Monday, April 27, 2009

The Cybersecurity Act of 2009 and possible privacy casualties

For those of you who don't know about the Rockefeller/Snowe Cybersecurity Act of 2009 - and based on the complete lack of attention it has received it should be assumed most haven't - let me provide a basic outline of why it has raised some serious privacy concerns.

A good article in Computerworld this week entitled "Cyberwar's first casualty: Your privacy" offers us a useful e big picture framework for which to view this legislation and the growing threats to privacy that advances in technology necessarily are accompanied by. As I've discussed quite often here, these threats come from both the public and private sectors, particularly with the advent of a host of Google technologies - each with their own set of privacy threats - and the growing security threats our government faces from cyber attacks.

Computerworld notes this "melding" of interests and threats:

And unlike in past wars, the government itself may not do the snooping. Instead, it will most likely let private industry do the dirty work, essentially outsourcing cyber intelligence gathering.

...

As we've seen, though, intelligence gathering is frequently subject to abuse. During the Cold War, the CIA and FBI regularly violated the rights of citizens. More recently, the Patriot Act gave legal cover to government prying, and the National Security Agency carried out covert wiretapping without seeking the proper warrants.

The intelligence that will be gathered in the coming generation of cyberwarfare will dwarf anything that came before, in the breadth of information acquired, the ease with which it is gathered, and the number of people caught in the net. In past wars, a fair number of innocent people had their privacy invaded. In tomorrow's cyberwar, it'll be virtually everyone.

Cyberwarfare is fought online; its geography is virtual, and you're part of it. In physical wars, armies scout the countryside. In cyberwars, they'll scout the Internet.
The Internet is made up not just of wires, routers and servers; it's made up of the data crossing it. Those who fight cyberwars will mine vast amounts of data in an attempt to find nuggets of information. They'll look for patterns of use and relationships that otherwise would escape notice.

That's why you'll see government outsourcing its intelligence gathering to companies that already do the work legally -- and primarily that means Google. I'm not saying that Google will purposefully gather information for the federal government. Instead, the government will legally tap into Google's already in-place information gathering, by issuing subpoenas on a regular basis.

Why Google? Google already gathers vast amounts of information about people's browsing and search habits, and it regularly responds to subpoenas for that data.

And the information that Google gathers is about to grow exponentially, when Google Voice launches to widespread use. Google Voice can route all of your calls through a single number, lets you record and store calls online, and offers transcripts of voice mail. At some point, it will probably offer transcripts of all calls recorded. It can do that for your normal voice calls, not just calls made to or from a computer.

You can be sure that the government will want to get its hands on that vast treasure trove of information. Why go through the difficult process of getting a phone tap when it's so much easier to simply issue a subpoena to Google? Google isn't alone, of course, and many other private companies -- particularly ISPs and big telecom providers -- gather information about people online.

It is for this reason - the government's growing access to personal information of all kinds - that products marketed by companies like Google must include ironclad safeguards that at least offer some protection against government abuse and unconstitutional assaults on privacy.

With all that in mind, let's get to the 2009 CyberSecurity Act - which seems to seek to almost codify this ever expanding power of the government to infiltrate cyberspace and violate individual privacy. An article in WebProNews entitled "Time to Put the Brakes On the Cybersecurity Act of 2009" states:

What is essentially a federal government power grab combined with a giant money grab for industry is a real and perhaps unnecessary threat to your privacy and personal security. On top of that hole in your privacy, the Cybersecurity Act of 2009 plants a big, potentially exploitable hole on the network.

...

But when the CSIS (Center for Strategic and International Studies) issued its report it was both jaw-dropping for the collective might behind it and appalling for the tone of demand it carried directed toward the newly elected President and Congress. If you or I had written up the same report and signed our relatively puny names to it, we’d have been laughed and pshawed out of the room for our delusions of grandeur and audacity to think we could boss the government around.

Just a few months later, there it is in Congress, giving the President the power to shut down the Internet at his discretion, and the Commerce Secretary backdoor access to all of it without the slightest bit of oversight or restriction. (These guys like lack of oversight and accountability, just ask Hank Paulson.)

...

The obvious need for better cybersecurity at the federal level does not necessarily include the unprecedented granting of power to the government. It especially doesn’t necessitate that a few major companies dictate how security is to be implemented. The proposed legislation would require anyone with access to the network to be licensed.

Of course, before anyone thinks I'm getting into tinfoil hat territory here, let me provide a few choice clips from a recent statement by the Electronic Frontier Foundation - a leading opponent of this legislation:

The bill as it exists now risks giving the federal government unprecedented power over the Internet without necessarily improving security in the ways that matter most. It should be opposed or radically amended.

Essentially, the Act would federalize critical infrastructure security. Since many of our critical infrastructure systems (banks, telecommunications, energy) are in the hands of the private sector, the bill would create a major shift of power away from users and companies to the federal government. This is a potentially dangerous approach that favors the dramatic over the sober response...the bill would give the Commerce Department absolute, non-emergency access to “all relevant data” without any privacy safeguards like standards or judicial review.

The broad scope of this provision could eviscerate statutory protections for private information, such as the Electronic Communications Privacy Act, the Privacy Protection Act, or financial privacy regulations. Even worse, it isn’t clear whether this provision would require systems to be designed to enable access, essentially a back door for the Secretary of Commerce that would also establish a primrose path for any bad guy to merrily skip down as well.

If the drafters meant to create a clearinghouse for system vulnerability information along the lines of a US/CERT mailing list, that could be useful, but that’s not what the bill’s current language does...Whether the bill is amended or rejected, the question remains what kind of actions would help cybersecurity, and what role the federal government has to play.

As security expert Bruce Schneier has pointed out, the true causes of government cyber-insecurity are rather mundane: GAO reports indicate that government problems include insufficient access controls, a lack of encryption where necessary, poor network management, failure to install patches, inadequate audit procedures, and incomplete or ineffective information security programs.

I'll be following this bill as it progresses...and will be back with more information in the coming days and weeks (i.e. what are its chances of passage?, does Obama support it?, etc.).

Friday, April 24, 2009

Former Bush US Attorney Approved Warrantless Tracking of Cell Phones

Every time I try to take a break from the "illegal wiretapping and gross violations of privacy" issue it pulls me back in. But, since this is an issue that lies at the intersection of civil liberties and technology - a primary focus of this blog - I am left no choice.

So, we've got yet more information to add to this ever evolving understanding of just how widespread, invasive, and unconstitutional the government's usage of surveillance and eavesdropping on ordinary Americans has been.

Check out my recent posts for everything you need to know about recent revelations regarding Rep. Jane Harman, AIPAC, Alberto Gonzales, and the warrantless wiretapping program. If that sounds like a set up for an Oliver Stone film it just might be some day.

Then today I read in the Washington Post this little addendum to my "birth of a surveillance society" narrative. While serving as a U.S. attorney during the Bush administration, Christopher Christie tracked the whereabouts of citizens through their cell phones without warrants.

The ACLU - and great thanks again to them for their continued outstanding work - obtained the documents detailing the spying program from the Justice Department in an ongoing lawsuit over cell phone tracking. While the documents reveal 79 such cases on or after Sept. 12, 2001, they do not specify how many of the applications were made during Christie's tenure.

The new revelations about the cell phone tracking program under Christie is yet another example of the warrantless spying programs authorized under the Bush administration.

And as the Center for American Progress noted, "Previous programs approved without a court order or warrant have included the secret program to monitor radiation levels at over 100 Muslim sites and the National Security Agency spying program on the phone and e-mail communications of thousands of people inside the U.S."

The Washington Post reports:

Tracking without a warrant disregards an internal U.S. Justice Department recommendation that prosecutors obtain probable cause warrants before gathering location data from cell phones. Using a little-known GPS chip inside a cell phone, federal prosecutors can locate a person to within about 30 feet. They're also able to gather less exact location data by tracing mobile phone signals as they ping off cell towers.

...

Of the cases in which probable cause wasn't established, 19 allowed the most precise tracking available, the documents show. Those cases occurred after the November 2007 Justice Department recommendation that prosecutors seek warrants. Christie said he changed the policy to comply with Washington's recommendation 11 months later.

...

The documents released by the ACLU show that of states randomly sampled, New Jersey and Florida used GPS tracking without obtaining probable cause warrants. Four other states _ California, Louisiana, Indiana, Nevada, and the District of Columbia reported having obtained GPS data only after showing probable cause.

...

The documents are part of an ongoing lawsuit by the ACLU and Electronic Frontier Foundation on how the government tracks cell phone users. The ACLU sought documents under the Freedom of Information Act to learn about the tracking because the cases are typically under court seal, ACLU lawyer Catherine Crump said. Crump argued in court papers that government tracking without a probable cause warrant is a violation of the Constitution's Fourth Amendment, which guards against unreasonable search and seizure. Government prosecutors have argued that only a court order showing the tracking data is relevant to a criminal investigation is needed.

Obviously I would really like to know more about those specific cases in which probable cause was not established and the tracking was done without warrants. We have seen too many examples of this Administration using surveillance technologies not to actually protect Americans or "fight terrorism", but rather to stifle dissent, monitor political "enemies" (i.e. peace protesters, environmentalists, Democrats, etc.) and even eavesdrop on journalists. I am eager to find out who some of these cell phone users were and why they were tracked without a warrant?

I will keep you posted. Click here to read the rest of the WP article.

Thursday, April 23, 2009

Wiretapping Rationalizations: What We Can Learn from Jane Harman's Change in Tune

I just can't let this pass today, so the Cybersecurity Act and electronic health records will have to wait.

On Tuesday I wrote about what could be "game changing" revelations in regards to the Bush Administration wiretapping program. As I'm sure everyone has heard by now, not only have new revelations been leaked about the wiretapping program and the violations therein - indicating a far more comprehensive and illegal program than even formerly believed (at least in terms of what the "establishment" thought) - a jaw dropping article in the Congressional Quarterly by Jeff Stein hit the newstands this week as well.

Check out what I posted about this article and its ramifications on Tuesday.- You can also check out four fairly recent posts I've made on the larger issue of FISA, wiretapping, and Obama's deeply disappointing transformation from a transparency and privacy advocate to a defender of Constitutional abuses. For those go here, here, here, and here.

As usual, I came across Glenn Greenwald of Salon.com's brilliant piece yesterday exposing the rank hypocrisy of Rep. Jane Harman's sudden outcry over the alleged violations of her right to privacy by the government (now that its happened to her) - even as she made the direct opposite arguments for the past two years as the program's number one Democratic defender. A program, that explicitly allows for what has just happened to her!

What is especially telling about the arguments she makes now is how they can inform us regarding how intellectually dishonest and logically nonsensical the assertions that have been made by those that want to A. retroactively protect those that broke the law (i.e. Telecoms and Bush Administration) and B. continue the wiretapping program...and even weaken FISA...as is what occurred.

Now, amazingly, all those same rationalizations made by program defenders, could be made against what Harman is now arguing (and this is what Greenwald does) - something she literally was JUST ARGUING herself! By the least, this offers a "teachable" moment...and really exposes how absurd the case is for an invasive, unconstitutional, and government power expanding wiretapping program!

Glenn Greenwald lays out these absurdities in his piece "Angry, Partisan, Civil Liberties Extremist"

Blue Dog Rep. Jane Harman -- once the most vigorous Democratic cheerleader of Bush's NSA warrantless eavesdropping program -- is rip-roarin' angry today. Apparently, her private conversations were eavesdropped on by the U.S. Government! This is a grave outrage that, as she told Andrea Mitchell, demands a probing investigation...

...

So if I understand this correctly -- and I'm pretty sure I do -- when the U.S. Government eavesdropped for years on American citizens with no warrants and in violation of the law, that was "both legal and necessary" as well as "essential to U.S. national security," and it was the "despicable" whistle-blowers (such as Thomas Tamm) who disclosed that crime and the newspapers which reported it who should have been criminally investigated, but not the lawbreaking government officials.

But when the U.S. Government legally and with warrants eavesdrops on Jane Harman, that is an outrageous invasion of privacy and a violent assault on her rights as an American citizen, and full-scale investigations must be commenced immediately to get to the bottom of this abuse of power. Behold Jane Harman's overnight transformation from Very Serious Champion of the Lawless Surveillance State to shrill civil liberties extremist.

...

Ultimately, even if a few so-called "laws" were "broken," surely the people who did it were acting to protect us from possible foreign espionage. Are we now going to start subjecting the good men and women working to keep us safe to harassing, expensive investigations every time some member of Congress pipes up and claims they were victimized by "illegal" acts?

Think how overly cautious our intelligence community will become, what that will do to morale, how much it will handcuff us in our Wars. And if, at the end of the day, all of this doesn't convice the "Rule of Law" purists among us to let bygones be bygones, I'm sure all reasonable and decent people can at least agree that the methods our government uses to eavesdrop on us are among the most sacred State Secrets that exist, and thus simply cannot and must not be reviewed by any tribunal for legality and propriety lest we all become deeply vulnerable to the Terrorists.

Jane Harman is so shrill and angry today. She sounds like some sort of unhinged leftist blogger. As The Washington Post's Dana Milbank so insightfully asked this week, what could any Democrat possibly have to be angry about? After all, they won. I wonder how long it's going to be before Harman joins the ACLU? What's that old saying -- a "civil liberties extremist" is a former Bush-enabling, Surveillance State-defending Blue Dog who learns that their own personal conversations were intercepted by the same government that they demanded be vested with unchecked power:

Click here to read the rest of the article, a video clip of Harman being interviewed on this growing scandal is also included.

Tuesday, April 21, 2009

Explosive and (Possible) Game Changing Revelations on Warrantless Wiretapping, Jane Harman, Alberto Gonzales, and AIPAC!

Every once in awhile there's a moment when the entire course of a debate changes. Two weeks ago I had next to NO HOPE that A. there would be any accountability for the widespread Constitutional violations perpetrated by the Bush Administration - and ratified by Congress by weakening the FISA Law - against the American people, B. That we had any hope to revisit that privacy eviscerating "bi-partisan" FISA legislation that essentially gave a wink and a nod to the government to wiretap Americans whenever they saw fit with little or no oversight, or C. that I would ever receive a decent answer as to why leading Democrats seemed to cave so fast on such an important principle to their own party's base?

Then, in the last week, new revelations are leaked that the wiretapping program and the violations therein were far more comprehensive and illegal than formerly thought (at least in terms of what the "establishment" thought). You can check out four recent posts about these revelations - and Obama's crushing silence on the matter - here, here, here, and here.

But none of those developments compared to what is coming out now! Glenn Greenwald of Salon.com covers the newly breaking scandal that poses a legitimate threat to those that have fought so hard - and successfully - to expand government power and invade the privacy of Americans.

These revelations couldn’t have come at a better time too, because Obama had seemingly fallen in line on this issue so totally and completely, that it was difficult to reconcile the "pre-election" candidate and the newly elected President on the issue.

Before I get to Greenwald's outstanding commentary, some more backdrop on this GIANT STORY:

In 2005 Rep. Jane Harman (D-CA) was "overheard on an NSA wiretap telling a suspected Israeli agent that she would lobby the Justice Department [to] reduce espionage-related charges against two officials of the American Israeli Public Affairs Committe." In exchange, Harman asked for help lobbying Rep. Nancy Pelosi (D-CA) to "appoint her chair of the Intelligence Committee after the 2006 elections, which the Democrats were heavily favored to win."

Jeff Stein - the investigative reporter that broke this story in Congressional Quarterly - also noted that contrary to previous reports that an FBI probe into Harman had been dropped due to "lack of evidence," it was actually then-Attorney General Alberto Gonzales who intervened on Harman's behalf in mid-2005 to stop the FBI's investigation because he needed her help selling the Bush administration's warrantless wiretap program.

WATCH CONGRESSIONAL QUARTERLY'S JEFF STEIN INTERVIEWED BY MSNBC'S DAVID SCHUSTER ON HIS INCREDIBLE SCOOP

According to Stein, Gonzales told then-CIA Director Porter Goss that Harman had helped persuade the New York Times to hold a story on the wiretapping program before the 2004 elections. In an initial statement to The Plum Line's Greg Sargent yesterday, New York Times executive editor Bill Keller said "Ms. Harman did not influence my decision. I don't recall that she even spoke to me."

But in a second statement yesterday, Keller acknowledged that "Harman called Philip Taubman, then the Washington bureau chief of The Times, in October or November of 2004" and "urged that The Times not publish the article."

Suddenly the silence of Pelosi and Harman on the wiretap issue is becoming clearer, as the word was that they DID KNOW about the program but for some reason they kept quiet. First, look at this little tidbit from the LA Times:

An “official with access to the transcripts said someone seeking help for the employees of the American Israel Public Affairs Committee, a prominent pro-Israel lobbying group, was recorded asking Ms. Harman, a longtime supporter of its efforts, to intervene with the Justice Department,” the paper wrote. “She responded, the official recounted, by saying she would have more influence with a White House official she did not identify.

“In return, the caller promised her that a wealthy California donor -- the media mogul Haim Saban -- would threaten to withhold campaign contributions to Representative Nancy Pelosi, the California Democrat who was expected to become House speaker after the 2006 election, if she did not select Ms. Harman for the intelligence post,” the paper added.

Now to Greenwald's piece entitled "Major Scandal Erupts involving Rep. Jane Harman, Alberto Gonzales and AIPAC":

Back in October, 2006, Time reported that the DOJ and FBI were investigating whether Harman and AIPAC "violated the law in a scheme to get Harman reappointed as the top Democrat on the House intelligence committee" and "the probe also involves whether, in exchange for the help from AIPAC, Harman agreed to help try to persuade the Administration to go lighter on the AIPAC officials caught up in the ongoing investigation." So that part has been known since 2006.

...

Indeed, as I've noted many times, Jane Harman, in the wake of the NSA scandal, became probably the most crucial defender of the Bush warrantless eavesdropping program, using her status as "the ranking Democratic on the House intelligence committee" to repeatedly praise the NSA program as "essential to U.S. national security" and "both necessary and legal." She even went on Meet the Press to defend the program along with GOP Sen. Pat Roberts and Rep. Pete Hoekstra, and she even strongly suggested that the whistleblowers who exposed the lawbreaking and perhaps even the New York Times (but not Bush officials) should be criminally investigated, saying she "deplored the leak," that "it is tragic that a lot of our capability is now across the pages of the newspapers," and that the whistleblowers were "despicable." And Eric Lichtblau himself described how Harman, in 2004, attempted very aggressively to convince him not to write about the NSA program.

Stein's entire story should be read. It's a model of excellent reporting, as it relies on numerous sources with first-hand knowledge of the NSA transcripts (and what sweet justice it would be if Harman's guilt were established by government eavesdropping). It should be noted that Harman has issued a general denial of wrongdoing (but does not appear to deny that she had the discussion Stein reports), and the sources in Stein's story are anonymous (though because they're disclosing classified information and exposing government wrongdoing, it's a classic case of when anonymity is justifiable; and note Stein's efforts to provide as much information as possible about his sources and why they are anonymous).

Click here to read more from Glenn Greenwald.

More good news - from a privacy advocates perspective anyway - is this little tidbit of news:

The head of the Senate Intelligence Committee said Thursday that the panel would hold a hearing to get to the bottom of reports that the National Security Agency improperly tapped into the domestic communications of American citizens.

...

The Senate hearing will be closed to the public. It will delve into questions raised by The New York Times story that have not been covered in closed-door informal briefings, a committee official said. The official would not say what those issues are.

...

Kevin Bankston, an attorney with the privacy group Electronic Frontier Foundation, said the revelation shows the "NSA surveillance program is not narrowly targeted against international terrorist communications as the government has claimed, but actually sweeps in masses of domestic communications from telecommunications companies fiber optic networks."

Jameel Jaffer, director of the American Civil Liberties Union's national security project, said it shows safeguards built into the current surveillance law do not necessarily work. The ACLU opposed the current law. "It appears that the NSA has disregarded even what minimal limits existed," Jaffer said.

Click here to read the rest of the article. Needless to say: stay tuned and come back here for more as this story develops!

Friday, April 17, 2009

NSA Abusing Wiretap Law - New and EXPECTED Revelations

Unfortunately a 45 minute post I did on this topic just got erased and I can't recover it. Since I don't have time to try and re-write all my comments (I think losing work like this is one of the worst frustrations that exists) I'm just going to post info from Glenn Greenwald's article as well as the New York Times. Sorry, just can't write the whole thing again:

This from constitutional scholar Glenn Greenwald:

In The New York Times last night, James Risen and Eric Lichtblau -- the reporters who won the Pulitzer Prize for informing the nation in 2005 that the NSA was illegally spying on Americans on the orders of George Bush, a revelation that produced no consequences other than the 2008 Democratic Congress' legalizing most of those activities and retroactively protecting the wrongdoers -- passed on leaked revelations of brand new NSA domestic spying abuses [1], ones enabled by the 2008 FISA law.

The article reports that the spying abuses are "significant and systemic"; involve improper interception of "significant amounts" of the emails and telephone calls of Americans, including purely domestic communications; and that, under Bush (prior to the new FISA law), the NSA tried to eavesdrop with no warrants on a member of Congress traveling to the Middle East. The sources for the article report that "the problems had grown out of changes enacted by Congress last July in the law that regulates the government's wiretapping powers."

Opponents of this bill were warning that exactly these abuses would occur if the bill was passed. Here's how I summarized some of the opposition to the FISA bill on June 21, 2008 -- just a couple of days before its passage:

The ACLU specifically identifies the ways in which this bill destroys meaningful limits on the President's power to spy on our international calls and emails. Sen. Russ Feingold condemned the bill on the ground that it "fails to protect the privacy of law-abiding Americans at home" because "the government can still sweep up and keep the international communications of innocent Americans in the U.S. with no connection to suspected terrorists, with very few safeguards to protect against abuse of this power." Rep. Rush Holt -- who was actually denied time to speak by bill-supporter Silvestre Reyes only to be given time by bill-opponent John Conyers -- condemned the bill because it vests the power to decide who are the "bad guys" in the very people who do the spying.

Abolishing eavesdropping safeguards was the central purpose of the FISA bill. It was why Dick Cheney and Michael McConnell were demanding its passage. Yale Law Professor Jack Balkin at the time wrote:

Most Americans don't realize that the FISA compromise comes in two parts. The first part greatly alters FISA by expanding the executive's ability to wiretap and engage in much broader searches of communications than were permissible under the law before. It essentially gives congressional blessing to some but not all of what the executive was doing under President Bush. President Obama will like having Congress authorize these new powers. He'll like it just fine. People aren't paying as much attention to this part of the bill. But they should, because it will define the law of surveillance going forward. It is where your civil liberties will be defined for the next decade.

...

Worst of all, Obama surrogates -- such as Cass Sunstein, Greg Craig and Nancy Soderberg -- were dispatched to tell people with a straight face that the FISA-gutting bill strengthened civil liberties protections and improved eavesdropping oversight. Needless to say, hordes of trusting Obama supporters immediately seized on that blatantly false assertion ("the bill Obama supports strengthens oversight!") and began reciting it in defense of their candidate. Now, a mere nine months later, The New York Times reports that the bill enabled and caused massive abuses of the NSA's eavesdropping powers. Imagine that: if you gut even the minimal oversight provisions designed to check presidential eavesdropping abuses, abuses will not (as Democrats and Obama surrogates claimed) decrease, but will actually increase substantially. Who could have guessed?

...

(1) The abuses which Risen and Lichtblau report last night are far from comprehensive. These are just isolated slivers that they are able to describe as a result of individuals leaking portions of what they know. Indeed, while the article emphasizes that the abuses are "significant and systemic" and "went beyond the broad legal limits," there are exceedingly few specifics in their story detailing exactly what the abuses were. In other words, most of the information about the NSA's abuses remain concealed. We have learned only a small fraction of what took place.

(2) Note the wall of extreme secrecy behind which our Government operates. According to the article, various officials learned of the NSA abuses and then secretly told some members of Congress about them, and those individuals have been secretly discussing what should be done. The idea that the Government or Congress should inform the public about the massive surveillance abuses doesn't seem to have occurred to anyone other than the whistleblowers who leaked what they knew to The New York Times.

(3) Since being elected President, Barack Obama has done everything in his power to block judicial proceedings that would examine allegations that the NSA has been abusing its eavesdropping powers and illegally intercepting the telephone and email communications of Americans. Put another way, Obama -- using radical claims of presidential powers of secrecy -- has been preventing disclosure of the very abuses disclosed by this article and preventing legal scrutiny, all by claiming that even George Bush's illegal NSA spying programs are "state secrets" that courts must not adjudicate. That's what the "state secrets" controversy is about -- Obama demanding that courts be barred from examining or ruling on any of these abuses and imposing consequences, based on his claim that these activities are so secret that they must never see the light of day.

...

It's true that the Times article claims that these abuses were uncovered as part of the DOJ's preparation of the semi-annual report which the 2008 FISA law requires be submitted in secret to the FISA court. And, once they knew that the Times had learned of and was preparing to write about these abuses, Obama officials claimed in response that the abuses are being corrected and that eavesdropping activities are now in compliance with the safeguards of the law. The problem, however, is that "the law" -- thanks to the Democratic Congress -- now has exceedingly few safeguards in it. It allows massive domestic spying without meaningful oversight, and renders these eavesdropping abuses inevitable. That was true in June, 2008 when the FISA-gutting law was passed, and it is just as true now.

Now some clips from the New York Times article:

The legal and operational problems surrounding the N.S.A.’s surveillance activities have come under scrutiny from the Obama administration, Congressional intelligence committees and a secret national security court, said the intelligence officials, who spoke only on the condition of anonymity because N.S.A. activities are classified. Classified government briefings have been held in recent weeks in response to a brewing controversy that some officials worry could damage the credibility of legitimate intelligence-gathering efforts.

...

The questions may not be settled yet. Intelligence officials say they are still examining the scope of the N.S.A. practices, and Congressional investigators say they hope to determine if any violations of Americans’ privacy occurred. It is not clear to what extent the agency may have actively listened in on conversations or read e-mail messages of Americans without proper court authority, rather than simply obtained access to them.

...

Officials would not discuss details of the overcollection problem because it involves classified intelligence-gathering techniques. But the issue appears focused in part on technical problems in the N.S.A.’s ability at times to distinguish between communications inside the United States and those overseas as it uses its access to American telecommunications companies’ fiber-optic lines and its own spy satellites to intercept millions of calls and e-mail messages.

...

And in one previously undisclosed episode, the N.S.A. tried to wiretap a member of Congress without a warrant, an intelligence official with direct knowledge of the matter said. The agency believed that the congressman, whose identity could not be determined, was in contact — as part of a Congressional delegation to the Middle East in 2005 or 2006 — with an extremist who had possible terrorist ties and was already under surveillance, the official said. The agency then sought to eavesdrop on the congressman’s conversations, the official said.

Click here to read the rest of the article.

Tuesday, April 14, 2009

Obama Administration Update + Cybersecurity Act of 2009 Raises Privacy Concerns

Before I get to some of the privacy concerns that the Electronic Frontier Foundation (EFF) has articulated in regards to the Rockefeller/Snowe Cybersecurity Act I want to give a quick update on the Obama Administration's increasing support of a host of Bush Administration Constitutional (actual anti-Constitutional) positions.

In terms of privacy, the most notable and disturbing development is - according to a story reported by RawStory today - President Obama's endorsement of a Justice Department move to dismiss a case in which the National Security Agency is being sued over its warrantless wiretapping program.

In fact, White House Press Secretary Robert Gibbs stated unequivocally the other day that the President stands firmly behind the dismissal of the lawsuit by the Electronic Frontier Foundation.

Rawstory reports:

The Electronic Frontier foundation is suing the NSA for damages over a program in which the government tracked the phone calls and emails of thousands of Americans following the Sept. 11, 2001 attacks. In their filing Friday, the Justice Department argued that the case should be dismissed because information surrounding the program was a “state secret” and therefore couldn’t be litigated or discussed.

It also proposed that the government was protected by “sovereign immunity” under federal wiretapping statutes and the Patriot Act, arguing that the United States could only face lawsuits if they willfully elected to disclose intelligence obtained by wiretapping. In other words, the motion posited that government agencies couldn’t be sued for spying because they never intentionally told anyone they were engaged in warrantless wiretaps, even if such a program violated the law.

During his presidential campaign, then-Sen. Barack Obama criticized the Bush Administration for its use of “state secrets” as a legal argument to prevent lawsuits from moving forward. His campaign website listed state secrets under the headline “Problems.”

...

The Obama Justice Department made this claim in February, in response to a suit brought by victims of extraordinary rendition. But the Department’s “sovereign immunity” argument is unexpected. A close review of the Department's brief suggests that the Justice Department took a quote out of context in an effort to bolster their case.

The Department asserts that the United States can’t be sued because it’s specifically excluded under the 1986 Electronic Communications Privacy Act. “In the Wiretap Act and ECPA, Congress expressly preserved sovereign immunity against claims for damages and equitable relief, permitting such claims against only a 'person or entity, other than the United States,'” the Department wrote.

In that section of the law, however, the phrase “other than the United States” is there only because those sections specify the penalties to be used in cases in which the law is violated by someone other than the United States. In contrast, another section of the law specifies penalties for violations of the law by the United States. (More on the law can be read at section 2520 (in chapter 119) and section 2707.)

It's hard to put into words how personally disappointed and saddened I am regarding the Administration's sudden reversal on these Constitutional principles.

We will know a lot more come this Thursday, as it represents the most significant test to date of the Obama Administration's positions on issues of accountability, torture, civil liberties, and transparency. As Constitutional scholar Glenn Greenwald notes:

"...as that day (Thursday) is the latest deadline for the Obama DOJ either to release the three key OLC torture-authorizing memos, release them in heavily redacted form, or refuse to release them at all. It has been widely reported that a "war" has broken out within the Obama administration over their release, with key Bush-era intelligence officials -- such as Obama's top counter-terrorism aide John Brennan and ex-CIA Director Michael Hayden -- demanding the ongoing concealment of the memos.

Those torture memos are reputed to be among the most vivid torture documents of the Bush era, and thus will almost certainly fuel the flames of investigations and prosecution -- both here and internationally. That is what has prompted the "war" over their disclosure. It's hardly a surprise that if you empower the very people most connected to the Bush CIA, there will be substantial forces blocking any attempt to bring accountability under the rule of law for the crimes that were committed.”

Sadly, the signals coming from the Administration have not been good of late. Greenwald also notes:

“In the last week alone, the Obama DOJ (a) attempted to shield Bush's illegal spying programs from judicial review by (yet again) invoking the very "state secrets" argument that Democrats spent years condemning and by inventing a brand new "sovereign immunity" claim that not even the Bush administration espoused, and (b) argued that individuals abducted outside of Afghanistan by the U.S. and then "rendered" to and imprisoned in Bagram have no rights of any kind -- not even to have a hearing to contest the accusations against them -- even if they are not Afghans and were captured far away from any "battlefield." These were merely the latest -- and among the most disturbing -- in a string of episodes in which the Obama administration has explicitly claimed to possess the very presidential powers that Bush critics spent years condemning as radical, lawless and authoritarian.”

I will be watching - and report back here - which of the following three general options Obama chooses to pursue: Full disclosure and release of the Bush memos, a heavily redacted version, or no version at all? Anything less that something at least close to full disclosure will be deeply disappointing to say the least.

Now to EFF's analysis of the Cybersecurity Act of 2009:

The bill as it exists now risks giving the federal government unprecedented power over the Internet without necessarily improving security in the ways that matter most. It should be opposed or radically amended.

Essentially, the Act would federalize critical infrastructure security. Since many of our critical infrastructure systems (banks, telecommunications, energy) are in the hands of the private sector, the bill would create a major shift of power away from users and companies to the federal government. This is a potentially dangerous approach that favors the dramatic over the sober response.

...

...the bill would give the Commerce Department absolute, non-emergency access to “all relevant data” without any privacy safeguards like standards or judicial review. The broad scope of this provision could eviscerate statutory protections for private information, such as the Electronic Communications Privacy Act, the Privacy Protection Act, or financial privacy regulations. Even worse, it isn’t clear whether this provision would require systems to be designed to enable access, essentially a back door for the Secretary of Commerce that would also establish a primrose path for any bad guy to merrily skip down as well. If the drafters meant to create a clearinghouse for system vulnerability information along the lines of a US/CERT mailing list, that could be useful, but that’s not what the bill’s current language does.

...

Whether the bill is amended or rejected, the question remains what kind of actions would help cybersecurity, and what role the federal government has to play. As security expert Bruce Schneier has pointed out, the true causes of government cyber-insecurity are rather mundane:

GAO reports indicate that government problems include insufficient access controls, a lack of encryption where necessary, poor network management, failure to install patches, inadequate audit procedures, and incomplete or ineffective information security programs.

I'll be following this bill as it progresses...and will be back with more information in the coming days and weeks (i.e. what are its chances of passage, does Obama support it, etc.).

Wednesday, April 8, 2009

Olbermann and Turley Dismantle Obama Administration's Secrecy/Immunity Claims

In Tuesday's post I wrote about the Obama Administrations decision to invoke government secrecy in defending the Bush administration's wiretapping program - namely against a lawsuit filed by AT&T customers who claim federal agents illegally intercepted their phone calls and gained access to their records.

As I also noted, this latest betrayal is one of many on issues related to civil liberties, constitutional protections and the reining in of executive power abuses.

Obama very specifically and articulately promised to harken in a new era of government transparency and accountability, end the Bush DOJ's radical theories of executive power, and reform the PATRIOT Act.

Instead, we have seen Obama's own DOJ now argue that under the PATRIOT Act the government shall be entirely unaccountable for surveilling Americans in violation of its own laws.

And, we should remember other recent Administration positions, including: the attempt to block a judicial ruling on Bush's illegal eavesdropping program; maintaining Bush's position on 'Extraordinary Rendition' lawsuits; refusal to disclose a whole slew of Bush-era documents which it has long vowed it would disclose; filing papers that appeared to defy a judge's order to allow lawyers for an Islamic organization to see a classified surveillance document at the heart of the case; and so on and so forth.

It appears - and for good reason obviously - the free ride for Obama on these issues is over.

Watch Keith Olbermann and Jonathan Turley's blistering condemnation of Obama's latest betrayal on wiretapping and his interpretation of the States Secrets privilege last night on Countdown.

Tim Jones of the Electronic Frontier Foundation didn't hold back on the Administration either, writing:

Friday evening, in a motion to dismiss Jewel v. NSA, EFF's litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration's made two deeply troubling arguments.

First, they argued, exactly as the Bush Administration did on countless occasions, that the state secrets privilege requires the court to dismiss the issue out of hand. They argue that simply allowing the case to continue "would cause exceptionally grave harm to national security." As in the past, this is a blatant ploy to dismiss the litigation without allowing the courts to consider the evidence.

It's an especially disappointing argument to hear from the Obama Administration. As a candidate, Senator Obama lamented that the Bush Administration "invoked a legal tool known as the 'state secrets' privilege more than any other previous administration to get cases thrown out of civil court." He was right then, and we're dismayed that he and his team seem to have forgotten.

Sad as that is, it's the Department Of Justice's second argument that is the most pernicious. The DOJ claims that the U.S. Government is completely immune from litigation for illegal spying — that the Government can never be sued for surveillance that violates federal privacy statutes. This is a radical assertion that is utterly unprecedented. No one — not the White House, not the Justice Department, not any member of Congress, and not the Bush Administration — has ever interpreted the law this way.

The question is now is whether enough pressure can be put on this Administration in the coming months and years to rethink their current ant-privacy and anti-constitutional positions. If not, it appears the precedent set by the Bush Administration on some of these core issues - particularly regarding the Unitary Executive - could be here to stay.

Tuesday, April 7, 2009

Obama Sides with Bush on Wiretapping

In yet another disappointment from the Obama Administration on the issue of executive power and privacy, it has decided to invoke government secrecy in defending the Bush administration's wiretapping program. In this case, the Administration is fighting a lawsuit filed by AT&T customers who claim federal agents illegally intercepted their phone calls and gained access to their records.

The Administration's embracing of the abusive and dangerous Bush administration version of the States Secret privilege is deeply disturbing, because it argues that it be used not (as originally intended) to argue that specific pieces of evidence or documents were secret and therefore shouldn't be allowed in a court case - but instead, to compel dismissal of entire lawsuits in advance based on the claim that any judicial adjudication of even the most illegal secret government programs would harm national security.

As Glenn Greenwald of Salon.com noted:

"That has been the argument of Democrats for quite some time -- as well as civil libertarians such as Russ Feingold and the ACLU, both of whom endorsed that bill: that what was abusive and dangerous about Bush's use of the State Secrets privilege was the preemptive, generalized use of this privilege to force dismissal of entire lawsuits in advance, even where the supposed secret to be concealed was the allegedly criminal activity itself. And that is exactly the usage that the Obama administration is now defending.

...

What this is clearly about is shielding the U.S. Government and Bush officials from any accountability. Worse, by keeping Bush's secrecy architecture in place, it ensures that any future President -- Obama or any other -- can continue to operate behind an impenetrable wall of secrecy, with no transparency or accountability even for blatantly criminal acts.

Sadly - and fitting a larger pattern now - Obama is once again demonstrating himself to be more "talk" than "walk" on issues related to executive power and privacy.

The San Francisco Chronicle reports:

Kevin Bankston of the Electronic Frontier Foundation, a lawyer for the customers, said Monday the filing was disappointing in light of the Obama presidential campaign's "unceasing criticism of Bush-era secrecy and promise for more transparency."

In a 2006 lawsuit, the AT&T plaintiffs accused the company of allowing the National Security Agency to intercept calls and e-mails and inspect records of millions of customers without warrants or evidence of wrongdoing.

...

Congress passed a new law last summer permitting the surveillance after Bush allowed some court supervision, the extent of which has not been made public. The law also sought to grant immunity to AT&T and other telecommunications companies from suits by customers accusing them of helping the government spy on them.

Nearly 40 such suits from around the nation, all filed after Bush's 2005 disclosure, have been transferred to San Francisco and are pending before Chief U.S. District Judge Vaughn Walker. He is now reviewing a constitutional challenge to last year's immunity law, which the Obama administration is defending.

...

Like the earlier suit, the September case relies on a former AT&T technician's declaration that he saw equipment installed at the company's San Francisco office to allow NSA agents to copy all incoming e-mails. The plaintiffs' lawyers say the declaration, and public statements by government officials, revealed a "dragnet" surveillance program that indiscriminately scooped up messages and customer records.

So everybody got that? According to the Bush and Obama Administrations, since citizens cannot show their messages were intercepted, they have no right to sue, because all such information is secret. And, disclosure of whether AT&T took part in the program would tip off our enemies, so we can't have that either. How convenient for the Government and their ongoing efforts to cover up gross Constitutional abuses!

By invoking the states secret privilege Obama is invoking the most abusive parts of the Bush theory of justice: namely, that this privilege can be used to block the adjudication of entire cases, and, worse still, can be used to prevent judicial scrutiny even when the alleged government conduct is blatantly illegal.

They're embracing a theory that literally places government officials above the law. Yet, we continue to fill our jails with non-violent drug users and addicts. Anyone else see the hypocrisy and injustice in all this?

Click here to read the rest of the Chronicle article.

Friday, April 3, 2009

Police 'fusion' centers tracked presidential candiates Paul, Barr and Mckinney

I really hate ending the week with one of these dark and ominous Orwellian stories, but alas, nothing else out there is as interesting...or likely important.

Nearly a year ago to this day I posted about what are called "Fusion Centers". I wrote,

"If we didn't have enough reasons to lie awake at night worrying about the future of privacy in this country and this administration's wholesale assault on the Constitution! Now we learn - thanks to the Washington Post's efforts - that there are "intelligence centers" (why do these operations always have to sound so Orwellian!?) being run by states across the country that have access to the personal information of millions of Americans, including unlisted cellphone numbers, insurance claims, driver's license photographs and credit reports.

But not to worry they tell us, its all for our own protection! Why does none of this make me feel any safer? This sounds like yet another constitution crushing idea that had been in the works for years before 9/11...which just happened to be the kind of "event" that gave the cover needed to implement such a scheme. The possible abuses are incalculable..."

And now, a year later, a story breaks that these same fusion centers were used in the 2008 Presidential Campaign to track and surveil supporters of third-party candidates and "an ambiguous mission directive that has lead to power overreaching."

The good news is the House Homeland Security Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment (how's that for a mouthful?) held hearings on Wednesday that included the American Civil Liberties Union and the Council on Islamic-American Relations speaking against these "centers".

Raw Story has the scoop:

Fusion centers are intelligence databases spread out across the country that collect data on ordinary citizens and synchronize national intelligence collection with local police. There are currently more than 40 fusion centers in the country.

...

Fusion centers have experienced a mission creep in the last several years, becoming more of a threat than a security device," said Caroline Fredrickson, director of the ACLU's Washington legislative office in a statement. "With no overarching guidelines to restrict or direct them, these centers put Americans’ privacy at huge risk. We need our government to take a long, hard look at what’s going into these centers and, frankly, what’s coming out.”

...

The ACLU has followed possible fusion center improper invasions of privacy, including the surveillance of third-party presidential candidate supporters, religious groups and of anti-war activists. The group is asking the DHS office for Civil Rights and Civil Liberties to launch independent investigations into the following incidents:

* Inappropriate references "social, religious and political ideologies including support of third party presidential candidates such as Congressman Ron Paul and former Congressman Bob Barr" in a February 2009 report on the "modern militia movement" authored by the Missouri Information Anaysis Center. Report available here.

* A May 2008 report entitled “Universal Adversary Dynamic Threat Assessment” written by a private contractor that labeled environmental organizations such as the Sierra Club, the Humane Society and the Audubon Society as "organizations with known or possible links to eco-terrorism.” The report, which also criticized the Animal Liberation Front and the Earth Liberation Front, among others, is available here.

...

CAIR released the following statement regarding its naming in the Texas Fusion System report."CAIR is deeply troubled that the North Central Texas Fusion System bulletin labels monitoring the legal activities of American Muslims exercising their constitutional privileges as ‘imperative,’" their statement said. The group "believes it is time for Congress to conduct a deeper evaluation of our nation’s new domestic surveillance infrastructure.

Do I have to even make the case how totally unacceptable these violations are, and what a threat they pose to individual liberty? As someone who has personally been very active on environmental and human rights issues, its more than just a little disturbing to know these same groups and interests were targeted by the government.

It goes without saying that we can breathe a certain sigh of relief on such targeting in an Obama Administration, but in no way does that mean we should "look forward and not back". If I hear that term again I swear I'm going to scream! We can't move forward if we don't fix what has happened in the past. How else do you ensure it doesn't happen looking forward?!!

That's my Friday tirade...have a good weekend everyone :)

Click here to read the rest of the article.

Wednesday, April 1, 2009

The Challenge of Keeping Medical Records Private in the Electronic Age

While there's no real debate over whether transitioning to digitized medical records will help save money and improve health care (this is a certainty...though how much those improvements will be is still in question), what remains contentious - and rightly so - is the intrinsic threat a massive electronic database containing all of our most personal medical records poses to our privacy.

The fact is there are benefits and pitfalls to such a plan. And being that this digital transition is a key component to both President Obama's health plan (and budget) AND his economic stimulus package, this debate has just been pushed to the forefront of the ongoing privacy debate.

For instance, as the New York Times recently pointed out:

"with paper records the opportunities for breaches are limited to over-the-shoulder glimpses or the occasional lost or stolen files. But when records are kept and transferred electronically, the potential for abuse can become as vast as the Internet.

....

Employers who obtain medical records inappropriately might reject a job candidate who looks expensive to insure. Drug companies with access to pharmaceutical records might try to pressure patients to switch to their products. Data brokers might buy medical and pharmaceutical records and sell them to marketers.

Unscrupulous employees with access to electronic records might snoop on the health of their colleagues or neighbors....It should be possible through implementing regulations to fine-tune the privacy requirements so that they do not disrupt patient care. Congress must make every effort to ensure that patients’ privacy is protected.

According to the health-care and drug-industry lobbies, they don't do anything nefarious with our medical records...Scouts Honor! This of course contradicts the fact that literally armies of their high priced lobbyists have been descending - even on on SUBCOMMITTEE hearings - that were held to determine what kind of privacy protections should be applied to our electronic medical records.

One aspect of this privacy debate centers around an issue we at CFC know very well: the selling of prescription records to third party marketers. In fact, we helped torpedo legislation last year designed to allow this insidious practice to become legal in California. But I'll get to that a little more later.

For today, I've got a couple articles that deal with this issue, one a New York Times piece laying out what consumer's can do to protect their private medical records, and the second, an interview of Consumer Watchdog's Jamie Court in the Cleveland Plain Dealer.

First, here's the complete article from the New York Times:

Medical histories are among the most sensitive of our sensitive personal information. And our details have been spread from here to, well, all over the place — doctors’ offices, hospital archives, pharmacies, labs, billing companies and insurers’ computer networks.

Today, the World Privacy Forum has released a plain-spoken online guide that can help people regain some control and a measure of privacy over their health records.

The guide, a year in the making, takes on the less-than-fun challenge of dissecting complicated privacy rules created by the Health Insurance Portability and Accountability Act, or HIPAA, a 1996 federal statute that set data-privacy and security rules for key players in the American health care system. The new guide explains patient rights and provides practical advice about how to defend those rights using the law as well as basic social skills and common sense.

Especially useful are sections on how to retrieve medical records from the vortex that is our health system and request fixes if there are errors — vital stuff for anyone with a serious health condition or, for that matter, who’s moving to a new state, changing doctors, seeking a second opinion, considering a malpractice suit or concerned about false entries due to medical identity theft.

There’s also important information for people with ailments they prefer not to disclose to family members, friends or employers. Yes, you can ask the doctor’s office that’s treating you for a venereal disease to call you only on your cellphone and put any mail in plain sealed envelopes, and they should comply. But note that if you are hospitalized, for example, it will be harder to keep relatives and friends in the dark. You can make a formal request for confidentiality, but it probably won’t work. The better route is an informal appeal to your caregivers, W.P.F. says.

The guide also maps out how to seek redress if your rights have been violated, starting with contacting the chief privacy officer at the institution you’re having a problem with. If that fails, complain to the secretary of Health and Human Services via the Office of Civil Rights and perhaps also to your state’s health or insurance department. You can also go public, contacting any relevant licensing boards, writing bad reviews on the Web or, say, reaching out to a reporter.

As I wrote about in a previous post here, the Rose Foundation of Oakland, California, due to growing concerns regarding Google's increasingly adversarial relationship with privacy advocates and issues, awarded Consumer Watchdog - a California consumer rights group - with significant funding to independently monitor Google's activities in Washington.

In fact, the past six months of Consumer Watchdog's "monitoring" of Google so antagonized the company that Bob Boorstin, Google's Director of Corporate and Policy Communications, recently urged the Rose Foundation to consider pulling the group's funding. Needless to say, there's quite a backdrop to this story, leading to a blistering response from Consumer Watchdog, including a letter to Google CEO Eric Schmidt, and an eventual "apology" from Google.

So with that, here's some highlights from the interview of Consumer Watchdog in the Cleveland Plain Dealer:

How private are electronic medical records, especially those provided by companies like Google and Microsoft?

If they are at your doctor's office or a hospital, these are all systems that are pretty protected. There's always the risk of theft, but that's a remote risk. But what worries us is if you put your medical records on a Google server and you agree to share it with the wrong person, like the wrong vendor, then you're in trouble. Most people probably don't realize it's dangerous. You just don't want medical information floating out there on a cloud.

Are there uniform standards or minimum standards for electronic medical records?

There are some protections in the Health Insurance Portability and Accountability Act of 1996, or HIPPA, and there are some in the new stimulus bill. But several key protections are still missing:

The prohibition on the sale of medical records is weak and full of loopholes. It also doesn't apply to vendors, such as Microsoft or Google. Both companies have agreed to contracts that say they won't release your information, but there is no law mandating that they don't sell the information.

The breach provisions requiring companies to notify patients when electronic medical records are accessed does apply to Google and Microsoft. However, there are safe-harbor provisions that let companies off the hook from the notification requirement if the breach occurred in "good faith."

The federal law on the books only requires that patients are notified when their information was disclosed in the course of treatment but not how it was used. As a result, the patient will not know which hospital personnel looked at the information or for what purpose -- so you won't know if a nurse reviewed your file to look up drug allergies or whether the hospital's fund-raising office reviewed the record for the purpose of requesting a donation.

Click here to read the rest of the interview: