Tuesday, June 28, 2011

America's Burgeoning Surveillance State and New FBI Powers

I want to expand on the op-ed I wrote last week entitled "The Patriot Act and the Quiet Death of the US Bill of Rights" by discussing a piece that ran in the Los Angeles Times by a representative of the CATO institute yesterday. I want to do that for a couple reasons. One, its a very good piece and delves more deeply into the FBI's increasing powers. And two, the fact that its written by someone representing what would be considered "far right" on the ideological spectrum reinforces and highlights one of the theses of my article...which was the opportunity to build a left/right opposition to core Patriot Act provisions.

Without going into my entire article again, suffice it to say, the most disturbing aspect of the recent extension of the Act was the three most controversial provisions failing to be modified or reformed. These include:

•    allowing broad warrants to be issued by a secretive court for any type of record, from financial to medical, without the government having to declare that the information sought is connected to a terrorism or espionage investigation;
•    allowing the FBI to obtain wiretaps from the secret court (i.e. “roving wiretaps”,) known as the FISA court, without identifying the target or what method of communication is to be tapped;
•    allowing the FISA court warrants for the electronic monitoring of a person (“lone wolf” measure ) for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist.

Another component of the Patriot Act to keep in mind before I get to the article is what are called National Security Letters (NSLs) – which allow the FBI, without a court order, to obtain telecommunication, financial and credit records deemed “relevant” to a government investigation. The FBI issues about 50,000 a year and an internal watchdog has repeatedly found the flagrant misuse of this power.

And now new guidelines from the Justice Department will allow FBI agents to investigate people and organizations "proactively" without firm evidence for suspecting criminal activity. The new rules will free up agents to infiltrate organizations, search household trash, use surveillance teams, search databases, and conduct lie detector tests, even without suspicion of any wrongdoing.

In other words, in light of ALL the documented abuses of these powers by the FBI for reasons OTHER than fighting terrorism - as advertised - rather than modify and/or reform them, we are doubling down on them, and increasing them.

Julian Sanchez has more:

Less than three years after the last major revision of its domestic surveillance guidelines, the FBI is preparing to loosen its restrictions on monitoring Americans. If this is not halted, we might find our privacy eroded beyond repair.

Agents are already free to search the public Internet and the federal government's vast and growing databases for information on groups or individuals — even if they aren't suspected of wrongdoing — without approval from a supervisor. Under rules implemented in 2008, they can go still further, digging up information in broader commercial databases, or consulting state and local law enforcement records, provided they open an "assessment." That isn't the same as an "investigation," which requires grounds for suspicion of criminal activity, but opening an assessment means that agents must at least create a paper trail and identify a legitimate purpose for their inquiries.

In 2008, we were told these rules would give the FBI the flexibility it needed to "proactively" ferret out national security threats. Now the FBI says these lax limits on its power are still too cumbersome: The next edition of the bureau's operational manual will give agents leeway to search all those databases with no approval or explanation, without opening an assessment and creating a paper trail.


...

The change in the rules will remove a crucial deterrent for any of the 14,000 FBI employees who might be tempted to use their government access to all kinds of databases for improper personal ends, or to flout rules prohibiting religious, racial and political profiling. This is no hypothetical concern: Shortly after the new guidelines were announced, a former CIA official alleged that the Bush administration had asked the spy agency to dig up dirt on academic and blogger Juan Cole, whose fierce criticism of the war in Iraq earned the ire of the White House.

The new manual will also give agents who have opened assessments
greater authority to employ physical surveillance teams. If the FBI thinks you might make a useful informant, agents will be free to dig through your garbage in hopes of finding embarrassing trash that might encourage you to cooperate. And they will be able to do this without first having to show any evidence that you are engaged in wrongdoing.

...


In an era in which an unprecedented quantity of information about our daily activities is stored electronically and is retrievable with a mouse click, internal checks on the government's power to comb those digital databases are more important than ever. That's why Sens. Charles E. Grassley (R-Iowa) and Patrick J. Leahy (D-Vt.) have asked the FBI to delay implementation of the new rules until the Senate Judiciary Committee can be briefed on the changes. But they should go further, as their colleague Jon Tester (D-Mont.) has done, and insist that the current rules already give the government more than enough leeway to snoop on innocent Americans.

If we aren't willing to say enough is enough, our privacy will slip away one tweak at a time.


Click here to read more.

The fact that the Patriot Act will continue for another four years with the same kind of lawlessness and abuse as the last ten is bad enough. But the fact we are seeking to give the FBI even more power, knowing how they have abused the powers they've already been given, borders on the insane. Clearly, as this article lays out one of the big privacy fight going on right now, and will continue to be fought: cybersecurity. 

Another big privacy fight coming is over the FISA Amendments Act, which will sunset next year. Also of note, the ACLU's challenge to that law has been reinstated by a Federal Appeals court. Stay tuned...I'll be covering all of the above right here.

Wednesday, June 22, 2011

Protecting Privacy (SB 914 - Leno): Police Searches of Smart Phone Data

Before I get to discussing the issue of "smart phone" searches, and a California bill to address it, let me just urge people to check out my recently published article "The Patriot Act and the Quiet Death of the US Bill of Rights."

Now to the issue of "phone searches". As I've argued quite often on this blog, the 4th Amendment has been under a withering assault over the last decade, particularly as a result of 9/11 and the Patriot Act.

One of the next areas of debate on this question is whether police, without a warrant, have the right to seize and search individuals smart phones or androids like they do a traditional cell phone? Its not hard to see why they should in fact be treated differently, being that modern cell phones are becoming more like all purpose computers than just phones, and therefore contain ALL KINDS of personal, private information the authorities have no right to without a warrant.

The problem is that in California, a privacy rights leader I should add, does not provide citizens with such protections. In fact, California's top court ruled against privacy in a case involving a 2007 arrest of someone who had purchased drugs from a police informant. Investigators later looked through the individuals phone and found text messages that implicated him in a drug deal. The suspect appealed the conviction, saying the evidence was gathered in violation of the Fourth Amendment, which prohibits unreasonable searches and seizures.

The justices disagreed: "The cell phone was an item (of personal property) on the person at the time of his arrest and during the administrative processing at the police station. Because the cell phone was immediately associated with defendant’s person, (police were) entitled to inspect its contents without a warrant."

But the court went further - comparing the cell phone to personal effects like clothing. Worse, it argued that it wasn't because the police had a particular right in this particular case, or there was some special exception that allowed such a search, but rather, it argues that no exception was even necessary. In other words, this case was not an exception, but rather the NEW rule: cell phone records are now of little difference than the shirt on your back if you've been arrested. This is a deeply disturbing precedent if it holds.

As MSNBC's Red Tape Chronicle reported at the time, "The next time you're in California, you might not want to bring your cell phone with you. The California Supreme Court ruled Monday that police can search the cell phone of a person who's been arrested -- including text messages -- without obtaining a warrant, and use that data as evidence. The ruling opens up disturbing possibilities, such as broad, warrantless searches of e-mails, documents and contacts on smart phones, tablet computers, and perhaps even laptop computers, according to legal expert Mark Rasch."

It doesn't take a genius to immediately see the danger in this ruling, and the way it seems to fundamentally misunderstand the nature of modern devices like the Smart Phone. Likewise, it opens the door for police to search the entire contents of iPhones.

As Mark Rasch also noted, "By applying the "personal property on the defendant's person" standard, Rasch said, the ruling could logically extend to tablets or even laptop computers. It also flies in the face of established law, which prohibits the warrantless search of briefcases by police, other than a quick search for weapons...modern phones that can store years' worth of personal information are a far cry from drugs hidden in a cigarette case or clothes pockets. There is a process for looking at data inside devices. It's called a warrant."

The California ruling was not unanimous. Dissenting Justice Kathryn Werdegar raised similar concerns in her opinion. "The majority’s holding ... (grants) police carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person...The majority thus sanctions a highly intrusive and unjustified type of search, one meeting neither the warrant requirement nor the reasonableness requirement of the Fourth Amendment to the United States Constitution."

In response to the ruling, Jonathan Turley, a Constitutional law expert at George Washington University, wrote, "The Court has left the Fourth Amendment in tatters and this ruling is the natural extension of that trend," he wrote. "While the Framers wanted to require warrants for searches and seizures, the Court now allows the vast majority of searches and seizures to occur without warrants. As a result, the California Supreme Court would allow police to open cell phone files — the modern equivalent of letter and personal messages.”

So now that I've provided a bit of a backdrop for you, let's get to an op-ed penned today by California State Senator Mark Leno in the California Progress Report entitled "You, and Your Smart Phone, Have a Right to Privacy":

He writes: 

If you like to attend political rallies, parades, protests or sit-ins, you might consider leaving your cell phone at home in the unlikely event arrests are made. A recent California Supreme Court decision allows police to rummage through all of the private information on your smart phone as part of an arrest, including your text messages and e-mails. This warrantless search is now legal in California, regardless of whether the information on the phone is relevant to the arrest or if criminal charges are ever filed.

Law enforcement has long had the right to search an arrestee in order to maintain officer safety and avoid destruction of evidence. Generally this included searching their clothing and other incidental items, such as a pack of cigarettes, where weapons or drugs could be hiding. Until now, smart phones were not included in this search.


...

Earlier this year I introduced a bill that would protect Californians against the Supreme Court decision allowing warrantless searches of the private information contained in portable electronic devices, including cell phones. Senate Bill 914 clarifies that an arrestee’s cell phone can only be accessed with a warrant, except in circumstances where there is an immediate threat to public safety or the arresting officer. It acknowledges that accessing information on a cell phone is fundamentally different than searching an arrested person’s wallet, cigarette pack or jeans pockets.

While SB 914 provides critical privacy safeguards for Californians, these protections are not new. Until the California Supreme Court decision earlier this year, state and local police correctly assumed that the state’s constitutional privacy protections prohibited warrantless searches of cell phones during an arrest. In addition, the Ohio Supreme Court has ruled that cell phone searches require a warrant, and federal law enforcement agencies also abide by the warrant protocol.


In most cases, searching a cell phone immediately during an arrest is an extraordinary measure. Once an arrest is made and the arrestee’s belongings are confiscated, a warrant for a cell phone search can be obtained if it is important to a criminal case. SB 914 will help ensure that a simple arrest – which may or may not lead to charges – is not used as a fishing expedition to obtain a person’s confidential information.

Read more here.

In the meantime for Californians however, this decision means warrantless searches of cell phones is essentially state law now. One suggestion I've heard is to use password-protection on your smart phones as a possible way to ward off a warrantless searches. While it's not clear that an arrested suspect could be compelled to divulge his or her password to police, at least legal arguments have not yet been made giving them that right.

As I have said, with the passage (and renewal) of Patriot Act, and the technological advancement of things like RFID tags and GPS tracking capabilities, the 4th Amendment is itself an endangered species. Just recently the Obama Administration has argued that prohibition against unreasonable searches and seizures does not apply to cell-site information mobile phone carriers retain on their customers.

In other words cell phones are becoming an avenue for government to subvert privacy in a number of significant ways....something we should all be aware of...and why we should support SB 914.

Monday, June 20, 2011

My Op-Ed: "The Patriot Act and the Quiet Death of the US Bill of Rights"

Just wanted to alert everybody to an op-ed I just had published on the California Progress Report (and looking to have it published elsewhere too). I want to drive traffic to the article, so I'm just going to give you a taste of it here:

The Patriot Act and the Quiet Death of the US Bill of Rights

With the stroke of an autopen from the other side of the Atlantic Ocean, the once articulate critic of the Patriot Act signed a four year extension of the most dangerous assault on American civil liberties in US history without a single additional privacy protection. 

One would think that this reauthorization would have incited vigorous debate in the halls of Congress and at least a fraction of the breathless 24/7 media coverage allotted the Anthony Weiner “sexting” scandal. Instead, three weeks ago the House (250 to 153) and Senate (72 to 23) approved, and the President signed, an extension of this landmark attack on the Bill of Rights with little notice and even less debate.

Most disturbing was the extension – without modification – of the Act’s three most controversial provisions:
•    allows broad warrants to be issued by a secretive court for any type of record, from financial to medical, without the government having to declare that the information sought is connected to a terrorism or espionage investigation;
•    allows the FBI to obtain wiretaps from the secret court (i.e. “roving wiretaps”,) known as the FISA court, without identifying the target or what method of communication is to be tapped;
•    allows the FISA court warrants for the electronic monitoring of a person (“lone wolf” measure ) for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist.

Also in need of reform, are what's called National Security Letters (NSLs) – which allow the FBI, without a court order, to obtain telecommunication, financial and credit records deemed “relevant” to a government investigation. The FBI issues about 50,000 a year and an internal watchdog has repeatedly found the flagrant misuse of this power. 

The Long Record of Patriot Act Abuses

Any meaningful debate over whether to reauthorize any and all of these provisions without significant additional privacy protections should include a few key questions. One, have these provisions made us significantly safer (i.e. are there documented incidences they have led to capturing terrorists plotting against us?)? Two, is there any evidence that they have been abused? Three, is their claimed usefulness somehow jeopardized by the kinds of modest reforms privacy rights groups (and others) advocate? And finally, have we created a dangerous constitutional precedent?

Thanks to the relentless work by groups like the American Civil Liberties Union (ACLU) - and information uncovered by the Freedom of Information Act - there is little to no evidence that these provisions, as written, have made us any safer. Yet there’s a long list of incidences of unadulterated government abuse and malpractice for a host of purposes other than fighting terrorism. In other words, the threat this Act, and these particular provisions pose to the basic Constitutional rights of American citizens is not hypothetical, but documented fact.

Continued on the California Progress Report.

Thursday, June 16, 2011

Facial Recognition Technology Comes to Facebook - Without Consent

As someone on Facebook, I don't want to sound overly melodramatic...but man is this creepy. Once again, Mark Zuckerberg, despite what you may think about the social network he ostensibly created, has proven himself to be an enemy of privacy if there ever was one.

I speak of the recent revelations that Facebook began utilizing facial recognition technologies without consumer consent.  And now, thanks to the Electronic Privacy Information Center, the first complaint to the Federal Trade Commission has been filed.

In addition to EPIC, there's also the reliable privacy stalwart in the House, Rep. Ed Markey, also calling on the FTC to look into this latest, in a long line, of privacy violations by the social networking site.

Not surprisingly, the European Union has launched an investigation into the feature, and Ireland and the UK's data protection officials are also in the midst of an inquiry. 

AS reported by PC World, "EPIC's central argument seems to be that Facebook may have run afoul of consumer protection laws with how it rolled out the feature. The site gave little warning to users that it was going live, and only admitted the procedure was a mistake after the fact."

"When it comes to users' privacy, Facebook's policy should be: 'Ask for permission, don't assume it,'" Rep. Markey said in a statement. "Rather than facial recognition, there should be a Facebook recognition that changing privacy settings without permission is wrong."

Indeed, EPIC highlighted in its complaint Facebook's seemingly careless attitude when it comes to changing user's privacy settings. EPIC cited the company's Beacon service, as well as the company's controversial policy of having a right to your data, even after you delete your account.
"Users could not reasonably have known that Facebook would use their photos to build a biometric database in order to implement a facial recognition technology under the control of Facebook," the complaint reads in part.
In addition to calling for the FTC to force Facebook to stop using facial recognition, EPIC is also asking the agency to require the company to develop a "comprehensive privacy plan," and forbid the site from reintroducing such a feature until its opt-out system is improved and "appropriate security safeguards" are established.

In other words, FB  is suggesting to your friends to tag you without asking you if its okay first. Like most Facebook features, the default setting for facial recognition is "on" - and users must "opt out"...instead of the always more preferable opt-in.

PC World has more: 

...if I upload six photos of my friend Kaitlin, Facebook may "recognize" her face (thanks to other tagged photos of her on the website) and "suggest" that I tag her in those six photos. This makes the tagging process a little easier for me--after all, aren't I more likely to tag Kaitlin if all I have to do is click a button that says "yes, tag away"? Another "benefit" is that I can tag all of these photos of Kaitlin at once--as Facebook said in a blog post, isn't it a whole lot better to be able to tag all of those photos of Kaitlin at once, instead of having to tag each one individually?

Sure, I guess it's easier. Easier for Facebook to invade my privacy, that is.

Ok, I know I sound a little melodramatic. But let's take a look at some facts here:

- Facebook has 600 million members....Each day, Facebook's members upload over 200 million photos, and Facebook currently hosts over 90 billion photos.

- Each time you "tag" a photo on Facebook, its facial recognition technology learns more about what that person looks like.

- Even if you happen to "opt out" of the facial recognition tagging, Facebook's technology can surely use the tagged photos of you (hey, perhaps even the tagged photos of you that you end up un-tagging) to figure out what you look like.

- Right now Facebook is using this technology to help people tag photos. But once they have an accurate facial recognition database of several hundred million people? Hmm.
 

...

Opting out of the service doesn't mean Facebook will stop trying to recognize your face--it just means that Facebook will stop suggesting that other people tag you. Even Google has noted the utter creepiness of facial recognition technology (though I suspect they're just waiting for Facebook to get burned).

Facial recognition technology will ultimately culminate in the ability to search for people using just a picture. And that will be the end of privacy as we know it--imagine, a world in which someone can simply take a photo of you on the street, in a crowd, or with a telephoto lens, and discover everything about you on the internet.


Obviously, we can't stop the world of technology from moving toward the development of accurate facial recognition software. But so far, no facial recognition software has really been a threat to our privacy, because nobody has that huge database of people and photos required. Oh wait, except Facebook totally does. 

This all goes back to a familiar topic of discussion on this blog, and that's data ownership. Clearly, Facebook believes your data is its data, to do with as it pleases. As I have written here before, I have a different perspective. Some questions to ponder then becomes, What kind of control should we have over our own data?

The argument by some, such as Mark Zuckerberg, is that all information should be public
, and as time goes on we'll only be sharing more of it. In addition, we all will benefit from this communal sharing of private information in ways yet to even be discovered. Already, from this sharing, we forge more online friendships and connections, old friends are reconnected, distant parents see pictures of their kids' day-to-day activities, jobs might be more easily found due to our profiles being more public, internet services improve as companies like Facebook and Google learn about peoples' Web browsing histories, sites are able to tailor content to the user, and so on, and so forth.

What concerns me is what are the side effects of living in a society without privacy? Not just on the net, or about our personal habits, but from the watchful eye of government, be it the knowledge that we could be wiretapped, that smart grid monitors are daily in home habits, that our emails can be intercepted, that our naked bodies must be viewed at airports, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move, that RFID tags allow for the tracking of clothes, cars, and phones...and the list goes on.

For more information on the general concept of biometrics and facial recognition as related to a National ID card, check out my post from May of 2010.

Monday, June 13, 2011

CA Legislation To Provide Data Breach Transparency Needed

One of the privacy bills we were very active on the past few years that was vetoed twice by Governor Schwarzenegger is back, with a much better chance of being signed due to a more privacy conscious Jerry Brown as Governor and increasing amounts of evidence its needed. The reason why I'm going back to this legislation, and the larger issue of data breaches today is that the excellent consumer reporter from the Los Angeles Times - David Lazarus - penned a great article last Friday on why this bill is so needed.

For readers of this blog - this bill info may sound familiar, but let me review some of what I have written about it in the past, and then I'll provide some key passages to the article by Lazarus, because new data has come to light recently that greatly adds to the argument that data breaches are becoming increasingly common, and damaging.

SB 24 (Simitian) - Protecting Personal Information - was vetoed in the form of SB 1166 last year. This was a particularly stinging loss because, while the Governor vetoed a nearly identical bill the year before (that's right...third times a charm!), he said to bring it back again with just a minor modification - which was made. Apparently, the Governor changed his mind.

Here's why this bill is important: A recent study by the Privacy Rights Clearinghouse indicated upwards of 530 million data breaches since 2005, including personal medical records, credit card numbers and Social Security numbers - with consumer accounts have been compromised in 2,520 known data breaches. According to a 2009 Javelin Research&Strategy, individuals are four times more likely to be the victim of identity theft in the year after receiving a data breach notification letter.

It goes without saying then, that these findings epitomizes the need for SB 24 (Simitian). California’s current security breach notification law does not require public agencies, businesses, or persons subject to that law to provide any standard set of information about the breach to consumers. As a result, security breach notification letters often lack important information - such as the time of the breach or type of information that was breached - or are confusing to consumers.

The bill will rectify this problem by amending California's security breach notification law stating that any public agency, person or business required to issue a security breach notification to more than 500 residents must submit the notification electronically to the Attorney General. This measure also would have required that the notification be written in plain language and include contact information regarding the breach, the types of information breached, and the date, estimated date, or date range of the breach.

With that, here's some of what David Lazarus added to this case today:

Sam Greyson was surprised to receive a new credit card the other day from Bank of America. He was also surprised to learn that the bank had changed his account number because of a security breach involving another business. But the thing that surprised Greyson most was that when he called BofA to find out more about the breach, he was essentially told to pound sand.

"They wouldn't tell us anything," he said. "They said we could read about it in the newspaper." That would change if legislation now making its way through Sacramento becomes law. The bill from state Sen. Joe Simitian (D-Palo Alto) would tighten California's existing breach-notification rules to require more detailed disclosure of privacy violations.
          ....
The latest breach came to light Thursday when Citigroup said the names, account numbers and email addresses of as many as 200,000 bank customers were accessed by hackers who broke into Citi's online account site. The Citi breach was discovered by the company in early May. Citi has declined to say why it took weeks to notify customers of the incident.
.....
Greyson, 56, said he was told the same by a BofA service rep. But when he managed to get a supervisor on the line, he said the bank acknowledged that "at least 100,000" accounts had been affected. Betty Riess, a BofA spokeswoman, declined to confirm this when I called seeking more info. She said only that "if we think a customer's account may be compromised, we will take steps to protect customers."

That's not good enough. As Greyson told me, he'd like to know which company was robbed or hacked so he can take his business elsewhere in the future.

Simitian's bill wouldn't give us that much sunlight. But it would require that customers be informed about the nature of the breach and what kind of information was compromised, as well as when the breach occurred and how many other people might have been affected.
.....

As I've said before, the keepers of our personal data have a great responsibility. If they're unable to keep the data safe, we have a right to know — and these businesses should bear the full weight of public accountability. Then we should go the next step and ensure that hacked companies share consumers' pain. I'm thinking their identities should have to be publicly revealed and they should pay a fine of, say, $500 for every customer account involved.

Maybe that would result in better security practices.

You can read more here.

SB 24 recently passed the Senate by an overwhelming vote of 31 to 6. Of course, last year, nearly identical legislation also won by similar margins in both houses of the legislature only to receive a puzzling veto message from then Governor Schwarzenegger that, "This bill is unnecessary, however, because there is no evidence that there is a problem with the information provided to consumers. Moreover, there is no additional consumer benefit gained by requiring the Attorney General to become a repository of breach notices when this measure does not require the Attorney General to do anything with the notices.”

As I wrote at the time, it's strange that the Governor saw fit to speak FOR consumers. Here's an idea, ask yourself whether its more helpful to receive a letter that provides more than just a notice that your information has been breached, but also what you can do about it, when it happened (so you can check that date against your credit card statements, etc.), and other useful, SPECIFIC information.

The bottom line is that this law IS NEEDED. The past few years have demonstrated that there are some holes that still need to be plugged. According to a survey of data breach victims, 28% of those receiving a notification did not understand “the potential consequences of the breach after reading the letter.”

For updates on how this legislation is progressing in the California Legislature, you can check out the page I've created on the Consumer Federation of California website.

Wednesday, June 8, 2011

Why Security Keeps Steam Rolling Privacy Concerns

I wanted to alert readers to an excellent article in Salon.com by a Daniel Solove regarding why the security argument keeps winning out over the privacy one - to the detriment to our freedom and civil liberties.

Certainly, last weeks extension of the Patriot Act - with next to no debate or critically needed reforms to protect privacy - is a stark example of this security versus privacy clash. Remember, it wasn't long ago that the American public, and certainly the majority of congressional Democrats would have been rightly outraged by Patriot Act provisions that allow for broad warrants to be issued by a secretive court for any type of record, without the government having to declare that the information sought is connected to a terrorism investigation; or that allow a secret court to issue warrants for the electronic monitoring of a person for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist; and of course, that allow the government to search your home as long as it doesn't tell you it did.

But that was then, this is now. Granted, during the Bush years there was at least some resistance in Congress to the Act, and at least some attention was given to the numerous, and continuous government abuses of the law. As the years have passed however, and a Democrat now sits in the White House, that resistance has largely evaporated, particularly with the last elections defeat of privacy champion Russ Feingold.

Again, as I have written in response to past Patriot Act extensions: An undeniable pattern has emerged over the past few years that fundamentally challenges the entire premise of a "war on terror" and exposes just how ineffectual and counterproductive these policies have actually been. The reoccurring theme goes like this: Powerful interests - inside and outside of government - sell fear as a way to justify the steady assault on our civil liberties, increased spending on military defense, and the growth of the surveillance state.

But here's another important piece of the puzzle that keeps popping up: more often than not the government HASN'T USED these expanded powers to actually fight terrorism (instead often to thwart anti-war protesters, bust small time drug dealers, monitor journalists, and who knows what else?) - as was promised. This begs a larger question, "Who has been targeted and why?"Another question worth pondering: Can we really "defeat" terrorism by embracing a less free and more fearful society (two primary goals of terrorists)?


With that, let's get to some key passages (he lays out 5 reasons we're losing this fight) of Solove's article entitled "Why "security" keeps winning out privacy". Here's some key passages:

Far too often, debates about privacy and security begin with privacy proponents pointing to invasive government surveillance, such as GPS tracking, the National Security Agency surveillance program, data mining, and public video camera systems. Security proponents then chime in with a cadre of arguments about how these security measures are essential to law enforcement and national security. When the balancing is done, the security side often wins, and security measures go forward with little to no privacy protections.
But the victory for security is one often achieved unfairly. The debate is being skewed by several flawed pro-security arguments. These arguments improperly tip the scales to the security side of the balance. Let’s analyze some of these arguments, the reasons they are flawed, and the pernicious effects they have.

The All-or-Nothing Fallacy
Many people contend that "we must give up some of our privacy in order to be more secure." In polls, people are asked whether the government should conduct surveillance if it will help in catching terrorists. Many people readily say yes.

But this is the wrong question and the wrong way to balance privacy against security. Rarely does protecting privacy involve totally banning a security measure. It’s not all or nothing. Instead, protecting privacy typically means that government surveillance must be subjected to judicial oversight and that the government must justify the need to engage in surveillance. Even a search of our homes is permitted if law enforcement officials obtain a warrant and probable cause. We shouldn’t ask: "Do you want the government to engage in surveillance?" Instead, we should ask: "Do you want the government to engage in surveillance without a warrant or probable cause?"

....

The Deference Argument
Many security proponents argue that courts should defer to the executive branch when it comes to evaluating security measures. In cases where Fourth Amendment rights are pitted against government searches and surveillance, courts often refuse to second-guess the judgment of the government officials. The problem with doing this is that, unless the effectiveness of the security measures is explored, they will win out every time. All the government has to do is mention "terrorism," and whatever it proposes to do in response -- whether wise or not -- remains unquestioned.

....

The Pendulum Argument
In times of crisis, many security proponents claim that we must swing the pendulum toward greater security. "Don’t be alarmed," they say. "In peacetime, the pendulum will swing back to privacy and liberty." The problem with this argument is that it has things exactly backward. During times of crisis, the temptation to make unnecessary sacrifices of privacy and liberty in the name of security is exceedingly high.

...

The War-Powers Argument
After Sept. 11, the Bush administration authorized the National Security Agency to engage in warrantless wiretapping of the phone calls of Americans. Headquartered in Maryland, the NSA is the world’s largest top-secret spy organization. The NSA surveillance program violated the Foreign Intelligence Surveillance Act (FISA), a federal law that required courts to authorize the kind of wiretapping the NSA engaged in. that it was acting legally under FISA. Instead, it argued that the president had the right to break the law because of the "inherent constitutional authority" of the president to wage war.

...

The Luddite Argument
Government officials love new technology, especially new security technologies like biometric identification and the "naked scanners" at the airport. The security industry lobbies nervous government officials by showing them a dazzling new technology and gets them to buy it. Often, these technologies are not fully mature. Security proponents defend the use of these technologies by arguing that privacy proponents are Luddites who are afraid of new technology. But this argument is grossly unfair.

...

These are just a few of the flawed arguments that have shaped the privacy/security debate. There are many others, such as the argument made by people who say they have "nothing to hide." We can’t have a meaningful balance between privacy and security unless we improve the way we debate the issue. We must confront and weed out the flawed arguments that have been improperly skewing the conversation.
All in all an excellent piece...read the rest here.