Monday, March 30, 2009

More security flaws found in Google's "Cloud Computing Services"

The big news on the privacy front these days is the discovery of a bug that allowed the sharing of people's cloud-based documents (i.e. Gmail, Google Docs, Google Calendar, Picasa, and Google Desktop) with unauthorized users. This discovery led to the Electronic Privacy Information Center asking the Federal Trade Commission to investigate Google's cloud security promises.

According to EPIC's own argument summary:

This complaint concerns privacy and security risks associated with the provision of “Cloud Computing Services” by Google, Inc. to American consumers, businesses, and federal agencies of the United States government. Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains.

Given the previous opinions of the Federal Trade Commission regarding the obligation of service providers to ensure security, EPIC hereby petitions the Federal Trade Commission to open an investigation into Google’s Cloud Computing Services, to determine the adequacy of the privacy and security safeguards, to assess the representations made by the firm regarding these services, to determine whether the firm has engaged in unfair and/or deceptive trade practices, and to take any such measures as are necessary, including to enjoin Google from offering such services until safeguards are verifiably established.

Such action by the Commission is necessary to ensure the safety and security of information submitted to Google by American consumers, American businesses, and American federal agencies.


Now, compounding the increasing pressure on Google, as well as the continued unwanted bad press it's been getting, a security analyst says he's found three glitches in Google Docs that could expose private data.

As I've detailed on this blog before, Google doesn't have the best record on privacy related issues, with an almost hostile relationship developing in recent months between the company and privacy advocates. Apparently this trend is continuing without any signs of abating.

Reuters reports:

Google Docs is an online office productivity suite that lets users create and share word processing or spreadsheet documents. It's free for consumers, and Google also offers an enterprise version, Google Apps, with more features.

One of the flaws allows images to be accessible even if a document has been deleted or the sharing rights have been revoked, wrote Ade Barkah, the founder of BlueWax, an enterprise application consultancy based in Toronto.


...

The second problem allows users to see all versions of an image that's been modified. For example, if a user wanted to redact part of an image and share it, the user who has access to it could modify the URL of that image to see previous versions.

...

Barkah also found a third problem but is not releasing details on it just yet. It appears to allow people who once had access to someone's Google Docs to still get access even if access rights have been changed.

...

In a statement, Google said they are investigating but that "we do not believe there are significant security issues with Google Docs." If accurate, Barkah's discoveries are likely to fuel calls that the company needs to do a thorough security review of its cloud-based applications.

In a follow up piece by Reuters, Google attempts to answer some of the assertions made by Mr. Barkah, and hints it may address some of the core concerns he raised:

Google evidently sees some merit in Barkah's report. Google has added information regarding Barkah's observations to its Docs "help" pages about creating drawings and about adding viewers and collaborators to documents. In addition, Google may make changes to Docs as a result of Barkah's report. "We are also exploring alternative design options that might further address the concerns. We'd like to thank the researcher for sharing his concerns with us," Rochelle wrote.

...

Rochelle countered that images are kept independently of the documents in which they appear for fear that deleting them would break references to them in other documents and external blogs. "In addition, image URLs are known only to users who have at some point had access to the document the image is embedded in, and could therefore have saved the image anyway -- which is fully expected," Rochelle wrote. Ultimately, document owners can request that images be purged from their account by sending an e-mail to Google's support team at docsimagedelete@google.com.

...

In his response, Rochelle points out that allowing collaborators to view a document's revision history is a Docs feature, and that the only people who could see past revisions of a drawing are those who have been given access to the document.

...

Barkah didn't detail his final concern in his report to give Google time to troubleshoot it, but said that it allowed, in some cases, contributors whose access to a document has been removed to get back into it without the owner's knowledge and permission. Rochelle explained that the scenario involves the use of a Docs feature that allows invitations to access documents to be forwarded to more than one person. Google added this feature in response to requests from users who wanted to forward invitations and share documents with e-mail lists.

"Invitations sent using this feature contain a special key on the document link. This feature can be disabled at any time to expire previously distributed invitations which contain that special key. To do this, simply disable this feature by unchecking it -- in documents and presentations, it's called 'invitations may be used by anyone' and in spreadsheets it's 'editors can share this item,'" Rochelle wrote.

Barkah has not responded yet to Google's rebuttals...so stay tuned...

Wednesday, March 25, 2009

Coalition Urges Obama to Defend California Financial Privacy Law

I want to come back to a story I first reported here last week: The U.S. Supreme Court is interested in a banking industry challenge to a California law that restricts the ability of financial institutions to share information about consumers - even among company affiliates.

On March 9th the Court asked the U.S. Solicitor General - the Obama Administration's top courtroom lawyer - for advice on an appeal.

Take Action - Tell President Obama to Protect California's Financial Privacy Law!

As I mentioned in my first post after finding - hidden deep inside an email box full of news articles - a headline entitled "California privacy law challenged by banks" in an obscure website called Azcentral.com:

We must now convince the Obama administration’s top courtroom lawyer – with the help of California’s two Senators (or whoever your Senate representatives may be) - to let the states set a superior privacy standard. Ultimately, an "ask me first" standard must prevail.

The Consumer Federation of California will work with our allies in the privacy rights movement to ensure that California law should govern privacy for all personal information that is not directly related to determining a consumer's credit worthiness. Please come back to this site for more information on this topic and specific “action items” you can take.

Well, I'm back, and here's the update!

But first, for those that don't know the back story, for three years the Consumer Federation of California and other privacy advocates worked to enact a law that would give consumers the right to stop banks and other financial institutions from sharing their personal information - including with "affiliates" (which can number in the thousands).

Big banks, "Business Democrats" and Republicans teamed up to kill this legislation from 2001 until 2003. After consumer and privacy advocates collected 600,000 signatures to place a privacy initiative on the ballot, the banks acquiesced to avoid a disaster at the polls. Senate Bill 1 of 2003 (Speier) became law and California established the nation's strongest financial privacy protections.

As soon as SB 1 was signed into law, the financial institutions ran to court to overturn it, arguing that other federal banking laws prevented state regulation of banks and brokerages. In September 2008, the 9th Circuit declared the right of California consumers to stop disclosure of their personal information among affiliated financial institutions, except where such information was a consumer report.

Now - with little fanfare and even less media attention - the Supreme Court is poised to take the Banking Industry lobby's appeal and possibly overturn portions of one of the most important victories for privacy advocates in recent memory.

In light of this information, a coalition of privacy groups immediately jumped into action last week, authoring an open letter to the Obama Administration urging it to defend California's landmark financial privacy law against the banking industry's legal efforts to overturn it. A copy of our coalition's letter to the President and the Solicitor General can be read here.

Our efforts were supported by a fantastic San Francisco Chronicle editorial opposing the banks' appeal entitled "The Audacity of American Bankers".

Today, CFC, also created an action alert allowing anyone to send a message directly to the President urging he stand with California, not the Big Banks!

The letter to President Obama and Solicitor General Elena Kagan were signed by The Consumer Federation of California, Privacy Rights Clearinghouse, CALPIRG, Consumers Union, Consumer Action, The Older Women's League, The California Alliance for Retired Americans, and Chris Larsen, CEO, Prosper Marketplace, and founder of Californians for Privacy Now, the original organization that spearheaded a 2003 ballot initiative campaign that turned fierce banking industry opposition into acquiescence with SB 1.

"This represents a defining moment for privacy rights" the letter states. "We ask you to stand with consumers by telling the Supreme Court to reject the banks' appeal in Brown."

Privacy advocates support the State of California's position in this legal matter, which is that there is no merit to the appeal filed by the American Bankers Association. At issue is whether federal laws preempt portions of California law that regulate the sharing of private consumer information within a financial institution's family of affiliates.

This case provides the Obama Administration the opportunity to reveal its views both on personal privacy protection and on the necessary role of the states in protecting consumers from unfair practices in the banking industry in the absence of adequate federal regulation. The letter points out that California's financial privacy law has proven a successful model for the nation, and that it fills a regulatory vacuum at the federal level.

We urge everyone - if not already done so - to urge the Office of the Solicitor General, the Obama Administration, and California Senators Boxer and Feinstein to stand up for California's right to protect the privacy of its citizenry and oppose the banking industry's appeal. Please feel free to use our letter as a template for your own.

Tuesday, March 24, 2009

Civil liberties groups oppose Obama Administration's interpretation of cell phones and 4th Amendment

I can't hide my disappointment on this one. In light of our current global economic meltdown and two losing military occupations it's not surprising that a story like this has slipped through the cracks and gone largely unreported. Nonetheless, its privacy implications are substantial.

The Obama administration is now arguing that the Fourth Amendment prohibition against unreasonable searches and seizures does not apply to cell-site information mobile phone carriers retain on their customers. The position is being staked out in a little-noticed surveillance case pending before the 3rd U.S. Circuit Court of Appeals in Philadelphia. The case has wide-ranging implications for Americans, as most citizens have or will carry a mobile phone in their lifespan.

Now, three civil liberties groups - The Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT) and the American Civil Liberties Union (ACLU) - are asking the U.S. appeals court to strike down the government's request to obtain stored mobile-phone location tracking information without showing probable cause.

The Industry Standard reports:

Several courts have ruled against the government obtaining real-time mobile-phone tracking information without a warrant, but this is the first case dealing with stored tracking information, said Jennifer Granick, EFF's civil liberties director.

"The government argues that federal law requires judges to approve their applications for location information from cell phone companies -- even if the police don't have probable cause to obtain this sensitive information," Granick said. "Courts have the right under statute -- and the duty under the Constitution -- to demand that the government obtain a search warrant before seizing this private location data."

Mobile phone providers store data about where customers make and receive calls, based on the cell towers the customers' phones used. Granick called the U.S. government's attempts to collect past mobile-phone tracking information "creepy." "They can go back in the past for as long as the cell phone companies keep records," she said.

Click here to read the rest of the article.

Thursday, March 19, 2009

What's the future of the Real ID Act under Obama?

This issue has been dead for quite sometime, and it appears to be making some headlines again now that the Obama Administration and Homeland Security's new secretary, Janet Napolitano, are beginning to give some hints at how they're going to deal with the headache known as the REAL ID Act. Click here to read the posts I've done on this issue in the past.

As I mentioned on January 5, 2009, little is known about how the Obama Administration was going to proceed on REAL ID, writing:

"Making the issue - and how it all will play out - all the more unknown is the incoming Obama administration and his Secretary of Homeland Security Gov. Janet Napolitano. I say this because, as I have mentioned in previous posts here, we know very little about where Obama stands on REAL ID, or what he intends to do about this beleaguered, privacy invasive program. Further, Gov. Janet Napolitano has a VERY spotty record on the issue of privacy, yet she did oppose REAL ID as the Governor of Arizona (but only because it was expensive, not because it invaded privacy).

So all in all we are left with one big question mark as to how this program will or will not evolve. The good news is, if states keep refusing to comply, as Virginia is apparently going to attempt to do again, we'll be in good shape."

Just for a quick refresher course on the Act and the state revolt that it has inspired:

The Real ID Act was approved by Congress - underhandedly as a rider I might add - and then signed into law by President Bush in 2005 as part of the government's effort to combat terrorism. At the time, few lawmakers even knew what they were voting for, or necessarily supported the concept to begin with. Since that time the law has evoked widespread criticism from privacy advocates and civil rights groups, which say it would create a de facto national identity card system that would be hard to manage and even harder to secure.

The law requires states to issue new licenses which are supposed to screen potential terrorists and identify illegal immigrants. However, it carries with it grave privacy risks, not to mention it will be expensive for states to implement and it could potentially restrict summer travel.

Essentially it would create a national identity card and impose numerous new burdens on taxpayers, citizens, immigrants, and state governments – while doing nothing to protect against terrorism. This new federal identity document would be required of every American in order to fly on commercial airlines, enter government buildings, open a bank account, and more.

The common reaction from concerned public citizens across the country has centered on the threat it would pose to individual privacy, the high costs states would incur to implement it, the increased danger of identity theft, and the possible loss of freedoms due to expanded government power.

For everything that's wrong with the REAL ID Act, check out the REAL NIGHTMARE site.

Now for the latest hints on the Act's future in an Obama Administration...as expected they are taking a "it costs too much" opposition argument rather than a privacy protection one. This is unfortunate...but better than we had under the Bush Administration.

The UK's "The Register" article entitled "Real ID law to receive makeover under Obama" states:

The ex-governor of Arizona, tapped as chief homeland spook by Obama in January, has been an outspoken adversary of the law since its introduction as a rider act for the "Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, 2005."

Revisions to the law being proposed by Napolitano and other officials, however, appear to be motivated by the cost of implementing the law, rather than out of concern for the privacy of American citizenry or states' rights.

...

While the law allows each state to continue issuing non-complying IDs, the old cards must carry a unique design and be clearly marked to show they cannot be accepted for any federal purpose. But the usefulness of non-complying cards is rather put into question by the federal government's running the show at US borders and security check-ins at the country's airports.

Furthermore, the Act specifies needing a Real ID to enter a federal building or nuclear power plant - but leaves the true scope of what is considered an "official purpose" as an ambiguity. For some officials, it's a tempting opportunity to use the system to track more mundane activities such as
purchasing over-the-counter medicines as a means to bust meth labs.

...

Presently, all 50 states have received extensions to the original May 11, 2008 deadline. A few holdout states (http://www.theregister.co.uk/2008/03/25/real_id_revolt/) such as California, Montana, Maine, and South Carolina have either refused to commit to the plan or even passed resolutions not to participate. The current deadline for when all US citizens aged 50 years or younger must have a Real ID license is May 2011.

Electronic Frontier Foundation (EFF) sums up the concerns of privacy advocates perfectly:

Once the IDs and database are in place, their uses will inevitably expand to facilitate a wide range of surveillance activities. Remember, the Social Security number started innocuously enough, but it has become a prerequisite for a host of government services and been co-opted by private companies to create massive databases of personal information. A national ID poses similar dangers; for example, because "common machine-readable technology" will be required on every ID, the government and businesses will be able to easily read your private information off the cards in myriad contexts.


As we move forward on this issue we must also be aware that Napolitano has also advocated for states rights to individually implement so-called "enhanced driver's licenses," which include an embedded RFID chip that allows for remote tracking.

So we are by no means out of the woods.

Click here to read the article in its entirety.

Monday, March 16, 2009

SF Chronicle Writes Strong Editorial Opposing Banking Industry Efforts to Gut CA Financial Privacy Law

This is fantastic news! Our coalition of consumer rights and privacy advocates are in the midst of an intensive effort to convince the Solicitor General (and the Obama Administration in general) - while there's still time - to take the side of California and our Constitutional right to privacy by opposing banking industry efforts to overturn the nation's strongest consumer privacy protections.

For the backdrop on this story, check out my post from last week. For today, I'll be brief: the banks are close to convincing the U.S. Supreme Court to overturn a landmark California law that allows consumers to control the use of their personal financial information. We, along with a coalition of other organizations, fought for years to get this law enacted over the big banks and their $10's of millions in campaign contributions and armies of high priced lobbyists. Since their defeat, the same financial giants that are largely responsible for our current economic meltdown and the subprime crisis that inspired it, have been trying to overturn our historic victory in court.

Now, the first major California newspaper (SF Chronicle) has weighed in. The good news is the paper wrote an unequivocal, impassioned defense of California's right to establish it's own privacy protection laws. As the Chronicle agrees, the Obama Administration must speak out loudly and clearly in opposition to the bank industry efforts to - at a time we taxpayers are forking over record sums of money to keep these institutions solvent - strip our state of the groundbreaking privacy protections we fought so hard to win....a rare example of the people prevailing over the profit interests of the big banks.

The SF Chronicle states:

The financial-services industry spent more than $20 million in lobbying expenses and campaign contributions to stave off consumer privacy protections. The measure finally cleared the California Legislature and was signed into law only after the waffling Davis was feeling the threat of a recall, and an outraged citizenry had produced the 600,000 signatures for a financial-privacy initiative that was far tougher than anything that would make it out of Sacramento.

The banking industry immediately went to court to try to overturn Senate Bill 1. In 2005, the U.S. Court of Appeals in San Francisco sustained most of the law, while preserving a bank's ability to share limited amounts of information with affiliates for measuring a customer's fitness for credit, insurance or employment.

The principle of the California law was sensible and straightforward: Customers should have the option to prevent banks from sharing the personal information they compile from your credit-card purchases, Web site visits, account balances or other transactions and activities.

...

What is especially galling is that the industry's argument for exemption from state laws is a product of the 1990s-era premise that consumers are necessarily best served when financial institutions are unencumbered by government regulation. The banks maintain that the 1996 Fair Credit Reporting Act and the regulation-lifting 1999 "Financial Services Modernization Act" - oh, does that name sound ironic in hindsight - were intended to shield them from most state regulation.

...

If this case does end up in the Supreme Court, the Obama administration should be firmly on the side of consumers. If banks and insurance companies want to make money from selling financial "profiles" of their customers, they should be required to ask them first. The bankers' main argument against the California law is that they need a national standard on privacy rules, not 50 state laws. Fair enough. Congress and the Obama administration should consider moving toward a federal law to give all Americans control of their personal financial information.

I will be posting on this topic again soon, as we'll have built a coalition up and written a letter to the Administration by then...which I'll share here.

Click here to read the entire editorial.

Thursday, March 12, 2009

Google's targeted behavioral advertising plan raises privacy concerns

I posted a detailed analysis of the ongoing conflict between privacy advocates and Google on Monday. Unfortunately, Google's recently released advertising plan only compounds this conflict. Before I get to those details, let me quote myself from Monday:

It's inarguable that Google is rapidly becoming the official technology sponsor of the nation and globe. For the sake of argument, let's just accept this as truth, and assume this company's reach and breadth will only grow. With that in mind, it becomes paramount - and beholden on all those that relish privacy - to keep a close eye on this global leader's attention to this constitutional protection as it relates to their technological innovations.

While it might be an exaggeration to say that Google has been hostile to privacy advocates and their concerns, they've been resistant to say the least. Google has become a concern for advocates for a myriad of reasons, stemming from their lobbying activities to the actual privacy implications of some of their product lines.

Click here to read that post in its entirety.

Now to the latest Google policy that has privacy advocates up in arms: the company's targeted (behavioral) advertising plan. As is often the case, the divergence between what corporations want versus what privacy advocates support stems from the clash between an "opt-in" policy versus an "opt-out". In this case, as with so many others, Google has gone with an "opt-out" policy...and a flawed one at that.

The real story here though is that Google has officially gone into the behavioral targeting business, as demonstrated by their acquisition of one of the world's biggest behavioral targeting ad companies, DoubleClick. Extend behavioral targeting through its online ad network -- the world's largest and most dominant."

Networld reports:

Google's proposal would bring user tracking to the world's largest ad network, said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "It's a disaster," he said. "It's about whether the most dominant Internet media firm should be able to exploit its access to Internet user data for advertising purposes. Google long maintained it would not do this type of advertising. Indeed, they claimed they didn't need to and they went after others who did."

...

The Center for Digital Democracy (CDD), another privacy advocacy group, will call on Google to allow users to opt in to behavioral tracking instead of requiring that they opt out, the current policy, said Jeffrey Chester, CDD's executive director. Chester applauded Google for allowing users to see and change their advertising profiles, but he said that step was not enough.

"It's a very incomplete and flawed safeguard," Chester said in an e-mail. "Missing from what users should know and control are the applications Google uses to develop the ad so it can target and collect data." Users should know if Google is using neuromarketing, viral marketing, rich immersive media and social networks, he said.

...

However, many Web surfers may find it difficult to find the user preferences, and links on the ads, saying "Ads by Google," don't clearly communicate that clicking on the link will take them to a page with a link for user preferences, Schwartz said. "If it's not opt-in [to targeted advertising], it's got to be opt-out that's extremely easy to use, and this is not opt-out that's extremely easy to use."

Schwartz is also disappointed that the Internet advertising industry has not gotten together to come up with better ways for Web surfers to control their advertising experiences, he said. Google chose a flawed way of honoring opt-out requests -- by putting a cookie on users' machines, similar to a frequently criticized model offered by the Network Advertising Initiative.

Many users and spyware software programs frequently delete cookies, Schwartz noted, although Google has offered a browser plug-in that will prevent the Google opt-out cookie from being deleted. "The cookie opt-out doesn't work, it's a bad idea," he said. "People who care about their privacy enough to opt out also are the same people who delete their cookies."

Click here to read more.

Tuesday, March 10, 2009

Supreme Court Signals Interest in Banking Industry Appeal to Overturn California's Landmark Privacy Law

First, here’s the backdrop on what could be a HUGE blow to personal privacy and the right of states to protect it. For three years the Consumer Federation of California and other privacy advocates worked to enact a law that would give consumers the right to stop banks and other financial institutions from sharing their personal information – including with “affiliates”.

Big banks, “Business Democrats” and Republicans teamed up to kill this legislation from 2000 until 2003. After consumer and privacy advocates collected 600,000 signatures to place a privacy initiative on the ballot, the banks acquiesced to avoid a disaster at the polls. Senate Bill 1 of 2003 (Speier) became law and California established the nation’s strongest financial privacy protections.

Now, the Supreme Court is poised to take the Banking Industry lobby’s appeal and possibly overturn portions of one of the most important victories for privacy advocates in recent memory. Yesterday, the Court asked the Obama Administration’s Solicitor General to give "advice" on the case.

But first, some more of the back story: after SB 1 was signed into law the financial institutions ran to court to overturn it. In 2005 the Court of Appeals for the 9th Circuit ruled that federal law pre-empted portions of SB 1 and remanded the matter to the Federal District Court to determine the extent of the preemption.

Then, on September 2008, five years after our initial “victory” was blocked, the 9th Circuit ruled that the District Court erred in ruling that federal law preempted California from all regulation of personal information sharing within a family of affiliated financial institutions. Instead, the court ruled that California consumers have the right to restrict the sharing of information that is not related to credit reports.

This ruling is significant because some large financial institutions have hundreds or even thousands of affiliates. Californians can now tell their banks not to hand out private information regarding what they earn, buy or borrow to hundreds of strangers who have no right to that information. Companies that don't comply face penalties of $2,500 per violation.

In other words, California consumers won a huge privacy victory last September…and now it’s threatened by the very same interests that are largely responsible for the current economic meltdown and the subprime crisis.

Azcentral.com reports:

The U.S. Supreme Court signaled interest in a banking industry challenge to a California law that restricts the ability of financial institutions to share information about consumers among company units.

The justices today asked the U.S. solicitor general, the Obama administrations top courtroom lawyer, for advice on an appeal by three industry trade groups. A federal appeals court in San Francisco upheld the California law, rejecting arguments that the 2003 consumer-privacy measure was pre-empted by the U.S. Fair Credit Reporting Act.



California Attorney General Jerry Brown says that Congress left states latitude to enact stronger privacy protections…The law was designed to prevent unwarranted intrusions into Californians private and personal lives, Brown argued. The Bush administration backed the banking industry at the lower court level.

Click here to read more.

We must now convince the Obama administration’s top courtroom lawyer – with the help of California’s two Senators (or whoever your Senate representatives may be) - to let the states set a superior privacy standard. Ultimately, an "ask me first" standard must prevail.

The Consumer Federation of California will work with our allies in the privacy rights movement to ensure that California law should govern privacy for all personal information that is not directly related to determining a consumer's credit worthiness.

Please come back to this site for more information on this topic and specific “action items” you can take.

Monday, March 9, 2009

Google and Privacy: Growing Concerns

It's inarguable that Google is rapidly becoming the official technology sponsor of the nation and globe. For the sake of argument, let's just accept this as truth, and assume this company's reach and breadth will only grow. With that in mind, it becomes paramount - and beholden on all those that relish privacy - to keep a close eye on this global leader's attention to this constitutional protection as it relates to their technological innovations.

While it might be an exaggeration to say that Google has been hostile to privacy advocates and their concerns, they've been resistant to say the least. Google has become a concern for advocates for a myriad of reasons, stemming from their lobbying activities to the actual privacy implications of some of their product lines.

As such, the Rose Foundation of Oakland, California, due to these growing concerns, rewarded Consumer Watchdog - a California consumer rights group - with significant funding to independently monitor Google's activities in Washington as well as in depth analyses of their products' privacy implications. For the past six months, Consumer Watchdog has constructively attempted to engage Google on its privacy problems - and the initial signs are not comforting.

In fact, the group's "monitoring" has so antagonized Google that Bob Boorstin, the company's Director of Corporate and Policy Communications, recently even urged the Rose Foundation to consider pulling the group's funding. Needless to say, there's quite a backdrop to this story, leading to a blistering response from Consumer Watchdog, including a letter to Google CEO Eric Schmidt, and an eventual "apology" from Google.

Some of what Consumer Watchdog has discovered to date include: Google lobbying Congress to weaken privacy protections for medical records stored in its Google Health programs (an issue we at CFC know very well) as well as stepped-up PR efforts targeting analysts, journalists, policymakers and think tanks in order to confront, undermine, and even silence "critics" (particularly of privacy) efforts to bring "sunlight" to Google's lobbying activities and products.

Privacy fears over Google latitude

On another note, there's a whole lot of buzz around a recent product released by the company called Google Latitude, which is designed to help users share their whereabouts, along with photos and short updates, with "small groups of friends and family members."While there appears to be some features built in to protect users' privacy, there are certainly a variety of privacy implications that remain unanswered, and worthy of debate.

To get to the heart of the issue, I'd suggest people check out ReadWriteWeb's Rick Turoczy's take on some of the concerns related to this product, a news clip from the BBC delving into the product's privacy pro's and con's, as well as Privacy International's discovery and analysis of what they believe to be a lack of adequate safeguards.

Some great breaking news to report: Thanks in large part to the efforts of the Electronic Frontier Foundation - Google is taking a strong and public stand on what legal privacy protections should apply if the government comes calling for the location data collected by Latitude.

Moving Forward: Steps Google Could Take

To quote Consumer Watchdog:

"Google should openly disclose all your lobbying positions on Capitol Hill. Google should publish all of its correspondence and policy communications to legislators, as we do, and as a way of practicing the open information culture it preaches. In Washington, unlike California, policy positions are often written on blank pieces of paper untraceable to the corporate authors. This is incompatible with Google's vision for the world.

Google should create a Chief Privacy Ombudsman, independent of your corporate structure and general counsel, that reports directly to you and the board of directors... dedicated not to the bottom line or a legislative agenda, but to honest dialogue about privacy would speak frankly to your board and serve you well."

Wednesday, March 4, 2009

The Newly Released Secret Laws of the Bush Administration

Two days ago - with not nearly the media coverage or attention one should expect for such revelations - the Obama administration released a series of Department of Justice documents that contained Bush administration decrees with regard to government power that LITERALLY wiped out the 1st and 4th Amendments, and essentially our entire Constitution and the balance of powers concept on which it is based. These are the documents that otherwise served as the Bush Administration's own secret laws - under which each and every one of us were ruled by and lived under for the past eight years.

Now, before I get to the brilliant explanation of these documents and what they mean by Glenn Greenwald of Salon.com let me just make a few quick, angry, and a bit overwhelmed points (learning that you haven't lived in anything close to a democracy for 8 years has a tendency to rattle me).

First, I just hope everyone that ever – for a second – thought maybe we were being paranoid or too partisan during the Bush years as it related to privacy and civil liberties has realized that if anything, we were too apathetic and trusting. We NOW KNOW, without a doubt, and for a fact, that for the past 8 years we have lived under a tyrannical dictator that essentially put a hold on our Constitution. As Greenwald will layout, not only was the government given carte blanch to wiretap and eavesdrop on us, but hell, the MILITARY had the freedom to smash down our doors and whisk us away if the President alone deemed it appropriate. Now those are what I would call the epitome of "violations of privacy".

These documents probably only scratch the surface of what went on. More are still likely to come out, others perhaps destroyed, and others might never be released. One thing is certain, what we now know has made a mockery of our country and Constitution.

It's more than just a little bit surreal to watch - now that Bush is out of office of course - the corporate media admit or even acknowledge that grotesque violations of our Constitution were commonplace over the past 8 years (though they sure were quiet during those years weren't they?).

So now that its clear we have unknowingly lived in tyranny (conservative constitutional scholar Jonathan Turley appropriately called these documents the very definition of "tyranny") for nearly a decade - in which our right to privacy was literally non-existent - what I'll be watching for is whether these crimes and criminals will be investigated and prosecuted (sadly Obama has tried to cover for them as much as he has expose them), whether our media will just press the national “forget” button by telling us to “look forward and not back” (Ahhh…Orwell would be proud!), and whether our country - and government - will seek to right these wrongs and re-establish privacy as a fundamental right (as well as all that "balance of powers" stuff)?

Constitutional scholar and writer for Salon.com Glenn Greenwald explains it better than I ever could, but I feel a little better for getting some of what I feel off my chest anyway :)

One of the central facts that we, collectively, have not yet come to terms with is how extremist and radical were the people running the country for the last eight years. That condition, by itself, made it virtually inevitable that the resulting damage would be severe and fundamental, even irreversible in some sense. It's just not possible to have a rotting, bloated, deeply corrupt and completely insular political ruling class -- operating behind impenetrable walls of secrecy -- and avoid the devastation that is now becoming so manifest. It's just a matter of basic cause and effect.

...

The essence of this document was to declare that George Bush had the authority (a) to deploy the U.S. military inside the U.S., (b) directed at foreign nationals and U.S. citizens alike; (c) unconstrained by any Constitutional limits, including those of the First, Fourth and Fifth Amendments. It was nothing less than an explicit decree that, when it comes to Presidential power, the Bill of Rights was suspended, even on U.S. soil and as applied to U.S. citizens. And it wasn't only a decree that existed in theory; this secret proclamation that the Fourth Amendment was inapplicable to what the document calls "domestic military operations" was, among other things, the basis on which Bush ordered the NSA, an arm of the U.S. military, to turn inwards and begin spying -- in secret and with no oversight -- on the electronic communications (telephone calls and emails) of U.S. citizens on U.S. soil.

...

More amazingly still, there is almost certainly a whole slew of other activities that remain concealed, and very well may remain undisclosed for years, as a result of the creepy Orwellian slogans embraced in unison by our political class -- look towards the future, not the past!; only "liberal score-settlers" want an investigation of any of this. That mentality is being aided by a new administration that seems bizarrely desperate to keep concealed the secrets of the old one. As but one example, we know that the Bush administration was engaged in certain surveillance activities aimed at U.S. citizens that were so patently illegal and wrong that even the right-wing fanatics in Bush's own Justice Department (such as John Aschroft) threatened to resign immediately if they didn't cease, yet we still, to this day, don't know what those domestic surveillance activities were.

The most vital point is that all of the documents released yesterday by the Obama DOJ comprise nothing less than a regime of secret laws under which we were governed. Nothing was redacted when those documents yesterday were released because they don't contain any national security secrets. They're nothing more than legal decrees, written by lawyers. They're just laws that were implemented with no acts of Congress, unilaterally by the Executive branch. Yet even the very laws that governed us were kept secret for eight years.

This is factually true, with no hyperbole: Over the last eight years, we had a system in place where we pretended that our "laws" were the things enacted out in the open by our Congress and that were set forth by the Constitution. The reality, though, was that our Government secretly vested itself with the power to ignore those public laws, to declare them invalid, and instead, create a whole regimen of secret laws that vested tyrannical, monarchical power in the President. Nobody knew what those secret laws were because even Congress, despite a few lame and meek requests, was denied access to them. What kind of country lives under secret laws?

...

And yet even with all of that, our political elites -- the same people who enabled all of this and cheered it on -- are doing everything possible to ensure that none of it gets examined and that there's no accountability for any of it, even if (or rather: especially if) it involves extreme acts of criminality at the highest levels of government. In fact, the only reason we know about most of it -- such as the CIA's destruction of 92 interrogations videos, at the direction of the White House, despite the direct relevance of that evidence to numerous pending investigations (that's called "obstruction of justice," a felony) -- is because groups like the ACLU (with whom I consult), EFF, the Center for Constitutional Rights and others have been so tenacious about trying to compel its disclosure and combat it. If our political class had its way, even the bits and pieces we've now seen would continue to be hidden in the dark.

Click here to read Greenwald's entire piece.

Monday, March 2, 2009

Wiretapping lawsuit may have its day in court

I think its pretty safe to say that the Obama administrations record on privacy has left much to be desired. This is not to say when it comes to torture, closing Guantanamo, ending the Bush administration's particularly gruesome version of rendition, and giving various prisoners their day in court the administration hasn't taken great strides. Indeed it has.

But issues related to civil liberties and those of privacy are not quite the same. And sadly, the fact the Obama DOJ has embraced Bush's state secrets privilege claim in the the Al-Haramain case demonstrates a clear desire to "protect the privacy" of a criminal government, but says nothing of its desire to protect the privacy of those whose rights have been violated.

This contradiction is displayed for all to see by the administration's attempts to halt a case challenging Bush's program of spying on terrorism suspects without first getting a court order. So, if you are the government or a telecom company your privacy is protected with an iron fist - if you're an American citizen who's privacy has been violated by the Government you're out of luck.

As Salon.com's Glenn Greenwald notes:

But it's now safe to say that far worse is the Obama DOJ's conduct in the Al-Haramain case -- the only remaining case against the Government with any real chance of resulting in a judicial ruling on the legality of Bush's NSA warrantless eavesdropping program. Here's the first paragraph from the Wired report on Friday's appellate ruling, which refused the Obama DOJ's request to block a federal court from considering key evidence when deciding whether Bush broke the law in how he spied on Americans:

A federal appeals court dealt a blow to the Obama administration Friday when it refused to block a judge from admitting top secret evidence in a lawsuit weighing whether a U.S. president may bypass Congress, as President George W. Bush did, and establish a program of eavesdropping on Americans without warrants.


And this leads me to the Los Angeles Times story on the court's rejection of the DOJ's attempt to protect Bush crimes and undermine the Constitution.

A federal appeals court rejected the Justice Department's bid to halt the lawsuit by a now-defunct Islamic charity over warrantless wiretapping. The failed attempt was the second time this month that Obama officials argued that the presidential "state secrets privilege" trumped federal law in national security matters, a position consistently maintained by President Obama's predecessor. The administration said national security would be compromised if the lawsuit by the Oregon chapter of Al-Haramain Islamic Foundation went forward.

...

The Obama White House has continued to defend Bush's claims to expanded powers to shield controversial counter-terrorism actions from lawsuits, alarming civil rights advocates who had expected a change in policy with the new president.

...

The American Civil Liberties Union and other groups have repeatedly attempted to take the government to trial over warrantless wiretapping but have been thwarted by federal court rulings that they lacked standing to sue unless their individual privacy rights had been violated. Of more than 50 challenges to warrantless wiretapping, only in the Al-Haramain case has evidence emerged that names U.S. citizens subjected to surveillance.

The case stems from classified documents that the Bush administration accidentally sent to the charity's Oregon chapter. Lawyers Wendell Belew and Asim Ghafoor, who represented the charity when it was being investigated by the Treasury Department, learned that their attorney-client discussions had been subject to eavesdropping by the National Security Agency.

Click here to read the rest of the LA Times article.

It goes without saying that Obama's support of the Bush administration's go to "secret recrords defense" - one that surely has successfully prevented the myriad of crimes against the constitution kept from seeing the light of day, represents a profound disappointment to all who cherish privacy and hoped the Obama administration represented comprehensive change. On more than one occasion on this very blog I have lambasted the use of secrecy claims by Bush and Co. to block judicial review of the President's conduct on issues related to wiretapping and eavesdropping.

Again, Greenwald asks the key question: Why is the Obama administration so vested in ensuring that Presidents continue to have the power to invoke extremely broad secrecy claims in order to block courts from ruling on allegations that a President has violated the law?

...

Yet here we have the Obama DOJ...trying desperately to keep the Bush administration's spying activities secret, and not merely devoting itself with full force to preventing disclosure of relevant documents concerning this illegal program, but far worse, doing everything in its power even to prevent any judicial adjudication as to whether the Bush administration broke the law by spying on Americans without warrants.

One point I remember making often during the Bush years was that once power is granted to a President, and no adequate punishment or opposition to it rises at that time, it will be very hard for a future President to give that power up. As I read these articles and review this administration's actions in defense of Bush and Co's secrecy claims, I wish I had been wrong.
The good news here is the court at least has rejected the Administration's bid to halt the lawsuit charging that President Bush broke the law by authorizing warrantless spying on terrorism suspects. Perhaps justice still may be served.