Wednesday, October 31, 2007

Senate panel's report details divisions over spy measure

CongressDaily reports on the continued debate taking place in the Senate Intelligence Committee over the issue of wiretapping. As the legislation heads to the Senate Floor, there remains significant areas of contention, with Senators like Feingold and Widen on one side, and Republicans and a few Democrats on the other.

Chris Strohm writes:

Taking exception with the majority view, Sens. Ron Wyden, D-Ore., and Russell Feingold, D-Wis., criticize the committee for not adopting three amendments they offered. One amendment would have given the secret FISA court a greater role in overseeing the administration's spying activities. They said the amendment's defeat "leaves in place what we believe are inadequate mechanisms for protecting the privacy of Americans' communications." Another amendment would have limited how the administration can use information collected about U.S. citizens or legal residents...A third amendment would have required all provisions in the bill to expire at the end of December 2009, rather than December 2013.

...

The senators wrote that the amendment's language has "significant technical and legal problems...that would cause the intelligence community to lose valuable intelligence on certain U.S. persons who are spying for a foreign power or supporting terrorism." They added that they "remain hopeful that we will be able to reach a compromise on this issue when we get to the floor."

Tuesday, October 30, 2007

Details on Surveillance Released by Administration

The Wall Street Journal is reporting that the White House has bowed to pressure from Congress and will release various surveillance related documents. Of course there is still major work to be done by Congress - tabling the offer to give telecomm companies retroactive immunity comes immediately to mind.

Evan Perez writes:

The report, which accompanies and explains the reasons behind the Senate Intelligence Committee’s approval of an update to the law that oversees government intelligence surveillance activities, gives incremental new details of how the White House deployed a now contentious program run by the National Security Agency without seeking court warrants. The committee’s update to the Foreign Intelligence Surveillance Act, or FISA, contains a clause granting legal immunity to telecom providers that assisted the program, a measure that has met with strong opposition from other members of Congress.

...

The reference to the letter not endorsed by the attorney general may refer to a period in 2003 when several Justice Department lawyers, including James Comey, then deputy attorney general, refused to sign off on aspects of the NSA program because they believed it was illegal. Mr. Comey ended up having a confrontation with Andrew Card, former White House chief of staff, and Alberto Gonzales, then White House counsel and later attorney general, at the hospital bedside of John Ashcroft, over his refusal to approve the program. The report’s description suggests that the administration may have sent letters containing only White House legal endorsement while it quelled the uprising at the Justice Department.

It appears to me that there are really two distinct programs being discussed here, or at least two distinct lengths the Administration would go to circumvent the Consititution and wiretap Americans. There's the program that we generally know, which is illegal in itself, and then there's the program that was shot down by Ashcroft and Comey on his "deathbed". This attempt by the administration to pressure Ashcroft into supporting this yet to be known "plan" led to a near mass exodus of Justice Department employees.

Clearly then, we have yet to scratch the surface of how far this administration was trying to go...and what privacy rights would have been lost if they were successful. The question is when, or if, we'll ever get to find out exactly what they were asking Ashroft to sign off on that night in the hospital.

Monday, October 29, 2007

Moyers: ‘When the President Does it, That Means That it is Not Illegal’

Watch this poignant editorial by Bill Moyers on wiretapping, FISA, and the Constitution. "Crooks and Liars" sets the clip up:

In 1975 the Select Senate Committee headed by Sen Frank Church (D-ID) began looking into allegations first reported by Seymour Hersh in the NYT and found that the CIA, NSA, FBI and other federal agencies had been involved in everything from plots to assassinate foreign leaders, illegal storage of poisons and biological warfare agents including anthrax, warrantless opening of mail and wiretapping and other intel-gathering on US citizens, and misuse of the IRS , just to name a few of the abuses by the Executive Branch they discovered. One of the ways Congress responded to try and restore checks and balances was by passing the Foreign Intelligence Surveillance Act (FISA) of 1978, which established a secret court to oversee all domestic wiretapping activity. Bill Moyers looks at the undoing of Congress’ checks and balances put in place following the Church Committee hearings and the unprecedented expansion of Executive authority in the wake of 9-11. You can watch the entire episode online here.

Friday, October 26, 2007

WH cut domestic spying deal: Documents for Telecom Immunity

Surprise, surprise. In order to protect their partners in crime - the telecomm industry - the White House cut a deal with select members of the Senate Intelligence Committee. In exchange for giving the telcomm industry rectroactive immunity from prosecution for giving up customers' private personal information to the government, members got to actually view documents related to the illegal wiretapping program they had yet to see! How kind of the administration!

Thankfully, Judiciary Committee Chair Pat Leahy, nor the ranking member, Arlen Specter, are to keen on this quid pro quo.

The Washington Post reports:

Senate Judiciary Committee members yesterday angrily accused the White House of allowing the Senate Intelligence Committee to review documents on its warrantless surveillance program in return for agreeing that telecommunications companies should get immunity from lawsuits.

...

At issue is a White House-endorsed measure that would give immunity to telecom carriers being sued for allegedly helping the National Security Agency spy on Americans after September 11, 2001. It is part of a larger bill to rework the Foreign Intelligence Surveillance Act (FISA). The Intelligence Committee has approved the bill and sent it to the Judiciary Committee for deliberation.

...

Sen. Russell Feingold (D-Wis.), a member of both the Intelligence and Judiciary panels, said in an interview yesterday that the documents revealed that the NSA program was illegal. He said the presidential authorizations and the Justice Department opinions do not make it legal. "That makes it an executive power grab that is not justified by the statute or by the Constitution," he said.

...

Everything he saw and reported to me would indicate that the terrorist surveillance program involved was illegal and not something permissible given the clear exclusivity language in the statute," said Feingold, referring to current law, which specifies that FISA, along with Title III of the 1968 Wiretap Act, shall be the "exclusive" means to authorize domestic wiretaps. Feingold voted against the bill, which would allow the government to begin wiretaps of foreign targets and then seek FISA court approval of the targeting procedures...Feingold said that the documents revealed "the absence of a legitimate justification under the law" for the program.

Washington Post blogger Andrew Cohen sums up the shady backdoor dealings aptly:

What a warped world...the White House may have selectively shared sensitive information about its warrantless surveillance program based on which lawmakers supported legal immunity for telecom companies that cooperated with the legally dubious program.

...

To make a questionable situation all the more distasteful, the New York Times reported yesterday that Senate Intelligence Chair John D. Rockefeller IV (D-W.Va.) received tens of thousands of dollars in political contributions from telecom executives. Did Rockefeller become one of the strongest supporters of immunity because of White House pressure? Or did he take that position to appease his contributors? Either way, it doesn't look good.

...

Lawmakers must ensure that their new surveillance bill has better judicial and congressional oversight than the previous version. They should also consider whether there is a compelling reason to protect the assets of big corporations at the expense of individual privacy. This story, though, is rapidly becoming a symbol for all that is wrong with the legal war on terror.

Thursday, October 25, 2007

Leahy, Specter Intro ID Theft Bill to Give Victims Redress

To follow up on the post from yesterday, it appears the Senate has taken notice to the issue of identity theft and the need for increased security and protection of privacy as well as stronger penalties for perpetrators. The Personal Data Privacy and Security Act (S. 495), introduced by Senators Leahy and Specter (the bill will be helped by the fact that these two are the Chairman and Ranking Member of the Judiciary Committee), would take a number of positive steps on consumers' behalf.

Among others, these include:

  • Give victims of identity theft the ability to seek restitution for the loss of time and money spent restoring credit and remedying the harms of identity theft
  • Expand the jurisdiction of federal computer fraud statutes to cover small businesses and corporations
  • Eliminate the prosecutorial requirement that sensitive identity information must have been stolen through an interstate or foreign communication and instead focuses on whether the victim's computer is used in interstate or foreign commerce, allowing for the prosecutions of cases in which both the identify thief's computer and the victim's computer are located in the same state

Senator Leahy stated, "Protecting American consumers from identity theft and fraud should be one of the Senate's top priorities. Cyber criminals are getting smarter and more effective in their online efforts to strip Americans of their privacy, and their property. We can't afford to stand still while they find new ways to get around our laws and our crime-fighting tactics. This is a bill to help us stay ahead of the curve in prosecuting these cyber crimes. Senator Specter and I are committed to moving forward with this aggressive and important privacy legislation."

Click here to read the full article.

Wednesday, October 24, 2007

More Identity Theft In Mobile Phones, Computers Than On Internet

I suppose this may come as somewhat of a surprise, but according to a new study by Utica College's Center for Identity Management and Information Protection, technology like printers, mobile phones and computers were used in about half of cases of identity theft - far more than the internet.

AHN News reports on key findings from a number of new studies about identity theft, from who is the typical offender, how much it costs consumers every year, to what technologies are most susceptible to it.

Paul Icamina writes:

According to the study released Monday, identity theft is widespread in the northeastern and southern United States. Most of the offenders were African-Americans, of which more than two-thirds were male.

The average loss from identity theft was just over $31,000, PC World reports. But in one case, the defendant spent millions on luxury vehicles and then managed to set up shell companies and defraud investors at the cost of $13 million.

...

ID thieves victimize people that they did not know rather than friends and relatives which are the victims in 16 percent of cases. One-third of cases involved an inside job with the data being stolen from an employer, according to the study.

Monday, October 22, 2007

Big Steps Forward - But a Long Way to Go

I don't want to beat a dead horse, but one more look at the past year's successes and failures in California on the issue of identity theft is in order. Who better to give some context and perspective on the year that was than consumer champion Dave Jones (D-Assembly), who authored three identity theft protection bills that made it to the Governor's desk (2 signed, 1 vetoed).

Read the Assemblyman's editorial in the California Progress Report:

Early this year my staff logged onto the Secretary of State’s website, entered some credit card information, and purchased the social security numbers of two of the most successful businessmen in Sacramento. For $6 each.

...

It’s now common knowledge that the SSN is the backbone of ID theft; it props up the entire $53 billion-per-year criminal venture...That’s why I’m very pleased that over the last weekend Governor Schwarzenegger signed my bill, AB 1168, into law. Under AB 1168, the Franchise Tax Board, the Secretary of State, and all 58 county recorders would have to truncate SSNs in records they hold so that no more than the last 4 digits are displayed to the public.

...

Unfortunately, my highest profile privacy bill, AB 779, was vetoed by the Governor on October 13th. AB 779 would have required retailers and government to better protect their customers’ personal information that far too often is left open for hackers and ID thieves to pilfer as part of massive data breaches. In addition to avoiding future data breaches the bill would have better informed consumers after a breach takes place and made retailers and government partially responsible for the financial costs of data breaches. This space had previously written about AB 779 as it was moving through the Legislature.

...

However, the story behind the AB 779 veto is a simple one. Special business interests won over the public interest. Despite our broad coalition and overwhelming bipartisan support, numerous business interests, led by the California Retailers Association, the California Bankers Association, and the California Chamber of Commerce all urged a veto. So despite evidence showing 1) that only 40% of the nation’s largest retail chains are following current private data security rules, 2) that credit card fraud linked to data breaches is at an all-time high and 3) that the American Bankers Association and other state banking associations have either strenuously criticized retailer security or sued following major data breaches, the Governor acted as if the marketplace was working swimmingly and vetoed my bill. I’m obviously disappointed but remain unbowed, as I know that in the long run we will emerge victorious on this issue.

Read more...

Friday, October 19, 2007

The Ultimate Cyberthief Gift: CA's Veto

As I mentioned here a few days back when discussing the fate of the four privacy protection bills that made it to the Governor's desk, AB 779 was the most important from a consumer perspective. Unfortunately, due to heavy lobbying by the retail industry, the Governor vetoed what was an overwhelmigly popular bill.

To better understand the possible ramifications of this veto, and the gift that the Governor has given identity thieves, check out this article by Evan Schuman, eWEEK.com's retail technology editor.

Evan writes:

Wondering what to get that cyberthief on your list who seems to have already taken everything? California's data breach bill veto is just the thing and it's in time for the holidays.

...

The nation's most populated state—which had already been the leader of data breach notification laws—was the best shot of keeping the movement alive. In other words, if this could be made into law anywhere, it would be California. But a lot more was at stake than merely getting a second state to fall in. California's proposed law specified that California residents would be covered.

This is as opposed to merely saying that it only impacted stores in California.By making the law cover the 37 million residents of California (remember that the total U.S. population is barely 300 million), it posed a legal challenge for retailers.

...

Is the bill necessarily dead? Not quite. The bill had sailed through both the California legislature and the senate with overwhelming percentages, more than enough to over-ride the governor's veto. But political realities in California make that unlikely but not impossible.

...

...the bill couldn't re-emerge in any form until Jan. 7, which likely means a decision no sooner than November.In the meantime, though, data thieves can rest easy and celebrate. They might even buy a round or two for the celebrating retail lobbyists at the other end of the bar. They finally have something they can agree on: mandatory security rules are a bad thing.

Click here to read the article in its entirety...

Thursday, October 18, 2007

Dodd Stops Domestic Spying Bill!

For more information on the issue see the prior blog post from earlier today. Suffice it to say, I need to update what just a few minutes ago was another defeat for privacy and the constitution. Just as Democrats in the Senate were going to capitulate to the Bush administration on the issue of giving telecommunication companies retroactive immunity, Chris Dodd has stepped in at the last minute and stopped the spying bill in its tracks! Read this breaking news from the Talking Points Memo:

Dodd will send a letter to Senate Majority Leader Harry Reid this afternoon informing him of his decision [to put a hold on the Senate FISA renewal bill because it reportedly grants retroactive immunity to telephone companies for any role they played in the Bush administration's warrantless eavesdropping program].

...By doing this, Dodd can effectively hold up the telecom immunity bill, because bills are supposed to have unanimous consent in the Senate before going forward. One Senator can make it very difficult to bring a bill to the floor by objecting to allowing it to go to a vote.

Dodd's planned action comes amid reports that the Senate Intelligence Committee has reached a deal with the White House on the legislation that would give telephone carriers legal immunity for whatever role they played in the National Security Agency's domestic eavesdropping program, which was approved by President Bush after 9/11. The White House and the phone companies have been lobbying aggressively for immunity, and the announcement of the immunity deal today dismayed many opponents.

Dodd's new web page petition on this is now live.

I'll be following this issue as events unfold.

Senate Grants Immunity to Telecomm Companies

Just when you thought the telecomm companies that sold out our privacy may have to answer to the people the Democrats buckle and grant them immunity! I'm of course speaking of companies like AT&T secretly providing our telephone records, e-mail traffic and other information to the Bush administration without our permission. Nevermind this is illegal, and nevermind that it was part of a larger illegal, and domestic, wiretapping program that targeted Americans.

Apparently, though we people have to abide by the law, telecommunication companies do not.

Here's an excellent summation of today's truly dissappointing news from the Center for American Progress:

SENATE GRANTS IMMUNITY TO TELECOMMUNICATIONS COMPANIES ON WIRETAPPING: Yesterday, the Senate reached an agreement with the Bush administration on a government surveillance bill that includes immunity for telecommunications companies who may have broken the law in the past by making client data available to the National Security Agency. President Bush has declared immunity to be a precondition to his signing the bill. But providing immunity "would wipe out a series of pending lawsuits alleging violations of privacy rights by telecommunications companies that provided telephone records, summaries of e-mail traffic and other information to the government after Sept. 11, 2001, without receiving court warrants." Cindy Cohn of the Electronic Frontier Foundation, the lead counsel in one such lawsuit against AT&T, said that these lawsuits are not the work of "typical trial lawyers trying to find a way to get into the pockets of American companies," as House Minority Leader John Boehner (R-OH) claimed. "It's certainly the goal of the administration and the phone companies to ensure that there's never a decision about [whether] what's been going on is legal or not. The telecom cases are the last, best hope," Cohn said. The House Democratic leadership yesterday had to pull its version of the bill, which does not contain telecom immunity, after Deputy Whip Eric Cantor (R-VA) introduced an amendment that would have "substantially delayed" the legislation.

But that's not all. As far as I can tell, the real "story" of the past few weeks is the fact that it appears the Bush Administration began illegally wiretapping Americans well BEFORE 9/11.

See here:

"After September the 11th...I authorized the National Security Agency to intercept the international communications of people with known links to al Qaeda and related terrorist organizations."

--President Bush, 5/11/06

VERSUS

"Former chief executive Joseph P. Nacchio...said the NSA approached Qwest more than six months before the Sept. 11, 2001, attacks [about surveillance contracts]."

--Washington Post, 10/13/07

This not only directly contradicts the President's assertion that the program began after 9/11, but it also decimates their entire contention that the program has always been about "catching terrorists". We of course all know that prior to 9/11 the Administration was focused on everything BUT terrorism. So, in light of these revelations, its gravely dissappointing to see the Democrats not only fail to raise this issue, but then buckle again by giving telecommunication companies immunity for their crimes!!

Constitutional law litigatore Glenn Greenwald states it nicely:

There is absolutely no justification whatsoever — neither substantive nor political — for expanding the scope of warrantless eavesdropping powers and especially for granting amnesty to lawbreaking telecoms. It is unconscionable even to consider any changes to FISA without full disclosure by the administration of how they used their illegal and secret warrantless eavesdropping powers in the past. In that regard, it is worth emphasizing that the administration from 2001 through 2004 (at least) was
engaged in spying on Americans so patently illegal that the entire top level of the DOJ and the FBI Director threatened to quit if it continued — yet we still do not know what they were doing then. How can that be?

There is no justification for permitting that conduct to remain concealed from the American public, let alone from the Congress.Warrantless eavesdropping and telecom amnesty implicate virtually every critical political value assaulted for the last six years by this administration — our basic constitutional protections, checks and balances and the rule of law. Capitulation by the Democratic Congress here would eliminate any residual doubt (if there is any) about what this Congress really is. We shouldn’t assume the worst unless and until it actually happens, and until it does, everything should be done to prevent that.

Tuesday, October 16, 2007

California Law Bans Forced Human RFID Tagging

E-Week.com covers the Governor's signing of SB 362 last week - Senator Simitian's subcutaneous implant bill. While a big victory for privacy advocates, the real test will be whether the Governor signs the Senators more ambitious RFID reform bills SB 28, 29, 30 and 31. Each of these were turned into two year bills, and could be heard in the Legislature as early as January 2008.

Renee Ferguson of E-Week writes:

It's illegal now for California employers to force anyone to have an RFID device implanted under his or her skin as a condition of receiving something—such as a paycheck or government benefits.

"RFID technology is not, in and of itself, the issue. RFID is a minor miracle, with all sorts of good uses," said Simitian, in Sacramento, Calif. "But we cannot and should not condone forced 'tagging' of humans. It's the ultimate invasion of privacy."

...

In the wake of the 2006 veto, Simitian took the next feasible step. He broke the Identity Information and Protection Act into smaller bits and shipped them off to the legislature as five separate bills. SB 362 is the first of those smaller bills to see the light of day, and it could have positive implications for the remaining four RFID bills trundling through California's legislative process.

"With the signing of SB 362, California has taken an important first step in crafting legislation to properly balance the potential benefits of RFID technology while safeguarding privacy and security," said Nicole Ozer, technology and civil liberties policy director at ACLU of Northern California, in San Francisco. "We are pleased that the governor has stood up for the privacy and security rights of Californians and not allowed these rights to be 'chipped' away by inappropriate uses of RFID technology."

...

SB 30—really the meat in Simitian's efforts—looks to mandate security and privacy provisions in RFID-chipped ID documentation required by state and local governments. The bill would do two things: require that people be informed when the technology is present and spell out what citizens can do to protect their privacy. The bill also imposes technological requirements that amount to password protection and, in cases where personal information—such as HIV-positive status or a telephone number—is present on the chip, encryption and mutual authentication technologies have to be utilized.

Read more from E-Week...

Monday, October 15, 2007

Governor vetoes AB 779 - Signs 1168 and 1298

The good news is three of the four privacy protection bills that made it to the Governors desk were signed. The bad news is that the most important of the four, at least from a consumer perspective, was vetoed.

As stated in the article in Security Focus, AB 779 "would have would have prevented companies from retaining certain sensitive payment data and spelled out what information firms would need to disclose in the event of a breach."

The bill had near unanimous support, overwhelmingly passing both the Assembly and the Senate. As pointed out by Frank Russo of the California Progress Report:

It received its final passage in the Assembly 73-0 in September with 47 of 48 Democrats in support and 26 of 32 Republicans voting for it. Before its final amendments it had previously passed the Assembly in June on a 58-2 vote. It passed the California State Senate on a 30 to 6 vote with the support of 22 of 25 Democrats and 8 of those often difficult 15 Republican Senators.

Unfortunately, as Russo also points out, and which helps explain why this popular and needed law was vetoed, there was a massive (and successful) lobbying effort in opposition to the bill initiated by two of the Governor's most powerful allies: the California Retailers Association and the California Chamber of Commerce.

Now to the good news. The Governor signed the following two Jones bills:

AB 1168 (Jones) would prohibit local government agencies from releasing to the public records that contain more than the last four digits of a social security number.

AB 1298 (Jones) would protect consumers' medical records by extending the state's existing medical privacy laws to the emerging electronic medical records industry.

Friday, October 12, 2007

Governor signs SB 362 - Simitian's RFID Bill!!

We just got the news! There aren't any press stories about the signing yet, as we got word just after lunch time today that the Governor has signed SB 362 (Identification devices: subcutaneous implanting). The new law will prohibit a person or business from requiring, coercing, or compelling any other individual to undergo the subcutaneous implanting of an identification device.

The Consumer Federation of California actively supported this legislation, stating:

"...the FDA has approved a subdermal RFID-enabled device for people, and that product has been developed and is being marketed in the U.S. and abroad. While subdermal RFID has some promise when used voluntarily, it comes with the same security and privacy risks associated with other RFID-enabled products. And because it is inserted underneath the skin and is difficult and costly to remove, subdermal RFID presents a Pandora’s Box of policy questions in addition to its profound implications for our constitutionally protected rights to freedom and privacy.

This is not a road we need to travel. It is simply not appropriate for anyone to force, compel or coerce anyone to accept a subdermal RFID-enabled identification implant. And though it sounds Matrix-like, this possibility exists now and is getting more real every day. For these reasons, the Consumer Federation of California supports SB 362. "

For more on the bill and issue, and for those new to the site, check out this excellent editorial by the San Francisco Chronicle we posted here in August.

The Chronicle states:

"Just last year, a Cincinnati-based provider of video-surveillance equipment inserted glass-encapsulated microchips into the arms of two employees to increase the level of security to the company's datacenter.

Those two workers volunteered, but it's not hard to imagine the lightbulbs going off in Corporate America. Is Joe really making a sales call or is he taking in a baseball game at AT&T Park? How many smoke breaks is Mary taking?

Amazingly, there is no California law against "chipping" workers as a condition of employment. Even more incredible -- outrageous, really -- is the resistance state Sen. Joe Simitian, D-Palo Alto, has encountered in trying to pass legislation (SB362) that would prevent an employer or anyone else, including government, from coercing an individual to accept a microchip implant."

Thursday, October 11, 2007

Privacy bills still sit on Governor's desk

Advocates across California are waiting with held breath the Governor's decision on a handful of privacy protection bills. The deadline for a signature or a veto is October 14th. Here's a list of the most important legislation to keep an eye out for, with accompanying links to additional information, including fact sheets and support letters:

AB 779 (Jones) would require retailers to reimburse data breach-related costs, disclose more details about breaches, and prohibit retailers and other merchants from storing specific types of authentication data.

AB 1168 (Jones) would prohibit local government agencies from releasing to the public records that contain more than the last four digits of a social security number.

AB 1298 (Jones) would protect consumers' medical records by extending the state's existing medical privacy laws to the emerging electronic medical records industry.

SB 362 (Simitian) would prohibit a person or business from requiring, coercing, or compelling any other individual to undergo the subcutaneous implanting of an identification device.

We'll be watching the Governor's actions closely the next few days!

Monday, October 8, 2007

Surveillance violates privacy, ACLU says

Are Americans trading in the Bill of Rights for a bill of goods? In examining the actions being taken in city after city, the apparent answer is yes. You don't have to look too hard or travel very far to find a surveillance camera near you. The Contra Costa Times reports on our emerging surveillance society, one largely accepted, and even supported by the public, all in the name of "keeping us safe".

An ACLU study on the proliferation of video surveillance systems in California is cited in the aticle, as is recent evidence coming out of London - which has 10,000 crime-fighting CCTV cameras (at the cost of £200 million) - casting doubt on their ability to help solve crimes. In fact:

"A comparison of the number of cameras in each London borough with the proportion of crimes solved there found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any."

More from the Contra Costa Times piece:

Cities and counties, taking a cue -- and billions of dollars -- from the federal government, are buying into the idea that more surveillance translates into safer communities and a more secure nation, the group said.

And it's happening under the noses of a largely acquiescent public, said Barbara Zerbe Macnab, chairwoman of the ACLU's Berkeley-Albany-Richmond-Kensington chapter.

"There is no public outrage," she said. "That's what frightens me most."

...

The panelists also warned that untold numbers of private surveillance cameras, such as those in stores, shopping mall parking lots and office building lobbies, complement the public agency-owned cameras because companies routinely make recordings available to police.

...

Ozer said security cameras can make immediate suspects out of people engaged in innocent acts such as sitting on a stoop chatting with friends on a hot summer night, driving around the block in business districts looking for a parking space, picking up a spouse from work or taking a photo of a tall building as a tourism memento.

At some point we're going to really need, as a society, to reflect on just what personal privacy entails, how it fits into our concept of the constitution, and whether giving up this privacy is really outweighed by the proclaimed security benefits these cameras provide? At this point, the answer is clear...we are giving up a whole lot of what it means to live in a free country for a "security mirage" supplied by Big Brother.

Against a national ID

The Los Angeles Times correctly editorializes in opposition to a National ID card - in particular the idea that one should have to provide such a card to vote. The last thing our country needs is a modernized "poll tax".

The editorial reads:

If anything, advancements in electronic data storage argue against an all-purpose Social Security or other identification card because an identity thief would need to steal only one document to gain access to a universe of personal information. That is why both federal and state agencies discourage -- and, in the case of California, forbid -- businesses from displaying Social Security numbers on documents, badges or correspondence unless required by law.But in trying to arrest the drift toward an intrusive ID-card society, privacy advocates must choose their battles carefully. One worth fighting is over photo ID requirements for voters.

Constitutional or not, they are too sweeping a solution to too small a problem. In the absence of evidence of significant fraud at polling places, a photo ID requirement is at best a distraction and at worse an obstacle to the exercise of the franchise.

...

This page has supported proposals in California to issue driver's licenses to illegal immigrants, provided that they submit a birth certificate, an ID from their country of origin and proof of California residency, and undergo a background check. But under the Real ID Act, such licenses wouldn't pass muster for federal purposes. As a result, travelers from a state that issued licenses to illegal immigrants might have to carry a passport even for domestic travel, bringing a national ID card that much closer to reality.

Read the entire editorial here...

Friday, October 5, 2007

A world under surveillance

While yesterday's column by Robert Ellis Smith took a more optimistic view of the people's ability to prevent a full fledged "surveillaince society", this article by Stephanie Stein in The Suburban paints a more ominous privacy future. As privacy experts quoted in the article point out, the rise of surveillance technologies, particularly RFID's - on a global scale - should give serious concern to all of us that cherish our privacy...and liberty.

Thankfully in California, we have Senator Simitian leading the charge for common sense regulation of RFID technology, but in other parts of the country, and world, such action is not being seen, and in fact, are going the opposite direction.

Stein writes:

From surveillance cameras to data pirating, every bit of life is scanned and stored to meet economic and political agendas. Until awareness is heightened and proper legislation put in place, our right to privacy will continue to be violated, said privacy activists at the Privacy Rights in a World under Surveillance conference held last weekend at Montreal’s Sheraton Centre.

...

RFID is the modern model of the espionage tool first used in the Soviet Union in 1946. Today, the RFID chip can be inserted into passports, vehicles, animals, even into inventory systems. With global tracking boxes built into cars, and workplace monitoring devices that record everything you do, data mining is here to stay. Some experts believe the human microchip is not far behind.

...

From reader technologies that track our habits, to the surveillance of movement and profiling of passengers through Passenger Name Records (PNR) and entry-exit schemes, our right to privacy is on the verge of becoming obsolete.

...

Maureen Webb from The International Civil Liberties Monitoring Group (ICLMG) said since 9/11, the U.S. is demanding an integrated security environment where the population is biometrically registered, tracked and monitored. “Citizens’ information is stored for 100 years, and shared by agencies, without warrants, treating the entire population as suspects.”

Thursday, October 4, 2007

Reviving Privacy - Commentary

This column in Forbes Magazine by Robert Ellis Smith, a lawyer and author, and publisher of the Privacy Journal newsletter, is a must read! Is there a public revival in interest in the issue of privacy? And as this blog is especially interested in determining and articulating - where does that intersection lie between security, technology and privacy? Similarly, to what degree do corporations have the right to compile, share, and sell our personal information?

Fortunately, this editorial goes far in answering, or at least coming close to, a lot of these questions. This is not to say however, we quite share his level of optimism in terms of the public's recognition of the importance of this issue. While there has been an opinion shift among Americans on it, the question remains whether this will lead to a more active and energized public that is ready to fight for their right to privacy.

Mr. Smith writes:

Is there a revival of interest among Americans in protecting personal privacy? I believe that there is, and you can see the signs everywhere. This comes at a time when the President has nominated for attorney general a judge who seems to think that civil liberties protections can be ignored in difficult times, when we are rushing towards a de facto national ID card required of all Americans, and when the Bush administration continues to assert unprecedented claims to conduct secret collections of personal information and to monitor electronic communications with total disregard for existing laws.

...

Since 2001, there has been a maturing of our attitudes towards combating terrorism and protecting civil liberties. Many Americans now realize, for instance, that a mandatory national ID card is not going to help at all secure airplanes (from non-resident shoe bombers?). They understand that our pre-existing surveillance laws have always allowed for emergency and wartime procedures.

They know that allowing lots of entities to collect Social Security numbers only diminishes our individual security and does not enhance our national security. They have manifested a belief that by strengthening individual privacy and autonomy we might just embolden citizens to participate in the "war against terror" by staying alert to suspicious activities.

...

In the fall of 2001, 70% of Americans said they favored a mandatory national ID card. Just a few months later, support had ebbed to 26%, and in later years polls have shown that most Americans aren't so sure that a national ID is a good idea at all. In 2005, Congress went along with one member who insisted on a law increasing the documentation for a driver's license and requiring that all state licenses be uniform. In 2007, several states expressed opposition to the so-called REAL ID requirement, and 25% of respondents in a Zogby Interactive Survey said they disliked the idea.

...

This revival of concern has put pressure on Google to reconsider its headlong charge towards increasingly intrusive search services without adequate privacy safeguards. Another sign of the revival: Corporate representatives are attending conferences on privacy in record numbers.

Please read this optimistic call to action on privacy and individual liberty at a time when each are under outright assault from both government and big business.

Wednesday, October 3, 2007

Former Bush Attorney: Parts of Wiretapping Program "Illegal"

Let us hope that every elected representative will reflect on this testimony when they re-consider authorizing FISA in its recently "disabled" form. This from the Center from American Progress on yesterday's incredible testimony by a former Bush Attorney:

Jack Goldsmith, a former Bush administration attorney, told Congress yesterday that President Bush's warrantless wiretapping program was "the biggest legal mess [he] had ever encountered" and after leading an internal review, he "could not find a legal basis for some aspects of the program." Contradicting testimony by former Attorney General Alberto Gonzales, who said there were no "serious disagreements about the program" within the administration, Goldsmith stated, "There were enormous disagreements," with the internal fight culminating "in a threat by Goldsmith, [former Deputy Attorney General James] Comey, and others to resign en masse if the program were allowed to continue without changes." Goldsmith added that Vice President Cheney's counsel David Addington had "told him that his position might mean failure to halt a new terrorist attack that would leave him with the blood of thousands on his hands." Goldsmith's testimony also emphasized the reluctance of the White House to allow any oversight of its wiretapping program.

And let's not forget the telecommunication industry's unquestioning and obedient complicity in the illegal program. This from the Associated Press:

The FISA court is meant to balance the government's need to periodically collect intelligence inside the United States and the U.S. public's right to privacy. Secret FISA court orders can compel telecommunications companies to cooperate with government surveillance requests and indemnify them from lawsuits.

The Bush administration has asked Congress to grant retroactive immunity to telecommunications companies that cooperated. Around 40 lawsuits related to the surveillance are pending in federal courts. The administration has refused to give Congress details on the companies' involvement.

On Tuesday, the House Energy and Commerce Committee went to the companies themselves, asking AT&T, Verizon and Qwest for details on the government's secret surveillance program. Of the three, reportedly only Qwest rebuffed the government, insisting on a FISA court order first.The law prohibits telecommunications companies from sharing customer records without a court order.

The committee asked in letters sent Tuesday whether the companies allowed government agencies to install equipment on telecommunications lines to copy private Internet traffic, whether they have provided information on customers' networks of associates to the FBI, and whether they have ever been offered legal indemnity or compensation for cooperating with surveillance requests.

Tuesday, October 2, 2007

Retailers lobbying hard against AB 779

AB 779 - Jones' data protection bill - continues to get a lot of press coverage. To no ones surprise, the LA Times reported today that there is some heavy lobbying of the Governor going on by the retail industry.

The bill would help reduce incidences of identity theft by requiring businesses to take steps to safeguard consumer financial information, including encrypting computer records to avoid hacking, disposal of these records promptly and safely, and would prohibit businesses from storing customer credit card or debit card pin numbers and security codes. This year, the parent company that owns TJ Maxx and Marshalls stores acknowledged that 45 million credit card and debit card records were hacked from inadequately secured store computers by ID thieves sitting in parking lots outside stores.

Marc Lifsher reports:

"Going to the mall simply should not be identity theft Russian roulette," said the bill's author, Assemblyman Dave Jones (D-Sacramento). "What's happening is that retailers are keeping the credit and debit card information, and it is available to hackers and other identity thieves, who perpetrate fraud." He said that only about 40% of retailers and other organizations that accept credit card payments were complying with security guidelines developed by major credit card companies.

...

Credit unions support the bill, but most large business trade groups are asking the governor for a veto. Jeanne Cain, a lobbyist with the California Chamber of Commerce, said the bill would make retailers potentially liable in lawsuits even if they fully complied with its security conditions.

Frank Russo of the California Progress Report points out the fact that though the bill was overwhelmingly approved by the California Legislature, its fate is still uncertain:

It received its final passage in the Assembly 73-0 in September with 47 of 48 Democrats in support and 26 of 32 Republicans voting for it. Before its final amendments it had previously passed the Assembly in June on a 58-2 vote. It passed the California State Senate on a 30 to 6 vote with the support of 22 of 25 Democrats and 8 of those often difficult 15 Republican Senators.

Its author, Assemblymember Dave Jones, worked with a number of groups to make sure that it was a workable law, and the bill won the support of an impressive array of those from consumer, business, and law enforcement fighting identity theft and the abuses of the retail industry that does not comply with contracts they have made with credit card companies. Sponsored by the California Credit Union League, it is supported by Consumers Union, the Los Angeles County District Attorney’s office, Los Angeles County Sheriff’s Department, the Consumer Federation of California, Privacy Rights Clearinghouse, the California State Employees Association, AFSCME – American Federation of State, County and Municipal Employees, the California Public Interest Group (CalPIRG), and the Sacramento County Sheriff’s Department, to name a few. The LA Times, San Francisco Chronicle, and Riverside Press Enterprise editorialized in support of the bill, recognizing its importance.

Yet its fate is uncertain because of a massive behind the scenes lobbying effort by the California Retailers Association and the California Chamber of Commerce.

...

A number of bad apples amongst California's retailers have a shoddy, shocking record of performance here--one that cannot withstand the light of day. Here is what Jones told the Governor in his letter asking for a signature so that this bill can become law:

"According to recent information published by Visa, which helped write the data security standards, only 40% of our largest retailers are following the PCI standards, despite the fact that they are currently contractually obligated to do so. As a result consumers are put at risk of data breaches, credit and debit card fraud, and ID theft. And financial institutions also bear the substantial costs of notifying consumers and reissuing compromised credit and debit cards, all because common-sense rules aren’t being followed by retail establishments. The best data breach is one that never happens – AB 779 will prevent data breaches, pure and simple."

Judge Rules Provisions in Patriot Act to Be Illegal

Some good news on the privacy front for a change! The New York Times covers the recent landmark decision by a federal district court judge in Oregon.

A federal judge in Oregon ruled Wednesday that crucial parts of the USA Patriot Act were not constitutional because they allowed federal surveillance and searches of Americans without demonstrating probable cause.

...

“For over 200 years, this nation has adhered to the rule of law — with unparalleled success,” Judge Aiken’s opinion said in finding violations of the Fourth Amendment prohibitions against unreasonable search and seizure. “A shift to a nation based on extraconstitutional authority is prohibited, as well as ill advised.”

...

In examining the history of the Federal Intelligence Surveillance Act, the opinion discussed a change by Congress in October 2001, under the Patriot Act, that allows surveillance and searches if the government declares that “a significant purpose” of that activity is gathering foreign intelligence. In the past, such searches and surveillance had been allowed if “the purpose” was to obtain foreign intelligence.

Congress’s intent, the opinion said, was “to break down barriers between criminal law enforcement and intelligence gathering.” Judge Aiken said a practical effect of “a seemingly minor change in wording” was to allow the government to avoid the constitutional probable cause requirement.