Tuesday, March 30, 2010

A Corporate/Government Alliance to "Reengineer" the Internet?

"The United States must also translate our intent into capabilities. We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options -- and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment -- who did it, from where, why and what was the result -- more manageable."

-- Washington Post Op-Ed by Michael McConnell, Executive Vice President of Booz Allen, one of the nation's largest private intelligence contractors. McConnel has also served as head of the National Security Agency under Bush 41 and Clinton, and was also W. Bush's Director of National Intelligence (DNI)

As you might expect, after a 7 day vacation I've got a ton to catch up on, so my time is short here today. Nonetheless, I just HAD to pass on this article by Constitutional scholar Glenn Greenwald regarding the absolutely astonishing, outrageous, and outright constitution eviscerating op-ed in the Washington Post by Michael McConnell.

Just be prepared to possibly lose some sleep tonight...because his central thesis - and what this guy says represents a growing consensus in the "security industrial complex" - is downright frightening and TOTALLY antithetical to EVERYTHING this country was supposedly founded upon.

I'll let Greenwald do the heavy lifting on this topic today, but suffice it to say, McConnell's proposal appears to go even further than the Bush Administration's Orwellian parody - but it wasn't - called the Total Information Awareness program (which he also had a hand in). Now, that massive data mining scheme was a bit much for even our post 9/11 frightened and shocked public, so never went very far. But astonishingly, it appears a similar concept is being peddled by yet another fear profiteer.

As I have often written about here, there is an emerging Fear-Industrial-Complex in this country, consisting of a growing host of characters and interests, from the Department of Defense to talk radio to the “the intelligence community” to conservative pundits to weapons/defense contractors to fearmongering politicians to the corporate media itself.

Many of these same interests that took advantage of 9/11 to ram through the Patriot Act are out in force once again - aided this time by a much more influential and powerful security industry.

As we all should be acutely aware of now, advancements in security technology may serve certain important purposes in specific situations, but more often than not, represent the continuing expansion of Big Brother's ability to monitor and record nearly everything we do - usually under the guise of "keeping us safe".

But another driving force in the expansion of the surveillance state, in addition to stifling dissent, monitoring "enemies" (both foreign and domestic), increasing power and control, or even ostensibly "protecting America", is the enormous sums of money that can be made from it.

It is this "revolving door" between private industry and the government, in this case as it relates to surveillance technologies and civil liberties, that lies at the heart of Greenwald's analysis of McConnell's inherent conflicts of interest, our totally corrupted political system, and that the grave threat it, and the proposals espoused in the Washington Post op-ed pose.

Greenwald writes:

In every way that matters, the separation between government and corporations is nonexistent, especially (though not only) when it comes to the National Security and Surveillance State. Indeed, so extreme is this overlap that even McConnell, when he was nominated to be Bush's DNI, told The New York Times that his ten years of working "outside the government," for Booz Allen, would not impede his ability to run the nation's intelligence functions.

That's because his Booz Allen work was indistinguishable from working for the Government, and therefore -- as he put it -- being at Booz Allen "has allowed me to stay focused on national security and intelligence communities as a strategist and as a consultant. Therefore, in many respects, I never left."

As the NSA scandal revealed, private telecom giants and other corporations now occupy the central role in carrying out the government's domestic surveillance and intelligence activities -- almost always in the dark, beyond the reach of oversight or the law.

...

Aside from the general dangers of vesting government power in private corporations -- this type of corporatism (control of government by corporations) was the hallmark of many of the worst tyrannies of the last century -- all of this is big business beyond what can be described. The attacks of 9/11 exploded the already-huge and secret intelligence budget. Shorrock estimates that "about 50 percent of this spending goes directly to private companies" and "spending on intelligence since 2002 is much higher than the total of $33 billion the Bush administration paid to Bechtel, Halliburton and other large corporations for reconstruction projects in Iraq."

...

Think about how dangerous that power is in relationship to the war I wrote about this weekend being waged on WikiLeaks, which allows the uploading of leaked, secret documents that expose the corruption of the world's most powerful interests. This "reengineering of the Internet" proposed by McConnell would almost certainly enable the easy tracing of anyone who participates. It would, by design, destroy the ability of anyone to participate or communicate in any way on the Internet under the shield of anonymity. Wired's Ryan Singel -- noting that "the biggest threat to the open internet is . . . Michael McConnell" -- documents the dangers from this "cyber-war" monitioring policy and how much momentum there now is in the Executive and Legislative branches for legislation to implement it (as a result of initiatives that began during the Bush era, under McConnell, and which continue unabated).

But there's something even worse going on here. McConnell doesn't merely want to empower the Government to control the Internet this way; he wants to empower private corporations to do so -- the same corporations which pay him and whose interests he has long served. He notes that this "reengineering" is already possible because "the technologies are already available from public and private sources," and explicitly calls for a merger of the NSA with private industry to create a sprawling, omnipotent network for monitoring the Internet...

...

In other words, not only the Government, but the private intelligence corporations which McConnell represents (and which are subjected to no oversight), will have access to virtually unfettered amounts of information and control over the Internet, and there should be "no borders" between them. And beyond the dangerous power that will vest in the public-private Surveillance State, it will also generate enormous profits for Booz Allen, the clients it serves and presumably for McConnell himself -- though The Washington Post does not bother to disclose any of that to its readers. The Post basically allowed McConnell to publish in its Op-Ed pages a blatant advertisement for the private intelligence industry while masquerading as a National Security official concerned with Keeping America Safe.

...

So here we have a perfect merger of (a) exploiting public office for personal profit, (b) endless increases in the Surveillance State achieved through rank fear-mongering, (c) the rapid elimination of any line between the public and private sectors, and (d) individuals deceitfully posing as "objective commentators" who are, in fact, manipulating our political debates on behalf of undisclosed interests.

Click here to read the article in its entirety.

I'll get to this more in future posts...

Friday, March 19, 2010

My Comments to the PUC on the Privacy Implications of a Smart Grid Electrical System

Click here to watch it (the workshop was March 19th and I came on just before 11 AM I think....right after the first speaker of our panel)...should be up soon...though it isn't as of Saturday evening. You can read it on the PUC website here. And remember, I'll be on vacation from Monday the 22nd, until Tuesday the 30th....

"The emerging Smart Grid electricity system will allow utilities to collect and possibly distribute detailed information about household electricity consumption habits - ice makers will operate only when the washing machine isn't, TVs will shut off when viewers leave the room, air conditioner and heater levels will be operated more efficiently based on time of day and climate.

Home gadgets and appliances will be wirelessly connected to the Internet so consumers can access detailed information about their electricity use, and reduce their carbon footprint appropriately.

The potential benefits of such a system are self evident, including: Reducing energy use and CO2 emissions (maybe 20% per home), preventing blackouts, spurring development of renewable energy sources, and improving customer service by locating trouble spots and dispatching maintenance teams to fix the problem.

The Consumer Federation of California supports these goals. But the paradox of a smart grid system is that what will ostensibly make it an effective tool in reducing energy usage and improving our electric grid – our information - is precisely what makes it a threat to privacy: our information.

Soon this technology will be near ubiquitous: Up to three-fourths of the homes in the United States are expected to be placed on the “Smart Grid” in the next decade, and there will be nearly 50 million by 2012. Some foresee it becoming 100 to 1000 times larger than the internet.

The sheer volume of data provided by Smart Grid technologies will make it a prospective goldmine for numerous parties other than the utilities themselves, for reasons other than energy efficiency, and used for purposes that do not benefit the consumer: advertisers and marketers will seek to create and utilize increasingly detailed behavioral profiles, law enforcement and the government will seek to monitor our homes, and criminals will seek to steal identities and rob homes.

As such, without proper safeguards and ironclad rules in place, a myriad of new privacy threats could eventually find their way into every home in America.

Activities that might be revealed through analysis of home appliance use include personal sleep and work habits, cooking and eating schedules, the presence of certain medical equipment and other specialized devices, presence or absence of persons in the home, and activities that might seem to signal illegal behavior.

Personal privacy issues routinely arise when data collected is harmless in isolation, but becomes a threat when combined with other data, or examined by a third party for patterns. In other words, what are the potential “unintended consequences” of such an electrical system? And more importantly, what must we do to ensure that those unintended consequences are never realized?

Such interest in our private data by third parties begs some important questions: How much information should we give up to the grid? Should it be up to the customer to decide? Who stores all that information and for what reasons? How will this information be managed and how long will it be stored? Who will come asking for that information, for what purposes and under what rules? And will there be proper and enforceable accountability for those that abuse our data?

Specific examples of such “unintended consequences” might include:

Travel agencies might start sending you brochures right when your annual family vacation approaches.

Financial institutions making home mortgage loans might also be interested in their customers’ energy usage records to verify whether the customers are actually living in those houses.

Law enforcement officials might use our information against us. Consider the predictable desire of police to locate in-home marijuana growers by monitoring household power usage? What about increasingly intrusive surveillance of proclaimed suspects homes?

Lawyers might seek to subpoena your data in a divorce trial, "Have you ever left your child home alone? If so, how often, and for how long?

• Insurance companies, always seeking to maximize profits by denying coverage or jacking up premiums, might start developing connections between energy use patterns – like eating late at night - and unhealthy tendencies.

Soon RFID tagged labels – read by smart meters – will be found on more and more of the food and prescription drugs that fill our refrigerators and cabinets. Could our health insurance go up because we eat too much unhealthy food? Might we start receiving mailers trying to sell us new prescription drugs that their detailed behavioral profile has led them to conclude we need?

Hackers and criminals might seek to falsify power usage, pass on their charges to a neighbor, take down the grid entirely, disconnect others, and plan burglaries with an unprecedented degree of accuracy.

• Some consumers are already getting statements that compare their use to their neighbors. Could we see a system develop in which some are penalized for more “wasteful” usage? What if the comparisons aren't fair? Will details such as the number of occupants be properly taken into account?

Landlords might be interested in know more about what's happening inside their properties.

If recent revelations regarding warrantless wiretapping, Patriot Act abuses and increasingly intrusive surveillance techniques are an indicator, we should also expect government agencies to come seeking our data.

Such privacy implications strike at the heart of the Fourth Amendment, the California Constitution, and a core American value: our right to keep private what goes on in our homes, and the inherent freedom that that right provides us.

The challenge that now stands before us is how to both protect consumer privacy while simultaneously empowering customers with the ability to access their data in near real time and potentially share it with entities other than the utility.

It is paramount then that our state’s transition to a smart grid system addresses the potential privacy pitfalls while we are in the early stages of its implementation; because once that genie is out of the bottle it’s difficult to put him back in.

A few principles we should keep in mind as we develop a regulatory framework will be consumer control, informed consent, transparency, security and accountability - including strict limits on the amount of data collected, its use, and the length of time it’s stored.

Such privacy safeguards will increase, not decrease, the long-term viability of, and consumer confidence in, the system itself. The only real conflict I foresee in implementing such a system is between those that want to protect their personal data versus those that seek to access and profit off it; as well as the expected public policy rush to get the system up and running before it’s truly ready.

The endless accumulation of our personal data – combined with the outlandish profits being made off it and growing government demand for it – represents a direct assault on our right to privacy. We would do well to contemplate the steady erosion of this right and its long-term implications.

Corporations, by definition, care about profit, not reducing energy usage, and certainly not protecting privacy, just as governments, particularly federal, care more about access and control.

Evidence of this abounds: Social networking sites store and publicly share unprecedented private details about their users without telling them what they are doing with that information. A recent study found that the 43 leading sites made privacy control settings difficult to find and to understand; and the defaults were almost always set to allow maximum dispersal of data.

Google’s CEO, Steve Schmidt recently stated "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

As you let that sink in, he also said: "… the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."

The facts bear witness to Mr. Schmidt’s worldview, as one Google product after another – from Google Buzz to Google Books - has been a virtual privacy train wreck. The company’s refusal to make public how often information about their users is demanded by, or disclosed to the government, is all the more disconcerting.

Facebook reportedly receives up to 100 demands from the government each week for information about its users. AOL reportedly receives 1,000 demands a month. In 2006, a U.S. Attorney demanded book purchase records of 24,000 Amazon.com customers. Sprint recently disclosed that law enforcement made 8 million requests in 2008 alone for its customer’s cell phone GPS data for purposes of locational tracking.

It wasn’t long ago that the idea of our government wiretapping American citizens without warrants for purposes other than national security would have been revolting. Now its official Government policy – and the telecom companies that participated in these crimes have been given retroactive immunity while continuing to make billions off overcharging the same customers they betrayed.

Nor was it long ago that we would have been rightly outraged by Patriot Act provisions – recently renewed – that allow for broad warrants to be issued by a secretive court for any type of record, without the government having to declare that the information sought is connected to a terrorism investigation; or that allow a secret court to issue warrants for the electronic monitoring of a person for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist; and of course, that allow the government to search your home as long as it doesn't tell you it did.

As for the Smart Grid, just this week the FCC went on record as saying, “the federal government should be granted limited access to utility bills from homes receiving federal energy efficiency funds…”

The trend line is all too clear. More concerning than any single threat posed by any single technology – including Smart Grid – is this larger pattern indicating that privacy as both a right and an idea is under siege. As young people grow up with so much of their information so public and accessible to all, including government, I fear their sense, appreciation and understanding of privacy will continue to fade away. The consequences of such a loss would be profound.

As noted privacy expert Bruce Schneier recently stated:

“…lack of privacy shifts power from people to businesses or governments that control their information. If you give an individual privacy, he gets more power…laws protecting digital data that is routinely gathered about people are needed. The only lever that works is the legal lever...Privacy is a basic human need…The real choice then is liberty versus control.”

Rapid technological advancement - without the requisite regulatory safeguards – will only add to the increasing disintegration of privacy rights in this country - something the Smart Grid could come to epitomize if we allow ourselves to be seduced by arguments that claim we have no time to spare or to just “trust” those with inherent conflicts of interest.

Elias Quinn, Sr. Policy Analyst of the University of Colorado Law School’s Center for Energy and Environmental Security recently summed up the challenge and responsibility before us:

“In the final analysis, the privacy problem posed by smart metering is only a difficult one if the data gets unleashed before consequences are fully considered, or ignored once unfortunate consequences are realized. But to ignore the potential for privacy invasion embodied by the collection of this information is an invitation to tragedy.”


I urge the Public Utilities Commission and the State Legislature if necessary, to provide an example to the rest of the nation by recognizing privacy as the Constitutional right that it is, and integrating at every point of the Smart Grid network ironclad protections. Now Jim Dempsey of the Center for Democracy and Technology will describe in detail how this can be done."

Thursday, March 18, 2010

Watch My PUC Presentation Tomorrow - Read Bruce Schneier's Latest

I want to reiterate my invitation to watch me present before the Public Utilities Commission tomorrow (watch the live webcast here) on the privacy implications of a Smart Grid electrical system. AS I posted last week, my panel begins at 10:30 AM and goes until noon (expect the statement to be right at the beginning).

Now, I don't want to give up too much of what I'm going to say (we each have an opening 10 minute written statement...then what's left of the 90 minutes will go to a panel discussion...of which I'm on), but I will let readers know that I'm not going to focus on the Smart Grid as if its in a vacuum.

Anyone that has read this blog probably knows that I like to serve as a "dot connector", and as such, the privacy threats that are posed by a Smart Grid system alone, aren't what's most worrisome. No, its the totality of the assault on both the right to privacy, and the very idea of privacy itself that I want to touch on too.

And to do that, I will establish a pattern, a kind of trend line, that should make us all take a step back and ask some bigger questions, particularly, what is privacy in the information age? And, what can we even do to re-affirm and protect it at a time it has been whittled away to almost nothing?

I will leave it there for today, because, I will post my statement to the PUC in full before once I give it.

My Vacation to Baja: March 22nd - March 29th

For readers, please know that, after posting my official statement here tomorrow or Saturday, I won't be posting again until at least March 30th, as I'll be visiting my father in Baja for a much needed vacation. I will be looking forward to gaining strength and rejuvenation from the land, from the ocean, and yes, from the whales (and my father).

It's possible that a colleague might post something here...but probably not.

With that, I thought this article in Networld about a recent speech given by privacy expert Bruce Schneier would be a fitting post before I go to the PUC. Needless to say, I think Schneier is simply RIGHT ON, about privacy, its endangered future, and the need to establish (at least try) tough new laws that address this issue in cyberspace.

Tim Greene of Network World reports:

The longer information-privacy policies go unset, the more likely it is that they never will be set, says Schneier, an author of books about security and CTO of security consultant BT Counterpane. As young people grow up with broad swaths of information about them in the public domain, they will lose any sense of privacy that older generations have.

...

As Schneier sees it, the problem is one of balancing control over data to maximize individuals' liberty. If individuals control data about themselves, that gives them liberty. If their information is controlled by the government, they lose liberty and power, he says. "If you give an individual privacy, he gets more power," Schneier says.

...

Social networking puts more information about individuals in front of the public with the illusion that it is private. But social networks don't try to help preserve privacy, Schneier says, citing U.K. research that found all 43 social networking sites reviewed make privacy control settings difficult to find and to understand. And defaults are almost always set to allow maximum dispersal of data, he says.

...

Mediating interactions with other people through computers -- social networking -- calls for setting policies about how information in those interactions is handled. "It's not natural," he says. "We now need policies where we didn't before."But people growing up living more of their lives in public won't know anything else. "By the time you graduate high school, you've been dumped on Facebook, and you're used to it," he says.

Click here to read more.

That's all for now...

Thursday, March 11, 2010

Smart Grid and Privacy: EFF Comments and Upcoming PUC Hearings

I've written quite extensively on the growing debate over smart electricity meters and the potential threat they pose to privacy (if we don't take the proper precautions).

To read my article on the subject that was published on the California Progress Report just click here.

As I also mentioned in past posts, in response to a rulemaking by the California PUC, and the lack of attention being paid to the concerns of privacy advocates to date on this issue, the Consumer Federation of California (CFC) recently joined The Utilities Reform Network (TURN) in urging the Commission to allow for a more comprehensive review and debate regarding such concerns.

I'm happy to report that not only has such a discussion been planned for March 19th by the CPUC, but yours truly, will be one of the panelists. Here's a few more details:

March 19, 2010
9:30 am – 4:30 pm
Auditorium
CPUC, 505 Van Ness Avenue, San Francisco, CA 94102

The workshop will focus on the rules that the CPUC should adopt to meet the objectives of providing access to:

1. Wholesale and retail price information,
2. Access to usage data for authorized third parties; and,
3. Access on a near real-time basis to usage data by consumers and/or authorized third parties.

Agenda

9:30 a.m. - 9:45 a.m. Welcome and Opening Comments:
Assigned Commissioner Nancy E. Ryan & ALJ Sullivan

9:45 a.m. - 10:30 a.m. Smart Meter Texas - Bob Frazier, Center Point Utility, will discuss the experience of Texas utilities in building a web portal to provide usage, cost, and customer interface

10:30 a.m. – noon Customer Perspective – Ensuring customer privacy

Panelists:
· Karin Hieta, DRA
· Marcel Hawiger, TURN
· Zack Kaldveer, CFC
· Jim Dempsey, CDT

1:00 p.m. - 2:30 p.m. Vendors Perspective – Creating a system capable of providing the data

Panelists:
· Duke Troxell, EDS
· Michael Terrell, Google
· Dave Mollerstuen, Tendril
· Mark Potter, EnerNoc

2:30 p.m. - 2:45 p.m. Break

2:45 p.m. - 4:15 p.m. Utility Perspective – Obstacles & Opportunities

Panelists:
· Paul DeMartini, SCE
· Ed Fong, SDG&E
· Andrew Tang, PG&E
· Bob Frazier, Center Point


For today, I wanted to post some of what the Electronic Frontier Foundation's Lee Tien - someone who's expertise I often use in writing this blog - had to say about Smart Grid and Privacy, the upcoming PUC hearings, as well as his own organizations filings to the PUC with the Center for Democracy and Technology.

Lee writes:

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes.

This isn't just a California issue. Many threats to the privacy of the home—where our privacy rights should be strongest—were detailed in a 2009 report for the Colorado Public Utility Commission. The federal government has been promoting the smart grid as part of its economic stimulus package, and last year, EFF and other groups warned the National Institute of Standards and Technology about the privacy and security issues at stake.

For example, security researchers worry that today’s smart meters and their communications networks are vulnerable to a variety of attacks. There are also questions of reliability, as PG&E faces criticism from California customers who have seen bills skyrocket after the installation of the new "smart meters." Unsurprisingly, California legislators are questioning the rapid rollout. Texas customers are also complaining.

There are far more questions than answers when it comes to this new technology. While it's potentially beneficial, it could also usher in new intrusions into our home and private life. The states and the federal government should ensure that energy customers get the protection they deserve.

Stay tuned...

Tuesday, March 9, 2010

Travelers File Suits Against Body Scanners As Their Use Expands

I want to do a quick update today on the progress of the friendly little digital strip searches that are coming to an airport near you. I speak of course of what has been coined as "Whole-Body-Imaging". As I wrote in my article "The Politics of Fear and "Whole-Body-Imaging", these full-body scanners use one of two technologies - millimeter wave sensors or backscatter x-rays - to see through clothing, producing images of naked passengers.

As I lay out in detail, there are MANY reasons to oppose the widespread use of these scanners, from the obvious, privacy, to the less so, they won't make us any safer. In fact, if you define the word "safe" as also including the concept of "safe" from government intrusiveness and fear peddling, than I would argue it makes us less so, not more.

A Review: Why Airport Body Scanners Should be Opposed

Before I get to the increasing use of these scanners, the growing number of customer complaints against them, and the efforts being made by privacy advocates to halt their implementation altogether until several health, safety and privacy issues are resolved, I want to just quickly highlight the main arguments against their use.

Before embracing this latest "terror fix", we should consider the larger context at work here: for every specific tactic we target with a new, expensive, and often burdensome security apparatus, the terrorist's tactics themselves will change.

Risks can be reduced for a given target, but not eliminated. If we strip searched every single passenger at every airport in the country, terrorists would try to bomb shopping malls or movie theaters.

Before we all run for the hills screaming "the terrorists are coming", willfully give up our civil liberties and freedoms, support wars on countries that did nothing to us, and sign off on wasting HUGE amounts of money on ineffectual security systems, consider this: Your chances of getting hit by lightning in one year is 500,000 to 1 while the odds you'll be killed by a terrorist on a plane over 10 years is 10 million to 1.

Does this sound like a threat worthy of increasing the already long list of airline passenger indignities? Isn't suffering through longer and longer lines while being shoeless, beltless, waterless, and nail clipper-less enough? Now we've got to be digitally strip searched too?

Then there are the privacy concerns regarding how images could be stored...and just the basic guttural reaction of "screw you I'm not letting you see me naked for no reason!" argument.

The Electronic Privacy Information Center, a public interest research group, published documents in January revealing that the machines can record, store and transmit passenger scans.

Are we really to believe the government won't allow these devices to record any data when the easy "go to" excuse for doing so will be the need to gather and store evidence? What about the ability of some hacker in an airport lounge capturing the data using his wi-fi capable PC - and then filing it to a Flickr album, and then telling of its whereabouts on Twitter?

For these reasons, privacy advocates continue to argue for increased oversight, full disclosure for air travelers, and legal language to protect passengers and keep the TSA from changing policy down the road. Again, what's to stop the TSA from using clearer images or different technology later?

Is the loss of freedom, privacy, and quality of life a worthwhile trade-off for unproven protections from a terrorist threat that has a 1 in 10 million chance of killing someone over a ten year time period?

Could all this hype be just another way to sell more security technologies, soften us up for future wars, increased spending on the military, and the evisceration of our civil liberties?Walking through a whole-body scanner or taking a pat-down shouldn't be the only two options for citizens living in a free society.

As the ACLU pointed out, "A choice between being groped and being stripped, I don't think we should pretend those are the only choices. People shouldn't be humiliated by their government" in the name of security, nor should they trust that the images will always be kept private. Screeners at LAX (Los Angeles International Airport) could make a fortune off naked virtual images of celebrities...The Bill of Rights extends beyond curbside check-in and if the government insists on using these invasive search techniques, it is imperative that there be vigorous oversight and regulation to protect our privacy. Before these body scanners become the status quo at America's airports, we need to ensure new security technologies are genuinely effective, rather than merely creating a false sense of security."

Number of Airports Using Scanners Increases as Customer Complaints Rise

The Homeland Security Department on Friday announced that it will expand the use of advanced imaging technology to 11 U.S. airports, thanks to $1 billion in Recovery Act funds. The TSA already has 40 units in 19 airports nationwide and expects to have an additional 450 deployed by the end of 2010.

The TSA plans to install close to 900 body scanners at airports around the U.S. by 2014. About 200 AIT scanners are expected to be deployed by the end of this year at a cost of $130,000 to $170,000 per device.

So the bad news is the government is moving full steam ahead. But, this is not to say there still isn't a vigorous opposition campaign underway. Documents obtained by the Electronic Privacy Information Center (EPIC) show that complaints have been lodged with the Transportation Security Administration (TSA) over the use of whole-body scanners at U.S. airports, particularly related to lack of instructions and information on alternatives.

Computerworld reports:

More than two-dozen complaints that were filed by travelers subjected to whole-body scans over the past year or so were included in a document obtained by EPIC as the result of a Freedom of Information Act lawsuit.

The 51 pages of documents show that travelers were often not fully informed about the scans or what the process involved. Some complained about a lack of instructions or signage regarding the scanning machines, while others said they were not informed about the pat-down alternative available to those who don't want to be scanned. Travelers also expressed concern about their privacy being invaded, of feeling humiliated, of radiation risks to pregnant women and of children being subjected to the scans.

The letters belie the TSA's claims about the disclosure policies related to the use of the technology and of the general level of concern related to its use, said Ginger McCall, staff counsel at EPIC. "The TSA has been reassuring people that travelers will be made aware of what these machines are and of the alternatives that are available," McCall said. The complaints suggest otherwise and appear to show less support for the technology than the TSA has let on, she said.

...

Privacy advocacy groups have claimed that the use of such scanners is tantamount to doing a strip search of air travelers. Security analysts and even the Government Accountability Office meanwhile have called for a thorough review of the effectiveness of the technology in day-to-day operations. Some have expressed concern that whole-body scanners will be ineffective in detecting explosives hidden in body cavities. Such concerns have already prompted a three-month review of the technology in Europe.

Click here for the rest of the article.

I go back to this quote a lot, but I think its important to remember everytime we have this larger debate over privacy versus security. Bruce Schneier, author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World, sums up the false choice perfectly:"If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.”

I would also point you to Dr. Amster, a professor of peace studies at Prescott College and the executive director of the Peace & Justice Studies Association:

And then there are the obvious matters of privacy and dignity. One need not be a constitutional scholar or privacy-rights advocate to appreciate the implications of conducting such invasive de facto "strip searches" on a widespread scale. ...The New York Times further noted that "others say that the technology is no security panacea, and that its use should be carefully controlled because of the risks to privacy, including the potential for its ghostly naked images to show up on the Internet." Indeed, as Baltimore Sun columnist Susan Reimer intoned:

"They say these full-body screening images - in which I am pretty sure we are naked - are immediately erased, but I don't believe them for a minute. Either somebody is keeping them on the hard drive to protect himself in case some terrorist gets by on his watch, or some enterprising guy is going to be selling Britney Spears' body scan to TMZ for a hundred thousand bucks. I mean this is America, land of the irrepressible entrepreneurial spirit."

Absent clear and enforceable limitations, it seems likely that such scenarios will ensue....Despite being known as a fairly Puritanical people in many respects - at least in terms of what constitutes "public decency" and the like - it seems that Americans perhaps are more permissive in their sense of decorum than we have been led to believe. Is it still voyeurism when the subject willingly desires to be watched? Must security and privacy exist in tension, or can they be fruitfully reconciled? Is constant surveillance becoming the baseline of our lives, and if so, who is watching the watchers? With the proliferation of public cameras, digital recorders, webcams, cellphone cameras and, now, terahertz scanners, we will be confronted with the implications of these technologies for the foreseeable future. The fact that our collective fears seem to be the leading edge of the debate doesn't bode particularly well for reasoned decision-making and the eventual utilization of new technologies for emancipation rather than subjugation.

And in the End …

The matter of full-body scanners presents a critical cultural referendum on basic questions of freedom and autonomy. The circumstances under which the issue is being presented - a climate of fear instilled by a well-hyped reminder of the shared trauma of 9/11 - make it almost impossible to have confidence in a sound and sober resolution. Moreover, the primary players behind the use of these technologies are imbricated within the workings of a growing military-industrial complex that continues to pervade more aspects of our lives. This watershed moment in the public dialogue about security and privacy is framed by an increasing militarization of everyday life in America, as indicated by a recollection of the loci in which companies like Rapiscan operate - namely, "at airports, government and corporate buildings, correctional and prison facilities, postal facilities, military zones, sea ports and border crossings." This list could easily expand to include schools, hospitals, malls, arenas, banks, stores, and more. Now is the moment to rein it in while we still have a window of self-determination in which to do so.

Friday, March 5, 2010

Pro-Civil Liberties "Candidate Obama" vs. Anti-Civil Liberties President Obama

I haven't been shy in sharing my utter disappointment in the Obama Administration when it comes to civil liberties and privacy (and just about everything else too). As I've often stated, the term "better than Bush" has little to no meaning to me, as, what could be worse than Bush when it comes to these issues? Is that really the bar we choose to judge people by these days? If it is, we are in one heap of trouble. When it comes to issues like privacy, we can't start grading on a curb...at least not one bent like that.

Now, before I get to a great article in American Prospect entitled Obama, Congress Wink at Massive Surveillance Abuses, I want to go through some of the list of betrayals, backtracking, and reversals by this Administration on substantive issues that the President RAN ON.

The list is getting, literally, too long for me to address these days. So forgive me for reaching back into my archives and getting some help...from myself.

We all know by now the Administration's whole-hearted embrace of Whole-Body-Imaging in airports.

As we also now know, both Obama and Holder have completely reversed themselves on the issue of wiretapping, by not only refusing to prosecute or investigate the program and/or those that carried it out, but have even expanded their defense of the program in some important key respects. Telecom immunity? You bet. Justice for those spied on? Hell no.

We also now KNOW, that it was President Obama himself that worked behind the scenes to ensure that absolutely no meaningful reforms to the Patriot Act were adopted...essentially a complete reversal of his positions as a Senator and Presidential candidate. Strange, he doesn't lift a finger for things like the public option or the Consumer Protection Agency, but man, he's one tough customer when it comes to protecting the Patriot Act.

Its as if we're watching a debate between the eloquent, pro-civil liberties "Candidate Obama" and the just as eloquent, anti-constitutional authoritarian, President Obama.

Senator Obama branded the Patriot Act "shoddy and dangerous" and pledged to end it in 2003. In 2005, he pledged to filibuster a Bush-sponsored bill that included several of these exact components recently extended, calling them "just plain wrong" in a Senate speech. He argued:

"Government has decided to go on a fishing expedition through every personal record or private document -- through library books they've read and phone calls they've made...We don't have to settle for a Patriot Act that sacrifices our liberties or our safety -- we can have one that secures both." It goes without saying, Obama reneged on those pledges.

But now let's hear from President Obama, who wrote in a letter that he was advocating IN FAVOR of the most abusive provisions in the Act to stand...the same ones he claimed were "shoddy and dangerous" as a Senator.

For instance, business and citizens groups can still have their records examined by the government with minimal checks on how the information can be used and more particularly used against. Individuals often based on flimsiest of evidence can still be targeted for monitoring and surveillance if suspected of being a potential terrorist.

Organizations and individuals can still be slapped with so-called roving wiretaps (taps that can be placed on an individual or group anywhere, anytime) again based on weak evidence or unfounded suspicion....

Now President Obama justifies keeping nearly all of Bush's terror war provisions in place with the standard rationale that the government must have all the weapons needed to deal with the threat of terrorism. If you think I'm confusing Bush and Cheney with Obama, sadly, you're wrong.

Then there was the Administration's radical interpretation and use of the "state secrets" privilege to block courts from hearing a host of information, from torture allegations to wiretapping claims. In other words, for the sole purpose of protecting those that committed crimes that the President vehemently criticized as a Senator and promised to address as a candidate.

And finally, for today's purposes anyway, we now know that the Administration is going along - in most respects - with the Bush policies of indefinite detention and military tribunals.

So, forgive me if I'm not surprised by today's article in the American Prospect. Julian Sanchez reports:

Here's how it was supposed to be. Under his administration, candidate Barack Obama explained in 2007, America would abandon the "false choice between the liberties we cherish and the security we provide." There would be "no more National Security Letters to spy on citizens who are not suspected of a crime" because "that is not who we are, and it is not what is necessary to defeat the terrorists." Even after his disappointing vote for the execrable FISA Amendments Act of 2008, which expanded government surveillance power while retroactively immunizing telecoms for their role in George W. Bush's warrantless wiretapping, civil libertarians held out hope that the erstwhile professor of constitutional law would begin to restore some of the checks on government surveillance power that had been demolished in the panicked aftermath of the September 11 attacks.

The serial betrayal of that hope reached its culmination last week, when a Democratic-controlled Congress quietly voted to reauthorize three controversial provisions of the USA Patriot Act without implementing a single one of the additional safeguards that had been under consideration -- among them, more stringent limits on the national security letters (NSLs) Obama had once decried. Worse yet, the vote came on the heels of the revelation, in a blistering inspector general's report, that Obama's Office of Legal Counsel (OLC) had issued a secret opinion, once again granting retroactive immunity for systematic lawbreaking -- and opening the door for the FBI to ignore even the current feeble limits on its power to vacuum up sensitive telecommunications records.

...

But as a detailed report released last month by the office of the inspector general (OIG) revealed, between 2003 and 2006, the FBI sought to stretch its NSL powers beyond even these ample boundaries. Investigators obtained thousands of records from telecommunications providers using a made-up process called an "exigent letter" -- which essentially promised that a proper NSL would be along shortly. Among those whose records were obtained in this way were reporters for The Washington Post and The New York Times -- in violation of both the law and internal regulations requiring that the attorney general approve such requests.

...

Following standard practice, the OIG sent a draft copy of its report to the FBI for comment before publication. Understandably distressed by the watchdog's finding that analysts had broken the law repeatedly and systematically over a period of years, FBI attorneys scrambled for retroactive cover. As a heavily redacted section of the report explains, they hatched a novel theory, according to which some broad class of records was actually exempt from the requirements of the ECPA, and therefore eligible to be handed over "voluntarily" by the telecoms. Even in the freewheeling days of the Bush administration, apparently, nobody had come up with this particular rationalization for evading federal privacy statutes -- but it would still serve as a retroactive excuse if Obama's Office of Legal Counsel could be persuaded to bless the new reasoning.

Shamefully, the OLC appears to have done just that in a secret opinion issued in January, just weeks before the publication of the OIG report. While it's impossible to know the precise scope of this novel legal loophole -- sufficiently clever parsing of the statutory definition of "subscriber" or "record" might generate a good deal of wiggle room -- the OIG stressed that this freshly discovered power "has significant policy implications that need to be considered by the FBI, the Department, and the Congress." It was a page straight from the John Yoo playbook: When intelligence agencies are discovered to have broken the law, simply reinterpret the law!

Click here to be increasingly disturbed.

Frankly, I'm running out of words and ways to express the degree of my discontent. Not just with this Administration of course, but with the increasing public acceptance, or at least apathy, when it comes to issues related to privacy and the constitution. It just feels like the slap in the face is a bit harder when it comes from a supposed "liberal" Constitutional Law professor.

I understand the pressures and powers (actually, probably don't fully) that must be at play once President. The military industrial complex, the intelligence community, the constant fearmongering from the right wing, and a corporate media that covers everything in a black and white, distorted haze, must represent a source of incredible pressure to "play the game". And that means, continue to abuse power.

As I used to write back in the dark days of the Bush Administration, just because a new President was coming into power, that by no means meant that ANY POWERS Bush first abused then claimed as his right, would be given up. As we know, its much more difficult to give up power once it has been given. And boy are we seeing that now...