Thursday, October 30, 2008

ACLU Sues GOP Members to Protect Voter Privacy

For those that don't know, as we speak the GOP is orchestrating an unprecedented voter suppression effort throughout the country. While the right wing attack on ACORN has been a useful and slanderous diversion from the real election fraud taking place, it certainly wasn't enough to keep the ACLU from sniffing out the true culprits in New Mexico.

Before I get to the ACLU's suit in New Mexico, here are just a few (of many) examples of what's been taking place across the country:

… In Philadelphia, fliers were distributed in a predominantly African American neighborhood which suggested that people with legal troubles or unpaid traffic violations will be arrested by undercover cops when they show up to vote.

…In Hamilton County, Ohio, Prosecutor Joe Deters - who is also the local chair of the McCain-Palin campaign - requested via subpoena personal information for 40% of voters who participated in same-day registration.

…In Montgomery County, Virginia, a registrar issued a memo giving incorrect and intimidating information to students at Virginia Tech University about the consequences of registering to vote, including possible loss of financial aid and tax dependence status.

…In Ontario, California, the owner of a firm that the California Republican Party hired to register tens of thousands of voters was arrested on suspicion of voter registration fraud after dozens of voters reported that the firm tricked them into registering with the GOP by asking them to sign a petition they believed to be aimed at toughening penalties against child molesters.

Now to the article in the Hudson Valley Press:

The American Civil Liberties Union (ACLU) of New Mexico today sued key members of the Republican Party for violating the privacy rights of New Mexico voters and illegally interfering with their right to vote. Filed in state district court, the class action suit alleges that NM Representative Justine Fox-Young and as yet unnamed members of the GOP illegally used private social security numbers to do background checks of legal voters and illegally disseminated confidential voter information to the press. The lawsuit also names private investigator Al Romero, hired by the GOP, for using voter registration information locate voters and question them about the legitimacy of their registrations.

...

In an October 16 press conference, Representative Fox-Young announced that members of the Republican Party used social security numbers from 92 voter registration forms, which they obtained from an as yet undetermined source, to run credit checks and driver’s license checks. They sent copies of the forms to the press, including 7 unredacted dates of birth.

According to New Mexico state law, “It is unlawful for the qualified elector’s date of birth or any portion of the qualified elector’s social security number required on the certificate of registration to be copied, conveyed, or used by anyone other than the person registering to vote, either before or after it is filed with the county clerk.” A person who violates this law is guilty of a fourth degree felony.

Download the ACLU's legal complaint: http://www.aclu-nm.org/PDF/3972_001.pdf

Simultaneously, a group of Democratic Party leaders and election integrity advocates have sent a letter to DNC Chairman Howard Dean urging him to take a stronger stand against these Jim Crow like tactics...in which the violation of privacy is one of many unconstitutional components.

Unfortunately for voters being discriminated against, and all those who want to live in a democracy, Dean and company have said and done little to address the crisis. How many fraudulent and discriminatory Presidential elections will it take before the Democratic Party will stand up for the rights of their constituents (and all Americans for that matter)?

I will post this letter shortly...

Wednesday, October 29, 2008

Thompson Seeks Explanation for Skirting of Privacy Report Provision

I suppose none of us should be surprised that the Department of Homeland Security hasn't been following protocol and submitting privacy reports as demanded by Congress.

The good news amidst the bad in this case is that the House Homeland Security Chairman Bennie Thompson - a Mississippi Democrat - has been ratcheting up the pressure on DHS to explain its actions. I would think that in light of the recent revelations regarding government eavesdropping on the calls of American citizens this kind of oversight should be pretty widely supported by Congress.

"Should" of course has a much different meaning than "will".

Congressional Quarterly reports:

DHS told Congress in March that it would not comply with a provision of the Sept. 11 commission legislation (PL 110-53) that calls for the DHS chief privacy officer to submit reports regarding the performance and responsibilities of anyone under his authority directly to Congress, without commentary or amendment by anyone at the department or the Office of Management and Budget.

...

Thompson sent another letter Tuesday, saying, “It is my understanding that the Annual Privacy Report underwent internal clearance at the Department. Sending the Annual Privacy Report through an internal clearance process which may have permitted revisions, instead of sending the report directly to Congress as required by PL 110-53 violated the letter and spirit of the 9/11 Act.”

...

Other information demanded in the letter includes the names and titles of all who reviewed the draft, a copy of the narrative opinion the department followed when it decided the review would be appropriate and an explanation of why the report — which was due in July — was submitted in October.

This is all just too familiar isn't it? Ignoring requests from Congress, obsuscating the truth, and treating privacy as if its an afterthought...or perhaps more aptly, an "enemy".

Click here to read the rest of the article.

Friday, October 24, 2008

Public Warrantless Wiretapping Report Marked "Classified"

We probably all know the backdrop for this rather predictable turn of events. When Congress updated the Foreign Intelligence Surveillance Act (FISA) last summer, lawmakers largely caved to the Bush administration's demands. One of the few areas where Congress actually demanded accountability on the part of the Bush administration was the inclusion of a "key-provision" requiring "the inspectors general of U.S. intelligence agencies to produce the first-ever public report" on the administration's wiretapping program.

But wait, you will be shocked, shocked I tell you, to find out that the report has been hidden from public view...precisely the opposite of what was promised! In fact, "the brief document, written by CIA inspector general John Helgerson, was marked classified." House Intelligence Committee Chairman Rep. Silvestre Reyes (D-TX), responded to Helgerson with a letter asking him to "please explain why you're not following the law." Further, Reyes asked that Helgerson issue a "preservation order" to ensure that the Bush administration doesn't destroy records pertaining to the wiretapping program "before they walk out the door" in January 2009.

It seems as of now, we still don't know why the report was deemed secret. Perhaps more interestingly, is how this directly relates to Senator Obama's decision to support the FISA legislation in question. Apparently, it was this very provision that flipped him.

Newsweek reports:

The dispute might not seem entirely unexpected. A veil of super secrecy has surrounded the program since President Bush, in the weeks after 9/11, directed the National Security Agency (NSA) to conduct surveillance of phone calls and e-mails of terror suspects inside the United States without judicial warrants. The little-noticed provision for a public inspectors-general report was crucial to gaining the support of some liberal Democrats—including Sen. Barack Obama—for last summer's bill, which allowed a modified version of the program to continue.

At the time, Obama was attacked by liberal bloggers for reversing his position on one of the most controversial provisions in the bill: a section, strongly backed by the White House, that granted blanket immunity to telecommunications companies facing lawsuits for participating in what critics charged was an illegal program. But Obama pointed to the mandate for a public report as a reason he was finally prepared to back the measure—even though it would squash lawsuits that could have led to a public airing of the extent of warrantless spying conduct by the administration.

"The Inspectors General report provides a real mechanism for accountability and should not be discounted," Obama wrote in a statement posted on his Web site on July 3. "It will allow a close look at past misconduct without hurdles that would exist in federal court because of classification issues."

Asked for comment, Michael Ortiz, a spokesman for Obama, said: "Senator Obama continues to believe that the public deserves to know that there is accountability and oversight of the surveillance program and urges that a nonclassified report from the IG be made available to Congress."

Click here to read more.

Thursday, October 23, 2008

ACLU Assails 100-Mile Border Zone as 'Constitution-Free'

As usual, the ACLU is on the frontlines of the battle where the government's use of "fear" intersects (or maybe "clashes" is a better word) with the individuals right to privacy. The fear in this instance is used to rationalize draconian, "constitution free" border patrol zones. And the people we are told to be afraid of are foreigners, terrorists, and of course, Mexicans.

The "slippery slope" argument certainly applies here. How large can this "border zone" become? If we allow these kinds of constitutional violations along our border, how long will it take before we start allowing them in the heartland? I tend to be of the opinion that anytime we weaken the fundamental principles of our Constitution for ANYONE, we weaken them for EVERYONE.

I believe this to be the case not just in practice, but also in the way we view principles like liberty, privacy, and freedom. AS time goes by, and we see these rights whittled away, watered down, or outright eviscerated, we similarly see our belief in them weakened, our confidence in them shaken, and our reverence of them debased.

Now that I've stepped off the soapbox, let's go to Wired Magazine's report (watch the video too):

Government agents should not have the right to stop and question Americans anywhere without suspicion within 100 miles of the border, the American Civil Liberties Union said Wednesday, pointing attention to the little known power of the federal government to set up immigration checkpoints far from the nation's border lines.

The government has long been able to search people entering and exiting the country without need to say why, which is known as the border search exception of the Fourth Amendment. After 9/11, Congress gave the Department of Homeland Security the right to use some of its powers deeper within the country, and now DHS has set up at least 33 internal checkpoints where they stop people, question them and ask them to prove citizenship, according to the ACLU.

...

When citizens or visa holders encounter a checkpoint, most are waived on after showing identification, but if an agent suspects the person is not lawfully in the country, the agent can detain the person until the agent's investigation is satisfied. The government has long had the power to set up such check points, but has recently expanded the number of permanent and 'tactical' check points and deployed them in areas they hadn't before -- such as near the Canadian border.

...

The ACLU hopes that Congress will include changes to the border zone in traveler privacy protection bills that focus on prohibiting suspicion-less searches and seizures of laptops at the border. Congress is currently out of session and would not move on any legislation until sometime in 2009 at the earliest.

Click here to read more and watch...

Wednesday, October 22, 2008

Breach of Web site for Ohio Secretary of State Jennifer Brunner called an isolated event

Granted, this isn't the most relevant story to the issue of privacy, but it certainly is to the issue of democracy.

The assault on the Secretary of State's website in Ohio is nothing surprising, as it was both detailed and predicted by the former GOP operative - Allen Raymond (now a convicted felon for his work in New Hampshire in 04') - in his book entitled "How to Rig an Election: Confessions of a Republican Operative".

According to Raymond, these kinds of October surprises are largely aimed to harass and intimidate. The bigger concern is that the attacks could threaten sensitive records and functions of the site. In a press release Monday, Secretary of State Jennifer Brunner announced that "the state website has been set in a static mode with limited functionality as a precaution." The press release also cites "denial of service" attacks against both phone and email, and which include threats of harm and or death, as well as a suspicious package.

These attacks follow a fight by the GOP to purge voter rolls in the state. SOS Brunner's recent victory in court to prevent unfair purging of the voter rolls due to database mismatches was a blow to the state GOP party. There is a tug of war between the Democratic Secretary of State verses the Ohio State GOP Party over control of Ohio's elections.

With that, here's an article in Cleveland's Plains Dealer on the issue:

Monday's forced shutdown of the Ohio secretary of state's Web site appears to have been the most serious breach of a state government site in recent memory, according to state officials.

...

The office will not say what type of information the hackers might have gained access to or how long the problem may have existed before it was discovered. The office handles elections data, voter information and business filings.

...

Brunner's office said the aggression toward the secretary has been more serious than previously revealed and that the State Highway Patrol is now investigating a number of incidents -- including death threats against Brunner. The computer breach followed the death threats and e-mails and phone calls threatening physical harm to the secretary's staffers, according to spokesman Jeff Ortega.

The Highway Patrol is also investigating a suspicious envelope addressed to Brunner and sent to the former location of the secretary's office in Columbus. The envelope was covered in threatening messages with political overtones and contained an unidentified powder, Ortega said.

Click here to read more.

Friday, October 17, 2008

ACLU Says Recent NSA Spying Allegations Bolster its Lawsuit Against FISA Bill

It's shocking, though I suppose we shouldn't be, how little news coverage is being dedicated to the recent revelations that the NSA has been listening in on our calls...like even "pillow talk" conversations. Conversations that agents allegedly had fun passing around to colleagues and having a real hoot over.

And that's only the more personally disturbing privacy violations we all have apparently been subjected to in recent years. Reports also seem to indicate they NSA was listening in on individuals and organizations that simply might disagree with our government and its policies, most notably journalists. Any threat to what's left of our gutted "free press" should concern every American.

The silver lining of these Orwellian nightmare revelations of course is that it should strengthen the ACLU's lawsuit against the recently signed FISA bill that actually ENHANCES and EXPANDS the government's power to listen to our calls and intercept our emails.

Wired Magazine reports on this aspect of the story, and it includes video of Adrienne Kinne, a former Army reservist and Arabic linguist at Ft. Gordon, who told Threat Level last year that her group intercepted satellite communications of businessmen, aid workers and journalists in the Middle East and that they had received a waiver that allowed them to listen to and report on calls involving Americans and U.S. allies, including calls they made to other Americans in the U.S.

Kinne's account appears in a new book published this week by NSA expert James Bamford, called Shadow Factory, and were the focus of an ABC news report last week.

Read on:

The American Civil Liberties Union says that recent allegations that the National Security Agency eavesdropped on communications of U.S. aid workers and journalists based in the Middle East will help bolster a lawsuit challenging the constitutionality of amendments to the Foreign Intelligence Surveillance Act, which were passed earlier this year.

Two Arabic linguists who worked at an NSA listening post at Ft. Gordon, Georgia, have alleged that the NSA systematically targeted U.S. aid workers and journalists in the Middle East for eavesdropping. The linguists say the calls were personal in nature and not terrorist- or military-related.

...

Under guidelines of the United States Signals Intelligence Directive 18, also known as USSID 18, the NSA must not target U.S. persons for interception except under special circumstances and, if such communications are intercepted incidentally, NSA monitors must stop listening to the call once they realize the party is a U.S. person and must not keep a recording of the call or disseminate a report on its contents.

...

Melissa Goodman, staff attorney in the ACLU's National Security Program, said the allegations confirmed that despite the government's repeated assertions that after September 11 it targeted only suspected terrorists for surveillance, the NSA was targeting relief workers and journalists, including U.S. persons, without cause.

Goodman added that the allegations underscore the need for transparency and proper oversight of surveillance programs to ensure that abuses don't occur, which is the basis for a lawsuit her organization filed earlier this year.

...

The ACLU is challenging the law on constitutional grounds, saying it violates the Fourth Amendment by allowing the government to conduct untargeted, dragnet surveillance regardless of whether the person or entity being targeted is suspected of wrongdoing. The ACLU says the new law also removes effective oversight by not requiring the government to tell a court who it's targeting for surveillance. (The Electronic Frontier Foundation filed another suit challenging provisions in the Act that granted immunity to telecommunications companies that cooperated with the NSA in conducting warrantless surveillance.).

...

Senate intelligence committee chair Jay Rockefeller (D-W.Va.) has ordered his staff to open a probe into the surveillance abuses alleged by the two Arabic linguists, Kinne and Faulk. The Senate Judiciary Committee has also announced it wanted a full investigation of the allegations. The Senate Judiciary Committee has known about Kinne's allegations for more than a year.

I highly suggest you watch the clip of Ms. Kinne...bone chilling stuff. Click here to watch her speak and read the rest of the article.

Wednesday, October 15, 2008

Top NSA Scribe Takes Us Inside The Shadow Factory

It's always hectic when campaign season begins to wind down, and its no different here at CFC. I'm trying to multi-task at before unheard of levels!

While I have a second though, I thought I should follow up on the recent revelations coming out on the NSA's eavesdropping of American citizen phone calls. And no, I'm not talking about a phone call to a terrorist, I'm talking about phone calls about, well anything you can imagine, with government eavesdroppers not just listening in, but joking about what you're talking about.

Scary, unconstitutional stuff if you ask me. But let's ask someone far more knowledgeable than I shall we? How about James Bamford, the New York Times investigative journalist who broke the wiretapping story a few years ago.

Here he's interviwed in Wired Magazine:

No outsider has spent more time tracking the labyrinthine ways of the National Security Agency than James Bamford. But even he gets lost in the maze. Despite countless articles and three books on the U.S. government's super-secret, signals-intelligence service — the latest of which, The Shadow Factory, is out today — Bamford tells Danger Room that he was caught off guard by revelations that the NSA was eavesdropping on Americans. He remains confused about how the country's telecommunications firms were co-opted into the warrantless spying project. And he's still only guessing, he admits, at the breadth and depth of those domestic surveillance efforts. In this exclusive interview, Bamford talks about how hard it is, after all these years, to fit together the pieces at the NSA's "Puzzle Palace" headquarters.

...

DR: NSA has long had all these relationships with the telecommunications companies, as well. One thing that confused me: Before 9/11, while Hayden was supposedly fighting against any eavesdropping on Americans, you write, the NSA was trying to convince one telecom, Qwest Communications, to help the agency conduct domestic surveillance. Those two don't fit.

JB: It would've been nice if everything fit into a nice little package, but it didn't. That was one of the outlying issues. The time line seemed to be off. You know, I could see [Hayden] doing that after 9/11, but before 9/11 he was very careful. It's hard to say. Again, I'm just one guy trying to write this book. But that's why there really needs to be a congressional investigation into what went on at NSA.

The only thing I can think of is that [Hayden] may not have been trying to get access to the actual voice conversations. What he may have been trying to get from Qwest was their database of subscribers — subscriber names, subscriber telephone numbers. It's one of the things that NSA has always tried to get. I mean, going back to the early days, they had the world's largest collection of telephone books. Hayden would've known that was at least questionable, if not illegal, because I think he made a comment about that very kind of access before 9/11.

...

DR: But, before, there was such a strong culture at NSA of respecting Americans' privacy. You had United States Signals Intelligence Directive 18 (USSID 18), which strictly prohibits listening in on U.S. persons, without a warrant. What happened?

JB: That's one of the interesting things, one of the things I wanted to get across in the book — this whole before-and-after issue. [Before,] as soon as they got an American, under USSID 18, they had to turn it off. And then after 9/11, all those USSID 18 rules and regulations they had before 9/11 were thrown out the window. They'd make up these flimsy excuses, like, "Well, suppose an American loses her cell phone and then what happens if a terrorist picks it up." They're bending 180 degrees backwards.

DR: Is that why you joined the ACLU's lawsuit against the agency?

JB: I was outraged the moment I heard what was going on. Of all the journalists out there, I'm the one person who's written more than anyone about NSA. I knew this, this is a big deal. I had written about the horror days of the '50s, '60s, up until the mid-'70s, when they were engaged in this warrantless eavesdropping. The impression I got [previously] was that they were always trying to push back, hard, from the edge. And I hadn't changed that impression, post-9/11.... For NSA to all of a sudden revert back to the bad old days of the '60s and '70s — I thought that was illegal, unethical. I was very angry. I thought NSA shouldn't be doing this.

So then, a couple of weeks later, the ACLU calls me up, and asks me to join a suit. I didn't immediately say, "Yes, hell yeah, I'll do it." I said I'd think about it. Because it was a big thing for me to, all of a sudden, step out of my role as a journalist and a writer and to become a plaintiff against the agency I had written two books about. If I had wanted to play it safe, I would've said, "we'll, ya know, I gotta be a journalist here," thinking I may lose all these sources, starting with Hayden and working my way down. They like me at NSA. [But] I thought they were doing something bad, and I had to do something about it.

There were a lot of people there that got very angry at me for suing the agency they worked for. People that were all in favor of what NSA was doing — which was a lot of people. Ya know, "patriotic, we should be doing this," all that stuff. And I was saying, "Well, I don't mind if you spy on terrorists. But we live in a democracy. There's got to be a buffer here between the people who are targeting the terrorists and the American public."

This is some GREAT stuff. Click here to read more.

Friday, October 10, 2008

NSA Listened in on Intimate American Phone Calls, Passed Around "Salacious" Bits

Some real disturbing news to report today that validates some of our most paranoid fears...such as "the government could be listening to this call."

ABC News reported yesterday that "despite pledges by President George W. Bush and American intelligence officials to the contrary, hundreds of US citizens overseas have been eavesdropped on as they called friends and family back home." The allegations come from "two former military intercept officers assigned to the National Security Agency" and "include claims that U.S. spies routinely listened in on intimate conversations and sometimes shared the recordings with each other."

The Washington Post noted today that "at least some of the snooping was done under relaxed eavesdropping rules approved by the Bush administration to facilitate spying on terrorists." According to the ABC report, NSA employees "routinely shared salacious or tantalizing phone calls that had been intercepted, alerting office mates to certain time codes of 'cuts' that were available on each operator's computer." The chairman of the Senate intelligence committee, Sen. John Rockefeller (D-WV), called the accusations "extremely disturbing" and said he may hold hearings.

The Los Angeles Times reports:

U.S. intelligence analysts eavesdropped on personal calls between Americans overseas and their families back home and monitored the communications of workers with the Red Cross and other humanitarian organizations, according to two military linguists involved in U.S. surveillance programs.

...

They also said they were encouraged to continue monitoring calls of aid workers and other personnel stationed in the Middle East even when it was clear the callers had no ties to terrorists or posed no threat to U.S. interests.

...

Congress overhauled the foreign intelligence surveillance laws this year to give the government greater latitude to track targets overseas. But the law still imposes strict protections for U.S. citizens abroad and requires the government to delete or block information that isn't for valid intelligence purposes.

Click here to read more.

Monday, October 6, 2008

The Terminator Blows Away Data Breach Bill

Now, I admit the title of this post is from "InternetNews", not me, but putting it's cheesiness aside, the Governor's veto of AB 1656 (Jones) was another disappointment for privacy advocates. The bill would have required businesses and state agencies to better safeguard personal financial information they possess. A retailer responsible for a security lapse would need to notify customers.

Before I get to the article, I should also point out the Governor also vetoed SB 364 (Simitian) - another privacy protection bill - which would have required businesses and state agencies, in the event of a security breach of computer data bases containing personal information, to provide specified notification of these breaches to consumers in plain English as well as to notify the proper government authority of the breach.

As for AB 1656, we (CFC) supported the bill because California lacks any centralized reporting process for security breaches. It is therefore difficult for state policy makers to assess or improve upon our state security breach laws. The state may be missing important criminal activity patterns or consumer practices, the analysis of which could help establish better protections for Californians. This bill would have addressed this need by making the Office of Privacy Protection a repository for security breach notifications.

AB 1656 was a vehicle for establishing more comprehensive improvements that are sorely needed for California’s existing security breach notification laws...unfortunately, we'll have to just keep trying.

Now to the article regarding the veto of AB 1656:

Supporters of AB 1656, however, claim that such statutes are necessary to protect financial institutions from fraud and rising card replacement costs stemming from retail data breaches.

"When the fraud happens, the retailer doesn't have to pay the cost, and the system is loaded in such a way that it's a disincentive for retailers to protect consumer data," Bob Arnould, senior vice president for government affairs at the
California and Nevada Credit Union League, told InternetNews.com. The league sponsored the bill, which was tabled by Assemblyman Dave Jones (D-Sacramento).

...

Arnould accused the governor of being too close his backers. "There's a saying in politics that 'you dance with the one who brung ya,' and we're up against retailers and the Chamber of Commerce, and they have a very close relationship with the governor," he said.

Click here to read more (short article).

Thursday, October 2, 2008

ACLU Comments on Fate of Two Landmark RFID Bills in California

To close out my three or more day run discussing the two RFID bills that made it all the way to Governor Schwarzenegger's desk I thought it fitting to post the ACLU's reaction. I was sent their press release on the issue this morning and I thought I'd share it with everyone, as not only were they the sponsors of the bills, they have been the most effective advocates on their behalf. I would point everyone to the last line of the release...that's our next challenge, SB 31 is only the beginning of what must be done.

Click here to check out ACLU's "Don't Chip our Rights Away" page.

Now to their press release:

Governor Takes Important Step To Protect Privacy and Safety of Californians;
Signs RFID Anti-Skimming Legislation Into Law

Governor Schwarzenegger took an important first step to protect the privacy, personal safety, and financial security of millions of Californians by signing Radio Frequency Identification (RFID) anti-skimming legislation into law this week.

SB 31, authored by Senator Joe Simitian (D-Palo Alto), sponsored by the American Civil Liberties Union, Privacy Rights Clearinghouse, and the Electronic Frontier Foundation, and supported by a broad bipartisan coalition including the Gun Owners of California, Consumer Federation of California, California Eagle Forum, American Association of Retired Persons (AARP), makes it a crime to surreptitiously read information stored on tiny electronic devices known as RFID tags.

The information stored on unsecured RFID chips embedded in identification cards like drivers’ licenses, medical ID cards, or student IDs, can be read from a distance, without an individual’s knowledge and consent and then misused for tracking, counterfeiting, and identity theft.

“Just as we don’t let a stranger to sift through our wallets and take our driver’s license, our private information should not be accessible without our knowledge or consent,” said Nicole Ozer, Technology and Civil Liberties Policy Director at the ACLU of Northern California. “Until now, there has been no law to prevent anyone from skimming our information. By signing SB 31, Governor Schwarzenegger has taken an important step to safeguard the privacy, safety, and financial security of millions of families.”

In an experiment, the information on the RFID-embedded identification card that Senator Simitian uses to access the California State Capitol was skimmed and the information copied by a hacker in a split second. Minutes later, using the information from the Senator’s card, the hacker was able to walk right into the Capitol through a members-only, locked entrance. The experiment helped Simitian see the need for legislation.

“Right now if someone steals your ID card, it’s a crime. But if they steal the information on your ID card by ‘skimming,’ it’s not. That makes no sense whatsoever,” Simitian said. “The problem is particularly serious because we’ve got millions of IDs and access cards out there with no limitation on the kind of information they carry, and no requirement that they use any of the privacy protection technology that’s readily available.”

SB 768, Senator Simitian’s 2006 legislation to ensure that any RFID tags used in government-issued IDs made use of these readily available privacy and security protections, such as encryption and shielding, was overwhelmingly passed with bipartisan support by the California legislature, but vetoed by the Governor.

The privacy and security of Californians is not a liberal or conservative issue, it’s an issue for everyone. We are pleased that the Governor signed SB 31 into law and hope that he comes to understand why robust RFID privacy protections are necessary for all Californians,” said Sam Paredes, Executive Director of the Gun Owners of California.

Simitian began to look at the use of RFID in identification documents after an elementary school in Sutter, California required its students to wear identification badges that contained RFID tags that broadcast the students' information. With the help of the ACLU, parents successfully petitioned the school to remove the RFID tags. “The ACLU is disheartened that the Governor vetoed a related RFID bill, SB 29, that would have provided for notice and consent from parents about the use of RFID in school identification documents. We're looking forward to working with the Administration to implement real protections for students and their parents,” said Valerie Small Navarro, Senior Legislative Advocate for the ACLU in Sacramento.

SB 31 is an important first step, but enforcing laws on RFID skimming will be an ongoing challenge,” said Ozer. “Because an RFID tag can be read at a distance, it may be very difficult to catch people breaking this law. The next step in protecting our privacy safety will be to ensure that our driver’s licenses and other government ID only use secure RFID technology.”

Wednesday, October 1, 2008

Governor Signs SB 31 - A Modest RFID Regulatory Law

I'm not going to lie, I'm still a bit steamed the Governor vetoed SB 29...something about not giving parents control over whether their children should or shouldn't be "chipped" with an RFID tag grinds me the wrong way. I mean really, parents, not schools, should decide whether children must carry a tracking devise. Mechanical devices might be useful for tracking cattle. When it comes to our children they are no substitute for teacher and school staff responsibility.

Some good news to report however. The Governor did sign SB 31. which will make it unlawful to skim information from an RFID without the consent of the ID holder. The prohibition does not apply to law enforcement applications such as in prisons, or in valid health emergency situations.

Thankfully, the Governor Schwarzenegger at least signed this basic, common sense bill, and set what could become an important precedent for privacy protection.

For a review of the "RFID issue", let's remember, using an RFID to trigger an alarm if someone tries to shoplift clothing is pretty benign, but what about when this technology is used to track the daily movements of law abiding citizens?

Let's remember just a few recent examples:

A California school district embedded RFIDs in student IDs without the parents' knowledge, claiming it would ensure that students were accounted for, but the district failed to consider the potential for hacking by a child abductor.

FasTrak transponders make it quicker to cross Bay Area bridges, but the Metropolitan Transportation Commission has released information in messy divorce cases that was used to document when wayward spouses were traveling to places they claimed they weren’t.

The US and other countries embed RFIDs in passports. In the Netherlands, it took a local TV station only two hours to figure out how to hack a prototype RFID in a Dutch passport. Hackers could access fingerprint, photograph, and other data on the RFID tag, perfect for creating a cloned passport.

Hacking is one problem, but the threat to our privacy doesn’t stop there. RFIDs can play a useful role in protecting entry and exit from secure locations such as police stations or prisons, but do we really want government snooping into our whereabouts when it’s none of their business?

A few weeks ago New York became the first state to comply with a federal program to embed RFIDs in drivers’ licenses. California has held off – for now. But with federal highway funds threatened, it may be only a matter of time before we’re all beaming our personal information, signatures and photographs every time we’re behind the wheel.

As I recently mentioned, organizations across the political spectrum ranging from the ACLU to the Liberty Coalition support common sense regulation of RFID. High tech RFID manufacturers have successfully derailed similar legislation by Senator Simitian in the past, and they have done so again in the case of SB 29.

We know this much, we've made progress in the past couple of years, both banning the subcutaneous implanting of RFID chips by an employer and now the skimming of personal information from one person of another without consent. We also know there is much more to do, and that big business will continue to fight any effort to allow California residents to control the use of RFIDs in government-issued documents.