Wednesday, November 26, 2008

NSA kept files on Blair's Private Life and Iraqi President's "Pillow Talk"

I'm still amazed by what barely seems to qualify as news in our country. How can this story remain so ignored by the media at large? Seriously, isn't it just a little disturbing that our government not only wiretaps American citizens but also is wiretapping and listening in on the phone calls of our allies?

Let's review what we already knew, and that I reported on this blog: In October, ABC News reported that despite President Bush's promises that the National Security Administration's warrantless wiretapping program was aimed only at terrorists, the NSA frequently listened to and transcribed the private phone calls of Americans abroad. The network's report was based on whistleblower interviews with two former military intercept operators. One of the whistleblowers, former Navy Arab linguist David Murfee Faulk, told ABC News that he and his co-workers listened in on "hundreds of Americans" over the years.

But it wasn't just ordinary Americans. In a new report released two days ago, Faulk told ABC that during his time working for the government, "U.S. intelligence snooped on the private lives of two of America's most important allies in fighting al Qaeda: British Prime Minister Tony Blair and Iraq's first interim president, Ghazi al-Yawer." "Faulk told ABCNews.com he saw and read a file on Blair's "private life" and heard "pillow talk" phone calls of al-Yawer.

Though "collecting information on foreign leaders is a legal and common practice of intelligence agencies around the world," former intelligence officials told ABC News that the U.S. and Britain have a long-standing agreement "not to collect on each other." "If it is true that we maintained a file on Blair, it would represent a huge breach of the agreement we have with the Brits," said one former CIA official.

So before I wish everyone a happy thanksgiving, let's look at a couple key passages from the ABC report:

The NSA declined to comment on the specifics of Faulk's allegations involving al-Yawer and Blair. In a statement, a spokesman said the agency follows all laws.

The Inspector General for the NSA is reported to be conducting an investigation into the allegations by Faulk and another former military intercept operator, Adrienne Kinne, about listening to calls between American citizens.

The Senate Intelligence and Judiciary Committees also are investigating the allegations about calls involving American citizens.

So I guess we should all feel better now that we know the NSA says they "follow all laws." Sure they do...

Happy Thanksgiving! And of course, don't say anything "threatening" to our government in your phone conversations over the holidays because someone might be listening.

Tuesday, November 25, 2008

Are we there yet Orwell?

I'm not going to lie, George Orwell's 1984 is one of my favorite books of all time, and has probably served as my most useful literary tool throughout my life. I liken it to a kind of "Matrix Decoder" in which the subtle uses of propaganda, surveillance and intimidation by both the state and the corporate hierarchy become more easily recognizable.

So, how close are we to Orwell's 1984? And in what ways? What has significantly changed in recent years - and therefore brought back Orwell's dystopian vision as a popular topic of discussion - is the incredible advancements in technologies that allow for unprecedented violations of personal privacy. What Orwell did not predict however, was the ways in which corporations would become perhaps an even greater threat to privacy than government ever could...and those violations would be easily and readily given up by the populace.

These questions are posed in a recent article in the Daily Princetonian, entitled "What would Orwell Do?".

Brian Kernhigan writes:

The surveillance I have in mind is not governmental but commercial. The march of technology has given us ever smaller and cheaper gadgets, especially computers and cell phones, and pervasive communication systems, notably the internet and wireless. As an almost accidental byproduct of this progress, we have voluntarily given up an amazing amount of our personal privacy, to a degree that Orwell might well have found incredible.

...

So phone companies know where your phone is. Would they reveal that information? As I write this, we have just learned that Verizon employees have been checking out President-elect Barack Obama's cell phone records. Clearly this was unauthorized, but it's not hard to imagine ways in which your physical location could be used commercially, for example to send location-dependent advertising to your phone. Would you be willing to let the phone company use your location in return for lower rates or a sexier phone? Experience suggests that most people would be quite happy with such a trade - privacy is good but it is often given away or sold off quite cheaply.

...

On the internet, students are astonishingly willing to broadcast the most intimate details of their lives on myspace.com and facebook.com, though this pendulum may be swinging back as it becomes clear that more than just your friends are watching: Prospective employers check out candidates, as do college admissions offices.

...

...That led to a discussion of whether the benign uses of cookies outweigh their privacy-invading role of monitoring what sites you visit. Most people seemed a bit taken aback at all of this, and I'll bet that a fair number of cookies were subsequently deleted. This is one place where you can recapture some privacy at no cost - if you stop accepting cookies from third parties (the advertising companies), the web keeps right on working.

Scott McNealy, at the time CEO of Sun Microsystems, once said "You have zero privacy anyway. Get over it." Sadly, it's pretty close to true these days. The remarkable thing is that we seem to have given it away, and continue to do so, for pretty much nothing at all in return. Orwell could have written a book about it.

I will be the first to admit that I have fallen prey to giving up too much of my own privacy, and too freely. This is partly why I think this is an especially important topic to discuss and contemplate. I am a firm believer in the use of public policy to make it easier for consumers to "do the right thing" and the "desired thing" - which most people would agree is making it harder for ones privacy to be breached and easier to understand how to prevent it.

Click here to read this article in its entirety.

Wednesday, November 19, 2008

RFID Chips: My Article on Schools Chipping Kids + Science Daily's Piece on the Opening of a Privacy And Security Pandora's Box

Before I get to the article I found on RFID chips and the possible privacy and security problems they may pose, let me direct you to an article I recently had published on the California Progress Report.

I point you there first because it to is on the use of RFID's, but more specifically, how they were used by a school district on students without parental consent. We (CFC), along with the ACLU and many other privacy protection organizations fought hard to get the Governor to sign a bill that would have addressed this loophole and required schools get parental consent before they chip their kids...but sadly, the Governor vetoed it. The fight is not yet over.

Here's a clip from the article "Protecting Privacy of Children, Rights of Parents Unfinished in California":

Given the controversial nature of RFID technologies, and the inherent risks associated with it, school districts should be required to notify parents and get their consent BEFORE “chipping” their children.

Schools are already required to get parental permission for sex education, field trips, and in some cases, student cell-phone use on campus.

If the Sutter case illustrates nothing else, it’s that parents, not schools, should decide whether children must carry a tracking devise. Mechanical devices might be useful for tracking cattle, but when it comes to our children, RFID’s are no substitute for teacher and school staff responsibility.

Click here to read my article in its entirety.

Now let's move onto the piece in Science Daily that details an article published in the current issue of the International Journal of Intellectual Property Management suggesting that a privacy and security Pandora's Box is on the verge of opening if human rights, particularly regarding data protection are not addressed in the design of new RFID applications.

Science Daily Reports:

According to Eleni Kosta and Jos Dumortier of the Katholieke Universiteit Leuven in Belgium, the benefits of RFID technology in innovation are beyond question. However, the threats posed to personal privacy should be taken into account at the design phase of the applications. Their increasingly widespread deployment means individuals do not necessarily know when, how and what kind of information about them is being transmitted at any given time from an RFID in a passport, in their shopping bags, or even when they visit the library.

...

A recent European Commission report, "Communication on RFID" emphasised that privacy and security should be built into RFID information systems before their widespread deployment. Moreover, European legislation on data protection applies to RFID technology when it entails the processing of personal data, Kosta and Dumortier point out. However, it is not always clear whether or not information stored on or transmitted via an RFID tag is personal data.

...

However, there are many instances when the information seemingly cannot be directly linked to an individual, but by linking the RFID tag number to a back-end database can be correlated with a credit card payment, for instance, and so provide indirect identification of the individual. "In this case, even if the data seem anonymous at first sight, the processing falls under the scope of application of the Data Protection Directive, as the data can be easily linked to the credit card data", the team explains. Even vaguer are the cases when the information on the RFID tag cannot be linked to an actual person, or at least significant effort is needed for a link to be made.

Click here to read more.

Tuesday, November 18, 2008

Obama's Privacy Challenges

I want to continue to delve deeply into the possible opportunities and pitfalls an Obama Administration might offer to privacy advocates. It goes without saying we're in store for a seismic shift in comparison to the draconian Bush Administration, but it remains unclear whether we have a true champion in Obama. His vote for telecom immunity and the egregious FISA bill is enough on its own to douse my hope and optimism with a strong dose of reality.

An interesting question for Obama will now most certainly be: What do I do with all that personal information from my huge database of volunteers?

Sarah Lai Stirland of Wired Magazine details this cunnundrum in her article: "Barack Obama's Privacy Challenge".

She writes:

While both Democrats and Republicans used databases to profile and target voters to get out the vote, it's the Democrats who have historically been big privacy advocates, but who during this election cycle profited politically from the sophisticated integration of all the data contained in state level voter files, commercial databases, and from canvassing information that was also added by millions of volunteers.

All that data collected during the 2008 campaign now sits in databases controlled by the Obama campaign and the Democratic National Committee, in addition to third-party vendors such as Catalist.

...

What will the Obama campaign do with all this data? It's not saying. A query to the Obama press office last week went unanswered. Catalist, the Democratic data firm profiled earlier this year in Wired magazine, declined to answer any questions. A spokeswoman referred all queries to the Obama campaign.

...

The Obama campaign's privacy policy states that it generally doesn't make your personal information available to anyone other than its campaign staff and "agents," but that it might share it with organizations that have similar political goals. That's a pretty big loophole.

Ironically, the Obama campaign's own technology policy platform (pdf) promises the electorate that an Obama administration will "safeguard our right to privacy."

...

But as the "Joe the Plumber" data breach incident, and the State Department breach of the presidential candidates' passport information showed, whenever personal data is easily accessible, the temptation is there to use it for some other reason than the purpose for which it was originally collected.

Deborah Pierce, founder of the non-profit group Privacy Activism, suggests that the Obama campaign adopt the Organization of Economic Cooperation and Development's fair information principles.

These principles state that there must be no secret record-keeping systems, that there must be a way for individuals to find out what information an organization has about them, and how it's used. Moreover, people should have the right to prevent the information from being used in any other ways than what they gave permission for in the first place. They should also be able to correct erroneous information about themselves, and have assurances that the entity holding the information about them holds it in a secure fashion.

Certainly the OECD's fair information principles seem like a perfectly reasonable guide to privacy policy when it comes to these kinds of campaign databases. I think its also reasonable to expect that the Obama campaign should make its actions transparent to his millions of online supporters. So if President Obama wants to share your data with another candidate, he might want to let you know this...hell, I'm still getting emails from his campaign on a daily basis about everything else under the sun! :)

Monday, November 17, 2008

Net Spying Firm and ISPs Sued Over Ad System

According to a lawsuit filed in federal court Monday "net eavesdropping firm NebuAd and its partner ISPs violated hacking and wiretapping laws when they tested advertising technology that spied on ISP customers web searches and surfing."

So what exactly is all the ruckus about? Wired Magazine reports:

NebuAd paid ISPs to let it install internet monitoring machines inside their network. Those boxes eavesdropped on users' online habits -- and altered the traffic going to users in order to track them better. That data was then used to profile users in order to deliver targeted ads on other websites.

...

"Like a vacuum cleaner, everything passing through the pipe of the consumer's internet connection was sucked up, copied, and forwarded to [NebuAd's] California processing center," the suit reads. "Any alleged anonymizatin of subscriber's identity and data – if in fact any such occurred, occurred after the phase of initial interception which provides the basis of this class action lawsuit."

That logic -- that the interception of an Americans' communication stream is illegal even if later thrown out --is no stranger to the U.S. District Court in San Francisco, where the suit was filed.

That's the same argument being made by the Electronic Frontier Foundation in its suit against AT&T for allegedly building an NSA internet spying room inside a switching facility in San Francisco. That suit and dozens like it targeting other ISPs and phone companies are being handled in the same court house in San Francisco.

Let's hope this class action suit is awarded what it seeks, both in terms of damages as well as an injunction against any similar behavior in the future. Remember, this wasn't some small, isolated incident. WideOpenWest, one of the ISP's named in the suit has already admitted that it let NebuAd monitor its 330,000 broadband customers for four months, starting in March, 2008.

Click here to read more.

Wednesday, November 12, 2008

Bush Spy Revelations Anticipated When Obama Is Sworn In

Granted, that's the "duhh" headline of the week...because if there's any one thing we can count on is that yes, the Bush Administration's "spying on Americans program" is far more comprehensive and lawless than anything we could have imagined.

But don't take my word for it. Instead, just look what pioneering investigative reporters like Sy Hersch and James Bamford are saying. In fact, BOTH have recently disclosed that a whole slew of intelligence personnel have been telling them something like this: "Just wait until January 20th to call me!! You won't believe what's really been going on!"

Before I get to this weeks article in Wired Magazine that details the anticipated tidal wave of unconstitutional revelations that will come with a new administration, watch Keith Olbermann detail his own take on this matter in this clip of one of his re-occurring "Bushed" segments.

Now to Wired Magazine's report by Ryan Singel:

Now privacy advocates are hopeful that President Obama will be more forthcoming with information. But for the quickest and most honest account of Bush's illegal policies, they say don't look to the incoming president. Watch instead for the hidden army of would-be whistle-blowers who've been waiting for Inauguration Day to open the spigot on the truth.

"I'd bet there are a lot of career employees in the intelligence agencies who'll be glad to see Obama take the oath so they can finally speak out against all this illegal spying and get back to their real mission," says Caroline Fredrickson, the ACLU's Washington D.C. legislative director.

...

So far, virtually everything we know about the NSA's warrantless surveillance has come from whistle-blowers. Telecom executives told USA Today that they had turned over billions of phone records to the government. Former AT&T employee Mark Klein provided wiring diagrams detailing an internet-spying room in a San Francisco switching facility. And one Justice Department attorney had his house raided and his children's computers seized as part of the FBI's probe into who leaked the warrantless spying to The New York Times. Attorney General Alberto Gonzales even suggested the reporters could be prosecuted under antiquated treason statutes.

If new whistle-blowers do emerge, Fredrickson hopes the additional information will spur Congress to form a new Church Committee -- the 1970s bipartisan committee that investigated and condemned the government's secret spying on peace activists, Martin Luther King, Jr., and other political figures.

The bottom line of course is that whether this "whistle blower army" materializes or not, it will be beholden on privacy protection and civil liberties groups (and the public) to hold both the Obama Administration and the new Congress's feet to the first on this issue. The skeletons of this administration's closet must be evacuated, and the constitutional rights of our people restored.

While Rahm Emanuel as Chief of Staff does not instill any confidence in me personally such actions will be taken, the appointment of John Podesta as transition team leader does. As always, the key ingredient to action on the issue of privacy will be the people themselves and all those organizations that remain committed to the cause.

Click here to read the article in its entirety.

Monday, November 10, 2008

Obama Pushes Ambitious Tech Agenda; Tops on List: Privacy, Fast Net

When it comes to the issue of privacy, I'm far more interested in how a President Obama will revisit issues like FISA and eavesdropping, Habeus Corpus, the 4th Amendment, and the Supreme Court than I am with some of the more modest protections discussed in this article.

Nonetheless, Obama's approach to technology and the Internet is a far cry from that of the Bush administration, and offers a huge opportunity to expand access, improve quality, and increase privacy for EVERYONE.

The DailyTech details some of his specific platform policies and key advisers in the area of technology.

Jason Mick reports:

Top on Obama's agenda are many technology-related efforts. President-elect Obama is no stranger to technology and has said that he wants more expansive protection of users rights to online privacy, a stance which surely runs counter to the RIAA, MPAA, and other groups' aggressive litigation efforts. Also on the list are plans to free up unused government spectrum for public use. Obama during his presidential campaign referred several times to the White Space, a section of the spectrum which Google and Microsoft have been lobbying for the government to free up. Finally, Obama wants to fight bandwidth caps and mandate faster internet from internet service providers. He is concerned of what he sees as a trend among companies like AT&T and Time Warner to give the customer less for more.

...

Both advisers eschew the traditional lobbyist background that many of the advisers from the past several administrations had hailed from. Supporters say that this is a sign that Obama-administration really is about change, including in the tech industry. With his party in firm control of the new House and Senate, barring a conservative filibuster, it looks like he may be able to pass through some impressive legislation which will protect citizens' rights on the internet.

And there's more good news to report on the "white spaces" front. Millions of Americans who do not have basic Internet access or are forced to use antiquated and slow dial-up connections will finally get some relief. On Tuesday the 4th, the FCC voted overwhelmingly to open the vacant public airwaves between TV channels -- called "white spaces" -- for high-speed Internet access. This could vastly expand high-speed Internet access nationwide.

As the Free Press explains, "After an exhaustive study (http://www.fcc.gov/oet/), the federal agency has found that we can open these unused airwaves for everyone. New technology is available to expand and improve broadband access and wireless communications across the country.

Without affordable and accessible Internet choices, too many people are left on the wrong side of the digital divide -- virtually forgotten in a nation that increasingly demands high-speed Internet access to engage socially, politically and economically."

My friends at The Free Press report:

This decision is a landmark victory that simply could not have happened without the tens of thousands of letters and calls from people like you.

Despite fierce lobbying and scare tactics from the National Association of Broadcasters, we're now one step closer to providing affordable broadband access to everyone in America. Tuesday's vote is a clear example of what we can accomplish when we stand together against powerful media interests, with their high-priced lobbyists, lawyers and PR flacks.

Stay tuned for updates as we move closer to making universal Internet access a reality in America. We can be sure that the Big Media lobbying machine will keep firing away at the public interest.

No matter how you cut it, "change" is in the air when it comes to technology and it how it might be used to positively effect the lives of the people. The greater challenge will be the degree to which privacy is a key component of this "new age" or just an afterthought.

Friday, November 7, 2008

How much will Biden influence Obama on privacy?

The apparent answer to that question is let's hope not very much. As time goes by I will be focusing on the future Obama administration's stance on a host of privacy issues, for now I'll admit that aside from his disappointing FISA vote, there is much I, and probably many others, still do not know.

But what is better known is Biden's rather weak record on privacy issues, including copyright law.

The "People to People" net magazine details some of Biden's more worrisome stances and how they may or may not influence a President Obama.

The site reports:

Hopefully, someone who really understands the importance of sharing and freedom of speech will make sure Obama isn’t besieged to the exclusion of all else by the powerful entertainment and software cartels and persuaded every school child needs to be familiar with the intricacies of copyright law.

And hopefully, someone will tell Obama not to listen too hard to his vice president, Joe Biden, when it comes to copyrights, privacy and associated matters. Because although the corporations would undoubtedly have preferred to see John McCain in the driving seat, they can’t have been too disappointed to find Joe Biden so close to the new seat of power.

...

He sponsored a bill, “that would make it a felony to record internet radio, and signed a letter that urged the United States Department of Justice to prosecute file sharers,”says the Wikipedia

Biden also sponsored two bills, the Comprehensive Counter Terrorism Act and the Violent Crime Control Act, both of which contained language effectively banning encryption. Phil Zimmerman, creator of PGP, has said it was Biden’s legislation (SB 266) that “led me to publish PGP electronically for free that year, shortly before the measure was defeated after vigorous protest by civil libertarians and industry groups.

He’s a proud founding member of the Congressional International Anti-Piracy Caucus who’s, “helped the lead the fight against countries such as China, Russia, Mexico and India that need stronger copyright protections,” said p2pnet in August...

...

In contrast, “Barack Obama believes we need to update and reform our copyright and patent systems to promote civic discourse, innovation and investment while ensuring that intellectual property owners are fairly treated,” says his web promo site in which he also states:

“Let us be the generation that reshapes our economy to compete in the digital age.”

But it’s a view diametrically opposed to the approaches of the music, movie and software cartels.

...

Obama is in power and hopefully, he’ll be strong enough and wise enough to understand that and encourage the growth of the Internet, instead of finding ways to crush it, as have done Bush and his cronies. And Biden.

Click here to read more.