Wednesday, October 26, 2011

Government Demand for Google User Data Spikes...But How and Why Still Unclear

This story caught my eye, particularly in light of my focus on government surveillance and data privacy on this blog. At first glance, the fact that Google is publicly detailing the the US government's increasing requests for access to its users data is a victory for transparency.

As for the motive, Google is a member of the Due Process Coalition, which supports the reform of a 25-year-old government privacy law that lets law enforcement get access to users’ online communications without having to get a judge’s approval. This of course, seems like a righteous effort. And to Google's credit, the coalitions other members - which include Amazon, AOL, AT&T, Dropbox, Facebook and Microsoft - provide no such data regarding how often the government requests data or how often they comply.

Of course, there's a whole lot more to this story. First, let's be clear about Google's long, sordid history when it comes to privacy protection. And, let's remember that Google has made a fortune from spying on what consumers do online, including what web sites they visit; creates dossiers on users’ online behavior without their prior permission; then harvests this private information to sell hundreds of millions of dollars in advertising. 

Consider Google's history on this issue, from Google Books  to the loss of "Locational Privacy" to the company's lobbying efforts in Congress, to its cloud computing, to its increasing usage and expansion of behavioral marketing techniques, to Google StreetView cars gathering private information from unaware local residents, to the company teaming with the National Security Agency (the agency responsible for such privacy violation greatest hits as warrantless wiretapping) "for technical assistance" to the infamous Google Buzz.

In other words, I view ANYTHING Google says or apparently does when it comes to privacy with a huge grain of salt. Still, in this case, I want to know what the government is up to, particularly in light of these new figures, and how the Patriot Act fits in. As I said at the beginning of the post, there's more to this story, and these new figures, than meets the eye.

But first, to the figures. AS reported by Wired Magazine:

The number of U.S. government requests for data on Google users for use in criminal investigations rose 29 percent in the last six months, according to data released by the search giant Monday. U.S. government agencies sent Google 5,950 criminal investigation requests for data on Google users and services from Jan. 1 to June 30, 2011, an average of 31 a day. That’s compared to 4,601 requests from July 1 to Dec. 31, 2010, the company reported Tuesday in an update to its unique transparency tool. Google says it complied in whole or part with 93% of such requests, which can include court orders, grand jury subpoenas and other legal instruments.

It's not what these numbers say that's the problem, its what they don't. Here's the REAL story: 

According to Google, the numbers do not include National Security Letters, a sort-of self-issued subpoena used by the FBI in drug and terrorism cases. At their post–Patriot Act peak, the FBI issued more than 50,000 such letters a year, nearly all with gag orders attached to them. The use of such letters dipped for a time after the Justice Department’s internal watchdog unveiled widespread abuses and sloppy procedures, but are on the rise again. Also not included are national security wiretap and data requests, known as FISA warrants, that are approved by a secret court in D.C. to combat spies and threats to national security. 

These are HUGE hole's in this whole "transparency" facade! Remember, National Security Letters (NSLs) – which allow the FBI, without a court order, to obtain telecommunication, financial and credit records deemed “relevant” to a government investigation - were PROVEN to have been flagrantly abused by the FBI perhaps tens of thousands of times. 

As Adam Sewer of the American Prospect noted:It's no secret that the FBI's use of NSLs - a surveillance tool that allows the FBI to gather reams of information on Americans from third-party entities (like your bank) without a warrant or without suspecting you of a crime - have resulted in widespread abuses. All that the FBI needs to demand your private information from a third-party entity is an assertion that such information is "relevant" to a national security investigation -- and the NSLs come with an accompanying gag order that's almost impossible to challenge in court." 

And what of FISA requests??? We know the Patriot Act allowed the government access to Internet sites we've visited as well as to listen in on the phone calls we make. It wasn’t long ago that the idea of our government wiretapping American citizens without warrants for purposes other than national security would have been revolting. Now its official Government policy – and the telecom companies that participated in these crimes have been given retroactive immunity while continuing to make billions off overcharging the same customers they betrayed.

My question is just how many times is Google being asked for our information by our government that falls into these categories?

Let's also remember, there's a clear pattern we should all be aware of when it comes to government access to our data: Facebook reportedly receives up to 100 demands from the government each week for information about its users. AOL reportedly receives 1,000 demands a month. In 2006, a U.S. Attorney demanded book purchase records of 24,000 Amazon.com customers. Sprint recently disclosed that law enforcement made 8 million requests in 2008 alone for its customer’s cell phone GPS data for purposes of locational tracking.

And if that's not enough, it was Google’s CEO, Eric Schmidt that said "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
As you let that sink in, he also said: "… the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."

In other words, the data that we need to be made public is precisely the data not being provided - particularly in light of the growing Occupy Wall Street protests spreading around the country and world. Believe me, the FBI wants access to this information. There may be some good news to report here though, as the agency appears to be increasingly going through the courts to obtain it (though knowing how bad our courts are on privacy its not exactly the time to pop champagne). 

The Washington Post details these efforts: 

The FBI is increasingly going to court to get personal e-mail and Internet usage information as service providers balk at disclosing customer data without a judge’s orders. Investigators once routinely used administrative subpoenas, called national security letters, seeking information about who sent and received e-mail and what Web sites individuals visited. The letters can be issued by FBI field offices on their own authority, and they obligate the recipients to keep the requests secret.

But more recently, many service providers receiving national security letters have limited the information they give to customers’ names, addresses, length of service and phone billing records.

...
Investigators seeking more expansive information over the past two years have turned to court orders called business record requests. In the first three months of this year, more than 80 percent of all business record requests were for Internet records that would previously have been obtained through national security letters, the FBI said. The FBI made more than four times as many business records requests in 2010 than in 2009: 96 compared with 21, according to Justice Department reports.

In response to concerns expressed by administration officials, Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) has introduced a measure that would establish that the FBI can use national security letters to obtain “dialing, routing, addressing and signaling information.” It would not include the content of an e-mail or other communications, the administration has said. 

The administration, which last year contemplated legislation to expand the authority of national security letters, has not taken a formal position on the Leahy measure, officials said. But the FBI has told Congress that the number of business record orders will continue to grow unless a legal change gives the agency more routine access to customer data.

Civil liberties groups said Leahy’s measure, included in a bill to modernize the Electronic Communications Privacy Act, would expand the government’s authority to obtain substantial data about the private communications of individuals without court oversight.

Our view is data like e-mail ‘to-from’ information is so sensitive that it ought to be available only with a court order,” said Greg Nojeim, senior counsel at the Center for Democracy and Technology. Privacy advocates said they support requiring the FBI to use court orders to seek the data. “This is an example of how the system should work,” said American Civil Liberties Union legislative counsel Michelle Richardson.

Business record requests are also known as Section 215 orders, after a provision in the Patriot Act, the law passed after the Sept. 11, 2001, terrorist attacks. The provision allows the government to obtain “any tangible thing” if officials can show reasonable grounds that it would be relevant to an authorized terrorism or espionage investigation. The ACLU and the Electronic Frontier Foundation on Wednesday plan to separately sue the government to force disclosure of its interpretation of Section 215. The groups are following the lead of Sen. Ron Wyden (D-Ore.), who has accused the administration of inappropriately withholding information about the law’s use.

In other words, there's a whole lot we still don't know...and a whole lot of reasons, based on past Patriot Act abuses, lax oversight, and the recent increase in efforts by the government to access our data, be it through Google requests we know about, those we don't, as well as FBI's attempts through the court system.

If these new figures released by Google can serve the purpose the company purports it seeks -
to encourage the passage of new laws that will give the company more leverage to deny government access to people's online communications and activities - then more power to them. In the meantime, I'll remain skeptical and concerned.

Tuesday, October 25, 2011

Taxpayers Footing Bill For Wall Street Spying...On Us

I want to follow up on my post last Thursday raising concerns about the way the Patriot Act will be used by law enforcement and the government against Occupy Wall Street protesters. This assertion is based on a long history of Patriot Act abuses - particularly pertaining to the prior targeting of anti-war, environmental, and anti-globalization protests.

As I pointed out, according to a report by the ACLU, there have been 111 incidents of illegal domestic political surveillance since 9/11 in 33 states and the District of Columbia. The report makes it clear that law enforcement and federal officials work closely to monitor the political activity of individuals deemed suspicious, an activity common during the Cold War – including protests, religious activities and other rights protected by the first amendment. The report also noted how the FBI monitors peaceful protest groups and in some cases attempted to prevent protest activities.

Before I get to the article, another concern protesters should have was illustrated by a bill in California (SB 914 - Vetoed by the Governor): police can seize and search your smart phones...and perhaps even download that information (or at least the FBI has such technology).

The legislation was a response to a recent California Supreme Court decision (People v. Diaz) allowing police to rummage through all of the private information on your smart phone as part of an arrest, including your text messages and e-mails. SB 914 would have clarified that an arrestee’s smart phone can only be accessed with a warrant, except in circumstances where there is an immediate threat to public safety or the arresting officer. The bill acknowledged that accessing information on a mobile phone – particularly smart phones that contain all kinds of personal, private information - is fundamentally different than searching an arrested person’s wallet, cigarettes or pockets.

So, while the revelations I want to share with you today are unrelated to the Patriot Act per se, they perfectly illustrate the point I was driving at...which were the inherent threats to privacy and civil liberties Americans, particularly protesters, now face.

The story that caught my eye was by Pam Martens or Counterpunch entitled, "Wall Street Firms Spy on Protesters In Tax-Funded Center". 

Would you believe, as the article details, that $150 million of taxpayer money is funding a government facility in lower Manhattan where Wall Street firm representatives have joined the New York Police Department to spy on  law-abiding citizens simply taking advantage of their First Amendment rights?

Martens writes:

According to newly unearthed documents, the planning for this high tech facility on lower Broadway dates back six years. In correspondence from 2005 that rests quietly in the Securities and Exchange Commission’s archives, NYPD Commissioner Raymond Kelly promised Edward Forst, a  Goldman Sachs’ Executive Vice President at the time, that the NYPD “is committed to the development and implementation of a comprehensive security plan for Lower Manhattan . . . One component of the plan will be a centralized coordination center that will provide space for full-time, on site representation from Goldman Sachs and other stakeholders.

At the time, Goldman Sachs was in the process of extracting concessions from New York City just short of the Mayor’s first born in exchange for constructing its new headquarters building at 200 West Street, adjacent to the World Financial Center and in the general area of where the new World Trade Center complex would be built. According to the 2005 documents, Goldman’s deal included $1.65 billion in Liberty Bonds, up to $160 million in sales tax abatements for construction materials and tenant furnishings, and the deal-breaker requirement that a security plan that gave it a seat at the NYPD’s Coordination Center would be in place by no later than December 31, 2009.

The surveillance plan became known as the Lower Manhattan Security Initiative and the facility was eventually dubbed the Lower Manhattan Security Coordination Center. It operates round-the-clock. Under the imprimatur of the largest police department in the United States, 2,000 private spy cameras owned by Wall Street firms, together with approximately 1,000 more owned by the NYPD, are relaying live video feeds of people on the streets in lower Manhattan to the center. Once at the center, they can be integrated for analysis. At least 700 cameras scour the midtown area and also relay their live feeds into the downtown center where low-wage NYPD, MTA and Port Authority crime stoppers sit alongside high-wage personnel from Wall Street firms that are currently under at least 51 Federal and state corruption probes for mortgage securitization fraud and other matters.

In addition to video analytics which can, for example, track a person based on the color of their hat or jacket, insiders say the NYPD either has or is working on face recognition software which could track individuals based on facial features. The center is also equipped with live feeds from license plate readers.

According to one person who has toured the center, there are three rows of computer workstations, with approximately two-thirds operated by non-NYPD personnel. The Chief-Leader, the weekly civil service newspaper, identified some of the outside entities that share the space: Goldman Sachs, Citigroup, the Federal Reserve, the New York Stock Exchange. Others say most of the major Wall Street firms have an on-site representative. Two calls and an email to Paul Browne, NYPD Deputy Commissioner of Public Information, seeking the names of the other Wall Street firms at the center were not returned. An email seeking the same information to City Council Member, Peter Vallone, who chairs the Public Safety Committee, was not returned.


...

The project has been funded by New York City taxpayers as well as all U.S. taxpayers through grants from the Federal Department of Homeland Security. On March 26, 2009, the New York Civil Liberties Union (NYCLU) wrote a letter to Commissioner Kelly, noting that even though the system involves “massive expenditures of public money, there have been no public hearings about any aspect of the system…we reject the Department’s assertion of ‘plenary power’ over all matters touching on public safety . . . the Department is of course subject to the laws and Constitution of the United States and of the State of New York as well as to regulation by the New York City Council.”

...


The NYCLU also noted in its letter that it rejected the privacy guidelines  for the surveillance operation that the NYPD had posted on its web site for public comment, since there had been no public hearings to formulate these guidelines. It noted further that “the guidelines do not limit police surveillance and databases to suspicious activity . . . there is no independent oversight or monitoring of compliance with the guidelines.”

Read more here.

If that isn't enough, apparently the individual who did write the privacy guidelines for this operation (you can read this in the article) has family ties to both Wall Street firms AND the company that will profit off this very surveillance system.

So for those keeping score, the VERY same criminal enterprises on Wall Street that - through their recklessness and thievery - crashed the global economy and caused untold suffering to literally tens of millions of people, only to get bailed out by the SAME people they scammed...and are now making record profits 3 years later while record numbers are unemployed, living in poverty, and going hungry, are now using OUR MONEY to spy on us!

If that's not enough to make your blood boil, and run out to the nearest Occupy Wall Street (or whichever city you live in ) protests I don't know what will. This story really has it all, from taxpayer fraud to intrusive surveillance to the possible use of facial recognition technology to the creepy collusion of corporate and government authorities to subvert American's constitutional right to privacy and on down the line.

As Pam Martens aptly concludes, "Wall Street is infamous for perverting everything it touches: from the Nasdaq stock market, to stock research issued to the public, to auction rate securities, mortgages sold to Fannie Mae and Freddie Mac, credit default swaps with AIG, and mortgage securitizations. Had a public hearing been held on this massive surveillance sweep of Manhattan by potential felons, hopefully someone might have pondered what was to prevent Wall Street from tracking its employee whistleblowers heading off to the FBI offices or meeting with a reporter. One puzzle has at least been solved. Wall Street’s criminals have not been indicted or sent to jail because they have effectively become the police."

In many ways this story EPITOMIZES exactly why the Occupy movement is both just and righteous...and growing.

Thursday, October 20, 2011

As Occupy Wall Street Protests Grow Let's Revisit the Patriot Act

In light of the growing worldwide Occupy Wall Street protests we would do well to revisit how the Patriot Act has been abused by government, not to catch terrorists, but to stifle dissent and consolidate power. Understanding how its been used in the past should make us all very wary about how its probably being used as we speak, and will be used in the future, to target protesters utilizing their First Amendment right to speak out against a deeply corrupted and unjust economic system.

What’s amazing is this movement didn’t start sooner…if only it had back after the 2008 crash perhaps we could have gotten REAL financial reform. The bottom line is the masses are starting to understand that the economic and political game is rigged….and the only winners are corporations, Wall Street, and the very top of the income ladder. Meanwhile, the middle class is nearly gone and the lower class and poverty is exploding.

Now, just a month after it began we saw large crowds marching in London, Frankfurt, and Rome, in addition to approximately 900 protests in American cities and as many as 2,000 have taken place worldwide.

With that backdrop, let me take you back to some of what I wrote in my op-ed a few months ago entitled "The Patriot Act and the Quiet Death of the US Bill of Rights", with particular attention to the ongoing efforts by a few Senators to expose what they call a "secret" Patriot Act provision.

As you read these DOCUMENTED abuses, keep the Occupy Wall Street protests in mind.


Consider what we know:

•   As Adam Sewer of the American Prospect notes: “It's no secret that the FBI's use of NSLs - a surveillance tool that allows the FBI to gather reams of information on Americans from third-party entities (like your bank) without a warrant or without suspecting you of a crime - have resulted in widespread abuses. All that the FBI needs to demand your private information from a third-party entity is an assertion that such information is "relevant" to a national security investigation -- and the NSLs come with an accompanying gag order that's almost impossible to challenge in court.”
•    NSLs were used by the Bush administration after the Sept. 11, 2001 attacks to demand that libraries turn over the names of books that people had checked out. In fact, there were at least 545 libraries that received such demands in the year following passage of the Patriot Act alone.
•    The Electronic Frontier Foundation (EFF) uncovered "indications that the FBI may have committed upwards of 40,000 possible intelligence violations in the 9 years since 9/11." It said it could find no records of whether anyone was disciplined for the infractions.
•    Under the Bush Administration, the FBI used the Patriot Act to target liberal groups, particularly anti-war, environment, and anti-globalization, during the years between 2001 and 2006 in particular.
•    According to a recent report by the ACLU, there have been 111 incidents of illegal domestic political surveillance since 9/11 in 33 states and the District of Columbia. The report shows that law enforcement and federal officials work closely to monitor the political activity of individuals deemed suspicious, an activity common during the Cold War – including protests, religious activities and other rights protected by the first amendment. The report also noted how the FBI monitors peaceful protest groups and in some cases attempted to prevent protest activities.
•    According to a July 2009 report from the Administrative Office of the U.S. Courts, only three of the 763 "sneak-and-peek" requests in fiscal year 2008 involved terrorism cases. Sixty-five percent were drug related.

In other words, the "precedent" set by the Patriot Act appears to be serving to accelerate the rapid disintegration of civil liberties in this country.

But let's go back to what I wrote on the "secret provision"
: Of equal concern is what we still don't know about how the government might be using the Act, highlighted by recent statements made by US Senators regarding what they termed "secret Patriot Act provisions".  Senator Ron Wyden ( D-OR ), an outspoken critic of the recent reauthorization, stated, "When the American people find out how their government has secretly interpreted the Patriot Act they will be stunned and they will be angry." As a member of the Senate Intelligence Committee Wyden is in a position to know, as he receives classified briefings from the executive branch.

In recent years, three other current and former members of the US Senate - Mark Udall ( D-CO ), Dick Durbin ( D-IL ), and Russ Feingold ( D-WI ) - have provided similar warnings.  We can't be sure what these senators are referring to, but the evidence suggests, and some assert, that the current administration is using Section 215 of the Patriot Act - a provision that gives the government access to "business records" - as the legal basis for the large-scale collection of cell phone location records.

The fact that in 2009 Sprint disclosed that law enforcement made 8 million requests in 2008 alone for its customer's cell phone GPS data for purposes of locational tracking should only add to these legitimate privacy concerns.


I bring this issue up, because just a few weeks ago those same Senators, as reported in the New York Times, attempted to bring this issue to light again.

The NYT reports:

Two United States senators...accused the Justice Department of making misleading statements about the legal justification of secret domestic surveillance activities that the government is apparently carrying out under the Patriot Act.

The lawmakers — Ron Wyden of Oregon and Mark Udall of Colorado, both of whom are Democrats on the Senate Intelligence Committee — sent a letter to Attorney General Eric H. Holder Jr. calling for him to “correct the public record” and to ensure that future department statements about the authority the government believes is conveyed by the surveillance law would not be misleading.

...


Mr. Wyden and Mr. Udall have for months been raising concerns that the government has secretly interpreted a part of the Patriot Act in a way that they portray as twisted, allowing the Federal Bureau of Investigation to conduct some kind of unspecified domestic surveillance that they say does not dovetail with a plain reading of the statute.

The dispute has focused on Section 215 of the Patriot Act. It allows a secret national security court to issue an order allowing the F.B.I. to obtain “any tangible things” in connection with a national security investigation. It is sometimes referred to as the “business records” section because public discussion around it has centered on using it to obtain customer information like hotel or credit card records.

But in addition to that kind of collection, the senators contend that the government has also interpreted the provision, based on rulings by the secret national security court, as allowing some other kind of activity that allows the government to obtain private information about people who have no link to a terrorism or espionage case.

Justice Department officials have sought to play down such concerns, saying that both the court and the intelligence committees know about the program. But the two lawmakers contended in their letter that officials have been misleading in their descriptions of the issue to the public.
 

First, the senators noted that Justice Department officials, under both the Bush and Obama administrations, had described Section 215 orders as allowing the F.B.I. to obtain the same types of records for national security investigations that they could get using a grand jury subpoena for an ordinary criminal investigation. But the two senators said that analogy does not fit with the secret interpretation. 

Now let me go back to my analysis of the Patriot Act...again, with the Occupy Protests in mind:

The Patriot Act was sold as an indispensable weapon in the government's arsenal to fight and "win" the "War on Terror".  We were assured that the sole purpose of these unprecedented powers granted government were to locate and catch terrorists - not raid the homes of pot dealers and wiretap peace activists.  Monitoring political groups and activities deemed "threatening" ( i.e.  environmentalists, peace activists ), expanding the already disastrous and wasteful war on drugs, and eavesdropping on journalists isn't about fighting terrorism, it's about stifling dissent and consolidating power - at the expense of civil liberties.

How ironic that the very "tool" hailed as our nation's protector has instead been used to violate the very Constitutional protections we are allegedly defending from "attack" by outside threats.  What was promised as a "temporary", targeted law to keep us safe from terror has morphed into a rewriting of the Bill of Rights.

John Whitehead explains: "The Patriot Act drove a stake through the heart of the Bill of Rights, violating at least six of the ten original amendments-the First, Fourth, Fifth, Sixth, Seventh and Eighth Amendments-and possibly the Thirteenth and Fourteenth Amendments, as well.  The Patriot Act also redefined terrorism so broadly that many non-terrorist political activities such as protest marches, demonstrations and civil disobedience were considered potential terrorist acts, thereby rendering anyone desiring to engage in protected First Amendment expressive activities as suspects of the surveillance state."

As I also asserted, the Bill of Rights is under siege, particularly the Fourth Amendment, writing, "Some important questions demand answers: Does increasingly intrusive and even unconstitutional anti-terrorism measures actually make us any safer (or less so)? If so, what is the price we are willing to pay for that additional security?

Since 9/11 an undeniable pattern has emerged, from illegal search and seizures to warrantless wiretapping to the GPS tracking of cell phones to airport body scanners to the redefinition of Habeas Corpus to the increasing use of rendition for the purposes of torturing prisoners yet to be charged with a crime to military tribunals replacing courts of law, among many others.

What were once considered unassailable civil liberties granted to ALL citizens are under siege. The consequences of such a loss would be profound. Without the fundamental reform of the Patriot Act I fear this loss will be a permanent, and the American experiment will forever be altered.

So let us hope that the desperately needed, and incredibly hopeful Occupy Wall Street protests, and protesters, are not  the target of aggressive and unconstitutional Patriot Act abuses (we've already seen how law enforcement has overreached) - as in the past. Of course, "hoping" is no solution to the constitutional crises we face in this country - epitomized by the Patriot Act (and court rulings like Citizens United).

Just as the protesters are absolutely correct in their focus on wealth disparity, Wall Street corruption and criminality, and our transformation into something resembling an oligarchy more than a true democracy, we should also remember that since 9/11 the US Bill of Rights has been under assault, with the Patriot Act serving as the battering ram. So, while we must address economic justice issues so too must we demand reforms to, and even repeal of, the worst components of a law (the Patriot Act) that was in part DESIGNED to counter and stifle the very protests taking place across this country and world.

Thursday, October 13, 2011

A Near Privacy Sweep in California…With One BIG Exception

It was a near legislative sweep for privacy advocates this year as Governor Brown signed all but one of the key privacy bills that reached his desk. These include: 

SB 602 (Yee) will ensure that government and third parties cannot access private reading records without proper justification. This is no small victory being that digital books will store data that can include books browsed, how long a page is viewed, and even the electronic notes written in the margins. It's not hard to see the detailed portrait of your life such information could paint.


AB 22 (Mendoza) will prohibit a prospective employer from using consumer credit reports in the hiring process unless it’s directly related to the job. This bill was one of our top priorities this year for a number of reasons, including: credit reports do not have predictive value in determining a worker’s ability to perform job duties, while a bad credit report might unfairly influence a hiring employer’s attitude toward a job applicant; a significant percentage of credit reports are inaccurate, and correcting such information in a credit report is a tedious, time consuming affair; and millions of peoples credit scores have been decimated by a Great Recession that was no fault of their own, but in fact due to the actions of some of the very interests that then arbitrarily determine ones credit rating. For all of those reasons and more this legislation was a victory for both privacy and economic justice.

SB 24 (Simitian) will provide an important upgrade to California's landmark breach notification law. It spells out which key details must be included in that notification letter, and would make sure the Attorney General hears about the breach. SB 24 will help consumers make sense of these notices, and help arm us to stop identity theft. Sony, Citibank, and the Bay Area Rapid Transit District are recent examples of businesses and government agencies whose customers’ records were stolen by hackers.

And just a few weeks ago it was revealed that 300,000 Californians’ intimate medical records, along with their social security numbers, were viewable for months to anyone with an internet connection, owing to an insurance processing business’ failure to safeguard its electronic data files. This massive medical records data breach leads us to another privacy related legislative victory: SB 850 (Leno), which will expand the Confidentiality of Medical Information Act to both written and electronic health records.

Also of note, but not a high priority for CFC this year, was the signing of SB 208 (Alquist), which will authorize restitution to an identity theft victim for expenses to monitor a credit report and for the costs to repair a credit rating, and SB 636 (Corbett), which will provide further protection to individuals participating in the Safe at Home Program by prohibiting their addresses and telephone numbers from being posted on the Internet, and establishing crimes for publishing or failing to remove their identifying information.

The Big Disappointment: Governor Vetoes SB 914 (Leno) - Police Search of Smart Phones

Currently police can seize and search an individual’s smart phone or android without a warrant, just like a traditional cell phone. SB 914 would have clarified that an arrestee’s cell phone can only be accessed with a warrant, except in circumstances where there is an immediate threat to public safety or the arresting officer. It acknowledges that accessing information on a cell phone is fundamentally different than searching an arrested person’s wallet, cigarette pack or jeans pockets.

Being that modern cell phones are becoming more like all purpose computers, and therefore contain ALL KINDS of personal, private information, the authorities should not be granted the right to that information without a warrant.

Unfortunately, in 2007, California's Supreme Court ruled against such a distinction, arguing, "The cell phone was an item (of personal property) on the person at the time of his arrest and during the administrative processing at the police station. Because the cell phone was immediately associated with defendant’s person, (police were) entitled to inspect its contents without a warrant." 

But these justices went even further - comparing the cell phone to personal effects like clothing. Worse, it argued that it wasn't because the police had a particular right in this particular case, or there was some special exception that allowed such a search, but rather, that no exception was even necessary. In other words, this case was not an exception, but rather the NEW rule: cell phone records are now of little difference than the shirt on your back if you've been arrested.

Dissenting Justice Kathryn Werdegar raised similar concerns we have in her opinion: "The majority’s holding ... (grants) police carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person...The majority thus sanctions a highly intrusive and unjustified type of search, one meeting neither the warrant requirement nor the reasonableness requirement of the Fourth Amendment to the United States Constitution."

In response to the ruling, Jonathan Turley, a Constitutional law expert at George Washington University, seconded Justice’s fourth amendment related concerns, "The Court has left the Fourth Amendment in tatters and this ruling is the natural extension of that trend. While the Framers wanted to require warrants for searches and seizures, the Court now allows the vast majority of searches and seizures to occur without warrants. As a result, the California Supreme Court would allow police to open cell phone files — the modern equivalent of letter and personal messages.”

In light of increasing economic injustice and income inequality, and the likewise growth in number and size in protests across the country, granting authorities such powers should be viewed with great skepticism and caution. As State Senator Mark Leno noted, "If you like to attend political rallies, parades, protests or sit-ins, you might consider leaving your cell phone at home in the unlikely event arrests are made. A recent California Supreme Court decision allows police to rummage through all of the private information on your smart phone as part of an arrest, including your text messages and e-mails. This warrantless search is now legal in California, regardless of whether the information on the phone is relevant to the arrest or if criminal charges are ever filed.”

This fight isn’t over. Senator Mark Leno has indicated he will bring this legislation back next year in another effort to overturn the state Supreme Court’s ruling. Clearly, in this case and many others like it in the age of the Patriot Act and the War on Terror, Governor Brown was mistaken in his veto message when he said the courts are "better suited" than legislators to decide when a search is legal. Perhaps in most cases this is true...but not when they are so clearly in conflict with something as fundamental to our basic rights as the Fourth Amendment. Let’s hope we can change the Governors mind next year.

Thursday, October 6, 2011

Facial Recognition Technology Creeping into the American Work Place

Over a month ago I posted a pretty extensive blog on Facial Recognition technology and the threat it poses to individual privacy. Because I know not everyone can read every post, I'll repeat a few of my thoughts here today before I get to an outstanding piece by Tana Ganeva of Alternet about the rapid spread of this technology - particularly in the workplace (which is especially disturbing).

The article I commented on here back on September 1st was also from Alternet entitled 5 Unexpected Places You Can Be Tracked With Facial Recognition Technology. As I wrote then, this issue has particular interest to me due to California's recent fight, that we at the Consumer Federation of California were deeply involved in, over biometric identifiers being used by the DMV (our Executive Director is quoted in this article). 

As for the larger concern over facial recognition technology, groups from the Privacy Rights Clearinghouse (PRC) to the ACLU to the Electronic Frontier Foundation to EPIC have all been very active in making the case that there is a very real threat to privacy at stake in determining just how, and when, this technology can be used.  

So let me refresh everyone on the concept of biometric identifiers - like fingerprints, facial, and/or iris scans.  These essentially match an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file.

There are a number of reasons why such technological identifiers should concerns us. So let's be real clear, creating a database with millions of facial scans and thumbprints raises a host of surveillance, tracking and security question - never mind the cost. And as you might expect, such identifiers are being utilized by entities ranging from Facebook to the FBI. In fact, the ACLU of California is currently asking for information about law enforcements’ use of information gathered from facial recognition technology (as well as social networking sites, book providers, GPS tracking devices, automatic license plate readers, public video surveillance cameras).

But for today’s sake, let’s hone in on the article by Tana Ganeva, because it adds another critical piece to this privacy eviscerating technological puzzle...a piece that happens to tie directly to the increasing shift in power from workers and people to corporations and "owners". We see this deterioration in worker rights and this widening gap between the wealth, influence, and rights of the rich and powerful versus the rest of us in the uprisings in Ohio and Wisconsin, to the Occupy Wall Street protests spreading across the country, to movements like the Take Back the American Dream.

Here's yet another reason I believe this clash has just begun...and not a minute too soon. In here piece entitled,  "Biometrics at Pizza Hut and KFC? How Face Recognition and Digital Fingerprinting Are Creeping Into the U.S. Workplace" she writes: 

FaceIN uses two cameras to map a worker's face, converting the width of their cheekbones, depth of their eye sockets, nose shape, and other unique facial features into an ID code. Every day after that, workers punch in by standing in front of a machine that recognizes them after a two-second face scan. Unlike the old-fashioned electronic password, FaceIN promises to tightly monitor when workers come and go, permanently banishing "buddy punching" from the workplace -- the time-honored practice of covering for a co-worker who may be running a few minutes late.

... 

Face-scanning time clocks were only introduced in the US in 2010, by companies like Lathem and Compumatic Time Recorders Inc, which outdoes Lathem by offering a time-clock that recognizes workers in the dark. But biometrics -- the science of determining identity through unique physiological features like fingerprints or the pattern of veins -- have been creeping into the American workplace for years. Fingerprint readers, retinal scans, and even machines that use palm pressure to ascertain identity are in use in workplaces ranging from the US Senate to hospitals to construction sites and restaurants.

As you can imagine, the applications vary depending on the work. Namely, the higher up you go on the income ladder, the more likely it is that biometrics are used to aid security or even protect privacy, like keeping hospital records safe.

In low-wage jobs, advances in biometrics are starting to manifest in products that monitor and control employee behavior; devices meant to scare workers out leaving early to pick up the kids, running a few minutes late, or giving friends or family the occasional discount.

... 

KFC, Souplantation and Sweet Tomatoes join franchise owners of Pizza Huts and Popeyes in publicizing their use of the technology. A Digital Persona rep also says U.are.U is used in Long John Silvers and Wendy's locations. Hooters' corporate management was so impressed after seeing U.are.U in action at a few restaurants it has made it corporate policy to equip Hooters across the land with the machines, the Digital Persona rep told AlterNet.

Other companies including a popular fast food chain, an omnipresent pharmacy, and an upscale furniture store, are keeping quiet about their use of U.are.U in some of their stores, AlterNet has learned. Their caution seems warranted. Biometrics is a staple of sci-fi dystopias for a reason, and recent, more public debuts of the technology have not gone well. Earlier this summer Facebook faced massive backlash after expanding its face recognition tagging software. The German government even threatened to sue the site for violating German privacy laws, and the Connecticut attorney general scolded Facebook for making the feature default rather than letting users opt-in.

 

The American low-wage workplace is not exactly a paragon of mutual trust and autonomy. There are, after all, managers to oversee employee activity and in many fast food joints surveillance cameras effectively communicate the point that workers can be watched at all times.

Nussbaum points out that most supervisors would probably notice if half of their crew stopped showing up but kept getting paid. The far more exacting measurement of employee arrivals and departures offered up by the biometric clock appears designed to capture what a human manager might miss. 

An American Payroll Association study cited in Digital Persona promotional materials estimates that "time theft" accounts for between 1.5 to 5 percent of payroll costs. But what about the longer-term economic impact of worker burnout? Nussbaum has found that workers subjected to increasing levels of surveillance can suffer physical and psychological problems.

Of course, the emotional and physical health of their lowest-paid workers has never been top corporate priority. It just doesn't have to be, since essentially every big economic trend over the past 50 years has screwed low-wage workers while ensuring employers have a large supply of disposable labor. 

Right now is a particularly nasty time to be a member of America's working poor. Unemployment rates among high-school graduates hover at around 10 percent -- in comparison, 4.4 percent of college graduates are out of work. This is despite the fact that what new jobs are being spit up by the anemic economy are primarily low-wage, according to a February report by the National Employment Law Project which found 49 percent of job growth over the year took place in industries like retail. 



Facebook has become the most public symbol of privacy corrosion, so the site's use of face recognition technology sparked the most outrage. But biometric technology is starting to appear in many realms. A few weeks ago AlterNet compiled a list of unexpected places where face recognition technology can be found besides Facebook. These included ads in Vegas and in the marketing strategies of companies like Adidas and Kraft, as the Los Angeles Times reported. There's about a 50/50 chance your DMV uses face recognition to run photographs through a database, according to an estimate by the EFF's Lee Tien. Police in departments around the country are being equipped with MORIS, a mobile device that contains face recognition, iris scanning and digital fingerprints. 

One of the things that stands between abuses of the technology is the visceral unease it engenders, which often leads to backlash when it's too crudely imposed. Getting young people accustomed to being fingerprinted just to go to work, though, can go a long way toward making the technology seem more and more natural, so that it also seems perfectly normal to give your fingerprint to the police when you don't have to, or be OK with a corporation, or strangers on the street, knowing who you are from a snapshot of your face. 

Click here to read more.

As I have written here numerous times, more than any one technology and intrusive abuse of it, or the latest "war on terror" court ruling stripping us of yet another civil liberty, is a future in which privacy itself is but a distant, distorted memory. Where are we left when the power of corporate or government interests to monitor everything we do is absolute? 

As I wrote, "Whether its the knowledge that everything we do on the internet is followed and stored, that we can be wiretapped for no reason and without a warrant or probable cause, that smart grid systems monitor our daily in home habits and actions, that our emails can be intercepted, that our naked bodies must be viewed at airports and stored, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move, and that RFID tags and GPS technology allow for the tracking of clothes, cars, and phones (and the list goes on)...what is certain is privacy itself is on life support in this country...and without privacy there is no freedom. I also fear how such a surveillance society stifles dissent and discourages grassroots political/social activism that challenges government and corporate power...something that we desperately need more of in this country, not less." 

The fact that low income workers could now be subjected to constant facial recognition monitoring in the hopes of working them harder, longer, and under even more duress than they already are by an increasingly rich and powerful CEO class is in fact infuriating to me...and represents the clear path our country is on, and has been for over 30 years. And it is this path that is leading to the much needed movement, and protests, starting to take place around this country demanding MORE, not less, worker rights, economic justice, and yes, privacy.

Monday, October 3, 2011

My Interview on AB 22 (Mendoza), and Governor Signs SB 602 (Reader Privacy Act)

A little less than two weeks ago I put together a major post on job seeker privacy, particularly when it comes to employers increasing use of intrusive background checks, most notably of your credit reports.

Rather than go into detail here again, let me just point you to the interview I did on the Rick Smith Show last week about legislation here in California, AB 22 (Mendoza), that would ban prospective employers from accessing your credit scores unless its directly related to the job your applying for. The Governor has until October 9th to decide.


Now to some great news...the Governor signed Senator Leland Yee's Reader Privacy Act (SB 602) on Sunday. As I've noted in the past here, The privacy threats posed by the explosion of digital books, which will store data that can include books browsed, how long a page is viewed, and even the electronic notes written in the margins. It's not hard to see the detailed portrait this could paint of your life.

Thankfully, this concern will finally be addressed by SB 602 (Yee) - which now will provide important privacy protections for digital book readers. Without such legislative protection, you can imagine how tempting this information could be to the government or other litigants, like those involved in divorce cases, custody battles, or insurance disputes.

In the case of digital books, we're not talking about just another library - librarians utilize a different standards for dealing with user information than does the online world. Many libraries routinely delete borrower information, and organizations such as the American Library Association have fought hard to preserve the privacy of their patrons in the face of laws such as the U.S. Patriot Act.

What the bill will do is update California's privacy protections in the digital age by preventing the disclosure of information about readers from booksellers without a warrant in a criminal case or a court order in a civil case. It also requires booksellers to report the number and type of requests they receive to track government demands for reader information. Without such protections, we're talking about a virtual one-stop shop for government and third party fishing expeditions into the personal details of our lives.

Here's what PC magazine had to say about the legislation being signed:

The bill, known as the Reader Privacy Act of 2011, will require government agencies to obtain a court order before they access customer records from book stores or online retailers. It will officially become law on January 1. 

"California law was completely inadequate when it came to protecting one's privacy for book purchases, especially for online shopping and electronic books," said Calif. state Sen. Leland Yee, the bill's sponsor. "Individuals should be free to buy books without fear of government intrusion and witch hunts. If law enforcement has reason to suspect wrongdoing, they should obtain a court order for such information."

Sen. Yee pointed to the McCarthy hearings of the 1950s, where Americans were questioned about whether they had read Marx or Lenin. In the years since September 11, meanwhile, the FBI has sought information from more than 200 libraries, he said. The bill was backed by the American Civil Liberties Union of California (ACLU) and the Electronic Frontier Foundation (EFF), as well as Google, TechNet, and the Consumer Federation of California.

"Reading choices reveal intimate facts about our lives, from our political and religious beliefs to our health concerns. Digital books and book services can paint an even more detailed picture—including books browsed but not read, particular pages viewed, how long spent on each page, and any electronic notes made by the reader," the EFF said in a statement. 

"Without strong privacy protections like the ones in the Reader Privacy Act, reading records can be too easily targeted by government scrutiny as well as exposed in legal proceedings like divorce cases and custody battles. Legal protections must keep up with technological advances," said Valerie Small Navarro, Legislative Advocate with the ACLU of California. 

Click here to read more.