Terms of Service (ToS) to not log web page access OR IP# and access times is meaningless.  Note that many, probably most, VPNs in most other countries are required to do some logging.https://it.miami.edu/a-z-listing/virtual-private-network/index.html
        2. Does the VPN promise to prevent DNS leakage to your ISP?
        3. Ideally, the VPN should support IPv6 as well as IPv4 to prevent leakage when the remote site is on IPv6. This will become more important in the future as more and more sites move to IPv6.
  3. Use Tor as much as possible.  (But see #8 below.)
  4. Inspect your browser settings on your phone and computer to set max privacy options (including blocking 3rd party cookies and enabling Do Not Track).  Use a privacy hardened browser on your phone such as the Warp browser.  On both computer and phone always use a search engine such as Duckduckgo that will not track you.
  5. Encrypt every drive, every email (when possible), and especially all cloud-stored data before uploading it.
  6. Get a password manager and use it – never re-use a password. Use 2-factor authentication for google, other services that support it. (Only 10% of google users do!)
  7. Don’t put any apps on your phone that connect to anything financial (due to risk of ID theft if phone stolen).
  8. Lobby UM to make it easier to use VPNs and Tor, on both the wired and wireless networks.  Ask UM to be more transparent about what cookies its web pages set and what they track and record.  And, importantly, ask UM to not require you take every single UM cookie in order to use the “remember me for 30 days” feature of its authentication app DUO.  Also, ask UM to promise that it has your back, and that it will challenge any request for your data to the maximum extent the law allows (right now it makes no such promises at all; even National Security letters are sometimes withdrawn if the data-holding entity says it will go to court to ask for it to be reviewed).
  9. Lobby for privacy laws that limit data collection – once data are collected major First Amendment issues come into play, making it hard to limit use and re-use of accurate data. Also lobby to stop the US government secretly introducing vulnerabilities into fundamental crypto standards.
  10. Resist the frame: understand that the true definition of the ‘greater good’ is one in which the individual is able to flourish. Remember that ‘terrorist’ is a label that fits best after conviction – before that what we have is a ‘suspect’; conceivably any of us can be a suspect. So arguments that we should control crypto or prevent privacy in order to give law enforcement access to all our data when they decide they need it should be viewed with great caution and a firm eye on how the powers they want could be misused by them or by others who get hold of their tools. And even if we someday find ourselves in a world where things have gone badly wrong, and we do find ourselves subject to pervasive surveillance, follow Vaclav Havel, who in his great work ‘Living in Truth’ reminded us that so long as we choose not to self-censor we have chosen not to surrender a key part of our freedom.

(Some links added after original posting)

Posted in Cryptography, Internet, Law: Privacy, Surveillance, Talks & Conferences | 1 Comment

Cops Push Citizen Self-Surveillance in Plea Bargains

You might be tempted to dismiss NY: Police are blackmailing motorists into installing cellphone monitoring devices as an aberrant act by local cops were it not sponsored by an international firm that supplies the monitoring technology.

As far as I can tell, the enforcement authority pushing the so-called ‘Distracted Driver Education Program’ (DDEP) is local Nassau County, not the ‘feds’ as reported in the article. “Blackmailing” also isn’t the word I would choose here, but by any standard it’s a pretty ferocious plea bargain deal.

Even more worrying, the attempt to find ways to get people to pay to spy on themselves and on others for the benefit of law enforcement echos this incident, Police Demand Shop Install Surveillance, Give Cops Full Feed, and also Right to Ban Customers, that I blogged about a month ago.

This is a trend that bears watching.

Posted in Law: Criminal Law, Law: Privacy, Surveillance | Leave a comment

Police Demand Shop Install Surveillance, Give Cops Full Feed, and also Right to Ban Customers

This story in the New Times seems outrageous:

But in September, the city suddenly declared the store a nuisance, citing drug deals made nearby. And the Nuisance Abatement Board made a long series of demands, including one that struck Corine as beyond strange: To get back in good standing, she needed to install 24/7 security cameras that would allow police constant live-feed access to the store.

The board also required Corine give police the power to remove people from her property. Officers quickly made a list of people the police department had decided were banned from Bradley’s and began arresting people for trespassing, though Corine says they were just shopping.

via Bradley's Market In Overtown Sues City After Police Demand Constant Surveillance, Boot Customers | Miami New Times.

There is a slight twist to the backstory: after a generation or two as one of Miami’s most blighted neighborhoods, Overtown is now suddenly the target of redevelopment. So part of the story may be an attempt to drive out a store that is surrounded by vacant lots in order to make up a nice parcel….

Posted in Miami, Surveillance | Leave a comment

Speaking at 3 to National Academy Panel

I’m on the (token?) Privacy session for a day-long event organized by a panel of the National Academies of Science on “Improving Federal Statistics for Policy and Social Science Research Using Multiple Data Sources and State-of-the-Art Estimation Methods.” In other words, how to get the government in on the big data bandwagon.

My panel is moderated by EPIC’s Marc Rotenberg, and also features IBM’s Jeff Jonas. I’ve attached my slides for the talk on privacy issues with sensor data collection.

The event open to the public, and runs all day at the Keck Center, 500 Fifth St.NW, Room 100, Washington DC. Come along if you are in the neighborhood.

Posted in Surveillance, Talks & Conferences | Leave a comment

My New Paper May Make Some of My Friends Angry

Building Privacy into the Infrastructure: Towards a New Identity Management Architecture comes to what I fear some of my friends in the privacy community will find to be an unacceptable conclusion.

I’ll be presenting it at the Privacy Law Scholars Conference in Washington next week. Hopefully, since many attendees are in fact friends, they won’t bring brickbats.

Posted in Cryptography, Econ & Money, Law: Internet Law, Law: Privacy, Surveillance, Talks & Conferences | Leave a comment