Monday, December 31, 2007

RFID Chips in Passports

Despite widespread opposition to RFID technology being used in passports, the Department of State has approved its use in some new American passports.

The Center for Democracy and Technology reports:

Today, the Department of State released a final rule for the new "Passport Card," which is intended to be used by American citizens who frequently travel by land or sea to Canada, Mexico, the Caribbean, and Bermuda. The new rule calls for the use of "vicinity read" RFID technology without the use of encryption. This means the card will be able to be read remotely, at a long distance. CDT strongly objected to the use of this technology--developed for tracking inventory, not people--because it is inherently insecure and poses threats to personal privacy, including identity theft, location tracking by government and commercial entities outside the border control context, and other forms of mission creep.


4 congressmembers, the Government of Canada, a Native American government, privacy interest groups, technology companies and dozens of city, county and municipal governments expressed their concerns about the new rule.


The Federal Register text of the rule states their concerns:

The opinion expressed by many commenters is that vicinity read technology is not as secure as the proximity read technology currently used in the United States e-Passport. In their opinion the use of vicinity read technology could result in the unauthorized reading of information that would lead to identity theft and tracking of United States citizens by terrorists (security groups) and the government (privacy groups). In addition, commenters asserted that employing two different technologies at the same border crossing is redundant, inefficient, and unnecessarily costly.


Click here to read the text in its entirety



The government has stated that in order to avoid identity theft they are going to take several precautionary measures.



The Washington Post Reports:


The government said that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers or other personal information. It will also come with a protective sleeve to guard against hackers trying to skim data wirelessly.

Avi Rubin, a professor at Johns Hopkins University, said that two years ago, he duplicated an RFID chip in his "speedpass" used for buying gas, copied the information onto a laptop and, after extending a radio antenna from the laptop out the car door, was able to buy gas with the cloned RFID chip.

Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip, one that can only be read up close, and he is critical of the passport card's technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning.

Click here to read the text in its entirety


When it comes to protecting our privacy and identity, we should always expect and demand the government falls on the side of security. Unfortunately, as this program currently stands, the government has failed to take the necessary precautions to protect our privacy and guard us against identity theft.

Thursday, December 27, 2007

Google/Doublick Merger: EPIC Statement

To expand on the FTC's recent approval of the merger between Google and Doubleclick - particularly its privacy implications - I thought this statement by Marc Rotenberg, of the Electronic Privacy Information Center (EPIC), was a worthy post.

Some highlights include:

But the competition at issue here is not simply the development of a product or a service, it concerns the techniques that are used to collect information on American consumers in the Internet advertising industry, whether by text-based advertising, display-based advertising or some combination of the two.

Further, unlike typical merger reviews where the Commission may assume that the market analysis of suppliers and consumers captures all of the relevant parties, the market for Internet-based advertising is different. These companies target individual consumers based on their interests, their activities, even their personal behaviors. The “consumers” for Internet advertisers are web-based publishers. Assuming there is healthy competition, they make choices among competitors for advertising services. But for the consumer whose data is gathered, there is no choice. The market relationship exists between the advertiser and the publisher. It does not include the consumer.

...

But a majority of the Commissioners chose to ignore the privacy implications ofthe Google-Doubleclick merger and to propose instead the same self-regulatory approachto privacy protection that has repreatedly failed American consumers and could have been put forward whether or not a merger review was also underway.

...

As Senator Kohl said recently, “The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy."


Moreover, in the last several years, the Commission has become increasingly aware of the new risks to American consumers. The FTC’s annual surveys repeatedly find that identity theft is the number one concern of American consumers. But consumers have little understanding of how their personal information is collected, how it is used, or what they might do when problems arise. The reality is that the gap between the risks to consumer privacy and the protections for consumer privacy is growing.

...

The Federal Trade Commission had an opportunity to establish the necessary safeguards for personal data and competition that could have allowed a global framework to emerge. Instead, the Commission’s failure to act leaves the question of how best to address the privacy and competiton implications of this deal to others.

The Federal Trade Commission is a public agency funded by taxpayer dollars. Its sole purpose is to protect the public interest. It failed to do so today in a case that will have far-reaching implications for the Internet economy and the privacy rights of American consumers.

Click here for the statement in its entirety.

Friday, December 21, 2007

FTC Clears Google-DoubleClick Merger

I'd be remiss if I left for the holidays without covering the now FTC approved merger between Google and DoubleClick. As E-Week makes clear, this is a biggie:

"The acquisition would combine two of the biggest players in online advertising. Google's text-based AdSense business is based on clickable links, while DoubleClick's technology places targeted banner ads and other display advertising on popular online sites."

The question being posed to both the FTC and the European Commission is how will this deal effect the consumer, in terms of it's privacy implications, the cost and affordability of the services themselves, and the more general effect on market competition. Consumer rights and privacy groups, in the United States and Europe, have aligned strongly against the merger.

In response to the FTC's decision, the groups that filed the original complaint ( The Electronic Privacy Information Center, the Center for Digital Democracy and U.S. PIRG ) with the FTC shortly after Google announced the deal - arguing the acquisition would give Google unprecedented ability to "record, analyze, track and profile" the activities of Internet users - made their disappointment clear:

"Despite the FTC's claims, privacy is most certainly an antitrust issue," CDD Executive Director Jeff Chester said in a statement. "A key component of the online market dominance that companies such as Google have achieved is the aggregation and analysis of consumer profiles, including the merger of far-flung data sets and vast data warehouses that only a handful of companies now have at their disposal."

The FTC's primary argument for not stepping in to prevent the merger was that Google and DoubleClick aren't direct competitors and therefore there are no "relevant antitrust" issues.

Further, as E-Week reports:

The FTC said its examination of the online advertising market shows "vigorous" competition in the space. Even though the agency found the merger poses no potential competitive harm to the marketplace, the FTC warned it would "closely watch these markets and, should Google engage in unlawful tying or other anticompetitive conduct, the Commission intends to act quickly."

But, as E-Week also reports, the European Commission still must weigh in:

The deal still needs the approval of the European Commission, which opened an extensive investigation into the merger in November. The EC has until April 2, 2008, to make a final decision on whether Google's acquisition of DoubleClick would "significantly impede" effective competition within the European Economic Area or any substantial part of it.

And this leads me to what European consumer advocates are saying about the deal, as all eyes are now on them. If the new report by the BEUC (The European Consumers' Organisation), which represents 41 pro-consumer groups from across Europe is any indication, this merger is far from a "done deal".

Click Z reports:

Following its initial warnings issued in late June, consumer group BEUC has once again written to the European competition commissioner Neelie Kroes to express concerns over Google's proposed $3.1 billion acquisition of Doubleclick...The letter cited three main areas of concern: pricing and competition, harm to consumers, and matters of privacy.
...

Finally the letter expresses concerns over consumer privacy and welfare, stating that the merger would create a structure that would "almost certainly be less respectful of user privacy." It argues that privacy protection is a competitive differentiator in the ad serving market, and that the merger would eradicate incentives for Google to innovate in the area since competition will have been diminished.

The European Commission is now carrying out a second-phase investigation into competition concerns surrounding the deal. As previously reported by ClickZ news, disapproval from the European Commission is likely to result in a collapse of the entire deal irrespective of the FTC's decision, since both companies generate significant revenue from within Europe.

This story should provide sufficient intrigue for everyone in the coming months...

Happy Holidays to all!

Thursday, December 20, 2007

FBI Recorded 27 Million FISA 'Sessions' in 2006

I know I've been doing a lot of posts on the FISA issue of late, but I just couldn't leave this one out. As more information comes to light - demonstrating why granting retroactive immunity to telecom companies would be so devastating to the fact finding process - we are learning just how expansive the administration's illegal wiretapping program has been over the past 5 years.

It should also be repeated here that the program was initiated well BEFORE 9/11...which only adds to the perception, and reality for that matter, that this program is a lot more about expanding executive power than "keeping us safe".

Now we find this...from Wired Magazine:

At the end of 2006, the FBI's Telecommunications Intercept and Collection Technology Unit compiled an end-of-the-year report touting its accomplishments to management, a report that was recently unearthed via an open government request from the Electronic Frontier Foundation.

...

Twenty-seven million is a staggering number given that the FBI only got 2,176 FISA court orders in 2006 from a secret spy court using the Foreign Intelligence Surveillance Act.
According to the math that means each court order resulted in 12,742 "sessions," all in regards to phone, not internet, surveillance.


FISA watchers have long wondered whether FISA warrants covered more than one person. Knowing how many calls or text messages the FBI captured could add a piece to the puzzle. Unfortunately, nothing in the documents turned over yet to the Electronic Frontier Foundation explain what a session is.

Click here to read the article in its entirety.

Wednesday, December 19, 2007

Democrats Delay a Vote on Immunity for Wiretaps

Mark this one down on your calendar...US Senators actually stood up on principle, and prevented the passage of the privacy eviscerating FISA bill! You know the one, that if passed, would have given retroactive immunity to the same telecom companies that gave the administration open access to your private phone and email conversations!

Well, thanks to the likes of Chris Dodd, Ted Kennedy, Russ Feingold, Barbara Boxer, and a handful of others, this abhorrent piece of legislation won't be debated again until January. If nothing else, this means that all Americans who care about the Constitution, the rule of law, and their inalienable right to NOT be spied on by their own government, have time to ban together and pressure lawmakers to strip retroactive immunity from any new FISA law!

Before I get to the article, watch the following Senate Floor speeches:

Senator Russ Feingold

Senator Chris Dodd

Senator Ted Kennedy

The New York Times reports:

The Bush administration had pushed for immediate passage of legislation to grant immunity to the phone companies as part of a broader expansion of the N.S.A.'s wiretapping authorities. But that will not happen now.

...

"Today we have scored a victory for American civil liberties and sent a message to President Bush that we will not tolerate his abuse of power and veil of secrecy," Mr. Dodd said in a statement. The president should not be above the rule of law, nor should the telecom companies who supported his quest to spy on American citizens," he said. "I thank all my colleagues who joined me in fighting and winning a stay in the rush to grant retroactive immunity to the telecommunications companies who may have violated the privacy rights of millions of Americans."

...

Ultimately, the Senate is likely to consider three different approaches: a plan by the Senate Intelligence Committee to immunize the phone carriers from liability; a plan by the Judiciary Committee to leave out immunity; and an alternative plan by Senator Arlen Specter, Republican of Pennsylvania, to indemnify the companies from legal liability by making the government responsible for any damages instead. Senator Dianne Feinstein, Democrat of California, threw a fourth option into the mix Monday by proposing that the foreign intelligence court, the FISA court, be allowed to decide whether individual companies should get immunity.

And one quick note on the role of the telecom industry, and the peoples' right to hold them accountable. To date, there are 40 lawsuits pending against AT&T, Verizon and other major phone companies over their alleged cooperation in the eavesdropping program. No surprise that the administration, and their corporate allies want immunity...that keeps the truth from ever seeing the light of day.

Click here to read the article in it's entirety.

Tuesday, December 18, 2007

ACLU presses candidates to repeal Real ID card law

The ACLU has rightly thrust the REAL ID Act - and the need for all candidates to proclaim their opposition to it - into the Presidential campaign.

For those that follow the campaign - or privacy for that matter - its probably not a great suprise to know that Democratic candidates Dennis Kucinich and John Edwards, as well as Republican candidate Ron Paul, are the only ones to date to CLEARLY articulate the threat the REAL ID Act poses to civil liberties.

New Hampshire's Union Leader reports:

Begun in July, the national and state organizations' efforts to get the candidates to publicly reject the plan to turn the state driver's license into a de facto national identification card haven't had much success.

While former Sen. John Edwards and Ron Paul are on record against Real ID as a threat to civil liberties, as is Congressman Dennis Kucinich, Sen. Barack Obama's only response so far has been to object on grounds it's an unfunded mandate and not enough has been done to help the state's implement it.

Ebel said requests to the national office of Sen. Hillary Clinton have produced no response, so she's hoping the campaign organization here will be more receptive. On the Republican side, former Mass. Gov. Mitt Romney's campaign said that he favors a national ID, but opposes driver's licenses for illegal immigrants. Former Arkansas Gov. Mike Huckabee has said he doesn't think DMV workers should be in the immigration business.

...

Calabrese said the ACLU projects that although Real ID calls for the states to be in charge of their own information, ultimately the Feds will say "let us handle the database."

Ebel and Calabrese said the Department of Homeland Security is beginning to figure out there's growing opposition to Real ID at the state level, so they've introduced the Western Hemisphere Travel Initiative that ACLU officials termed a "bait and switch" plan, which would hook up the driver's license base to customs databases.

Although people were originally going to have a passport to cross the border, DHS said if states linked their driver's license base to customs databases, they'd then be in compliance with Real ID. A key concern is that the DHS could expand the uses beyond the official purpose of Real ID. As specified by legislation, the Real ID is a secure card issued by states to be used only for the following reasons: to access a federal facility, board federally regulated commercial aircraft and enter nuclear plants.

Click here to read the article in its entirety.

Monday, December 17, 2007

Wider Spying Fuels Aid Plan for Telecom Industry

As the "FISA Retroactive immunity" bill is being debated on the Senate floor (and in fact just passed 76-10), Senator Chris Dodd is preparing a filibuster.

This critical debate, as often discussed here, is over whether the telecommunications industry should be protected from lawsuits for their aiding the National Security Agency’s warrantless, and illegal, eavesdropping program.

But aside from the political maneuverings taking place in the Senate as I write this, as the New York Times reported this weekend, this debate is as much about what was the relationship between the government and private industry, as it is about what the Bush administration wants this relationship to be in the future.

The New York Times reports:

But the battle is really about something much bigger. At stake is the federal government’s extensive but uneasy partnership with industry to conduct a wide range of secret surveillance operations in fighting terrorism and crime. The N.S.A.’s reliance on telecommunications companies is broader and deeper than ever before, according to government and industry officials, yet that alliance is strained by legal worries and the fear of public exposure.

...

After the disclosure two years ago that the N.S.A. was eavesdropping on the international communications of terrorism suspects inside the United States without warrants, more than 40 lawsuits were filed against the government and phone carriers. As a result, skittish companies and their lawyers have been demanding stricter safeguards before they provide access to the government and, in some cases, are refusing outright to cooperate, officials said.

...

The government’s dependence on the phone industry, driven by the changes in technology and the Bush administration’s desire to expand surveillance capabilities inside the United States, has grown significantly since the Sept. 11 attacks. The N.S.A., though, wanted to extend its reach even earlier. In December 2000, agency officials wrote a transition report to the incoming Bush administration, saying the agency must become a “powerful, permanent presence” on the commercial communications network, a goal that they acknowledged would raise legal and privacy issues.

...

The accusations rely in large part on the assertions of a former engineer on the project. The engineer, who spoke on the condition of anonymity, said in an interview that he participated in numerous discussions with N.S.A. officials about the proposal. The officials, he said, discussed ways to duplicate the Bedminster system in Maryland so the agency “could listen in” with unfettered access to communications that it believed had intelligence value and store them for later review. There was no discussion of limiting the monitoring to international communications, he said. “At some point,” he said, “I started feeling something isn’t right.”

...

The facts behind a class-action lawsuit in San Francisco are also shrouded in government secrecy. The case relies on disclosures by a former AT&T employee, Mark Klein, who says he stumbled upon a secret room at an company facility in San Francisco that was reserved for the N.S.A. Company documents he obtained and other former AT&T employees have lent some support to his claim that the facility gave the agency access to a range of domestic and international Internet traffic.

The telecommunications companies that gave the government access are pushing hard for legal protection from Congress. As part of a broader plan to restructure the N.S.A.’s wiretapping authority, the Senate Intelligence Committee agreed to give immunity to the telecommunications companies, but the Judiciary Committee refused to do so. The White House has threatened to veto any plan that left out immunity, as the House bill does.

“Congress shouldn’t grant amnesty to companies that broke the law by conspiring to illegally spy on Americans” said Kate Martin, director of the Center for National Security Studies in Washington.

Click here to read the article in its entirety.

Friday, December 14, 2007

Did Blockbuster, Facebook Break Privacy Law With Beacon?

Just when you thought the Facebook/Beacon scandal had been laid to rest, I find this article in PC World.

Apparently, there's a 1988 law called the Video Privacy Protection Act (VPPA). The law clearly "prohibits movie rental companies such as Blockbuster from disclosing personally identifiable rental records of the people who rent or buy movies from them to others -- unless the customer consents to the practice in writing."

We also happen to know that movie choices made by Facebook members on Blockbuster's website were made available to other members of the social network.

PC World details the story:

The case against Blockbuster is quite straightforward," said James Grimmelmann, associate professor at the New York Law School. "I'm surprised that there haven't been lawsuits already in terms of Blockbuster. The one against Facebook requires a couple more steps. It's one of those interesting issues" that can be viewed in multiple ways legally.

...

Civil remedies under the law include fines of at least US$2,500 for each violation. In the few situations where the law has been invoked, the cases involved the disclosure of customer movie rental records to law enforcement authorities by rental companies. The law has never been tested in an online situation such as the one involving Blockbuster and Facebook, and could raise interesting issues, according to Grimmelmann.

...

Facebook's Beacon ad service was released in early November as a part of the Facebook Ads platform. It is ostensibly designed to track the activities of Facebook users on more than 44 participating Web sites and to report those activities to the users' Facebook friends, unless specifically told not to do so. The idea is to give participating online companies a way to monitor the activities of Facebook users on their Web sites and to use that information to then deliver targeted messages to Facebook friends.

The problem with that arrangement, at least for Blockbuster, is that such information sharing put it in violation of VPPA before Facebook changed its privacy policies following an outcry over Beacon, Grimmelmann said. The mere fact that Blockbuster passed on movie choice information to Facebook friends without user consent is a violation of VPPA...


Click here to read the article in its entirety.

Unlikely allies unite to fight enhanced-ID plan

Not uncommon when it comes to the issue of privacy, unlikely allies from the left and right have joined forces. In this case, its the ACLU, the John Birch Society, and various Republican lawmakers voicing their opposition to Arizona Gov. Janet Napolitano's plan to create an enhanced state driver's license...which opponents believe moves the state a whole lot closer towards adopting requirements laid out in the REAL ID Act.

The Arizona Republic reports:

Napolitano last week signed an agreement with Homeland Security Secretary Michael Chertoff to create a three-in-one identification card. It would function as a driver's license, a valid ID for crossing the borders into Mexico and Canada, and a way for employers to verify workers' status under the soon-to-be-launched employer-sanctions law.

...

Under the terms of the agreement, the ID would be voluntary. It would cost $20 to $25 more than a standard driver's license because it would include an embedded information chip that could be read through radio-frequency identification technology. It's that technology that has opponents nervous and angry.

...

Alessandra Soler Meetze, executive director of the ACLU of Arizona, said the technology opens people up to having their identities stolen and to the government tracking citizens' every move."Any wireless signal is inherently insecure," she said.

As reported in the Arizona Daily Star, the debate centers around whether the idenities of those carrying the cards are truly at risk being that they contain no personal information, just an identification number. And, also argued by the Governor, is because the cards themselves are voluntary, not mandatory, they don't represent a government power grab or privacy invasion.

These arguments do not satisfy opponents of the program:

"I think they just value very much their privacy," the senator said. "And although it is voluntary at the moment, once the federal government gets involved I have no faith that it would stay voluntary."

...

Napolitano said the chips contain no personal information, just an identification number. She said only someone with access to the state Department of Public Safety database could learn anything more about the holder.

Homeland Security spokes-man Russ Knocke said the maximum range for reading the chips is 10 to 20 feet.

But Alessandra Meetze, executive director of the Arizona chapter of the American Civil Liberties Union, said that provides little comfort, even if true. She said it still would permit anyone with the right electronic equipment to track the movements of individuals.

Click here to read the article in the Arizona Republic.

Click here to read the Arizona Daily Star.

Thursday, December 13, 2007

Ask.com Puts a Bet on Privacy

It appears consumers are going to have an option now for greater privacy when searching the web. The fourth largest search engine company has begun offering a service called AskEraser, which allows users to make their searches more private.

The small company (compared to Google or Yahoo that is) from Oakland California is hoping that this new technology will help give them a leg up on the competition. Let us hope so.

The New York Times reports:

Ask.com and other major search engines like Google, Yahoo and Microsoft typically keep track of search terms typed by users and link them to a computer’s Internet address, and sometimes to the user. However, when AskEraser is turned on, Ask.com discards all that information, the company said.

...

The service will be conspicuously displayed on Ask.com’s main search page, as well as on the pages of the company’s specialized services for finding videos, images, news and blogs. Unlike typical online privacy controls that can be difficult for average users to find or modify, people will be able to turn AskEraser on or off with a single click.

...

I think that it is a step forward,” said Ari Schwartz, deputy director of the Center for Democracy and Technology, about AskEraser. “It is the first time that a large company is giving individuals choices that are so transparent.”

But underscoring how difficult it is to completely erase one’s digital footprints, the information typed by users of AskEraser into Ask.com will not disappear completely. Ask.com relies on Google to deliver many of the ads that appear next to its search results. Under an agreement between the two companies, Ask.com will continue to pass query information on to Google. Mr. Leeds acknowledged that AskEraser cannot promise complete anonymity, but said it would greatly increase privacy protections for users who want them, as Google is contractually constrained in what it can do with that information.

...

Last year, AOL released the queries conducted by more than 650,000 Americans over three months to foster academic research. While the queries where associated only with a number, rather than a computer’s address, reporters for The New York Times and others were quickly able to identify some of the people who had done the queries. The queries released by AOL included searches for deeply private things like “depression and medical leave” and “fear that spouse contemplating cheating.”

The incident heightened concerns about the risks posed by the systematic collection of growing amounts of data about people’s online activities. In response, search companies have sought to reassure consumers that they are serious about privacy.

...

In recent months, privacy has emerged as an increasingly important issue affecting major Internet companies. Several consumer advocacy groups, legislators and competitors, for instance, have expressed concerns about the privacy implications of the proposed $3.1 billion merger between Google and the ad serving company DoubleClick, which is being reviewed by regulators in the United States and Europe.

Last month, the Federal Trade Commission held a forum to discuss concerns over online ads that appear based on a user’s Web visits. And just last week, the popular social networking site Facebook suffered an embarrassing setback when it was forced to rein in an advertising plan that would have informed users of their friends’ buying activities on the Web. After more than 50,000 of its members objected, the company apologized and said it would allow users to turn off the feature.

The question remains - and perhaps will be answered to a degree with the offering of this new product - whether privacy is a strong enough concern among consumers to turn a feature like AskEraser into a major selling point for Ask.com. Click here for the article in its entirety.

Surveillance Court Declines to Release Secret Opinions

While not a surprise, this news is a disappointment. Despite the ACLU's best efforts, the Foreign Intelligence Surveillance Court has refused to release documents related to two past opinions it has given on the legality of the Bush administration wiretapping program.

The two decisions in question conflicted with one another, with the first seeming to give the administration more leeway in its continuation of the program it had been secretly conducting without court approval, while the second one was more restrictive.

The New York Times reports:

When Congress began debating changes in August, the civil liberties union asked the court to release the two opinions, arguing that the public had a right to know the court’s legal reasoning in the midst of a Congressional debate on the issue. The court’s presiding judge, Colleen Kollar-Kotelly, said then that it would consider the request, which she called “unprecedented.” In its own brief filed with the court, the administration opposed disclosure of the documents.

...

But, Judge Bates said, such benefits do not outweigh the government’s need or right to keep the material classified. Disclosure, he said, could allow the nation’s enemies to avoid detection and might compromise American intelligence activities. The potential damage is “real and significant, and, quite frankly, beyond debate,” the judge wrote.

...

Jameel Jaffer, director of the National Security Project at the A.C.L.U., said in an interview that he was disappointed. “A federal court’s interpretation of federal law should not be kept secret,” Mr. Jaffer said.

Click here to read the article in its entirety.

Wednesday, December 12, 2007

Ad-targeting system monitors your interests with ISP's help

The whole Facebook controvery over the past few weeks has highlighted the larger issue of internet privacy, and the role of advertiser targeting techniques.

A new product has been created to improve on Web sites' practice of dropping tiny tracking files known as cookies on visitors' computers. When those cookies indicate enough about a Web surfer's interests, related ads can be made to appear.

So, what are some of the privacy pro's and con's with this new technology? As you may have guessed, from a privacy perspective, it again comes down to the all important difference between "opt-in" or "opt-out". And to no ones surprise, industry wants to keep it as it is..."opt-out".

The Mercury News Silicon Valley reports:

...the fact that you visited a site doesn't say as much about your interests as knowing what you did there and afterward. Did you read several articles or quit halfway through one? Did you leave the site to research the topic further on a search engine?

To glean those deeper insights, NebuAd installs equipment inside the facilities of Internet service providers (ISPs), which see everything their customers do online. NebuAd's boxes examine many of the sites people visit, what they do there and what they hunt for on search engines.

...

Aspects of NebuAd's technique are already in play. For example, besides cookies, many online retailers deploy "clickstream analysis" tools that monitor what customers do on a given site - what they browse, what they read, which items they put in their shopping carts but fail to buy. As a much wider-ranging eye in the sky, NebuAd could pique more worries about privacy.

...Pam Dixon, director of the World Privacy Forum, said NebuAd should instead use an opt-in mechanism - automatically excluding anyone who doesn't sign up. She said even if a marketing profile is anonymous, someone might be able to tie it to an individual Web user, if its details were as richly detailed as NebuAd indicates.

"For this particular business model ... it's got to be opt-in, because people's expectation of privacy is that this isn't happening," Dixon said. The degree to which this privacy equation has been managed will likely be key for NebuAd.

Click here to read the article in its entirety.

Tuesday, December 11, 2007

Theft of personal data more than triples this year

According to a USA TODAY analysis of data losses reported over the past two years, more than 162 million records have been reported lost or stolen in 2007, triple the 49.7 million that went missing in 2006.

The article states:

Names, birth dates, account numbers and Social Security numbers have become like gold in the cybercrime underground. Meanwhile, organizations expose rich veins of such data as they convert paper documents into digital records. Business data worldwide are expected to swell to 988 billion gigabytes by 2010, up from 161 billion gigabytes in 2006, says researcher IDC.

As they "cram more and more data into a single place," companies and agencies present thieves with more opportunities for a big score, says Benjamin Jun, vice president of technology at Cryptography Research.

...

Organized-crime rings are on the lookout for unattended laptop computers, mail that contains disks or tapes and employees susceptible to bribery, says John Watters, CEO of security firm iSight Partners. "They're looking for the weak link," he says, "and aiming their resources at it."

Click here to read the article in its entirety.

Monday, December 10, 2007

Legislators, residents speak out against REAL ID program

The REAL ID Act - passed as an attachment to a supplemental spending bill for the Iraq war effort in 2005 - continues to meet resistance across the country whenever the public gets a chance to comment on it. Unfortunately, the Homeland Security Department (HSD) has kept such public gatherings to a minimum.

The Real ID Act would turn our state driver’s licenses into a genuine national identity card and impose numerous new burdens on taxpayers, citizens, immigrants, and state governments – while doing nothing to protect against terrorism. This new federal identity document would be required of every American in order to fly on commercial airlines, enter government buildings, open a bank account, and more.

The common reaction from concerned public citizens across the country to the Act has centered on the threat it would pose to individual privacy, the high costs states would incur to implement it, the increased danger of identity theft, and the possible loss of freedoms due to expanded government power. The recent hearings in Pennsylvania were no different. The good news is that 17 states have already passed legislation that opposes the Real ID Act...with Pennsylvania currently debating the passage of their own such bill.

The Daily American reported on the overwhelming public opposition displayed at the hearings:

The problem begins with a number of constitutional issues, opposition leaders say, and will only get worse when the identity database created by the act begins to be linked to financial institutions and essentially becomes a national identity card.

...

Many of the residents attending the event were uncomfortable with the program. Chris Faris, of Somerset, said that the act is not about security. “It’s about money. There’s a cottage industry of buying and selling information. They’re going to profit from it and say that we’re alarmists crying Fascism,” he said.

Click here to read the article in its entirety.

Friday, December 7, 2007

Report cautions consumers to look at online privacy policies

I thought this might be useful for readers being that it is the holiday season. A new report by CyberStreetSmart.org, a project of the New York Public Interest Research Group, rates retail websites on how well their customers' personal information was protected.

AP details the findings:

The group reviewed the privacy policies of 484 online retailers in October and November, focusing on two aspects: how well customers were informed about how their information would be used, and how much control customers have over who has access to their information.

Disneyshopping.com and homedepot.com received screen door awards; sites that won steel door awards include netflix.com, ralphlauren.com and rocawear.com. Disneyshopping.com was rapped because its privacy policy is "very technical and lengthy" and may be hard for people to understand, said Tracy Shelton, a consumer attorney with NYPIRG.

...

Homedepot.com was singled out because its policy says personal information may be transferred if the company is sold.

I did not see which companies it gave 'steel door' ratings to. I'll follow up on this post next week. To read the article in its entirety click here.

Thursday, December 6, 2007

Apologetic, Facebook Changes Ad Program

So Mark Zuckerberg, founder and chief executive Facebook, has apologized, says "they've made mistakes". Well, something tells me their deal with advertisers, and the use of Beacon, wasn't so much a "mistake" as an intentional desire to make as much money as possible.

Perhaps he means he made a mistake in getting caught?

At any rate, the Facebook flap highlights growing concerns about the increasingly sophisticated technologies used to track online activities in an effort to more precisely target advertising. It goes without saying these type of social networking sites have not exactly been forthcoming about how much user information they harvest, share, and with whom.

Nonetheless, as the New York Times article conveys, the Facebook story is one privacy advocates should feel good about. We made some noice, got some concessions, and now must broaden the scope of the fight.

The article details some of the reactions and aftermath to Facebook's apology:

Mark Zuckerberg, founder and chief executive of the social networking site Facebook, apologized to the site’s users yesterday about the way it introduced a controversial new advertising feature last month. Facebook also introduced a way for members to avoid the feature, known as Beacon, which tracks the actions of its members when they use other sites around the Internet.

...

Although Facebook has made the changes that MoveOn.org and others requested, some users said they believed the company had not been forthcoming. “I feel like my trust in Facebook has been violated,” said Christopher Lynn, 30, a Facebook user who also writes a blog on social media. “Facebook created this space that was a private space, where we share our experiences, and to share this data behind our backs is upsetting.”

...

Jeff Chester, executive director of the Center for Digital Democracy, said Mr. Zuckerberg should have explained Facebook’s full advertising and data collection program to users.

The user needs to decide how their information is going to be used, whether it’s going to be used for targeting at all, which advertisers have access to it and whether Facebook has the right to collect and analyze it,” he said. “Facebook is saying it is a safe place for you to share your innermost secrets; what’s not being told to users is that they are selling those secrets.”

Wednesday, December 5, 2007

Wiretap Oversight Urged

It's good to see The Center for Democracy and Technology taking yet another strong stand on behalf of individual privacy. I've covered the illegal wiretapping issue pretty extensively here, and it goes without saying that the telecommunications industry does not deserve immunity for the crimes they committed against their customers.

But, as CDT notes, there are numerous other problems with the FISA "reform" bills making their way through congress.

PC World reports:

The legislation, as approved by the Senate Intelligence Committee, would reauthorize warrantless wiretapping of some U.S. residents' telephone and electronic communications in the name of protecting the U.S. against terrorists. One of the most controversial provisions would give telecom carriers immunity from civil lawsuit judgements for assisting the government wiretapping efforts, but CDT officials said Tuesday that there are other important debates raised by the legislation, including the role of the U.S. FISA (Foreign Intelligence Surveillance Act) court in overseeing the wiretapping program.

The Senate Intelligence Committee version of the bill, which was put together with help from President George Bush's administration, offers "no meaningful protection" to U.S. residents and limits the involvement of the FISA court in approving wiretapping, CDT said. Several civil liberties groups have called the wiretapping program illegal because it spies on U.S. residents communicating with oversees suspects without court approval.

...

The CDT would prefer a substitute amendment from the Senate Judiciary Committee that's likely to come before the Senate during debate on the bill. That bill would give the FISA court more oversight of the wiretap orders, would prohibit the bulk collection of international communications and would sunset the bill in four years instead of six, as in the Senate Intelligence version. Even better is a House of Representatives bill, the Restore Act, which would allow ongoing FISA court supervision of the wiretapping program, and would require prior court approval of wiretaps in most cases, CDT said. The House narrowly passed the Restore Act Nov. 15.

Click here to read the article in its entirety.

Tuesday, December 4, 2007

California Government Surveillance Cameras Thrive Without Safeguards

Do you ever get that feeling you're being watched? Well, if you live in California - and most definitely in the UK - you probably are. One of the growing little privacy violation secrets in the US, particularly California, is the rapid expansion of the governments use of surveillance cameras with next to no safeguards or oversight.

A recent report by the ACLU entitled "Under the Watchful Eye", details this very real, and frightening encroachment on our privacy and civil liberties. But rather than me explain all the findings and suggested reforms, I suggest you read this article by Stella Richardson of the ACLU summarizing some of the report's findings.

She writes:

California cities are moving quickly to install video surveillance cameras on public streets and plazas without regulations, with little or no public debate, and without an evaluation of their effectiveness... public records survey done by the ACLU disclosed that, even though 37 cities have some type of video surveillance program and 10 are considering expansive programs, none has conducted a comprehensive evaluation of the cameras’ effectiveness [full list of cities and their responses].

...

In the last two years, the federal Department of Homeland Security has made more than $1.4 billion available to cities for anti-terrorism projects. This funding, along with rising homicide rates and aggressive marketing by security companies, has led many cities to approve and install surveillance camera systems.

...

Surveillance camera programs do not significantly reduce crime in city centers, the report argues. Mark Schlosberg, Police Practices Policy Director of the ACLU of Northern California and co-author of the report said, “The use of surveillance cameras, unfortunately, comes at the expense of proven crime reduction measures such as better lighting, foot patrols, and community policing. In this sense, throwing money at video surveillance actually detracts from law enforcement’s efforts to reduce crime.”

The report cites a survey commissioned by the British Home Office, which found that improved lighting led to “a 20 percent average decrease in crime, with reductions in every area of criminal activity including violent crime,” while cameras led only to reductions “no more significant” than in control areas with no cameras. Britain has more than four million cameras operating in more than 500 towns and cities.

...

Nicole Ozer, Technology and Civil Liberties Policy Director and report co-author, raises another serious concern. “The threat of widespread government surveillance only multiplies when cameras are combined with other new technologies.” She cited automated identification software among such technologies. “In this light, video surveillance cameras provide a critical pillar for an emerging government surveillance infrastructure,” Ozer added.

For the ACLU's recommendations, as well as the article in its entirety, click here. From my perspective, allowing anyone, especially government, to have such broad reaching and all encompassing surveillance abilities begs two questions: "How much do you trust those in power to always do the right thing? And more importantly, "How much do you trust anyone that is given such enormous power to keep doing what's right?" The old adage "Absolute power corrupts absolutely" keeps coming to mind.

Oh, and they don't reduce crime either!!

Monday, December 3, 2007

Editorial: Facebook move doesn't clear up privacy fears

During my 5 days absence a lot has happened in regards to the MoveOn versus Facebook clash. Unless you've been living under a rock, I'm sure you heard the people won this round.

As MoveOn noted in a November 30th action alert, Facebook's "about face" is something we should all celebrate:

Big news! Last night, Facebook changed their policy and announced that no private purchases made on other websites would be displayed publicly on Facebook "without users proactively consenting." This is a huge victory for online privacy—and shows how regular people can band together to make a difference as the rules of the Internet get written.

...

The Washington Post, New York Times, and media outlets around the world cited the 50,000 Internet users who joined MoveOn's Facebook group and online petition as critical in getting Facebook to reconsider their policy. The New York Times called it a "mass protest" and London's Telegraph newspaper said we achieved "dramatic change."

But, before we pop the champaigne and declare the 29th of November to be "National Privacy Protection Day", check out this editorial by the San Jose Mercury News entitled "Facebook move doesn't clear up privacy fears".

As the editorial points out, this is only one part of a much larger struggle to protect ones personal information - particularly in cyberspace:

The backlash against Facebook last week is a lesson to all Internet companies: Tread more carefully with consumer privacy, even in this linked-in age.

...

But the issue of privacy in the Internet age doesn't stop there. Facebook fixed the notification feature, but it's still collecting the data. Web sites like Facebook and MySpace make it possible to share intimate details of our lives with online friends and contacts. That allows the sites themselves to collect troves of personal data, such as what movie we saw, what books we like and where we plan to go on vacation. And they can share that data with Internet marketers.

...

Despite Facebook's concession, the Center for Digital Democracy and other privacy groups plan to press the Federal Trade Commission to examine Internet marketing practices. It's time to look at updating the ground rules for marketing in the Internet age. Social networking sites have brought us into a new era of connectedness. But the basic expectation of privacy must not change.

Click here for the complete editorial...

Tuesday, November 27, 2007

More on Facebook Violations of Privacy

See the post below for the full story (earlier today), but I had to add these new revelations supplied by MoveOn.org as to how, specifically, member privacy is being violated by Facebook:

"Like our work together for Net Neutrality, this is fundamentally about the future of the Internet as a public space.

Here's what some people wrote on the public Wall of our Facebook group:

"I made a purchase yesterday for my wife for Christmas...When my wife logged onto Facebook, there was an entry in her news feed that I had bought a ring from Overstock. It had a link to the ring and everything. Christmas ruined."

—Sean L. from Massachusetts

"I saw my girlfriend bought an item i had been saying i wanted...so now part of my christmas gift has been ruined. Facebook is ruining christmas!"

—Matthew H. from New York

"Facebook, are you kidding me? This is way out of bounds for a program I never opted into."

—Matthew F. from Georgia3

For these reasons, I will include the rest of MoveOn's request for action:

Dear MoveOn member,

When you buy a book, movie, or gift online, do you want that information automatically shared with everyone you know?

Last week, the social networking site Facebook began doing just that. Private purchases made by Facebook users on other sites were posted on Facebook for people's co-workers, friends, and random acquaintances to see.1 Why? To benefit corporate advertisers.

Other sites are looking at Facebook's example to see if they can get away with similar privacy breaches. We need to draw a line in the sand—making clear that the wish lists of corporate advertisers must not come before the basic privacy rights of Internet users.

Can you urge Facebook to stop violating privacy rights? If you're on Facebook, join our Facebook group and invite your Facebook friends. If you're not on Facebook, you can sign our petition to Facebook.

You can join the Facebook group "Facebook, stop invading my privacy!" here:

http://www.moveon.org/r?r=3202&id=11708-1187820-11hUe8&t=5

Click here to sign the petition (see box at right for petition text):

http://civ.moveon.org/facebookprivacy/?rc=fb_air&id=11708-1187820-11hUe8&t=6

Facebook, Privacy, and MoveON

Note: I will be in DC until next Monday...then back to posting here...

Before I leave however, I suppose its encumbent on me to post something about Facebook - the hot new "online community" site - and the virtual rash of privacy violations currently being associated with it.

Let's first start with the company's deal with advertisers. This from The Independent:

The new technology will also allow businesses to build custom-designed "pages" on the social networking site. Users can become "fans" of a company's page, which means any interaction with that brand will be broadcast to their Facebook friends.

Privacy campaigners are up in arms about Facebook's move, lambasting the company for selling out its users to the highest bidders - companies such as Coca-Cola, Sony, Verizon and Blockbuster.

Jeff Chester, executive director of the Centre for Digital Democracy in Washington, warned yesterday that Facebook has mounted a "massive invasion of user privacy". He added: "The authorities need to crack down on Facebook and MySpace to stop data collection and make sure people's privacy is respected." He wants regulators, including the European Commission's Privacy Authority, to investigate.

Deborah Pierce, who heads the lobby group Privacy Activism, said: "Users should be concerned. They have no idea who has access to information about them from the site."

In the US, legal experts, such as the University of Minnesota law professor William McGeveran, have queried whether Facebook's ad strategy is even legal. He believes that under a 100-year-old New York privacy law users may be able to sue for damages if their photos are used for advertising purposes without their consent.

But that's not all. Now MoveOn.org, the liberal civic and political action group, is sounding the privacy invasion alarms in a campaign against Facebook, demanding they respect the privacy of its users.

CNet details the clash:

Last week, a feud began to brew between leftist activist group MoveOn.org and social-networking site Facebook concerning its "Beacon" advertisements, which broadcast information about users' activity on third-party partner sites to their friends' Facebook newsfeeds. According to MoveOn, it's a violation of user privacy because there's no way to universally opt out of Beacon ads. Facebook retorted, and the argument has turned into a legitimate debate over how far is really too far when it comes to sharing information about members' activity.

...

"Facebook should explain why they chose at the last minute to put the wish lists of corporate advertisers ahead of the privacy interests of their users," MoveOn spokesman Adam Green said in a statement from the organization. "Facebook has the potential to revolutionize how we communicate with each other and organize around issues together in a 21st century democracy. But to succeed, they need the trust of their users. The fact that Facebook proactively chose to make it harder for their users to keep private information from being made public will rub a lot of Facebook users the wrong way. The ultimate act of good faith would be to switch to an opt-in policy."

The magazine Techworld has more on the specific areas of disagreement:

MoveOn's disdain is aimed mainly at Facebook's new advertising program, known as "Beacon," which automatically posts information to a user's Facebook profile about their online purchases and other activities.

Facebook gives users the choice of opting out of the Beacon program through its privacy policy, but MoveOn believes the nature of the ad program demands a tougher policy, one that requires that users opt in before having their information tracked and posted in the program.


...

Facebook's Beacon program funnels information about a user's Web activities back to their profiles, where it can be viewed by their network of friends. For instance, if a user buys something on an e-commerce site, a note describing what and where was purchased is added to the user's profile. Or if a user posts a review of a restaurant or hotel on some sites, that information can also be pulled into the profile.

...

"The obvious solution is to switch to an 'opt in' policy, like most other applications on Facebook," MoveOn wrote on its Facebook page.

MoveOn is not the only entity that has raised concerns about the new program. Earlier this month, The New York Times reported that the social ads may violate New York state law. In addition, the Federal Trade Commission (FTC) has been pressured by privacy groups and others to create a do-not-track list that would enable Web users to opt out of a range of marketing-focused tracking programs at once.

For more of the article click here. In my opinion the answer is simple: In today's world in which ones most personal information can be shared around the world in seconds, "OPT-IN" is always the superior option than "opt-out". Period!

Monday, November 26, 2007

Cellphone Tracking Powers on Request

My apologies for the long absence, I've been battling the cold of the century!

Now, back to the world of Big Brother!

This story immediately caught my eye...sending chills down my spine in the process. I first heard of cell phone tracking a few tears back...in fact, it wasn't just tracking, it was the government actually listening in on people through THEIR cell phones. Granted, the people they were doing it to were mobsters, but it doesn't take a brain surgeon to realize this "ability" to not only track but listen in on people, by the government, through our cell phones, is something that could be grossly abused.

Apparently, the government has been tracking cell phone users...A LOT...and without probable cause!

This from the Washington Post:

Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers.

In some cases, judges have granted the requests without requiring the government to demonstrate that there is probable cause to believe that a crime is taking place or that the inquiry will yield evidence of a crime. Privacy advocates fear such a practice may expose average Americans to a new level of government scrutiny of their daily lives.

...

"Most people don't realize it, but they're carrying a tracking device in their pocket," said Kevin Bankston of the privacy advocacy group Electronic Frontier Foundation. "Cellphones can reveal very precise information about your location, and yet legal protections are very much up in the air."

...

"Permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns especially when the phone is in a house or other place where privacy is reasonably expected," said Judge Stephen William Smith of the Southern District of Texas, whose 2005 opinion on the matter was among the first published.

...

The trend's secrecy is troubling, privacy advocates said. No government body tracks the number of cellphone location orders sought or obtained. Congressional oversight in this area is lacking, they said. And precise location data will be easier to get if the Federal Communication Commission adopts a Justice Department proposal to make the most detailed GPS data available automatically.

Click here to read the article in its entirety...

Friday, November 16, 2007

Panel Drops Immunity From Eavesdropping Bill

Well here's a bit of good news. The Senate Judiciary Committee dropped language giving telecom companies immunity from a bill to overhaul the Foreign Intelligence Surveillance Act. But, we should be clear, that issue has not nearly been resolved...the buck has simply been passed. However, just a week ago it was looking pretty likely that such immunity was going to be included...so I think its worth mentioning here.

Similarly, last night "the House voted 227 to 189, generally along party lines, to approve its own version of the FISA bill, which also does not include immunity."

More from the New York Times:

By a 10 to 9 vote, the committee...dropped a key provision for immunity for telecommunications companies that another committee had already approved. The Senate leadership will have to decide how to deal with the immunity question on the Senate floor.

...

But the administration has made clear that President Bush will veto any bill that does not include what it considers necessary tools for government eavesdropping, including the retroactive immunity for phone carriers...

It should also be noted that Senator Russ Feingold proposed an amendment that would have deleted the liability shield, and therefore banned any telecom immunity, but it failed by a 12-7 vote (with Democrats Feinstein and Whitehouse siding with all the Republicans). Feingold said through a spokesman that he plans to offer his amendment again when the bill goes to the Senate floor.

And Sen. Christopher Dodd has vowed to prevent the bill from going to a vote, as long as it cloaks corporations with legal protections.

So this fight is far from over. For the full article click here.

Study: Half of retailers' wireless data easy to Hack

This study really highlights why it was such a disappointment to privacy protection advocates that the Governor bowed to money and pressure from the retail industry and vetoed
Assemblyman Dave Jones data security bill, AB 779 last month.

These new findings, in addition to the fact that the bill sailed through the legislature this year with near unanimous support (which is almost unheard of!), signifies this issue if far from dead...and AB 779, or a version of it, will be back in 2008.

The Washington Post reports:

"AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers. Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools."

...

"You can drive down a street with a laptop and easily find wireless access points, and it does not require a great degree of sophistication," said Avivah Litan, a security analyst with Gartner Inc. "In technical circles, people talk about this all the time, but nobody ever puts it together broadly like this survey."

...

TJX said in March that at least 45.7 million cards were exposed, although recent court filings by banks suing TJX estimate than 100 million were. Canadian investigators concluded in September that TJX had failed to upgrade its encryption from the older WEP method by the time the eavesdropping began in July 2005.

...

AirDefense privately notified retailers when it found major security flaws, Rushing said. It is not disclosing the names of individual retailers to avoid drawing hackers' attention. Representatives for the National Retail Federation and credit card associations Visa and MasterCard declined comment.

Read the full Washington Post article here - and don't be surprised when this study re-emerges next year as more proof positive that Californians deserve increased protections of their private personal data - and greater accountability for those that are responsible for it being compromised.

Thursday, November 15, 2007

Redefine Privacy...Umm...No Thanks

I just couldn't let this one lie (see last post for more)...so I'm including one more write up on this week's mind blowing suggestion by Donald Kerr - the principal deputy director of national intelligence in testimony before the Senate Intelligence Committee - that we as a nation should "redefine" the meaning of privacy (to let's just say something far less "private").

My initial response to the latest example of a Bush administration official saying something so ludicrous and scary that it forces us to take multiple "double takes" was: "But if our current privacy protection rights are being so thoroughly eviscerated and stomped on, why would I want to weaken them?"

I thought this article in The Progressive Daily Beacon sums up well why all Americans should take to the streets if this new "definition" is EVER adopted:

Why exactly does the government need to listen to an absent father's phone call to his daughter on her birthday? Under what possible circumstance is it vital that the CEO of RJ Reynolds be made privy to a mother's email sent to her son away at university? Mister Kerr's concept grows creepier by the moment. His understanding of privacy is really quite perverted.

...

The point Mister Kerr needs to understand is that there has never been, in all of human history, a government or business that was capable of protecting, honoring and respecting the sanctity of any individuals privacy. And, frankly, nothing about the current government or today's corporate leadership inspires confidence that anything in that area has changed over time. So, in closing, we've considered Mister Kerr's kind suggestion that we redefine our understanding of privacy and we've decided not to invite him, the government and business into our very personal lives.

I realize the Orwell analogy can seem like its being over used when describing the current government and corporate assault on the principles of privacy and liberty, but its hard to find a better fit. From RFID's to "enhanced drivers licenses" to REAL ID to wiretapping to surveillance, we truly are entering a "Brave New World" of Big Brother at every street corner, running through every phone and Internet line, and always tracking, always listening.

For the rest of the article click here...and if you want to find out a whole lot more on multitude of attacks on our privacy, all being driven what I call the "Big Three" - Fear, Money, and Power (I'll discuss these more in future posts) - please check out the sites of some of the groups we have linked on the sidebar of this blog.

Tuesday, November 13, 2007

Definition Changing for People's Privacy

This is one of those moments of "clarity". When I say "clarity" I suppose the better word is one of those "honesty slip ups" by this government. I'm referring to the recent testimony, covered here by the Associated Press, of Donald Kerr before a Senate Intelligence Committee on Capitol Hill on his nomination to become Deputy Director of National Intelligence.

Here's the scary, or uh, honest part of his testimony. In referring to privacy, he said, basically, its time to change our collective definition of the word itself!

Before I post some clips from the article, watch this clip of Jack Cafferty on CNN, perfectly framing the issue. As in, "why change something (privacy) that's worked so well for over 200 years in this country?"

From the article:

As Congress debates new rules for government eavesdropping, a top intelligence official says it is time that people in the United States changed their definition of privacy. Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people's private communications and financial information.

...

"Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that...Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety," Kerr said. "I think all of us have to really take stock of what we already are willing to give up, in terms of anonymity, but (also) what safeguards we want in place to be sure that giving that doesn't empty our bank account or do something equally bad elsewhere."

...

"Anonymity has been important since the Federalist Papers were written under pseudonyms," Opsahl (a senior staff lawyer with the Electronic Frontier Foundation) said. "The government has tremendous power: the police power, the ability to arrest, to detain, to take away rights. Tying together that someone has spoken out on an issue with their identity is a far more dangerous thing if it is the government that is trying to tie it together."

Opsahl also said Kerr ignores the distinction between sacrificing protection from an intrusive government and voluntarily disclosing information in exchange for a service.

"There is something fundamentally different from the government having information about you than private parties," he said. "We shouldn't have to give people the choice between taking advantage of modern communication tools and sacrificing their privacy....It's just another 'trust us, we're the government,'" he said.

Friday, November 9, 2007

Big Brother Is Listening to Your Cell Phone Calls

I don't know about you all, but I'm starting to think someone is going to jump out from behind my desk and say "Surprise, you're on candid camera!!" Since we started this blog revelation after revelation indicates that literally, NOTHING, we say or write, isn't somehow being traced or listened in on (or potentially anyway) by our government or corporate overseers.

Even more disturbing, is the fact that representatives in Congress are actually debating whether telecommunication companies should be granted legal immunity for their participation in the administration's warrantless wiretapping program...even as we hear new testimony that a secret room in San Francisco - used by AT&T and our government - allows them to track and monitor nearly all phone or internet traffic in the country!

But wait, there's more! According to an article in the Rutherford Institute, our cell phone conversations are also being listened in on and our positions tracked in new and creative ways.

John W. Whitehead writes:

In an information age where we’re required to hand over confidential information in order to make a purchase, drive a car or visit a doctor’s office, our privacy is being relegated to the junk heap of antiquated, obsolete ideas. Nowhere is this more evident than in the telecommunications industry, where technological breakthroughs that add convenience to our lives are simultaneously giving corporations and government agencies almost unlimited access to our most private moments.

...

But there’s more. Global Positioning System (GPS) chips, the same technology used in many new cars to help drivers navigate unknown territory, track a cell phone’s every movement in real time. Such technology is marketed to parents as a tool for keeping tabs on their children, to employers as a means of monitoring their employees’ whereabouts, and to young people for social networking so they can track each other down.

Yet despite the sales pitch, not all uses of this technology are benevolent. As journalist Laura Holson explains, “If G.P.S. made it harder to get lost, new cellphone services are now making it harder to hide.” Although this tracking function can be turned off in cell phones, Holson notes that “G.P.S. service embedded in the phone means that your whereabouts are not a complete mystery.”

Attorney Kevin Bankston, with the Electronic Frontier Foundation, sees this as a serious breach of privacy. “We seem to be getting into a period where people are closely watching each other. There are privacy risks we haven’t begun to grapple with.” Charles S. Golvin, a wireless analyst at Forrester Research, admits that there is a Big Brother component to the use of GPS in wireless phones. “The thinking goes,” he explains, “that if my friends can find me, the telephone company knows my location all the time, too.”

However, if the phone company knows where you are, it stands to reason that the government does as well. Indeed, the rate at which corporations, from banks to retail stores to phone companies, are turning over their customers’ private information to government agents for tracking and spying purposes is staggering. As an ACLU report details, “Many companies are willing to hand over the details of their customers’ purchases or activities based on a simple request from the FBI or other authorities.”

In 2002 alone, Bell South received 16,000 subpoenas from government agents and 636 court orders for customer information. And it’s not just that the requests for customer information are becoming more frequent—they’re also getting broader and have been characterized as “shotgun approaches” or fishing expeditions.

Moreover, the FBI and other government agencies are demanding greater legal authority to be able to force companies—especially cell phone companies—to turn over customer information. “They have pushed for an aggressive interpretation of the statute that would allow it to monitor certain Internet content without a warrant and to collect tracking information about the physical locations of cell phone users,” the ACLU reports, “turning cell phones into what, for all practical purposes, are location tracking bugs.”

Now the Bush Administration is prodding Congress to grant retroactive legal immunity to the telecommunications companies that have allowed government agents access to their customers’ private phone call data. If Congress passes such a law, it would put an end to the dozens of lawsuits that have already been filed against phone companies alleged to have violated federal privacy laws by handing over customer data to the government. It would also put an end to any pretense that our government has our best interests at heart.

Read the entire article here...

Thursday, November 8, 2007

AT&T Whistleblower Speaks Out Against Immunity For Telcoms

If this doesn't finally dispel, and in fact crush, the BIG LIE being perpetuated by the Bush Administration I don't know what will. The lie I speak of is that the warrantless wiretapping program, done without congressional approval or the knowledge of the American people, is in fact, just a way to eavesdrop on the calls of "terrorists". Now, I realize few critically thinking Americans believe this lie, but now we've got even more hard proof that the program, or I should say "illegal program", was actually being used to monitor and eavesdrop on ALL calls being made, inside and outside this country....as well as emails!

Before I get to the two video clips of whistleblower Mark Klein's mind blowing revelations, and pleas to the Congress to NOT give telecom companies immunity, check out the article by the New York Times.

And thankfully too, we have television journalists like Keith Olbermann on the story, as well as the courageous whistle blower Mark Klein, a former AT&T employee with direct knowledge of that "secret room" in San Francisco used by the government and AT&T to monitor our conversations and emails.

First, watch the interview of Klein by Olbermann:

And here's a more detailed description of what's uncovered in the piece from "Crooks and Liars":

If you have any reservations about Congress granting immunity to telecommunications companies like AT&T for illegally spying on Americans, this segment from last night’s Countdown should leave little room for doubt — they have, and continue to betray us and should be held accountable for their crimes.

Likening himself to a character from Orwell’s 1984, retired AT&T technician and whistle blower, Mark Klein, tells Keith Olbermann about his testimony before the Senate Judiciary Committee during which he pleaded with them not to grant immunity to the telcom companies. Klein contends that his former employer is lying to the American people and that they were not only spying on overseas communications, but virtually ALL domestic internet and phone traffic — and they have been doing it for years.

Olbermann: “In talking to Congress today what did you hear? Did you get the sense that anybody is ready to go after not just the telecom execs, but the government officials who ordered this?”

Klein: “I couldn’t tell, I’m not a politician and they play their cards close to the vest. All I can do is emphasize again, that they’re copying everything, this is a violation of the Constitution, it’s domestic traffic, it’s phone calls as well as e-mail and something should be done to stop it and Congress should not kill the judicial process.”

Update: In yesterday’s New York Times, Senator Russ Feingold points out the obvious: “Telecom companies that cooperate with a government wiretap request are already immune from lawsuits, as long as they get a court order or a certification from the attorney general that the wiretap follows all applicable statutes.”

But that's not all, watch Klein here, in his own words, speak about just how intricate and all encompassing this program really is...to use the terms "Orwellian" or "Big Brother" to describe our present day predicament is no longer just hyperbole.

Klein states, "They're tapping into the entire Internet."

And Talking Points Memo writes:

Earlier today we flagged that Mark Klein, who uncovered a secret surveillance room run by the NSA while employed as a San Francisco-based technician for AT&T, is in Washington to lobby against granting retroactive legal immunity to telecommunications companies. In an interview this afternoon, Klein explained why he traveled all the way from San Francisco to lobby Senators about the issue: if the immunity provision passes, Americans may never know how extensive the surveillance program was -- or how deeply their privacy may have been invaded.

"The president has not presented this truthfully," said Klein, a 62-year old retiree. "He said it was about a few people making calls to the Mideast. But I know this physical equipment. It copies everything. There's no selection of anything, at all -- the splitter copies entire data streams from the internet, phone conversations, e-mail, web-browsing. Everything."

If these revelations don't give the Democrats the impetus to reject giving these telecomm companies immunity I just don't know what will.