Thursday, July 31, 2008

Google: No such thing as complete privacy

I don't know about you, but the more I learn about Google's approach to privacy, the more I get concerned.

I don't know if cavalier is the best description of the way in which they address privacy concerns and issues...maybe its just abstinence, or perhaps disinterest, or even opposition? Don't get me wrong, this case against Google appears to be pretty frivolous. My issue with them here has more to do with the way they discuss privacy as a general principle, and their seeming lack of appreciation of its constitutional importance.

Google defends "Street View" in court. Cnet reports:

Google's Street View service didn't invade a Pittsburgh couple's privacy, the search giant said in a response to the couple's April lawsuit over the matter.

"Plaintiffs' privacy claims fail, among other reasons, because the view of a home from the driveway that can be seen by any visitor, delivery person, or telephone repairman is not private," the company said in response to the suit, according to a copy posted at The Smoking Gun. Google seeks to dismiss the claim in its filing.

Aaron and Christine Boring sued Google April 2 in Allegheny County, arguing Google's "reckless conduct" in driving down a private road and publishing the resulting photos caused "mental suffering" and hurt the value of their home. The two are seeking more than $25,000 in damages.

Click here to read the complete article.

Tuesday, July 29, 2008

Louisiana latest state to reject REAL ID

That's right, another state has decided not to comply with the REAL Nightmare, I mean REAL ID ACT.

The Associated Press reports:

At least 10 states have passed laws rejecting the so-called "REAL ID" Act, passed by Congress in 2005 and supported by the Bush administration as a nationwide identification system aimed at stopping terrorists, con artists and illegal immigrants. The measure would require states to enhance their identification system for drivers licenses.

The Louisiana legislation, by Rep. Brett Geymann, blocks compliance with the federal law and orders the state Department of Public Safety "to report to the governor any attempt by agencies or agents of the U.S. Department of Homeland Security" who seek compliance. Geymann, R-Lake Charles, said he sponsored the measure after queries from individual constituents; but national opposition to REAL ID has come from activist groups with an array of political stances: social conservatives, the ACLU and libertarians.


The bill is symbolic for the short term, since DHS has given states until at least the end of 2009 to comply, with further deadline extensions to May, 2011. REAL ID could also go in a new direction once a new president takes over next year. But REAL ID opponents said the Louisiana law will help block any federal efforts to move forward with the plan.


DHS officials have warned that states must comply or their residents will eventually be prevented from using driver's licenses to board airplanes.

"If they do not follow the letter of the law ... then their citizens will see real consequences," DHS spokeswoman Laura Keehner said.

The REAL ID system would create a nationwide database of information supplied by the departments of motor vehicles in 50 states.


Opponents say it will cost too much and weaken privacy protections. Harper said the database would mean rogue employees in DMVs around the country could get access to information from every state, a huge new pool of opportunities for fraud and identification theft.

"With hundreds of thousands of DMV bureaucrats across the country, you're not going to be able to make it secure enough," Harper said.

Click here to read the article in its entirety.

Friday, July 25, 2008

Internet Firm Says It Targeted Ads To Customers' Web-Surfing Habits

I'm afraid I'm going to have to send you all off this weekend with one of those "Big Brother is Watching You" stories. Isn't it bad enough to know that our phone calls and emails are being monitored by the government with the help of telecom companies we send checks to every month?!

Now I find this little story about an internet service provider called Embarq that has been caught eavesdropping on the web surfing habits of 26,000 customers in Kansas without notifying them personally first (yes, they provided an opt-out notice that nearly no one would ever come across).

Why would a company commit such a privacy violation of its patrons? To test part of its new, controversial advertising technology that profiles users of course!

Thankfully they were caught, and Congress, in particular the Telecom subcommittee, watchdog groups and law professors are questioning whether this technology violates federal privacy laws, including the wiretapping statute.

The Washington Post Reports:

"I am still troubled by the company's failure to directly inform their consumers of the consumer data gathering test and the notion that an 'opt out' option is a sufficient standard for such sweeping data gathering," said Rep. Edward J. Markey (D-Mass.), chairman of the House subcommittee on telecommunications and the Internet.

The test in Gardner, Kan., used deep-packet inspection technology provided by the Silicon Valley company NebuAd. When installed in an Internet service provider's network, the technology permits a window into potentially all of a consumer's online activity, from Web surfing and search terms to any unencrypted Web communication.

Wired Magazine also covered the story:

"Charter, Embarq and NebuAd all say the technology is legal since they only classify web pages and web searches into categories such as "shopping for SUV" -- rather than storing the webstream. NebuAd pays ISPs to let it monitor user's web surfing and searching in order to classify their interests. Those profiles are then used to deliver targeted ads when the users visit NebuAd partner sites. Subscribers must choose to opt-out with each browser they use, though NebuAd won't explain how the opt-out works."


"While I am pleased that Embarq chose to answer our specific questions in their second letter, I am still troubled by the company's failure to directly inform their consumers of the consumer data gathering test and the notion that an 'opt-out' option is a sufficient standard for such sweeping data gathering," Markey said.

The letter (.pdf) comes just two days after the company attempted in a Monday letter to justify, rather than explain, the trial to powerful House Commerce members, who have already shown they are highly dubious of any ISP's plan to monitor its customers' web usage for profit. According to one congressional aide, the follow-up letter came after staff made it clear the first letter didn't suffice.

The three have already forced Charter Communications to cancel its proposed trial of ISP eavesdropping technology from a NebuAd, the same company that powered Embarq's secret test.

Click here to read the rest of the article in Wired.

Wednesday, July 23, 2008

The American Library Association Rallies to Cause of Privacy - Continues Leadership on the Issue

Last month the American Library Association (ALA) held a conference which included much discussion regarding their Office for Intellectual Freedom's larger project designed to rally librarians and their patrons to fight for privacy in both libraries and the society at large.

Better yet, the ALA has released a Privacy Initiative Concept Paper "Rallying Americans for the Right to Information Privacy" and a survey on privacy practices.
One of the pleasant and hopeful surprises for me during the past 7 year assault on our privacy and the Constitution has been the librarians and their leadership in standing up to our government's attempts to monitor everything we do...which necessarily found its way into the library. So stumbling across their latest work is no surprise to me, and in fact, I can think of no one better to lead such an effort.

As the site notes: ALA's new privacy rights initiative is intended to inspire library patrons to stand with librarians as they fight to usher in privacy standards in the digital age. The initiative responds to ALA Council's resolution calling for a national conversation on privacy, passsed at the 2006 Annual Conference in New Orleans.

Watch the video clip of what appears to be a kind of opening statement for the part of the event entitled Privacy: Is it Time for a Revolution? I think the presenter really nails the conflict and convergence of protecting the individual's right to privacy versus the government's efforts to monitor everything we do in the name of "security" as well as the corporate world's efforts to create a ubiquitous surveillance economy based on the buying and selling of personal information.

One especially interesting point made by the speaker is that one of the many societal costs that would be associated with a culture that lacks privacy, and in which nearly everything is categorized as either something to market or something to be feared, is how that undermines the very bonds that we share as human beings...and therefore make us human. In other words, who do you trust if everything about you might have a dollar sign on it or represent a possible security threat?

Similarly, does the government, by simply expanding the haystack they have access to really increase their chances of finding the needle? Or is the opposite true? (I'll go with the opposite)

I think what you'll find interesting about many of the videos from this conference, as well as the concept paper itself, is how active and organized the "privacy revolution" is becoming, and in this case, that includes those that are the information system creators and monitors (such as librarians). As one speaker notes, the kinds of information systems we build, and the kinds of privacy safeguards they include, will go a long way in determining the kind of society we will live in...and the kinds of relationships and interaction we'll have with one another.

I frankly am heartened by the growing effort to protect the privacy of patrons, be it patrons of libraries, or to social networks like Facebook.

Check out those opening remarks I alluded to. And, for the video of the full program entitled Privacy: "Is it Time for a Revolution?" click here.

Tuesday, July 22, 2008

FasTrak Toll Hacked, Exposing Privacy Dangers

Granted, I'm a little late on this article (by two weeks), but as a FasTrak user, I am especially dismayed (though not surprised) by this article from Dark Reading about a recent discovery that FasTrak transponders are vulnerable to sniffing, cloning, and surreptitious tracking of a driver’s comings and goings.

How could this be you ask? Well, as you probably know, FasTrak uses RFID technology, which security researchers have shown is a technology rife with privacy and security risks. Before I get to the findings of researcher Nate Lawson, here's an excellent breakdown by the ACLU's Nicole Ozer's of how such a privacy breach is possible:

...the systems have no encryption or other technological protection measures to ensure that the information is not read by unauthorized readers or copied and cloned for misuse. Without protections, it is not just those toll booth and freeway sign readers that can track who you are and where you are going, but also that homegrown sniffer that Lawson plans to put up to collect information.


All it often takes to copy and clone RFID tags that lack adequate technological protections like robust encryption and authentication are some spare parts off the internet and some reason to want to do it- be it for monitoring and tracking, entering without authorization, or identity theft.

It is for these reasons in fact, that groups like the ACLU, and the Consumer Federation of California (among many others) have joined forces to ensure that state issued RFID-embedded documents have adequate protections to safeguard privacy, personal security, and public safety.

Currently, our coalition is working hard in support of a series of RFID regulation bills authored by State Senator Joe Simitian. I will thus repeat Nichole's request here that you please contact the Governor and urge him to sign SB 30 and SB 31.

Now let me get to a few of the choice clips from the article on this rather disturbing news:

A Black Hat researcher recently reverse-engineered the popular RFID-based FasTrak toll tag that some drivers in the San Francisco Bay Area affix to their windshields for pre-paying highway tolls, and discovered some gaping security holes that leave these transponders vulnerable to sniffing, cloning, and surreptitious tracking of a driver’s comings and goings.


The FasTrak transponder provides the user’s unique identification code -- the driver’s toll balance and other financial and personal information are stored on back-end servers. Lawson says it’s been difficult to get any information on how those servers are locked down, so it’s unclear how customers’ personal data is protected. He says hasn’t looked at any other toll tag systems such as EZPass -- and whether they leave users vulnerable to breaches of privacy depends on how they collect and handle the data.


After cracking the hardware and studying the firmware with help from fellow researcher Chris Tarnovsky, Lawson says he was surprised to see no sign of encryption inside, although there’s a “placeholder” for an encryption key. “It amazes me there has not already been widespread fraud, cloning, and selling of ‘free transponders’ that” were hacked and reprogrammed, he says. “There’s nothing there technically to prevent it.”


So he’s come up with an alternative way to shield the FasTrak transponder from sniffing and giving out too much information: “I designed a daughter-board that you add to the pass. You press a button on it so when you near the toll plaza, it activates RFID, and then immediately cuts the power to the whole circuit when it’s done,” he says.

Click here to read the article in its entirety.

Monday, July 21, 2008

Protecting against Wi-Fi, Bluetooth, RFID data attacks

Being that identity theft in America is exploding, reaching approximately 8 million cases a year now I believe, I figured it might be useful to post this article (with video) detailing ways to avoid such crimes. The article is based on a presentation by a security expert (and hacker) at the Last HOPE hacker conference, in which he details how most people are at risk and don't even know it...

CNet news reports (for his recommentations read the article in its entirety):

Using a laptop, cell phone headset, building access badge, credit cards, or even a passport can make you a walking target for data thieves and other criminals...


By now most people probably know they should be careful using Wi-Fi networks, especially public hotspots that don't encrypt data transmissions and where network access points can be spoofed. These issues leave Web surfers at risk of having their data stolen, receiving fake Web pages and other information, and having their computers completely taken over, he said.


Bluetooth headset users are at risk because of a security hole in the technology and default PINs that don't get changed, he said. Exploiting vulnerabilities someone can break in and steal data from the phones, make calls without the cell phone owner knowing, listen in on and break into conversations, and even spy on people by turning the device into a bug.


Many people don't realize that new U.S. passports have RFID technology with weak encryption that makes the data on the chip easy to read with the proper reader device. (See related video below). The U.S. government attempted to mitigate the privacy threat by putting a metal foil layer on the front and back cover of the passports, but the stiffness of the foil pops the passport open as much as an inch, wide enough for RFID readers to snatch the data, RenderMan said, showing a video to demonstrate this.

Click here to read the hacker's suggestions for each of the above privacy threats.

Thursday, July 17, 2008

“The Blind Eye to Privacy Law Arbitrage by Google -- Broadly Threatens Respect for Privacy”

I was just sent the Testimony of Scott Cleland, President, Precursor LLC, made before the House Energy & Commerce Subcommittee on Internet Hearing, from July 17, 2008. The hearings were entitled “What Your Broadband Provider Knows About Your Web Use: Deep Packet Inspection and Communications Laws and Policies”.

Mr. Cleland termed his testimony - or more aptly, the alternative name for the hearing he suggested, was: “The Blind Eye to Privacy Law Arbitrage by Google -- Broadly Threatens Respect for Privacy”.

There's some really fascinating and disturbing arguments presented by Cleland regarding the threat to our privacy that is posed by any company that has such all encompassing and far reaching access to so many peoples private information while simultaneously demonstrating such disinterest and antipathy towards properly protecting that same information. These facts, combined with the woeful inaction and lack of oversite by our government over Google and similar company's like Yahoo, raises all kinds of serious privacy concerns, most notable of which is identity theft.

So with that, here's his entire intro, which is about a page or so. For the entire testimony click on the title below:

Testimony of Scott Cleland: “The Blind Eye to Privacy Law Arbitrage by Google -- Broadly Threatens Respect for Privacy”

I am Scott Cleland, President of Precursor LLC, an industry research and consulting firm. I am also Chairman of, a pro-competition e-forum funded by telecom, cable and wireless broadband companies.

My testimony today reflects my own personal views and not the views of any of my clients.
The current patchwork of U.S. privacy laws, the lack of a holistic approach to Internet privacy, and selective oversight of privacy problems – have combined to create perverse incentives for some companies to: arbitrage privacy laws and push the privacy envelope. As a result, invasion/abuse of privacy is among the most serious problems users face on the Internet. The lack of a holistic, comprehensive and balanced approach to privacy law and oversight is a serious threat to American’s privacy.

Broadband companies, (telecom, wireless and cable) have long been subject to strict privacy laws (sections 222, 551 & the ECPA), which created serious consequences for the misuse of personally identifiable information without a user’s permission. Consequently, broadband companies have developed extensive policies, procedures and practices to respect users’ privacy and protect personally identifiable information. This Subcommittee’s oversight of experimentation by some, with “deep packet inspection” for advertising purposes, is entirely appropriate. Existing laws appear to cover these practices so oversight by Congress is expected.

I am concerned however, that selective oversight of only broadband privacy matters fosters a blind eye to arbitrage of privacy laws by application companies like Google, Yahoo and others. This creates perverse incentives for companies not covered by U.S. privacy laws to push the envelope on privacy to gain competitive advantage. Americans’ privacy should not be an unrestricted commodity to sell to the highest bidder or to gain competitive advantage.

Specifically, I am troubled with the selective broadband focus of this hearing, because privacy is a cross-cutting, big picture issue that knows no boundaries between the access, application and content “layers’ of the Internet. To add balance and to focus on the most serious threat to Americans’ privacy, I humbly suggest the Subcommittee hold another hearing entitled: “Why Google Knows Everything About You: Unauthorized Web Surveillance and Privacy Law Arbitrage.”

By turning a blind eye to what Google, the worst privacy offender on the Internet, is doing to systematically invade and abuse Americans’ expectation of privacy, Congress is perversely encouraging copycat behavior by “deep packet inspection” advertising entrepreneurs who see that there is a huge privacy double standard to arbitrage. Companies like NebuAd are essentially just following the privacy-arbitrage leader – Google.

To illustrate my point of the extreme privacy law arbitrage that is occurring in the U.S. marketplace today, I explain in detail in my written testimony how Google is the single worst arbitrageur of privacy laws and the single biggest threat to Americans’ privacy today.

Case Study: How Google Systematically Threatens Americans’ Privacy:

1. Google’s radical “publicacy” mission is antithetical to privacy.
2. Privacy is not a priority in Google’s culture.
3. Google gives privacy “lip service.”
4. Google threatens the privacy of more people than most any other entity.
5. Google collects/stores the most potential “blackmail-able” information.
6. Google’s track record does not inspire trust.

As others have said, information is power. Power corrupts. Absolute power corrupts absolutely. Google’s market power over private information is corrupting Google, just like former FBI Director J. Edgar Hoover was corrupted by his power and mastery of personally-sensitive information. Google’s unprecedented arbitrage of privacy law combined with its exceptional lack of accountability is fast creating this era’s privacy-invading, unaccountable equivalent: “J. Edgar Google.” Remember the timeless insight, those who don’t learn from history -- are doomed to repeat it.

i will follow this issue a lot more closely in the future. For the full testimony click here.

Wednesday, July 16, 2008

It's a crime S.F. surveillance cameras are a flop

I can't say this should be a surprise to anyone, surveillance cameras don't work anywhere they've been used...aside from the fact they are a massive invasion of privacy of course.

It appears San Francisco's experiment with them has been an abject failure. C.W. Nevius of the Chronicle reports:

Opponents for years have complained that residents' civil liberties are violated by government oversight of cameras in crime-ridden neighborhoods. Before San Francisco's cameras went up in 2005, some compromises were brokered: The cameras would be checked only if a crime occurred nearby and they are turned off if political demonstrations are held in the area. That was before a study by UC Berkeley showed in March that the cameras had little effect on violent crime.

Some on the Board of Supervisors think - and you can hardly blame them - that the program has been such a flop that there is no need to keep sending good money after bad. Last week, the finance committee voted not to fund $200,000 this year to keep the cameras on.


The idea, Ryan said, would be to hire retired police officers who are familiar with police codes and procedures. Ideally, he said, the system would be linked with Shot Spotter, a new technology already being used in some neighborhoods to identify the location of gunshots immediately after a gun is fired. If a shot was fired, someone in the central command could quickly click to a camera in that area.

That, of course, raises privacy issues. Nicole Ozer of the ACLU of Northern California, said that although people think cameras will make them safer, they turn out to be "intrusive and do not prevent crime from occurring."

That begins the dueling statistics. The ACLU said Chicago, for example, actually saw an increase in its murder rate after cameras went up there; meanwhile, Chicago police reported that the cameras helped them make 1,200 arrests in less than a year and a half.

At some point the issue always comes down to how we don't want someone secretly watching us. That was a major concern - 15 years ago. Now we're on camera all day, every day.

Click here to read the article in its entirety.

Monday, July 14, 2008

ACLU Files Lawsuit Against FISA + FISA Ramfications for the Press

There's some good news and some bad news on the post-FISA front. The "good news" - and perhaps I'm being optimistic in calling it that - is the wide-ranging group of international aid organizations, writers, defense lawyers, the ACLU and others that filed a lawsuit (the same day the President signed the 4th Amendment eviscerating FISA law) in federal court that will seek to have the eavesdropping provisions in the new law declared unconstitutional.

But before I get to the details of the suit, I thought a recent article by Chris Hedges - who was part of the team of New York Times reporters who won a Pulitzer Prize in 2002 for reporting on global terrorism - was worthy of discussion. I think one of the problems we've had as "the opposition" to the FISA law is the occasional lack of TANGIBLE ways that we could articulate in which ordinary peoples lives would be effected by this bill, and its warrantless wiretapping provisions.

Granted, we know that any of us could be listened in on now (though it doesn't seem most Americans are that concerned by this fact), and that this very concept is a violations of the 4th Amendment, and that yes, Nixon used these very powers to listen in on his "enemies" (which is why the original FISA law was created). But, beyond these very serious concerns, I think many in the mass public don't yet grasp all the ways this law not only weakens our constitution and the fundamental principles our democracy was founded on, but that it also, and this is perhaps most frightening, could serve to stifle dissent and debilitate even further our already miserable corporate media and their ability to get critical information from sources abroad.

With that, here are a couple large sections of Chris Hedges outstanding article from last week (who is also part of the lawsuit). Surely it makes one wonder that the arguments he enumerates could be some of the most important reasons why this administration has so doggedly pursued this FISA bill:

The law, passed under the guise of national security, ostensibly targets people outside the country. There is no question, however, that it will ensnare many communications between Americans and those overseas. Those communications can be stored indefinitely and disseminated, not just to the U.S. government but to other governments.This law will cripple the work of those of us who as reporters communicate regularly with people overseas, especially those in the Middle East.

It will intimidate dissidents, human rights activists and courageous officials who seek to expose the lies of our government or governments allied with ours. It will hang like the sword of Damocles over all who dare to defy the official versions of events. It leaves open the possibility of retribution and invites the potential for abuse by those whose concern is not with national security but with the consolidation of their own power.


I spent nearly 20 years as a foreign correspondent for the New York Times, as well as other news organizations. I covered the conflict in the Middle East for seven years. I have friends and colleagues in Jerusalem, Gaza, Cairo, Damascus, Tehran, Baghdad and Beirut. I could easily be one of those innocent Americans who are spied on under the government’s new surveillance authority. The reach of such surveillance has already hampered my work. I was once told about a showdown between a U.S. warship and the Iranian navy that had the potential to escalate into a military conflict. I contacted someone who was on the ship at the time of the alleged incident and who reportedly had photos. His first question was whether my phone and e-mails were being monitored.

What could I say? How could I know? I offered to travel to see him but, frightened of retribution, he refused. I do not know if the man’s story is true. I only know that the fear of surveillance made it impossible for me to determine its veracity. Under this law, all those who hold information that could embarrass and expose the lies of those in power will have similar fears. Confidentiality, and the understanding that as a reporter I will honor this confidentiality, permits a free press to function. Take it away and a free press withers and dies.

Click here to read the article in its entirety.

Now let's get to the lawsuit, as reported in the New York Sun:

"A law like this is fundamentally inconsistent with the Constitution and with the most basic democratic values," an American Civil Liberties Union lawyer who helped prepare the suit, Jameel Jaffer, said in a conference call with reporters. "It permits the government to conduct intrusive surveillance without ever telling a court who it intends to surveil, what phone lines and e-mail addresses it intends to monitor, where its surveillance targets are located, or why it's conducted the surveillance."

The plaintiffs in the suit include Amnesty International, the Service Employees International Union, and the Nation magazine. All argued they would have trouble gathering information because of fears generated by the law's broad authority for surveillance of calls between America and foreign countries.


The ACLU's legislative director, Caroline Fredrickson, called Mr. Obama's reversal disheartening. "It's obviously a disappointment, but I think at the end of the day, if you look at the vote outcome, Obama didn't really take any other Democrats with him. Senator Clinton stood strong in her position. And I think there were a majority of the Democrats who voted no," she said.

The ACLU's suit does not take on the so-called telecom immunity provision, which is expected to be challenged in pending lawsuits over warrantless wiretapping.

One thing is clear, this issue is FAR FROM over. Not only do we have this lawsuit, but we have the prospects of an Obama Presidency (the disappointment of his vote aside) and a democratic led Senate with leaders like Feingold and Dodd who surely will have his ear.

Thursday, July 10, 2008

One Subpoena Is All It Takes to Reveal Your Online Life

This New York Times article was an especially good analysis of the recent Google/Youtube records case, and what it tells us about how our most private information can be accessed and shared...particularly when there's a subpoena involved.

Saul Hansell writes:

Whenever questions are raised about privacy, big online companies talk about how benign their plans are for using data about their customers: Much data is anonymous, they say, and even the information that is linked to individuals is only meant to offer users a more personal experience tailored to their interests. They never talk about subpoenas.


The issue came up again last week when Google was ordered by a court to turn over records of activity on YouTube, including the user names and Internet Protocol (IP) addresses of people who watched videos. A judge agreed with Viacom that the records could assist its case arguing that YouTube has infringed on its copyrights.


But Internet companies are different from other businesses that keep records about their customers. A person’s activity online represents an unusually broad picture of his or her interests, transactions and social relationships. Moreover, it is the nature of computers to keep records of all of the bits of data they process.


The way the Internet is set up now, an I.P. address, by itself, doesn’t identify an individual user. But an I.P. address can be traced to a specific Internet service provider, and with a subpoena, the Internet provider can be forced to identify which of their customers was assigned a particular I.P. address at a particular time. That is how the recording industry has been identifying and suing people who use file sharing programs.

Viacom says that it isn’t going to use the information from Google to sue individual YouTube users for copyright infringement, but there is nothing under the law to stop it from doing so.


All this raises questions that I think Internet companies, privacy regulators and Congress would be wise to take stock of:

How much data should be retained by Internet companies and for how long?

What should Internet users be told about what sort of information could be disclosed about them in response to a legal action or government request?

Should there be new laws that define more clearly what the standards are for disclosing online surfing and searching activity?

Click here to read the article in its entirety.

Wednesday, July 9, 2008

Today’s Coverup of Surveillance Crimes and New Effort to Hold Dems Accountable

What can one say? It's a sad day for the Constitution, a typical one for the Republican Party, and a deeply dissapointing one for the Democrats. Yes, FISA passed today by a vote of 69 - 28 (more on this tomorrow).

To set the stage, and properly frame the issue of FISA, telecom immunity, and illegal wiretapping, watch Senator Russ Feingold give a blistering speech on the FISA sham on the Senate Floor...may the 4th Amendment rest in peace:

Watch Feingold here.

Now let's move right to Glenn Greenwald's piece on today's events in the Senate:

It was also as clear a violation of the Fourth Amendment as can be. For the Government to invade our communications with no probable cause showing to a court is exactly what the Founders prohibited as clearly as the English language permitted.

But today, the Democratic-led Congress — with the support of both John McCain and Barack Obama... — will cover-up those crimes. Law Professor and Fourth Amendment expert Jonathan Turley was on MSNBC’s Countdown with Rachel Maddow last night and gave as succinct an explanation for what Democrats — not the Bush administration, but Democrats — will do today.

Watch him here.

...what is most appalling here beyond the bill itself are the pure falsehoods being spewed to the public about what Congress is doing — and those falsehoods are largely being spewed not by Republicans. Republicans are gleefully admitting, even boasting, that this bill gives them everything Bush and Cheney wanted and more, and includes only minor changes from the Rockefeller/Cheney Senate bill passed last February (which Obama, seeking the Democratic Party nomination, made a point of opposing).Rather, the insultingly false claims about this bill — it brings the FISA court back into eavesdropping! it actually improves civil liberties!


It’s been quite disturbing to watch them turn on a dime — completely reverse everything they claimed to believe — the minute Obama issued his statement saying that he would support this bill. They actually have the audacity to say that this bill — a bill which Bush, Cheney and the entire GOP eagerly support, while virtually every civil libertarian vehemently opposes — will increase the civil liberties that Americans enjoy, as though Dick Cheney, Mike McConnell and “Kit” Bond decided that it was urgently important to pass a new bill to restrict presidential spying and enhance our civil liberties.


John Nichols of The Nation — one of the most pro-Obama media organs in the country — pointed out yesterday that Obama won the critical Wisconsin primary in large part by holding himself out to Democratic voters there — for whom civil liberties is a vital issue — as a steadfast ally of Feingold on these issues:


Yet, now that he is the presumptive nominee, Obama is standing not with Feingold, but with Bush and the special interests Obama once denounced. He says he’ll vote for a White House-backed FISA rewrite — which is likely to be taken up by the Senate this week — in opposition to the position taken by civil liberties groups, legal scholars on the left and right and, of course, Russ Feingold.


These are just facts — facts about Barack Obama, the FISA bill he supports and which the Democratic Congress will approve today. Recall that James Comey testified last year that what he and other DOJ officials learned in 2004 about Bush’s spying activities for the several years prior was so extreme, so unconscionable, so patently illegal that they all — including even John Ashcroft — threatened to resign en masse unless it stopped immediately. We still have no idea what those spying activities were. We know, though, that even the right-wing DOJ ideologues who approved of the illegal “Terrorist Surveillance Programs” that we know about found those activities indisputably illegal and wrong. But Barack Obama and the Democratic-led Congress will today enact a bill to immunize all of that, to protect the lawbreakers who were responsible.


UPDATE: The Dodd-Feingold amendment to remove telecom immunity from the bill just failed by a vote of 32-66. I was mistaken about Obama’s not showing up to vote (that was the case, as I understood it, when the vote was scheduled for yesterday). He is in the Senate and, as he said he would, just voted (along with Hillary Clinton) in favor of the amendment to remove telecom immunity from the bill.

Click here to read the article in its entirety.

So what's next is the first question I would ask? Well, here's a little article I found regarding one way to punish those that sold out the Constitution:

Online Movement Aims to Punish Democrats Who Support Bush Wiretap Bill

Online activists from the right and the left announced an unprecedented campaign Tuesday to hold Democratic lawmakers accountable for caving in to the Bush administration on domestic spying.

A group of high-profile progressive bloggers and libertarian Republicans are rolling out a new political action committee called Accountability Now to channel widespread anger over pending legislation that would legalize much of the president's warrantless electronic surveillance of Americans, and grant retroactive legal immunity to telephone companies that cooperated with the spying when it was still illegal.


Progressive author and lawyer Glenn Greenwald, who writes for, and blogger Jane Hamsher of Firedoglake, are spearheading the effort. They've hired the political media consultants behind a historic Ron Paul online fundraising drive to organize a similar "moneybomb," set to go off Aug. 8.

Click here to read the article in its entirety.

Monday, July 7, 2008

Google Responds To Privacy Critics with Link To Policy

A few weeks ago we (CFC) joined with executives from the Privacy Rights Clearinghouse, the World Privacy Forum, Consumer Action, the Electronic Frontier Foundation, the American Civil Liberties Union of Northern California, and sent a letter to Google CEO Eric Schmidt expressing our concern over the company's failure to post a home page link to its privacy policy.

Google's reluctance to post the link on its home page was alarming. Namely because California law is unequivocal on the subject, as it requires the operator of a commercial Web site that collects personal information about users to “conspicuously post its privacy policy on its Web site.”

The reason this issue, which appears to be rather meaningless at first glance, matters is because Google collects and retains so much information about so many people. What would it say about the future of privacy protection if one of the biggest corporate players of the information age simply refused to do what all other websites in California do: include a privacy policy!

I'm happy to report that our request was respected and Google has agreed to link their privacy policy on their home page!

Here's the article from Sci-Tech on today's exciting turn of events:

To appease privacy advocates, Google has added a privacy-policy link to its home page. Google had previously said it didn't want to clutter its page.


"We felt that Google not only violated California law -- and keep in mind that Google is a California corporation -- but that Google was also violating standard practice for all Internet companies by not posting a link to the privacy policy on the home page," said Marc Rotenberg, executive director of EPIC.


"We added this link both to our home page and to our results page to make it easier for you to find information about our privacy principles," Mayer wrote on The Official Google Blog. "The new privacy link goes to our Privacy center, which was revamped earlier this year to be more straightforward and approachable, with videos and a non-legalese overview to make sure you understand in basic terms what Google does, does not, will, and won't do in regard to your personal information."

Click here to read the article in its entirety.

Wednesday, July 2, 2008

Pay as You Go Insurance, RFID Skimming, Identity Theft Trials: Update on key privacy bills in California

I haven't found any "must post" privacy articles in the last day and a half so what I'm going to do instead is give you a quick update on the progress of 3 key privacy bills in California.

I posted info on Monday regarding AB 2800 and our (CFC) opposition to it. Well, we now have an official opposition letter describing our reasons why we must oppose this seemingly well intentioned piece of legislation.

First, AB 2800 (D - Jared Huffman) would allow insurers to develop "green" automobile insurance policies that create financial incentives for driving fewer miles on the road, thereby causing less pollution. CFC opposes this legislation on a number of grounds, including the likelihood that insurance companies would use GPS tracking devices to verify policyholders' mileage. These devices invade the privacy of motorists, since they capture data about each driver's daily travels.

Current insurance law, Proposition 103, already incorporates mileage as one of three mandatory factors for determining insurance rates. CFC believes the worthy goal of AB 2800 - reducing automobile emissions - should be achieved by more direct means, including financial incentives to purchase zero emission vehicles and disincentives in the form of polluter fees for purchasing vehicles that emit excessive amounts of greenhouse gases.

Click here to read CFC's Opposition Letter

The Department of Insurance to also take up Automobile "Spyware" Issue

The Department of Insurance held a workshop on "Pay-As-You-Drive" automobile insurance last month in preparation for a regulatory process that could lead to new automobile insurance rates designed to provide incentives for driving less. Consumer and privacy advocates raised numerous concerns, including objections to permitting insurance companies to use GPS tracking devices to verify mileage. We will keep you informed of any further developments.

SB 612 Signed by the Governor!

Privacy advocates won their second battle (the other being SB 1096's defeat) in as many weeks today with the signing of SB 612 (Simitian - Palo Alto), which gives victims of identity theft a better opportunity to obtain justice by allowing identity theft cases to be prosecuted in the county where the victim lives - which is not always the location of where the crime occurs. Current law allows for the prosecution of identity theft in the county where the theft occurred or the county in which information was illegally used, both of which may be hundreds of miles away from the victim's home.

SB 31 Wins Unanimous Assembly Appropriations Vote!

SB 31 (Simitian) overwhelmingly passed the Assembly Appropriations Committee today. The bill would make it illegal to "skim" (surreptitiously read and record) information from an RFID-enabled ID without consent, and by making it illegal to disclose RFID "system keys," (similar to a codebook). The bill now moves to the Assembly Floor.