Friday, August 27, 2010

New Study: 500 Million Sensitive Records Breached Since 2005

Last week I wrote about the good news (the bad news being the Governor vetoed the same bill last year...but has hinted this year is different) regarding the California Legislature approving a bill that would strengthen the notification required when databases of personal information are compromised. The legislation has long been supported by us (i.e. Consumer Federation of California), and a host of other privacy rights organizations.

Now we all breathlessly await the Governor's decision. And, depending on how you look at it, we got some good/bad news this week from the Privacy Rights Clearinghouse (PRC). The good news is their new study on data breaches could not come at a better time, as it could help convince the Governor that consumers deserve tougher and more effective notification requirements when their private data has been compromised. The bad news, as you may have guessed, is that there are way too many data breaches taking place in this country.

Now, before I get to a bit more about the bill, let's go directly to the op-ed written by Rainey Reitman of PRC on the California Progress Report (for full disclosure, I'm editor of the California Progress Report). She writes:

Employees losing laptop computers, hackers downloading credit card numbers and sensitive personal data accidentally exposed online -- the Chronology of Data Breaches shows hundreds of ways that the personal information of consumers is lost, stolen or exposed.
The Chronology of Data Breaches, a project of the Privacy Rights Clearinghouse since 2005, lists incidents involving breached consumer information, such as personal medical records, credit card numbers and Social Security numbers. The most recent total, published August 24, 2010, is a wake-up call to consumers who think identity theft can’t happen to them.

Of course, 500 million is a conservative number. We generally learn about breaches that garner media attention. Unfortunately, many do not. And, because many states do not require companies to report data breaches to a central clearinghouse, data breaches occur that we never hear about. Our Chronology is only a sampling.

Data breaches of sensitive information, especially Social Security and credit card numbers, leave consumers vulnerable to identity theft. According to a 2009 Javelin Research&Strategy, individuals are four times more likely to be the victim of identity theft in the year after receiving a data breach notification letter.

Unfortunately, consumers cannot completely protect themselves from a data breach. It is up to organizations that collect data on consumers to take the steps to ensure the privacy and security of the data they collect and maintain. And it’s up to the legislature to pass laws to safeguard consumer data and provide adequate standards for reporting breaches – so that consumers will know when a data breach has placed their personal information at risk.


It goes without saying then, that these findings epitomize the need for the Governor to sign SB 1166 (Simitian). California’s current security breach notification law does not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers. As a result, security breach notification letters often lack important information - such as the time of the breach or type of information that was breached - or are confusing to consumers.

So last year, when the Governor's veto message claimed "there is no evidence that there is a problem with the information provided to consumers", I was honestly confused. The best way to reach the correct conclusion on whether this legislation is needed is to simply ask consumers whether its more helpful to receive a letter that provides more than just a notice that your information has been breached, but also what you can do about it, when it happened (so you can check that date against your credit card statements, etc.), and other useful, SPECIFIC information.

As I wrote last Thursday, "The bottom line is that this law IS NEEDED. The past few years have demonstrated that there are some holes that still need to be plugged. According to a survey of data breach victims, 28% of those receiving a notification did not understand “the potential consequences of the breach after reading the letter.”

But, there is reason for more hope than usual, as Senator Simitian said he reintroduced his vetoed measure this year after conversations with the Governor’s office persuaded him that “a signature by the Governor seems possible this year.”

Specifying what information must be included in the notification, so that individuals might take steps to protect themselves against identity theft really is “the next logical step” to take since the Senator's initial data notification legislation, as Simitian as argued.

Current notifications of data breaches vary widely in the information they provide and in their helpfulness to individuals who are affected. Plus, as Simitian also argued, "the bill will also give law enforcement the ability to see the big picture and a better understanding of the patterns and practices developing in connection with identity theft"."

As I also wrote, "now we wait."

Tuesday, August 24, 2010

Airport Body Scanners: Yet Another Indignity, Privacy Violation

Everybody who has ever dropped by this blog probably has read a post of mine about these new airport body scanners that essentially see through clothing, producing images of digitally naked passengers. I don't want to reinvent the wheel today, so to find out most everything you need to know about them check out my article "The Politics of Fear and Whole Body Imaging" (from January 2010), or check out any of my past three posts on the subject, here, here, and here.

For the most part my focus has been on (see my former posts for answers to these questions) A. whether being viewed essentially naked in itself is a violation of privacy, B. whether these scanners actually make us "safer", C. whether the irrational fears of a terrorist attack warrant such a privacy invasion, D. whether these images are actually protected and won't be somehow shared or saved, and E. what forces and interests have so much to gain from pushing this ever expanding surveillance state, with ever more threats and security technologies?

But one topic I've only just begun to hone in on, and which the Boston Herald article from yesterday brings to light even further, is the pat down, body search "option" for those that refuse to go through the whole body imaging machines.

Now, before I get to the article detailing this new, and aggressive form of body searching being utilized by the Transportation Security Administration, let me re-post three comments by readers of this blog about their experience of trying to take the "pat down option" that tuned me into this potential additional problem.

Anonymous:

I flew out of Indianapolis last Friday. (Indy has had these scanners since before last Christmas.) I politely stated I'd rather not go through the body scanner, and was told I would have to "go through special screening." I thought the body scanners were OPTIONAL? So wouldn't I go through the NORMAL screening, and not "special" screening?

I went through the metal detector and was told to stand to the side and wait. The male screener asked for a female screener for a pat-down. From the other side of the machine, the female screener ROLLED HER EYES and said loudly "Oh boy." Her sarcasm was opaque.

The pat-down that followed ensured I wouldn't need my annual Pap Smear.

I am convinced the TSA would simply prefer we go through these untested, unregulated, unsafe machines for their own convenience. They are determined to make the other "screening options" so invasive that we might find the body scanner "safer" than being molested.

I will never step through one of those machines. Not EVER. There is nothing they have done to prove I can trust these machines medically, or them with my privacy. On the off hand, I don't find it optional to fly. My family is 2,000 miles away, and I have to move with military orders (husband is active duty). So what is my option? I MUST fly. It isn't a choice, and I'm not the only one who sees it that way.


And another women commented:

I am a young female who flew out of Heathrow yesterday, on a 45 minute flight to Newcaste upon Tyne. I was randomly (I say randomly,I saw the young male security guards pointing as they chose me) selected for the body scan. I have read all about these machines and had decided I would never go through one, but when I refused I was told I would not be able to travel.

I was visibly upset and did not want to do this scan, I feel it is a total invasion of my privacy. I am a businesswoman and travel regularly, but something about this invasive process really got to me. Well I had no option but to do the scan, but this morning I am still thinking about it and worrying that I will be subjected to this every time I fly. Privacy, health? It just all seems so over the top for the normal traveller like myself.

And another woman commented:

I am 33 weeks pregnant and just flew from Chicago to Orange County last night. At Chicago, I was forced to go through the imaging machine. I asked to go through the metal detector but was scolded by all of the TSA agents present that I had to go through the scanning machine. I asked if this was an xray machine and they said that it wasn't, but IT IS!! I feel violated and now I am worried about the effects of the radiation on my unborn child.

AS you can see, we're seeing a pattern here...one that appears to be a very concerted effort by airport security to force people to go through the body scanners...be it through making the alternative body search even less appetizing, shaming and embarrassing those that refuse, or simply trying to say that they have to, when the don't.

Well, it appears that those commenting on my blog were simply giving us a forewarning for what appears to be official policy.

The Boston Herald Reports:

Logan airport security just got more up close and personal as federal screeners launched a more aggressive palms-first, slide-down body search technique that has renewed the debate over privacy vs. safety.

The new procedure - already being questioned by the ACLU - replaces the Transportation Security Administration’s former back-of-the-hand patdown.

Boston is one of only two cities in which the new touchy-feely frisking is being implemented as a test before a planned national rollout. The other is Las Vegas.

“We’re all for good effective security measures,” American Civil Liberties Union of Massachusetts spokesman Christopher Ott said. “But, in general,
we’re concerned about this seemingly constant erosion of privacy, and we wonder whether or not it’s really going to be effective.

“Accepting these kinds of searches may keep people safer in some situations, but not in every situation, and we’re encouraging people to stop and think about what is the right balance between privacy and security,” Ott said.

...

Previously, TSA screeners used patdown motions of their hands to search passengers over their clothes, switching to the backs of their hands over certain ’sensitive’ body areas, such as the torso.

But now the searches will be done using all front-of-the-hand sliding motions over greater areas of passengers’ bodies, including sensitive areas. “The pat down just (because I) was wearing jewelry seems like overkill,” one woman wrote on Logan’s Twitter account yesterday.

As I've written here before, aside from the fact that you're FAR MORE LIKELY to be hit by lightning than killed in a terrorist attack, or that these machines will simply change the tactic of any would be "terrorist" (and its debatable if they work anyway), there's also the consumer angle and the growing number of indignities we are being subjected to in the name of "safety".

If our two choices are being digitally strip searched, or aggressively felt up, then perhaps a growing consumer backlash against the machines may take shape. I should also note, early polling - and this should be no surprise when considering all the fear mongering that goes on in this country around terrorism and airports - indicated public support for these scanners in the range of 80%. Of course, that was before passengers started being more regularly subjected to them, and more information regarding the variety of threats they pose have come to light.

At the end of the day, if the flying public revolts against these scanners it will be monumentally more difficult to justify their exorbitant costs. That's why the global public revolt going on right now is hopeful, be it concerns regarding the sheer personal violation people feel to be viewed naked, to concerns over potential health "side effects", to the time time-consuming component, to the body search alternative, or to the simple fact that they don't really work and aren't needed.

I'm certain this story, and debate, isn't over...

Thursday, August 19, 2010

Landmark California Privacy Bill Passes Legislature

First, the good news (the bad news only being that the Governor may veto this bill). The California Legislature has voted to strengthen the notification required when databases of personal information are compromised. Now it falls on the Governor to do the right thing - which is always a tenuous hope at best.

California’s current security breach notification law does not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers. As a result, security breach notification letters often lack important information - such as the time of the breach or type of information that was breached - or are confusing to consumers.

This leaves consumers uncertain about how to respond to the breach or protect themselves from identity theft. SB 1166 makes relatively modest but helpful changes to the current security breach notification statutes to enhance consumer knowledge about, and understanding of, security breaches.

Unfortunately, privacy breaches occur regularly. In fact, according to the Privacy Rights Clearinghouse, that at least 347 million sensitive records have been compromised nationwide since 2005.

SB 1166 (Simitian) would amend California's security breach notification
law stating that any public agency, person or business required to issue a security breach notification to more than 500 residents must submit the notification electronically to the Attorney General. This measure also requires that the notification be written in plain language and include contact information regarding the breach, the types of information breached, and the date, estimated date, or date range of the breach.

Additionally, SB 1166 would also require that an entity providing substitute notice also provide notice to the Office of Information Security and Privacy Protection.

Now, its difficult to understand how anyone could be against this. It's about as common sense of an approach as one could come up with in response to the growing problem and reality of data breaches. Its rather simple really, if you are the victim of a data breach, and your private information may have been stolen, you deserve some basic information that will help you most effectively respond.

But here's why I am concerned
. The Governor vetoed an almost identical bill last year stating (and notice the complete lack of any evidence to support his assertions...because none exist):

I am returning Senate Bill 20 without my signature.

This bill would require any agency, person, or business that must issue an information security breach notification pursuant to existing law to also fulfill certain additional requirements pertaining to the security breach notification.

California’s landmark law on data breach notification has had many beneficial results. Informing individuals whose personal information was compromised in a breach of what their risks are and what they can do to protect themselves is an important consumer protection benefit. This bill is unnecessary, however, because there is no evidence that there is a problem with the information provided to consumers. Moreover, there is no additional consumer benefit gained by requiring the Attorney General to become a repository of breach notices when this measure does not require the Attorney General to do anything with the notices. Since this measure would place additional unnecessary mandates on businesses without a corresponding consumer benefit, I am unable to sign this bill.

Sincerely,

Arnold Schwarzenegger

My confusion here stems from the Governor's assertion that "there is no evidence that there is a problem with the information provided to consumers". Say what? Ask consumers whether its more helpful to receive a letter that provides more than just a notice that your information has been breached, but also what you can do about it, when it happened (so you can check that date against your credit card statements, etc.), and other useful, SPECIFIC information.

The bottom line is that this law IS NEEDED. The past few years have demonstrated that there are some holes that still need to be plugged. According to a survey of data breach victims, 28% of those receiving a notification did not understand “the potential consequences of the breach after reading the letter.”

But, there is reason for more hope than usual, as Senator Simitian said he reintroduced his vetoed measure this year after conversations with the Governor’s office persuaded him that “a signature by the Governor seems possible this year.”

Specifying what information must be included in the notification, so that individuals might take steps to protect themselves against identity theft really is “the next logical step” to take since the Senator's initial data notification legislation, as Simitian as argued.

Current notifications of data breaches vary widely in the information they provide and in their helpfulness to individuals who are affected. Plus, as Simitian also argued, "the bill will also give law enforcement the ability to see the big picture and a better understanding of the patterns and practices developing in connection with identity theft".

Now we wait...

Wednesday, August 11, 2010

Article: "How Facebook Betrayed Users and Undermined Online Privacy"

Before I get to a really thorough, well thought out article in Alternet by author and writer Allan Hunt Badiner entitled "How Facebook Betrayed Users and Undermined Online Privacy" let's just briefly zip through a few of the reasons the social networking site has become synonymous with lack of privacy.

Privacy violation highlights include:

  • Made users' friends lists public - resulting in a complaint to the FTC and ultimately a modification.
  • Refused to allow people to permanently delete their accounts and personal information from the site.
  • Installed "Beacon" (no longer in use) - a technology that tracks user's online purchases and informed their friends without permission.
  • Released new privacy settings that are actually less private – allowing more "publicly available information" that can't be controlled, making it easier for it to collect location data on users and sell that data to third parties, including your list of friends and their information, as soon as you visit their websites—without asking your permission, recommending to users to loosen their privacy settings, default settings are all set to the LEAST private setting and remain buried behind too many layers of menus, and the new controls still fail to explain what the applications can really see.
  • Facebook reportedly receives up to 100 demands each week from government agencies seeking information about its users.
  • Even if your Facebook profile is "private," when you take a quiz or run any other application, that app can access almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. And these apps may have access to most of the info on your friends' profiles too—which means if your friend takes a quiz, they could be giving away your personal information, even if you've never used an app.
  • The company recently admitted that in some circumstances – in direct contradiction to its promise – it sent the user name of Facebook members to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends.
    Some people report that they are able to see the public "events" that Facebook users have said they will attend – even if they person is not a "friend" on the social network.

So now you have some of the backstory, now let's get to some choice clips from the article:

Facebook is both an infomediary and an intermediary. It occupies a pivotal position as the preeminent hub in the new information economy, and it is also the primary custodian of more information than has ever before been collected about human beings. As intermediaries and hosts for our communications with lovers, family members, friends, and colleagues, social network providers have access to extremely sensitive information, including data gathered over time and from many different individuals.

Despite Homeland Security, Google Analytics, and Facebook’s Data Team, people still hold to the ideal that they are free and have choice in their own lives. It is reasonable to expect Facebook to respect this democratic ethic and voluntarily assume a kind of fiduciary duty to its users. This kind of duty has to come before the realization of Facebook’s dreams for reengineering mobile communications and the web to become a more people-centric and integrated community. The Facebook motto, “Making the world open and connected,” may need to be thought through more carefully in terms of how they “make” it happen, and in what ways the citizens of the world want it to be “open” and “connected.”

While Mark Zuckerberg may believe in a concept called “radical transparency,” Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, has called for Facebookto stop acting as if they have a mission to make all of our private lives public.”

Electronic Frontier Foundation is also promoting a Bill of Privacy Rights for Social Network Users, including the right to be clearly informed about the options for privacy, what information is being shared to whom, and notified when any legal entity requests information about them. The bill also declares that users retain control over the use and disclosure of their data, and that they should have the right to have all personal data removed from social network servers if they decide to leave the service.

Privacy is on the front burner for a reason: social network providers are eager to have the income from marketers and advertisers that help them sell their products in the most efficient way possible. This means that the data users are so eager to keep private has value. The Faustian bargain people make with social networks—your personal information for a platform to share it on—has been changing. Facebook and other networks are collecting far more information about their users than ever before.

That information, and aggregated versions of it, can and is being sold to marketers one way or another. Once you share your data on a network—even with your friends—you cease to own it. The social networks are scrambling to provide clever “products” and ways for you to input more and more personal information on their servers. In the scale of what they are collecting, the benefit to users who have given up most of their privacy is negligible.

Why should users give Facebook their information, preferences, relationship flow chart, and the ability to infer what it isn’t told directly? Users have almost no control over how information about them is used, or who ends up with the rights to use it in the future. But imagine how much users would share if they were building for themselves an income stream with their data. Imagine if Facebook revolutionized the industry and partnered with users to monetize their personal information, and in so doing the users took a share of it.

Trust is crucial for the sustained success of social networks. It may seem to Zuckerberg that Facebook users are tolerating the erosion of it well and keeping their accounts. But as soon as a viable alternative begins to pick up momentum, a mass exodus could ensue. Facebook could easily and quickly become the new MySpace. First, the early adopters achieve a critical mass at another new networking site. Then, the next wave of the techno savvy looking to bail start to migrate. And a little while later, only mom and dad are left on Facebook wondering where the kids went.

Viable alternatives are already springing up. A new network has been touted in the media that allows users to fully control the information they share by setting up their own personal servers, called “seeds.” Raphael Sofaer, co-founder of Diaspora, says that centralized networks like Facebook are not necessary. “In our real lives, we talk to each other,” he said. “We don’t need to hand our messages to a hub.”

Facebook’s growth curve is so strong that the recent privacy flaps seem not to have affected the numbers, but that can be deceptive. The biggest threat to Facebook is what Augie Ray, senior analyst at Forrester Research, calls “death by a thousand privacy cuts.” Messages about how Facebook has turned on its users and betrayed their trust are flooding the feed, and a new application called PrivacyDefender, a tool that automatically configures your Facebook privacy settings, is doing brisk business. The accumulation of lawmaker concerns, high-profile deleters, organizations raising consumer awareness, and security bugs (such as those found in Yelp) can create growing and important problems for Facebook.

Click here to read the article in its entirety.

If you're looking for specific ways Facebook could improve privacy, I suggest checking out the open letter sent to the company by a coalition that included the Electronic Frontier Foundation, the ACLU of Northern California, and the Center for Democracy and Technology, Center for Digital Democracy, Consumer Action, Consumer Watchdog, Electronic Privacy Information Center Privacy Activism, Privacy Lives and the Privacy Rights Clearinghouse.

The letter urged Facebook to make a host of important privacy improvements that would better protect users. Here's some specific examples of what the letter requested:

1) Fix the “app gap” by empowering users to decide exactly which applications can access their personal information.
2) Make “instant personalization” opt-in by default -
3) Do not retain data about specific visitors to third party sites that incorporate “social plugins” or the “like” button unless the site visitor chooses to interact with those tools.
4) Provide users with control over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks.
5) Protect Facebook users from other threats by using an HTTPS connection for all interactions by default.
6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook’s policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends.

Facebook: The Embodiment of the Opt-Out vs. Opt-In Debate

As I have written before, "This is a landmark privacy debate with broad implications. The company has been actively undermining user privacy in the name of the almighty dollar for years now. Its opt-out model embodies the current debate over privacy in the information age.

The real question that must be answered is whether the individual owns his or her private information, or do companies like Facebook? If our personal information is truly "ours", then anyone wanting to use it must come ask us for it first (Opt-In), just like when somebody wants to use something else that we own.

This growing privacy debate is all the more important because the public is entrusting increasing amounts of private information to websites and online social networks.

As a San Francisco Chronicle editorial noted a few months back, “Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.”

Monday, August 9, 2010

Court Rules to Limit GPS Tracking of Suspects

Some great news to report on a topic I've been zeroing in on quite a lot in the past year: government/law enforcement's tracking of citizens through GPS technologies. The issue at hand in the ongoing case just resolved had been over what the proper legal standard should be when law enforcement decides to track a suspects whereabouts?

The ACLU had recently provided documents showing that of the states randomly sampled, New Jersey and Florida used GPS tracking without obtaining probable cause or warrants. Four other states, California, Louisiana, Indiana, Nevada and the District of Columbia reported having obtained GPS data only after showing probable cause.

Those documents were part of the ongoing lawsuit by the ACLU and Electronic Frontier Foundation, in which they argued government tracking without a probable cause or warrant is a violation of the Constitution's Fourth Amendment, which guards against unreasonable search and seizure. Government prosecutors have argued that only a court order showing the tracking data is relevant to a criminal investigation is needed.

The essential argument by privacy advocates, be it the tracking of a cell phone user, or placing a tracking device in a suspect's vehicle, is that, whether you're driving a car or carrying a cell phone you should not be more susceptible to government surveillance. The idea being, no one wants to feel as if a government agent is following you wherever you go - be it a friend's house, a place of worship, or a therapist's office - and certainly innocent Americans shouldn't have to feel that way.

This argument won the day, at least in this case, as a federal appeals court ruled Friday that the police can’t covertly track a suspect’s car using a GPS device for an extended period of time without getting a warrant. The ruling in the D.C. Court of Appeals overturned the conviction of a suspected cocaine dealer, saying that the use of a secret GPS tracking device on the man’s vehicle for two months violated the Fourth Amendment’s protection against unreasonable searches and seizures.

Electronic Frontier Foundation and the ACLU had rightly argued that it's one thing to note someones car location and another to keep hourly data on every single stop you make along a specific route for days or months on end. The government tried to make the case that no such distinction existed.

The appeals court disagreed. "Society recognizes Jones‘ expectation of privacy in his movements over the course of a month as reasonable, and the use of the GPS device to monitor those movements defeated that reasonable expectation," wrote the court.

Thus the court clearly drew the important distinction between short term monitoring that’s not much different from a police tail and ongoing, secret and ubiquitous tracking.

As laid out in the article in Wired Magazine, "Repeated visits to a church, a gym, a bar, or a bookie tell a story not told by any single visit, as does one’s not visiting any of these places over the course of a month. The sequence of a person’s movements can reveal still more; a single trip to a gynecologist’s office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story.

EFF Civil Liberties Director Jennifer Granick welcomed the decision, and hoped the reasoning would spread to similar issues with the mobile phones most of us carry in our pockets.

“This same logic applies in cases of cell phone tracking,” Granick said in a press release. “We hope that this decision will be followed by courts that are currently grappling with the question of
whether the government must obtain a warrant before using your cell phone as a tracking device.”

However, Friday’s ruling is binding only in the D.C. Circuit. Other circuit courts have found such tracking to be legal, including the 9th (covering many Western states) and 7th (Illinois, Wisconsin and Indiana). The split makes it the issue ripe for the Supreme Court to decide the issue, but it’s not clear if the government will appeal this ruling, given that a loss at the Supreme Court would affect the entire country.


ACLU-NCA Legal Director Arthur Spitzer also makes an important point, stating: "GPS tracking enables the police to know when you visit your doctor, your lawyer, your church, or your lover. And if many people are tracked, GPS data will show when and where they cross paths. Judicial supervision of this powerful technology is essential if we are to preserve individual liberty. Today's decision helps brings the Fourth Amendment into the 21st Century."

The Washington Post has more:

In striking down the drug conviction of Antoine Jones, former co-owner of a District nightclub called Levels, the D.C. court said the FBI and District police overstepped their authority by tracking his movements round-the-clock for four weeks, placing a GPS monitoring device on his Jeep after an initial warrant had expired.

U.S. Circuit Judge Douglas H. Ginsburg, writing for a unanimous and ideologically diverse panel that included judges David S. Tatel and Thomas B. Griffith, said such surveillance technology represents a leap forward in potential government intrusion that violates constitutional protections against unreasonable searches.


"A single trip to a gynecologist's office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story," Ginsburg wrote.

He added, "A person who knows all of another's travels can deduce whether he is a weekly churchgoer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups -- and not just one such fact about a person, but all such facts."

...

Kevin Bankston, senior staff attorney for the Electronic Frontier Foundation, said the case has important implications for cellphone GPS tracking. The federal government has mandated that U.S. cellphone carriers make nearly all their phones trackable for help in 911 emergencies. However, companies say that the federal law that allows them to turn over data to law enforcement without subpoenas is prone to abuse.

Although federal magistrate judges typically require warrants for GPS-enabled cellphone tracking, the issue is before a federal circuit court for the first time in Philadelphia, Bankston said.

Click here for more.

Let's remember, last December we learned that Sprint received 8 million law enforcement requests for GPS location data in just one year. While that issue is slightly different than the one decided Friday (it was based on putting a GPS tracking device in the suspects car, rather than tracking the cell phone), the general concerns are applicable: Tracking citizens without a warrant (or even probably cause!) seem unconstitutional on its face. We know these GPS chips can locate a person to within about 30 feet. They're also able to gather less exact location data by tracing mobile phone signals as they ping off cell towers.

In a recent Inquirer Op-ed, the ACLU’s Catherine Crump hit it on the head:

"What’s at stake in the case is not whether it’s OK for the government to track the locations of cell phones; we agree that cell-phone tracking is lawful and appropriate in certain situations. The question is whether the government should first have to show that it has good reason to think such tracking will turn up evidence of a crime. We believe it should. This case is not about protecting criminals. It’s about protecting innocent people from unjustified violations of their privacy."

In other words, next to look for is whether this decision effects similar legal arguments being made regarding cell phone tracking...stay tuned...

Thursday, August 5, 2010

Government Body Scanners Can Store, Transfer Images

A few weeks ago I wrote about the lawsuit against the Department of Homeland Security, seeking an emergency stay of the body scanner program. The Electronic Privacy Information Center (EPIC), who filed the suit, has been leading the charge against the use of these whole body imaging machines in US airports (i.e. "digital strip search").

These scanners essentially see through clothing, producing images of digitally naked passengers. Well, I've got some breaking news on this case I want to discuss today. Documents obtained by EPIC show that the body scanners being used at federal courthouses can store and record the images of those scanned with the devices.

As part of a settlement of its Freedom of Information Act lawsuit against the U.S. Marshals Service, EPIC obtained more than 100 images of undressed individuals from the scanning devices used at federal courthouses

EPIC has filed two other lawsuits against the Department of Homeland Security related to the use of body scanners. The first FOIA lawsuit is aimed at obtaining more information about the use of body scanners in U.S. airports, including 2,000 images it says DHS has refused to release. A second petition against DHS, filed last month, seeks to obtain an emergency stay against the use of the scanners in U.S. airports.

From the article in Tech Daily Dose, "EPIC said documents it has obtained from DHS show the machines used by the department's Transportation Security Administration at some U.S. airports also can record and store images from the body scanners even though they are slightly different from the scanners used at federal courts. When asked if TSA has stored any images from passengers, EPIC staff counsel Ginger McCall said TSA claims it has not stored such images, but EPIC believes that statement is false."

In a more comprehensive piece from CNET News entitled "Feds admit storing checkpoint body scan images", it leaves no doubt:

For the last few years, federal agencies have defended body scanning by insisting that all images will be discarded as soon as they're viewed. The Transportation Security Administration claimed last summer, for instance, that "scanned images cannot be stored or recorded."

Now it turns out that some police agencies are storing the controversial images after all. The U.S. Marshals Service admitted this week that it had surreptitiously saved tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse.

This follows an earlier disclosure (PDF) by the TSA that it requires all airport body scanners it purchases to be able to store and transmit images for "testing, training, and evaluation purposes." The agency says, however, that those capabilities are not normally activated when the devices are installed at airports.

...

These "devices are designed and deployed in a way that allows the images to be routinely stored and recorded, which is exactly what the Marshals Service is doing," EPIC executive director Marc Rotenberg told CNET. "We think it's significant."

William Bordley, an associate general counsel with the Marshals Service, acknowledged in the letter that "approximately 35,314 images...have been stored on the Brijot Gen2 machine" used in the Orlando, Fla. federal courthouse. In addition, Bordley wrote, a Millivision machine was tested in the Washington, D.C. federal courthouse but it was sent back to the manufacturer, which now apparently possesses the image database.

...

This trickle of disclosures about the true capabilities of body scanners--and how they're being used in practice--is probably what alarms privacy advocates more than anything else.

A 70-page document (PDF) showing the TSA's procurement specifications, classified as "sensitive security information," says that in some modes the scanner must "allow exporting of image data in real time" and provide a mechanism for "high-speed transfer of image data" over the network. (It also says that image filters will "protect the identity, modesty, and privacy of the passenger.")

"TSA is not being straightforward with the public about the capabilities of these devices," Rotenberg said. "This is the Department of Homeland Security subjecting every U.S. traveler to an intrusive search that can be recorded without any suspicion--I think it's outrageous." EPIC's lawsuit says that the TSA should have announced formal regulations, and argues that the body scanners violate the Fourth Amendment, which prohibits "unreasonable" searches.

This information DIRECTLY contradicts the repeated claims by the Transportation Security Administration (TSA) that such images are not stored, nor can they be transferred.

As I wrote nearly a year ago in my article "The Politics of Fear and Whole Body Imaging", "Are we really to believe the government won't allow these devices to record any data when the easy "go to" excuse for doing so will be the need to gather and store evidence? What about the ability of some hacker in an airport lounge capturing the data using his wi-fi capable PC - and then filing it to a Flickr album, and then telling of its whereabouts on Twitter?"

These new revelations should add to what has been a growing consumer backlash against the machines. I should also note, early polling - and this should be no surprise when considering all the fear mongering that goes on in this country around terrorism and airports - indicated public support for these scanners in the range of 80%. Of course, that was before passengers started being more regularly subjected to them, and more information regarding the variety of threats they pose have come to light.

At the end of the day, if the flying public revolts against these scanners it will be monumentally more difficult to justify their exorbitant costs. That's why the global public revolt going on right now is hopeful, be it concerns regarding the sheer personal violation people feel to be viewed naked, to concerns over potential health "side effects", to the time time-consuming component, or to the simple fact that they don't really work and aren't needed.

In fact, let me post two comments that were made in response to my last post on this topic:

I flew out of Indianapolis last Friday. (Indy has had these scanners since before last Christmas.) I politely stated I'd rather not go through the body scanner, and was told I would have to "go through special screening." I thought the body scanners were OPTIONAL? So wouldn't I go through the NORMAL screening, and not "special" screening?

I went through the metal detector and was told to stand to the side and wait. The male screener asked for a female screener for a pat-down. From the other side of the machine, the female screener ROLLED HER EYES and said loudly "Oh boy." Her sarcasm was opaque.

The pat-down that followed ensured I wouldn't need my annual Pap Smear.

I am convinced the TSA would simply prefer we go through these untested, unregulated, unsafe machines for their own convenience. They are determined to make the other "screening options" so invasive that we might find the body scanner "safer" than being molested.

I will never step through one of those machines. Not EVER. There is nothing they have done to prove I can trust these machines medically, or them with my privacy. On the off hand, I don't find it optional to fly. My family is 2,000 miles away, and I have to move with military orders (husband is active duty). So what is my option? I MUST fly. It isn't a choice, and I'm not the only one who sees it that way.

And another women commented:

I am a young female who flew out of Heathrow yesterday, on a 45 minute flight to Newcaste upon Tyne. I was randomly (I say randomly,I saw the young male security guards pointing as they chose me) selected for the body scan. I have read all about these machines and had decided I would never go through one, but when I refused I was told I would not be able to travel.

I was visibly upset and did not want to do this scan, I feel it is a total invasion of my privacy. I am a businesswoman and travel regularly, but something about this invasive process really got to me. Well I had no option but to do the scan, but this morning I am still thinking about it and worrying that I will be subjected to this every time I fly. Privacy, health? It just all seems so over the top for the normal traveller like myself.

I don't think I can make the case better than these two, who experienced it for themselves. Now, I want to post a couple clips from a recent article about the lawsuit itself (to read the short article on the images found click here), and then, as I always do with this subject, I want to include a few more thoughts that I think need highlighting, particularly about fear versus reality.

The Boston Herald reports:

The suit says the program, run by the Transportation Security Administration, which is part of the Department of Homeland Security, violates the Privacy Act and the Administrative Procedure Act.

The program also violates the Religious Freedom Restoration Act
, the lawsuit says, referencing religious laws about modesty.

Court documents allege the scanners also violate the Fourth Amendment by having passengers undergo “a uniquely invasive search without any suspicion that particular individuals have engaged in wrongdoing.’’

...

...one of the petitioners in the lawsuit is Bruce Schneier, a Minneapolis security technologist who said that while he was traveling through Logan Airport he was not told the full-body scan was optional. Nor did he see any signs indicating he could have a pat-down.

Ralph Nader’s Center for Study of Responsive Law has also weighed in on the full-body scanners, raising questions about privacy and safety.

And a group of University of California San Francisco scientists wrote to President Obama’s science adviser in April, stating that the dose of radiation from the X-ray scanners may be “dangerously high.’’

The scanner X-ray emits the same amount of radiation that a passenger receives in two minutes of flight, according to the TSA, but the scientists say this is misleading because the scanner X-rays are not distributed throughout the whole body, but are directed at just the skin and the underlying tissue.

I think what is starting to take shape is that there are in fact a myriad of reasons to oppose the widespread use of these scanners, from the obvious, privacy, to the less so, they won't make us any safer.

In fact, if you define the word "safe" as also including the concept of "safe" from government intrusiveness and corporate profiteering off fear peddling, than I would argue these machines make us less safe, not more.

Consider also the question regarding the actual need for these machines, and the ACTUAL threat posed by terrorists to passengers:

The likelihood that I'll get hit by lightning in one year is 500,000 to 1 while the odds I'll be killed by a terrorist on a plane if I flew constantly over 10 years is 10 million to 1. Does this laughably minuscule risk warrant yet another civil liberties encroachment? Does this irrational fear of being blown up in a plane really warrant supporting wars on countries that did nothing to us, or in this case, wasting HUGE amounts of money on ineffectual security systems?

The bottom line is a rather stark one: Is the loss of freedom, privacy, and quality of life a worthwhile trade-off for unproven protections from a terrorist threat that has a 1 in 10 million chance of killing someone over a ten year time period?

Does this "fear" warrant increasing the already long list of airline passenger indignities? Isn't suffering through long lines while being shoeless, beltless, waterless, and nail clipper-less enough? Now we've got to be digitally strip searched too?

Could all this hype be just another way to sell more security technologies, soften us up for future wars, increased spending on the military, and the evisceration of our civil liberties? I think, at least to an extent, the answer is yes.

For these reasons and more, privacy advocates continue to argue for increased oversight, full disclosure for air travelers, and legal language to protect passengers and keep the TSA from changing policy down the road. Again, what's to stop the TSA from using clearer images or different technology later?

As always, I'll be back with more on this case as it develops.

Monday, August 2, 2010

National Security Letters and Our Expanding Surveillance State

I know I must start sounding like a broken record with each new Obama disappointment on issues related to privacy and civil liberties. But alas, these issues simply don't receive deserved attention, and condemnation, from the media, or even the left.

The latest news - that the Department Of Justice has been pressuring Congress to expand its power to obtain records of Americans' private Internet activity through the use of National Security Letters (NSLs) - is just part of a much larger trend that paints a disturbing narrative, a narrative that points in one direction only: an increasingly intrusive surveillance state with an Executive Branch getting dangerously close to being above the law.

Before I get to these recent revelations - representing another major promise by the President on surveillance being broken - let's take a quick look back at some of the other recent "privacy eviscerating" greatest hits.

We had Homeland Security Secretary Janet Napolitano’s recent full throated endorsement of Whole Body Imaging machines (“digital strip search) and the expansion of the the government's wiretapping and Internet monitoring capabilities (which this latest news seems to have taken a bit further).

If we go back and remember the dark days of the Bush Administration, we might reminisce about the consistent, vehement, and vocal opposition from the left to Bush assaults on privacy and the constitution, from eavesdropping, to indefinite detention, to the use of state secrets to stifle dissent, to the Patriot Act abuses, and so on, and so forth.

This vehement opposition was of course warranted, and important. But now that Obama is President, and CONTINUING THESE POLICIES, the same outcry that once existed has become a whimper.

As I wrote on this blog a few months ago, "No, I'm not talking about groups like the ACLU or EFF, but certainly Democrats in Congress, left wing talk radio, and even newspaper editorial boards.

And why is this silence so damaging? Because a so called "liberal" President, a constitutional scholar no less, has now codified what just a few years ago were rightly considered radical attacks on the Constitution and Rule of Law. Now those very same policies have not only been embraced by the new President, but has been accepted by the Democrats in Congress!! In other words, the ball has just moved WAY towards the neoconservative worldview, and their interpretation of an all powerful Executive Branch.

Its astonishing how little people on the left have come to grips with the fact that on issues ranging from indefinite detention to rendition to wiretapping to ASSASSINATION OF AMERICAN citizens to use of state secrets to defend Bush Administration civil liberties assaults (something Obama rightly criticized as a candidate) to now OPPOSING whistleblower protections (which he advocated in support of as candidate) to his embrace of all the key Patriot Act provisions he so adamantly criticized as a candidate (and recently even fought behind the scenes to ensure NO REFORMS were added that might protect civil liberties) the President is no different, whatsoever, than Bush.


The concern of course is that once these expanded surveillance powers (and others) are accepted, even codified, by the "left" no less, they are untouchable...and what were once considered inalienable rights, are now gone, for good.

This is my fear, and I don't think its at all an irrational one. So let's get to the latest. As the New York Times noted in a blistering editorial criticizing the President's flip flop on surveillance:

It is just a technical matter, the Obama administration says: We just need to make a slight change in a law to make clear that we have the right to see the names of anyone’s e-mail correspondents and their Web browsing history without the messy complication of asking a judge for permission.

It is far more than a technical change. The administration’s request, reported Thursday in The Washington Post, is an unnecessary and disappointing step backward toward more intrusive surveillance from a president who promised something very different during the 2008 campaign.

In a 1993 update to the Electronic Communications Privacy Act, Congress said that Internet service providers have to turn over to the F.B.I., on request, “electronic communication transactional records.” The government says this includes the e-mail records of their subscribers, specifically the addresses to which e-mail messages were sent, and the times and dates. (The content of the messages can remain private.)

It may also include Web browsing records. To get this information, the F.B.I. simply has to ask for it in the form of a national security letter, which is an administrative request that does not require a judge’s signature.

But there was an inconsistency in the writing of the 1993 law. One section said that Internet providers had to turn over this information, but the next section, which specified what the F.B.I. could request, left out electronic communication records. In 2008, the Justice Department’s Office of Legal Counsel issued an opinion saying this discrepancy meant the F.B.I. could no longer ask for the information. Many Internet providers stopped turning it over. Now the Obama administration has asked Congress to make clear that the F.B.I. can ask for it.

These national security letters are the same vehicles that the Bush administration used after the Sept. 11, 2001, attacks to demand that libraries turn over the names of books that people had checked out. The F.B.I. used these letters hundreds of thousands of times to demand records of phone calls and other communications, and the Pentagon used them to get records from banks and consumer credit agencies. Internal investigations of both agencies found widespread misuse of the power, and little oversight into how it was wielded.

President Obama campaigned for office on an explicit promise to rein in these abuses. “There is no reason we cannot fight terrorism while maintaining our civil liberties,” his campaign wrote in a 2008 position paper. “As president, Barack Obama would revisit the Patriot Act to ensure that there is real and robust oversight of tools like National Security Letters, sneak-and-peek searches, and the use of the material witness provision.”

Where is the “robust oversight” that voters were promised? Earlier this year, the administration successfully pushed for crucial provisions of the Patriot Act to be renewed for another year without changing a word. Voters had every right to expect the president would roll back authority that had been clearly abused, like national security letters. But instead of implementing reasonable civil liberties protections, like taking requests for e-mail surveillance before a judge, the administration is proposing changes to the law that would allow huge numbers of new electronic communications to be examined with no judicial oversight.

Its these national security letters that allow the FBI to secretly demand data from phone companies and internet service providers about the private communications of ordinary citizens - in mass! But that's not all, the letters include a gag order, which forbids recipients from ever revealing the letters' existence to their coworkers, their friends, or even to their family members, much less the public.

As pointed out by the Electronic Frontier Foundation, "The gag order and the lack of oversight make this power ripe for abuse. Indeed, the FBI's systemic abuse of this power was confirmed both by a Department Of Justice investigation and in documents obtained by EFF through Freedom of Information Act litigation. Yet, in the years since that abuse became publicly known, there has been no reform of the law governing NSLs.

Now, the DOJ is asking Congress to pass vague and broad new language meant to expand the kinds of data that can be acquired through NSLs. This morning's Washington Post article suggests that the new language could allow access to detailed web browsing history, search history, location information, or even Facebook friend requests.

Considering the FBI's dismal record on surveillance abuses, this is a stunning and brazen request. They're asking Congress to reward bad behavior by allowing even more bad behavior. We're hoping that Congress will have the courage and integrity to turn them down.

Pete Yost goes into greater detail on whether this is only a "clarification" of the law, or an expansion, writing:

The bureau engaged in widespread and serious misuse of its authority to issue the letters, illegally collecting data from Americans and foreigners, the Justice Department's inspector general concluded in 2007. The bureau issued 192,499 national security letter requests from 2003 to 2006.

Weathering that controversy, the FBI has continued its reliance on the letters to gather information from telephone companies, banks, credit bureaus and other businesses with personal records about their customers or subscribers — and Internet service providers.

That last source is the focus of the Justice Department's push to get Congress to modify the law.

The law already requires Internet service providers to produce the records, said Dean Boyd, a spokesman for the Justice Department's national security division. But he said as written it also causes confusion and the potential for unnecessary litigation as some Internet companies have argued they are not always obligated to comply with the FBI requests.


...

The administration's proposal to change the Electronic Communications Privacy Act "raises serious privacy and civil liberties concerns," Leahy said Thursday in a statement.

"While the government should have the tools that it needs to keep us safe, American citizens should also have protections against improper intrusions into their private electronic communications and online transactions," said Leahy, who plans hearings in the fall on this and other issues involving the law.

Critics are lined up in opposition to what the Obama administration wants to do.


Critics, however, point to a 2008 opinion by the Justice Department's Office of Legal Counsel which found that the FBI's reach with national security letters extends only as far as getting a person's name, address, the period in which they were a customer and the numbers dialed on a telephone or to that phone.

The problem the FBI has been having is that some providers, relying on the 2008 Justice opinion — issued during the Bush administration — have refused to turn over Internet records such as information about who a person e-mails and who has e-mailed them and information about a person's Web surfing history.

To deal with the issue, there's no need to change the law since the FBI has the authority to obtain the same information with a court order issued under a broad section of the Patriot Act, said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy and Technology, a nonprofit Internet privacy group.
In other words, this is simply about removing one last protection we have from FBI surveillance abuses, namely, federal judges and courts and the scrutiny they could supply to requests for sensitive information made by the government. We know, for a fact, that under the Bush Administration the VAST MAJORITY of Patriot Act abuses had nothing to do with terrorism, or trying to actually catch terrorists or stop terrorist acts.

No, what makes this kind of expansion of surveillance capabilities so dangerous is that they are more often than not used to target political enemies (think peace protesters, anti-globalization protesters) or just small time drug dealers. Let's hope the President does not get rewarded the same way his predecessor did every time he starts crying about the big bad terrorist wolf.