The Year in Wiretapping and the FBI's Next Generation of Biometrics

I've written a lot in recent months about the FBI's insatiable appetite for power and our apparent willingness to give it to them. In my recent Patriot Act op-ed I detailed ALL THE WAYS in which the FBI has violated the civil liberties of American citizens for all kinds of purposes OTHER than "protecting" us from terrorism.

I also discussed the use of what are called National Security Letters (NSLs) – which allow the FBI, without a court order, to obtain telecommunication, financial and credit records deemed “relevant” to a government investigation. The FBI issues about 50,000 a year and an internal watchdog has repeatedly found the flagrant misuse of this power.

And, I have discussed new guidelines from the Justice Department will allow FBI agents to investigate people and organizations "proactively" without firm evidence for suspecting criminal activity. The new rules will free up agents to infiltrate organizations, search household trash, use surveillance teams, search databases, and conduct lie detector tests, even without suspicion of any wrongdoing.

All in all, its a pretty dismal report card for the health of the US Bill of Rights. Sadly, there's more to report.

Let me begin quickly with the latest op-ed from Julian Sanchez detailing what he termed The Year in Wiretapping. Essentially, it updates a lot of the data I cited in my article. So let's get to the piece to see how our phone line privacy fared last year.

Sanchez writes:

....the annual Wiretap Report was finally released by the Administrative Office of the U.S. Courts, fully two months behind schedule (the first time in over a decade it’s been so late). While we often focus on the growth of the surveillance state in the context of national security and the War on Terror—such as foreign intelligence wiretaps, which aren’t counted in this report—it’s clear that surveillance is on the rise for ordinary law enforcement purposes as well. State and federal investigators obtained 3,194 wiretap orders in 2010, an increase of 34 percent over the previous year, and a whopping 168 percent increase over 2000. Only one wiretap application was denied—which you can choose to take as evidence that law enforcement is extremely scrupulous in seeking applications, or that judges tend to rubber stamp them, according to your preferred level of paranoia....

The average wiretap order swept up the communications of 118 people (since, of course, each individual target converses with many people, including many innocent people). If there were no overlap between wiretap orders, that would imply 376,892 people affected. Since it’s common for multiple orders to be sought as part of a single investigation, however, many of the same people are presumably being counted as having been caught under more than one wiretap order.  Even on the wildly charitable assumption that only a third of those were unique individuals, though, that  would still be well over 125,000 people spied upon, many innocent of any wrongdoing. 

Though such criminal intercepts are supposed to be “minimized” in realtime, to prevent the recording of innocent conversations, only 26 percent of intercepted communications contained incriminating material—which is to say, nearly three-quarters were innocent communications unrelated to criminal activity. (It’s possible some of these were partial intercepts discontinued once investigators realized the communication wasn’t pertinent—the report doesn’t make that clear.)

It’s worth bearing in mind here that the nature of wiretaps, as opposed to conventional physical searches, is that they always involve invading the privacy of somebody other than the target named in the warrant—indeed, as the numbers show, very many people. You have to wonder what we’d think if traditional physical search warrants permitted police to rifle through the belongings of dozens of innocent people for each genuine criminal.

Still, this invasive technique is still reserved for investigating the most serious violent crimes, right? Alas, no: For 84 percent of wiretap applications (2,675 wiretaps), the most serious offense under investigation involved illegal drugs. Further proof, if proof were needed, that privacy suffers enormous collateral damage in our failed drug war. Drugs have long been the reason for the vast majority of wiretaps, but that trend, too, is on the upswing: Drug cases accounted for “just” 75 percent of intercept orders in 2000.


In other words, as I wrote in my op-ed in describing Patriot Act abuses and the FBI, "Monitoring political groups and activities deemed “threatening” (i.e. environmentalists, peace activists), expanding the already disastrous and wasteful war on drugs, and spying on journalists isn’t about fighting terrorism, it’s about stifling dissent and consolidating power – at the expense of civil liberties. How ironic that the very “tool” hailed as our nation’s protector has instead been used to violate the very Constitutional protections we are allegedly defending from “attack” by outside threats. What was promised as a “temporary”, targeted law to keep us safe from terror has morphed into a rewriting of the Bill of Rights."

But wait...I'm STILL not finished. Now comes word, with special thanks to the Electronic Frontier Foundation's Jennifer Lynch, the FBI is pursuing what can only be called the next generation of Biometrics.

Before I get to some choice clips to Jennifer's article, let me refresh everyone on the concept of biometric identifiers - like fingerprints, facial, and/or iris scans. These essentially match an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template).

The next time someone interacts with the system, it creates another computer file
There are a number of reasons why such technological identifiers should concerns us.

So let's be real clear, creating a database with millions of facial scans and thumbprints raises a host of surveillance, tracking and security question - never mind the cost.

Privacy expert Bruce Schneier recently pointed out some of pro's and con's of a biometrics:

On the strength side, biometrics are hard to forge. It's hard to affix a fake fingerprint to your finger or make your retina look like someone else's. Some people can mimic voices, and make-up artists can change people's faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they've touched, and posted them on the Internet. We haven't yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they're not secrets.

With that, let's get to the article by EFF. Lynch writes:

Last week, the Center for Constitutional Rights (CCR) and several other organizations released documents from a FOIA lawsuit that expose the concerted efforts of the FBI and DHS to build a massive database of personal and biometric information. This database, called “Next Generation Identification” (NGI), has been in the works for several years now. However, the documents CCR posted show for the first time how FBI has taken advantage of the DHS Secure Communities program and both DHS and the State Department’s civil biometric data collection programs to build out this $1 billion database.

Unlike some government initiatives, NGI has not been a secret program. The FBI brags about it on its website (describing NGI as “bigger, faster, and better”), and both DHS and FBI have, over the past 10+ years, slowly and carefully laid the groundwork for extensive data sharing and database interoperability through publicly-available privacy impact assessments and other records. However, the fact that NGI is not secret does not make it OK. Currently, the FBI and DHS have separate databases (called IAFIS and IDENT, respectively) that each have the capacity to store an extensive amount of information—including names, addresses, social security numbers, telephone numbers, e-mail addresses, fingerprints, booking photos, unique identifying numbers, gender, race, and date of birth. Within the last few years, DHS and FBI have made their data easily searchable between the agencies. However, both databases remained independent, and were only “unimodal,” meaning they only had one biometric means of identifying someone—usually a fingerprint.

...

So why should we be worried about a program like NGI, which the FBI argues will “reduce terrorist and criminal activities”? Well, the first reason is the sheer size of the database. Both DHS and FBI claim that their current biometrics databases (IDENT and IAFIS, respectively) are the each the “largest biometric database in the world.” IAFIS contains 66 million criminal records and 25 million civil records, while IDENT has over 91 million individual fingerprint records.

Once these records are combined into one database and once that database becomes multimodal, as we discussed in our 2003 white paper on biometrics, there are several additional reasons for concern. Three of the biggest are the expanded linking and tracking capabilities associated with robust and standardized biometrics collection systems and the potential for data compromise.

Already, the National Institute for Standards and Technology, along with other standards setting bodies, has developed standards for the exchange of biometric data. FBI, DHS and DoD’s current fingerprint databases are interoperable, indicating their systems have been designed (or re-designed) to read each others’ data. NGI will most certainly improve on this standardization. While this is good if you want to check to see if someone applying for a visa is a criminal, it has the potential to be very bad for society. Once data is standardized, it becomes much easier to use as a linking identifier, not just in interactions with the government but also across disparate databases and throughout society. This could mean that instead of being asked for your social security number the next time you apply for insurance, see your doctor, or fill out an apartment rental application, you could be asked for your thumbprint or your iris scan.

This is a big problem if your records are ever compromised because you can’t change your biometric information like you can a unique identifying number such as an SSN. And the many recent security breaches show that we can never fully protect against these kinds of data losses.

The third reason for concern is at the heart of much of our work at EFF. Once the collection of biometrics becomes standardized, it becomes much easier to locate and track someone across all aspects of their life. As we said in 2003, “EFF believes that perfect tracking is inimical to a free society. A society in which everyone's actions are tracked is not, in principle, free. It may be a livable society, but would not be our society.”

Click here to read more.

As Bruce Schneier noted, "One more problem with biometrics: they don't fail well. Passwords can be changed, but if someone copies your thumbprint, you're out of luck: you can't update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you're stuck. The failures don't have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities."

Let's hope that none of this leads to the requirement that ALL AMERICANS carry biometric ID'S at some point, particularly with the fingerprint or the iris as the biometric identifier.

The ACLU put together an excellent fact sheet on a variety of the privacy implications associated with biometric identifiers, including whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes being the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

Similarly, as noted by Lynch, the ACLU also warns (now becoming a reality obviously), of the creation of dossiers about individuals and their activities in which a biometric identifier is used as a unique identifier to catalogue personal information about an individual - which would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Also noted by the ACLU:

Threat to Anonymity and Anonymous Speech: likelihood rises of using facial recognition to identify and surveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

Certainly more to come on this issue....

Digital Privacy, Data Mining, and the Future

Granted, that's a cryptic title...but sometimes privacy in the digital age is a cryptic subject. What are the real threats? How do we quantify them? Or is it all just paranoia - and we should give ourselves up to the Matrix that is Facebook, Google, and all the rest?

None of these questions are easy to answer. But, I do have some thoughts, and I do want to share with you two really comprehensive recent articles, one from MSNBC, and the other in TIME magazine, tackling the larger subject of digital privacy and data mining.

I want to largely provide key pieces of those articles, rather than get overly wordy myself. But, let me open with a few thoughts (yes, I realize I have said these things before), and then we'll get to the articles.

First, just what is "behavioral marketing" - because that's what this is really all about. I've found the description by the Center for Digital Democracy particularly useful:

Perhaps the most powerful - but largely invisible - force shaping our digital media reality is the role of interactive advertising and marketing. Much of our online experience, from websites to search engines to social networks, is being shaped to better serve advertisers. Increasingly, individuals are being electronically "shadowed" online, our actions and behaviors observed, collected, and analyzed so that we can be "micro-targeted." Now a $24 billion a year industry [2008 estimates] in the U.S., with expected dramatic growth to $80 billion or more by 2011, the goal of interactive marketing is to use the awesome power of new media to deeply engage you in what is being sold: whether it's a car, a vacation, a politician or a belief. An explosion of digital technologies, such as behavioral targeting and retargeting, "immersive" rich media, and virtual reality, are being utilized to drive the market goals of the largest brand advertisers and many others.

A major infrastructure has emerged to expand and promote the interests of this sector, including online advertising networks, digital marketing specialists, and trade lobbying groups.

• The role which online marketing and advertising plays in shaping our new media world, including at the global level, will help determine what kind of society we will create.
• Will online advertising evolve so that everyone's privacy is truly protected?
• Will there be only a few gatekeepers determining what editorial content should be supported in order to better serve the interests of advertising, or will we see a vibrant commercial and non-commercial marketplace for news, information, and other content necessary for a civil society?
• Who will hold the online advertising industry accountable to the public, making its decisions transparent and part of the policy debate?
• Will the more harmful aspects of interactive marketing - such as threats to public health - be effectively addressed?

To give you an idea how important this whole issue is, just last year privacy advocates - including Center for Digital Democracy, U.S. PIRG, and the World Privacy Forum - filed a complaint with federal regulators against tracking and profiling practices used by Google, Yahoo, Microsoft and other Internet companies to auction off ads targeted at individual consumers in the fractions of a second before a Web page loads.

The charge was that a "massive and stealth data collection apparatus threatens user privacy," and asks regulators to compel companies to obtain express consent from consumers before serving up "behavioral" ads based on their online history.

For instance, internet companies would be asked to acknowledge that the data they collect about a person's online movements through software "cookies" embedded in a Web browser allows advertisers to know details about them, even if those cookies don't have a person's name attached.

Privacy advocates have long argued that when enabled to protect their privacy and control their data people will do so. BUT, not if it’s made difficult, confusing, or time consuming. And this is why new rules, laws are so desperately needed for cyberspace...we need "systems" that will allow users to control their information in an easy, logical, and practical way.

More generally, particularly on the issue of privacy on the internet, as I have written here before, the fact that we have next to no privacy standards as related to these technological innovations and trends is disturbing, and more than enough of a reason for some of the bills being offered here.

This leads to a number of important questions, like: What kind of control should we have over our own data? And, what kind of tools should be available for us to protect it? What about ownership of our data? Should we be compensated for the billions of dollars being made by corporations from their tracking of us? And of course, what of the government's access to this new world of data storage?

The argument by some, such as Mark Zuckerberg, is that all information should be public, and as time goes on we'll only be sharing more of it. In addition, we all will benefit from this communal sharing of private information in ways yet to even be discovered. Already, from this sharing, we forge more online friendships and connections, old friends are reconnected, distant parents see pictures of their kids' day-to-day activities, jobs might be more easily found due to our profiles being more public, internet services improve as companies like Facebook and Google learn about peoples' Web browsing histories, sites are able to tailor content to the user, and so on, and so forth.

What concerns me, and some of these concerns are mentioned in both articles I'm going to feature today, is what are the side effects of living in a society without privacy?

I don't think its by accident that we are told by the same interests that profit off our information that privacy is dead, and people don't care about it anymore. Well, that's easy to say when you are the ones developing the complicated and difficult to find privacy settings consumers have to deal with. 

On that note, let's get to some of the key sections of the article by Bob Sullivan of MSNBC entitled "Why should I care about digital privacy?":

Welcome to the world of privacy experts like Larry Ponemon and Alessandro Acquisti. Their chosen field of work is an area where research can be pretty depressing. Consumer behavior shows, repeatedly, that people just don't care about privacy, no matter how much lip service they might give to the topic. Ponemon's research shows that most U.S. adults — 60 percent —claim they care about privacy but will barely lift a finger in an effort to preserve it. They don't alter Facebook privacy settings, they don't complain when supermarkets demand their phone numbers and they certainly don't insist on encrypted e-mail. LosHuertos' experiment underscores this point well. Even people who have experienced a "privacy mugging" often don't change their behavior.

...

The usual way to do grab attention to the topic is to trot out privacy nightmares, such as the secret dossiers that hundreds of companies keep on you (they do), the man who was accused of arson because his grocery store records showed he purchased fire starters (he was), or the idea that a potential employer may one day pass on you because your musical tastes suggest you will be late to work three time per week (they could). But privacy nightmares are beginning to feel a bit like the boy who cried wolf. Cyber experts have warned about both a Digital Pearl Harbor and an information Three Mile Island for more than a decade now; doesn't the absence of that kind of disaster show that perhaps privacy is no big deal?

...

For many, he thinks, there is a sense of learned helplessness — the feeling that their privacy is lost anyway, so why go through the hassle of faking a supermarket loyalty card application? For others, the decision tree is so complex that it's no surprise they usually take the easier option.

"There are so many mental steps we have to go through," he said. "Do I even know there is a potential privacy risk? If I do, do I know I there are alternative strategies, such as adjusting privacy settings? Do I know, or at least feel, that these will be effective, or are they a waste of time? And then, if they are effective, are they too costly in terms of time or effect? After all that, I may very well decide not to take those steps."
...

For starters, people almost always engage in "hyperbolic discounting" when faced with a privacy choice — they overvalue present benefits and undervalue future costs. You probably do that every day when you convince yourself that an extra cookie or scoop of ice cream is worth the bargain with your waistline. In the realm of privacy, judging such bargains can be impossible. What's the future cost of sharing your phone number with a grocery store? It could be nothing. It could be annoying phone calls or junk mail. It could be intense profiling by a marketer. It could ultimately be an increase to your health premium, as a medical insurance company one day decides you buy too much ice cream every month.

Despite recent rhetoric to the contrary, long ago America decided that there are realms where it's not OK to let consumers make decisions that guaranteed to cause self-harm. We don't let people eat in restaurants that fail health inspections; we don't let people buy buildings that aren't earthquake proof near fault lines; we don't let them buy cars without seat belts — even if all these options were cheaper, or somehow more enjoyable. Why? It's impossible for consumers to really understand the consequences of such actions at the time of the choice. We wouldn't expect every San Francisco home buyer to become an expert seismologist, or every eater to become a biologist. Even if you care nothing for personal safety, it would be a terribly inefficient way to run an economy.

Acquisti thinks it's time that society erected some strict safety rules around privacy issues, and end the charade of 27-page end user license agreements that no one — not even Acquisti — reads. The right answer for the majority of Americans who care about privacy but don't know what to do about it is for leaders to make some tough choices.

There are some efforts under way in that direction. There are no fewer than seven pieces of privacy-related legislation that have either been introduced in the U.S. House of Representatives, or soon will be. The most significant involves creation of the Do Not Track legislation, which would authorize the Federal Trade Commission to create a regime that forced companies to allow users to opt out of various data collection efforts. It would also give consumers a "right of access" to personal information stored by any company — a right Europeans have enjoyed for years. While the law is meant to evoke the very popular Do Not Call list, critics worry that few consumers would take the time required to opt out.

The Financial Information Privacy Act of 2011 would prevent banks from sharing customer information with third parties unless consumers opt-in, a significant step further along in privacy protection. Banks would then have to sell people on the idea of information sharing. (A detailed look at these proposals.)

Timid as they are, virtually all these bills have run up against ferocious industry lobbying. Facebook, among many other firms, has told the FTC it's worried that the Do Not Track initiative would stifle innovation.

...

Ponemon doesn't see Facebook as a panopticon — yet. But it doesn't have to go that far to put a serious dent in the American dream, he worries. People no longer expect to keep secrets, Ponemon said, which means that every stupid thing you do in high school will follow you around for the rest of your life. He is scared about the implications of that.

"The end of privacy is the end of second chances," Ponemon said. "Some people may think I'm just being a cranky old guy ... but the thing about what made this country great is our ancestors came with nothing. They didn't have a reputation, positive or negative. They could, like my dad, go to Arizona and become a dentist, something he couldn't do in his home country. The ability to reinvent ourselves has made great fortunes. The ability to do that today is significantly diminished because of all the information that is attached to us. Could we have another Thomas Edison now, who dropped out of elementary school in his first year (at age 7)? Maybe not."

Acquisti isn't just worried about the American way of life; he's worried about humanity itself.

"What I fear is the normalization of privacy invasions in a world where we become so adjusted to being public in everything that it is normal," he said. "I fear that world will be a world where we will be less human. Part of being human is having a private sphere and things you only share with special people, or with no one. I fear for the future of that world."

Acquisti, despite his exhaustive research on the subject, said he has no desire to persuade others to change their privacy-related behaviors. People make rational choices every day to share themselves with others, and to great benefit — they form relationships, find work and in extreme cases use social networking tools to fight for freedom, he said. People who want to share everything with everyone have the freedom to do so.

But it's freedom he's most interested in preserving — the freedom of some people to keep their lives private in a world while the costs of doing so are increasingly rising.

"It will become increasingly costly not to be on a social network, just as not having a mobile phone now is," he said. "It will dramatically cut people off from professional and personal life opportunities. The more people who join the social networks, the more costly it becomes for others to be loyal to their views."

In economics, it's called an "externality" — the costs of your choices go up because of factors that have nothing to do with you. On the Internet, it's called the network effect. In reality, it means that someone who has no interest in being on Facebook is now the last to know about last-minute parties, new romances, even weddings and funerals. (We've all heard at least once: "Didn't you see my Facebook post?")

As the network effect deepens, and the majority speeds down its road toward a completely open second life in the virtual world, society must work to preserve the right of the minority's desire to stay private in the first life — not unlike efforts we make today to preserve rights of other minority groups, such as the handicapped, Acquisti said.

"Freedom means making sure people have the option to stay off the grid; the more people surrender, the deeper the network effect, the more the punishment for being disconnected," Acquisti says.

Click here for more...and be sure to read the parts about things you can do to protect your privacy!

Now let's get to the Time magazine piece by Joel Stein entitled Data Mining: How Companies Now Know Everything About You, which goes into more detail about HOW your data is mined and by whom:

The Creep Factor
There is now an enormous multibillion-dollar industry based on the collection and sale of this personal and behavioral data, an industry that Senator John Kerry, chair of the Subcommittee on Communications, Technology and the Internet, is hoping to rein in. Kerry is about to introduce a bill that would require companies to make sure all the stuff they know about you is secured from hackers and to let you inspect everything they have on you, correct any mistakes and opt out of being tracked. He is doing this because, he argues, "There's no code of conduct. There's no standard. There's nothing that safeguards privacy and establishes rules of the road." 

At Senate hearings on privacy beginning March 16, the Federal Trade Commission (FTC) will be weighing in on how to protect consumers. It has already issued a report that calls upon the major browsers to come up with a do-not-track mechanism that allows people to choose not to have their information collected by companies they aren't directly doing business with. Under any such plan, it would likely still be O.K. for Amazon to remember your past orders and make purchase suggestions or for American Express to figure your card was stolen because a recent purchase doesn't fit your precise buying patterns. But it wouldn't be cool if they gave another company that information without your permission. (See "Will FTC's 'Do Not Track' Go Even Further than Expected?")

Taking your information without asking and then profiting from it isn't new: it's the idea behind the phone book, junk mail and telemarketing. Worrying about it is just as old: in 1890, Louis Brandeis argued that printing a photograph without the subject's permission inflicts "mental pain and distress, far greater than could be inflicted by mere bodily harm." Once again, new technology is making us weigh what we're sacrificing in privacy against what we're gaining in instant access to information. Some facts about you were always public — the price of your home, some divorce papers, your criminal records, your political donations — but they were held in different buildings, accessible only by those who filled out annoying forms; now they can be clicked on. Other information was not possible to compile pre-Internet because it would have required sending a person to follow each of us around the mall, listen to our conversations and watch what we read in the newspaper. Now all of those activities happen online — and can be tracked instantaneously. 

Part of the problem people have with data mining is that it seems so creepy. Right after I e-mailed a friend in Texas that I might be coming to town, a suggestion for a restaurant in Houston popped up as a one-line all-text ad above my Gmail inbox. But it's not a barbecue-pit master stalking me, which would indeed be creepy; it's an algorithm designed to give me more useful, specific ads. And while that doesn't sound like all that good a deal in exchange for my private data, if it means that I get to learn when the next Paul Thomas Anderson movie is coming out, when Wilco is playing near my house and when Tom Colicchio is opening a restaurant close by, maybe that's not such a bad return. 

I deeply believe that, but it's still too easy to find our gardens. Your political donations, home value and address have always been public, but you used to have to actually go to all these different places — courthouses, libraries, property-tax assessors' offices — and request documents. "You were private by default and public by effort. Nowadays, you're public by default and private by effort," says Lee Tien, a senior staff attorney for the Electronic Frontier Foundation, an advocacy group for digital rights. "There are all sorts of inferences that can be made about you from the websites you visit, what you buy, who you talk to. What if your employer had access to information about you that shows you have a particular kind of health condition or a woman is pregnant or thinking about it?" Tien worries that political dissidents in other countries, battered women and other groups that need anonymity are vulnerable to data mining. At the very least, he argues, we're responsible to protect special groups, just as Google Street View allows users to request that a particular location, like an abused-women's shelter, not be photographed. (See the top 10 Twitter moments of 2010.)

Other democratic countries have taken much stronger stands than the U.S. has on regulating data mining. Google Street View has been banned by the Czech Republic. Germany — after protests and much debate — decided at the end of last year to allow it but to let people request that their houses not be shown, which nearly 250,000 people had done as of last November. E.U. Justice Commissioner Viviane Reding is about to present a proposal to allow people to correct and erase information about themselves on the Web. "Everyone should have the right to be forgotten," she says. "Due to their painful history in the 20th century, Europeans are naturally more sensitive to the collection and use of their data by public authorities." 

After 9/11, not many Americans protested when concerns about security seemed to trump privacy. Now that privacy issues are being pushed in Congress, companies are making last-ditch efforts to become more transparent. New tools released in February for Firefox and Google Chrome browsers let users block data collecting, though Firefox and Chrome depend on the data miners to respect the users' request, which won't stop unscrupulous companies. In addition to the new browser options, an increasing number of ads have a little i (an Advertising Option Icon), which you can click on to find out exactly which companies are tracking you and what they do. The technology behind the icon is managed by Evidon, the company that provides the Ghostery download. Evidon has gotten more than 500 data-collecting companies to provide their info.

They're not even moving that much faster with the generation that grew up with the Internet. While young people expect more of their data to be mined and used, that doesn't mean they don't care about privacy. "In my research, I found that teenagers live with this underlying anxiety of not knowing the rules of who can look at their information on the Internet. They think schools look at it, they think the government looks at it, they think colleges can look at it, they think employers can look at it, they think Facebook can see everything," says Sherry Turkle, a professor at MIT who is the director of the Initiative on Technology and Self and the author of Alone Together: Why We Expect More from Technology and Less From Each Other. "It's the opposite of the mental state I grew up in. My grandmother took me down to the mailbox in Brooklyn every morning, and she would say, 'It's a federal offense for anyone to look at your mail. That's what makes this country great.' In the old country they'd open your mail, and that's how they knew about you." (Comment on this story.)

 

Data mining, Turkle argues, is a panopticon: the circular prison invented by 18th century philosopher Jeremy Bentham where you can't tell if you're being observed, so you assume that you always are. "The practical concern is loss of control and loss of identity," says Marc Rotenberg, executive director of the Electronic Privacy Information Center. "It's a little abstract, but that's part of what's taking place."

The Facebook and Google Troves
Our identities, however, were never completely within our control: our friends keep letters we've forgotten writing, our enemies tell stories about us we remember differently, our yearbook photos are in way too many people's houses. Opting out of all those interactions is opting out of society. Which is why Facebook is such a confusing privacy hub point. Many data-mining companies made this argument to me: How can I complain about having my Houston trip data-mined when I'm posting photos of myself with a giant mullet and a gold chain on Facebook and writing columns about how I want a second kid and my wife doesn't? Because, unlike when my data is secretly mined, I get to control what I share. Even narcissists want privacy. "It's the difference between sharing and tracking," says Bret Taylor, Facebook's chief technology officer. 

Since targeted ads are so much more effective than nontargeted ones, websites can charge much more for them. This is why — compared with the old banners and pop-ups — online ads have become smaller and less invasive, and why websites have been able to provide better content and still be free. Besides, the fact that I'm going to Houston is bundled with the information that 999 other people are Houston-bound and is auctioned by a computer; no actual person looks at my name or my Houston-boundness. Advertisers are interested only in tiny chunks of information about my behavior, not my whole profile, which is one of the reasons M. Ryan Calo, a Stanford Law School professor who is director of the school's Consumer Privacy Project, argues that data mining does no actual damage. (See "How Facebook Is Redefining Privacy.")

"We have this feeling of being dogged that's uncomfortable," Calo says, "but the risk of privacy harm isn't necessarily harmful. Let's get serious and talk about what harm really is." The real problem with data mining, Calo and others believe, arises when the data is wrong. "It's one thing to see bad ads because of bad information about you. It's another thing if you're not getting a credit card or a job because of bad information," says Justin Brookman, the former chief of the Internet bureau of the New York attorney general's office, who is now the director of the Center for Democracy and Technology, a nonprofit group in Washington. (Comment on this story.)

...

In 1989 I augmented some technology at a major financial services company that would track offers made to prospects to become customers, and I remained involved in this industry for 16 more years. I can tell you that most activity of this kind is innocuous and for the most part designed to send targeted advertising offers that will make people happy. However, there definitely are darksides.  Identity theft. Social Security numbers are not supposed to be released except for bonafide activities such as evaluating credit risk.  I have to think it's a violation of law if a financial services company has released your credit card number to a marketing company.  Track down the source of your social security number residing at a marketing company and I believe you will find a violator.  In addition, marketing companies have no real business seeking your social security number so that should be outlawed.

Politics. Companies like Acxiom supply consolidated personal data to political campaigns so that politicians can craft targeted messages to various demographic groups.  Since there are no 'truth in politics' laws, messages that are crafted lies are another misuse of this data.

Consoildated personal data is also used by the FBI.  This can be bad or good depending the FBI's intentions.

I think you get the gist...check out the whole piece here.

While much of this kind of data mining is innocuous, and won't do any specific damage, I would still argue its important to give people more control, or better, force companies to get our permission (i.e. opt-in) before our information is bought and sold. I'd also point out, that by definition, the larger the amount of information about us is stored, the easier it will be to get stolen or accessed by those we don't want to. And finally, because this has been a mammoth post as it is, I worry, again, about the very meaning of privacy, and what the ramifications are of it dissolving completely.

As Bruce Schneier noted, “…lack of privacy shifts power from people to businesses or governments that control their information. If you give an individual privacy, he gets more power…laws protecting digital data that is routinely gathered about people are needed. The only lever that works is the legal lever...Privacy is a basic human need…The real choice then is liberty versus control.”

Obama's (and Bush's) War On Privacy Targets The Internet

Wow...what can I say? Obama Administration seeks to "Wiretap the internet"...what's not to like about the sound of that news headline!?

Now, I've written in excruciating detail on this blog about what a total and complete disappointment President Obama has been on issues related to privacy and civil liberties. I'm not going to say that I expected his actions as President to fully match his words as a candidate (and constitutional scholar!). This is rarely EVER the case, particularly when it comes to issues related to national security, but this is getting downright ridiculous.

Sadly, what has become an ironclad, and increasingly dangerous "rule of thumb" in this country, is once a power is taken by the government (i.e. Patriot Act), or a civil liberty/constitutional protection erased, its gone...NO President, anymore anyway, once elected offers to "give" up power achieved by the President (s) before him. And boy oh boy has this remained true between the privacy eviscerating Administration of George W. Bush and that of President Barack Obama.

Now, before I get to the OUTSTANDING analysis of this leaked Administration proposal by Salon.com's Glenn Greenwald, let me first provide a bit more backdrop on it. Be it the Washington Post, New York Times or the San Jose Mercury News, the essential story is this: National security and U.S. law enforcement officials are preparing to submit a bill to Congress that would require all Internet companies to be able to tap into any online communications that they enable. While government officials say the legislation is needed because much communication among criminals and terrorists has moved online, privacy advocates called the proposal dangerous and excessive.

I want to provide a couple quotes from some of my privacy advocate friends too: Jeff Chester, executive director of the Center for Digital Democracy, a group that promotes the rights and interests of online consumers, said it "would give away the digital keys to our consumer data kingdom. This is too much to give away to any government, Republican or Democrat. This proposal should be fought by civil libertarians, consumers and business leaders."

The bill, which hasn't yet been released, would require companies that provide encrypted communications to be able to break into those coded signals upon receiving a legal wiretapping order,

Similarly, and thankfully, privacy advocates are challenging the claim that U.S. officials are losing their policing abilities. Let's be honest here, how can anyone in the world, with a straight face, say our government has LESS surveillance capabilities in the past, rather than MORE???

If I remember correctly, after the Sept. 11 terrorist attacks, Congress passed a succession of laws that has made it far easier for law enforcement and security officials to spy on online and other communications with or without warrants.

Marc Rotenberg, president of the Electronic Privacy Information Center, an online civil liberties group noted how the government "has also amassed massive databases of electronic information that it can use in investigations."

Privacy advocates are also arguing that providing a "back door" into online communications to allow government officials to spy on them would make those communications fundamentally insecure, providing a point of vulnerability that hackers could exploit. In Greece in 2005, hackers used just such a back door to eavesdrop on phone calls made by the prime minister and other officials.

"This is a bad idea," Rotenberg said. "Not just bad in the sense that it opens the door to Big Brother surveillance, but it "... puts Internet users and companies at greater risk of identity theft, corporate espionage and surreptitious spying."

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had "huge implications" and challenged "fundamental elements of the Internet revolution" -- including its decentralized design.

"They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet," he said. "They basically want to turn back the clock and make Internet services function the way that the telephone system used to function."

Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation, took issue with the move. "This proposal is a drastic anti-privacy, anti-security, anti-innovation solution in search of a problem.

He noted that in an official 2009 review of 2,400 federal, state and local law enforcement applications for wiretap orders, "encryption was encountered during one state wiretap, but did not prevent officials from obtaining the plain text of the communications."

But some additional context is needed on this I think. Consider also that a government report was just released (see my last post) detailing just how lawless the FBI's monitoring of "suspects", mostly peace activists and left wing protesters (non-violent of course), were...all under the guise of the Patriot Act and the phony "war on terror" (that pretty much justifies everything in the eyes of government now).

The spying could take the form of listening to phone calls, intercepting wireless communications, harassing photographers or infiltrating protest groups. Also discovered was the way in which agencies' are increasingly connected through various information sharing measures, making it more likely that information collected on an individual by a small police department could end up in an FBI or CIA database.

Remember, the Internet is the communication tool of choice now for political activism and organizing. Doesn't the fact that the report also noted how the FBI monitored peaceful protest groups and in some cases attempted to prevent protest activities (particularly against the war) provide us with one of the clear motives behind the Administration's plan to "wiretap the Internet"?

Or, if you don't believe that is its motive, and you believe, unlike the Bush Administration, it will be wise and judicious in its use of these monitoring capabilities, then what about the next Administration? Sorry, but I don't trust a "President Romney, Huckabee, Giuliani, or Palin" further than I can throw them.

Sadly, even though we have a Democratic President, a constitutional scholar that ran on protecting privacy no less, our expanding surveillance state has not been restrained, in fact its been accelerated.

Sometimes I'm astonished how little people on the left have come to grips with the fact that on issues ranging from indefinite detention to rendition to wiretapping to ASSASSINATION OF AMERICAN citizens to use of state secrets to defend Bush Administration civil liberties assaults (something Obama rightly criticized as a candidate) to now OPPOSING whistleblower protections (which he advocated in support of as candidate) to his embrace of all the key Patriot Act provisions he so adamantly criticized as a candidate (and recently even fought behind the scenes to ensure NO REFORMS were added that might protect civil liberties) to his support for whole body imaging machines in airports to his efforts to expand the use of National Security Letters, this President is no different, whatsoever, than Bush.

Just this past week we learned that the FBI "searched eight addresses in Minneapolis and Chicago," including the home of a well-known Palestinian American anti-war activist. The attorney for the activist believes that a recent Supreme Court case that allowed prosecution of humanitarian groups seen as aiding terrorists may be responsible for the raid. Now imagine the FBI with the power to monitor all internet advocacy and communications?

Also, JUST THIS WEEK, the Obama administration employed a "state secrets" defense to urge a federal judge to dismiss a lawsuit brought by civil liberties groups who say the targeting of a U.S. citizen for killing overseas is illegal.

With all of that, let's get to Glenn Greenwald's thoughts on this (we tend to REALLY see things similarly):

The tyrannical mentality of the UAE, Saudi and Bush DHS authorities are far from aberrational. They are perfectly representative of how the current U.S. administration thinks as well: every communication and all other human transactions must be subject to government surveillance. Nothing may be beyond the reach of official spying agencies. There must be no such thing as true privacy from government authorities.

Anyone who thinks that is hyperbole should simply read two articles today describing efforts of the Obama administration to obliterate remaining vestiges of privacy. The first is this New York Times article by Charlie Savage, which describes how the Obama administration will propose new legislation to mandate that the U.S. Government have access to all forms of communications, "including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct 'peer to peer' messaging like Skype." In other words, the U.S. Government is taking exactly the position of the UAE and the Saudis: no communications are permitted to be beyond the surveillance reach of U.S. authorities.

...

Then there is this article in The Washington Post this morning, which reports that "[t]he Obama administration wants to require U.S. banks to report all electronic money transfers into and out of the country, a dramatic expansion in efforts to counter terrorist financing and money laundering." Whereas banks are now required to report all such transactions over $10,000 or which are otherwise suspicious, "the new rule would require banks to disclose even the smallest transfers." "The proposal also calls for banks to provide annually the Social Security numbers for all wire-transfer senders and recipients." It would create a centralized database enabling the U.S. Government to monitor a vastly expanded range of financial transactions engaged in by people who are under no suspicion whatsoever of criminal activity...

...

That concept -- that the U.S. Government should not be monitoring, surveilling and collecting data on individuals who are not under criminal investigation -- was once the hallmark of basic American liberty, so uncontroversial as to require no defense. But decades of effective fear-mongering over everything from Communists to drug kingpins -- and particularly the last decade of invoking the all-justifying, Scary mantra of Terrorism -- has reduced much of the American citizenry into a frightened and meek puddle of acquiescence which not only tolerates, but craves, a complete deprivation of privacy.

Needless to say, both articles this morning are suffused with quotes from government officials tossing around the standard clichés about Scary Terrorists, Drug Lords, and other cartoon menaces hauled out to justify every expansion of government power and every reduction of individual privacy (that, of course, was the same rationale invoked by UAE and Saudi officials: "The UAE issued a statement explaining the decision, saying it had come because 'certain Blackberry services' allow users to avoid 'any legal accountability', raising 'judicial, social and national security concerns'.").

Leave aside the fact that endlessly increasing government surviellance is not only ineffective in detecting Terrorist plots and other crimes, but is actually counterproductive, as it swamps the Government with more data than it can possibly process and manage. What these Obama proposals illustrates is just how far we've descended in the security/liberty debate, where only the former consideration has value, while the latter has none. Whereas it was once axiomatic that the Government should not spy on citizens who have done nothing wrong, that belief is now relegated to the civil libertarian fringes.

...

What makes this trend all the more pernicious is that at exactly the same time that the Government is demanding greater and greater access to what you do and say, it is hiding its own conduct behind an always-higher and more impenetrable wall of secrecy. Everything you do and say must be accessible to them; you can have no secrets from them. But everything they do -- including even criminal acts such as torture, assassinations and warrantless surveillance -- is completely off-limits to you, deemed "state secrets" that not even courts can review in order to determine their legality. This is all driven by Francis Bacon's observation that "knowledge is power": the idea is to make sure that they have full knowledge of what you do (i.e., full power over it), while you have no knowledge about what they do (i.e., no power).

For those insisting that the Government must have the technological ability to eavesdrop on any and all communications in order to stop Terrorists and criminals, what are you going to do about in-person communications? By this logic, the Government should install eavesdropping devices in all private homes and public spaces, provided they promise only to listen in when the law allows them to do so (I believe there was a book written about that once). For those insisting that the Government must have the physical ability to spy on all communications, what objections could one have to such a proposal? We've developed this child-like belief that all Bad Things can be prevented -- we can be Kept Safe from all dangers -- provided we just vest enough power in the Government to protect us all. What we lose from that mentality, however, is quite vast yet rarely counted. A central value of the Internet was that it was supposed to enable the flow of information free from the surveillance and control of governmental and other authorities.

Click here to read the rest of Greenwald's post.

Its hard for me to add much to Greenwald's points, as they're so right on. Its obviously hard to argue that privacy, as both a right and an idea, isn't literally whithering away on the vine before our very eyes.

Fear as an argument, no matter how ludicrous or exaggerated, trumps privacy these days, as least when it comes to coverage in the corporate media, or positions taken by the entire Republican Party and probably a majority of the Democrats. I find it particularly dismaying that the tables have been so turned that the onus (and derision) has been placed on those that simply believe the government, or corporate America for that matter, should not have access to everything we do, particularly when we have committed no crime. Now we must prove that whatever the latest power the government seeks to enshrine as law won't stop an attack (and if we can't prove this negative, we are endangering Americans!)or how it could specifically harm us...rather than the onus being on those seeking to circumvent our privacy and rights in the name of "national security."

As I have asked many times before on this blog, is the loss of freedom, privacy, and quality of life a worthwhile trade-off for unproven protections from a terrorist threat that is far less a concern that being struck by lightening?

This increasingly intrusive surveillance state threatens the very concept of privacy, particularly privacy as a necessary requisite for liberty, which I believe it is. With privacy comes control, with control comes at least a semblance of power. The Internet is where so much of the future of political dialogue, activism, and communication will occur...I think it would be a gross mistake to allow open access to the government...we've seen how the FBI has used such monitoring capabilities when it comes to the telephone or wireless computers.

The likelihood a terrorist like Bin Laden will destroy us is extremely low…but the likelihood that our banana republic economy will is extremely high (made only higher by the amount we spend on “defending” against a mythical “enemy”). Yet, we are being led to believe there is this grave, terrorist threat out there…and there's no amount of resources we won't spend to "fight it."

I question the very premise that the government benefits from, or certainly that we need, such an all encompassing surveillance state. Remember, our military, our CIA, our spying agencies (such as NSA) are every bit corporate as they are governmental: in some cases more so. So complete is the merger that it's the same people who switch seamlessly back and forth between governmental agencies and their private "partners". This means we have not only a vast Secret Government, but one that operates with virtually no democratic accountability and is driven not by National Security concerns but by its own always-expanding private profits.

All this begs the question: who is really benefiting from this expanding surveillance state and why? More on that in future posts...

A National ID Card With Biometrics? Really?

I do find it a bit ironic that the same Senator Schumer seeking to force Facebook to change its privacy policies - rightly so I might add - is simultaneously leading the push in Congress to require all Americans to have national ID cards.

The concept for a National ID Card with biometric identifiers - like fingerprints, facial, and/or iris scans - is being proposed for inclusion in the coming immigration reform legislation. There are a number of reasons why this concerns me, most notably the fact that its part of much larger pattern of government expansion of power through increasingly intrusive assaults on our civil liberties. All of course, in the name of keeping us safe, and protecting us usually from one kind of brown person or another. Now, instead of pandering to those afraid of "terrorists" on every street corner, this seems to be pandering to those unduly afraid of the "illegal immigrant threat".

Consider, biometrics technology is the computerized matching of an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file (often called a sample), and compares it to the original template or tries to find a match in its database. Because every sample is a little different, biometrics really asks whether the sample is similar enough to the template.

So let's be real clear, creating a database with 100's of millions of facial scans and thumbprints raises a host of surveillance, tracking and security questions, and consumer hassles with the DMV - never mind the enormous cost.

Privacy expert Bruce Schneier recently pointed out some of pro's and con's of a biometric based ID:

Biometrics can vastly improve security, especially when paired with another form of authentication such as passwords. But it's important to understand their limitations as well as their strengths. On the strength side, biometrics are hard to forge. It's hard to affix a fake fingerprint to your finger or make your retina look like someone else's. Some people can mimic voices, and make-up artists can change people's faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they've touched, and posted them on the Internet. We haven't yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they're not secrets.

And a stolen biometric can fool some systems. It can be as easy as cutting out a signature, pasting it onto a contract, and then faxing the page to someone. The person on the other end doesn't know that the signature isn't valid because he didn't see it fixed onto the page. Remote logins by fingerprint fail in the same way. If there's no way to verify the print came from an actual reader, not from a stored computer file, the system is much less secure.

...

A more secure system is to use a fingerprint to unlock your mobile phone or computer. Because there is a trusted path from the fingerprint reader to the stored fingerprint the system uses to compare, an attacker can't inject a previously stored print as easily as he can cut and paste a signature. A photo on an ID card works the same way: the verifier can compare the face in front of him with the face on the card.

Fingerprints on ID cards are more problematic, because the attacker can try to fool the fingerprint reader. Researchers have made false fingers out of rubber or glycerin. Manufacturers have responded by building readers that also detect pores or a pulse.

The lesson is that biometrics work best if the system can verify that the biometric came from the person at the time of verification. The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system.

...

One more problem with biometrics: they don't fail well. Passwords can be changed, but if someone copies your thumbprint, you're out of luck: you can't update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you're stuck. The failures don't have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities.

Biometrics are easy, convenient, and when used properly, very secure; they're just not a panacea. Understanding how they work and fail is critical to understanding when they improve security and when they don't.

So, from Schneier's perspective, it does seem that requiring ALL AMERICANS to carry these, particularly with the fingerprint or the iris as the biometric identifier, doesn't make much sense, and poses a significant threat to ones identity being stolen - not protected.

The Consumer Federation of California joined with the ACLU and a host of other organizations to oppose the transition to biometric drivers licenses here in California not long ago. Some of the privacy concerns we raised during that debate include:

Right to Privacy – Personal Freedom and Security

o Whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes are the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

o The Creation of Dossiers about Individuals and their Activities: Where a biometric identifier is used as a unique identifier to catalogue personal information about an individual, it would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Threat to Anonymity and Anonymous Speech: Unless current law is changed, the biometric thumbprints and facial scans from the DMV will be used in criminal investigations, and as public and private surveillance cameras become more ubiquitous, the likelihood rises of using facial recognition to identify and surveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

o What is the "bang for the buck" that California (or in this case the US) would get from undefined changes being proposed in the nature and use of these biometric databases? How much is the whole system going to cost? How much would be borne by the state, how much would be borne by individuals?

We do know that creating biometric database systems (facial image and thumbprint) will be very costly, and even more costly to do correctly (in addition to the technology, staff needs be trained, and there must be technical and due process protections in place to ensure that people’s licenses are not wrongly denied or taken away because of an error).

The Legislative Analysts Office raised their own privacy concerns, particularly regarding whether the data would be stored by a private vendor, and whether states that have experienced a 5-10 percent reduction in fraud using biometrics is necessarily relevant to state's that already have secure cards and issuance processes. In other words, the Legislature (or Congress in this case) would need to assess costs of implementing a biometrics system in light of the cost of implementing other solutions and the actual number of fraudulent IDs prevented.

EFF, in its opposition to this concept as a component of PASS ID (a slightly scaled back version of REAL ID), wrote:

Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure "real" drivers' licenses. PASS ID creates new risks -- it calls for the scanning and storage of copies of applicants' identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database.

...proponents of the national ID effort seem blissfully unaware of the creepy implications of a "papers please" mentality (think Arizona) that may grow from the issuance of mandatory federal identification cards.

Do we really want to create a multibillion-dollar program - at a time of economic recession and growing deficits - that enhances opportunities for identity theft, turns state motor vehicle departments into arms of U.S. Immigration and Customs Enforcement and will almost certainly lead to harassment of immigrants, legal or otherwise?

It would also complicate efforts by some states to issue driver's licenses to illegal immigrants, because such licenses would require special markings to signal that the bearer is here illegally. Sensible measures to enforce our immigration laws is one thing, but anything that discourages undocumented immigrants from getting driver's licenses endangers all drivers on the road and raises insurance costs for everyone.

So if we put everything into that one document – make it the be-all and end-all of identification for most Americans – what might we have? An invasion of ordinary citizens' privacy and phony documentation in the hands of identity thieves and potential terrorists that we believe too readily is authentic.

Let's remember too the state reaction to REAL ID, with at least 42 states have considered anti-Real ID legislation, and another 25 states have enacted anti-real ID bills or resolutions, and fourteen of those states have passed binding legislation prohibiting participation in the Real ID program. Six more states have already passed resolutions or statutes in 2009.

Imposing a first-ever national identity card system, even if just for employment, would violate privacy by helping to consolidate data and facilitate tracking, and over time its use will almost certainly expand to cover other activities necessary to participate in society.

Here's a couple clips from an article in United Press International this week:

On a five-year timetable the biometric cards would replace Social Security cards and would be used to prove eligibility for employment. Card scanners would be issued to all U.S. employers. The cards would at least have the capability of being linked to a central data system.

Like all controversial government programs, the proposed national ID card has an innocuous name: When Senate Democratic leaders unveiled the new program last month they called it Biometric Enrollment, Locally Stored Information and Electronic Verification of Employment -- or "Believe," for short.

...

The difference would be in the biometric information and the universality of the employment requirement. However, the opportunities for abuse by unscrupulous government employees are obvious.

The proposal rang alarm bells at the American Civil Liberties Union in Washington. While criticizing several aspects of proposed immigration reform, the group is concentrating its criticism on the ID cards.

"If the biometric national ID card provision of the draft bill becomes law, every worker in America would have to be fingerprinted and a new federal bureaucracy -- one that could cost hundreds of billions of dollars -- would have to be created to issue cards," the organization said in a statement. "The ACLU strongly opposes the inclusion of a biometric national ID in this or any comprehensive immigration reform bill and urges senators to reject such an ID card."

In his own statement, Christopher Calabrese, ACLU legislative counsel, said: "Creating a biometric national ID will not only be astronomically expensive, it will usher government into the very center of our lives. Every worker in America will need a government permission slip in order to work. And all of this will come with a new federal bureaucracy -- one that combines the worst elements of the (Department of Motor Vehicles) and the (U.S. Transportation Security Administration). America's broken immigration system needs real, workable reform, but it cannot come at the expense of privacy and individual freedoms."

Click here to read more.

So my position is clear. What I particularly don't like about it is the pattern for which it is a part of...a pattern of deteriorating privacy, increasing government and corporate powers and authority, and the expanding number of ways in which "security" and "safety" are used to scare people into giving up those very things.

If nothing else, before anything remotely like this becomes law, I would like to see an open, vigorous debate, and if the public goes and the legislature truly goes for it, then a series of steps need to be taken to implement it in a way that is fair, reasonable and secure.

EFF Battles US Government Over Efforts to Subpoena Info on Left Wing Site's Visitors

Now here's one of those "holy crap there really is a Big Brother" type stories. Apparently my friends at the Electronic Frontier Foundation (EFF) have been tangling with the US Government over its efforts to subpoena the IP address of every visitor to a left leaning political website called IndyMedia.us. But that's not all, the grand jury subpoena also required the site "not to disclose the existence of this request" unless authorized by the Justice Department.

Just what in the hell is going on here? And what does it say about online journalism and privacy rights? One problem with this government subpoena is that its illegal. It's also disturbing and, how can one say it?: "antithetical to the founding principles of our country"!

Before you start thinking "Oh no, another Obama Adminstration betrayal" let me point out that the subpoena from U.S. Attorney Tim Morrison was filed on June 25, 2008...during the good ole' Constitution burning Bush years.

A report published by EFF, describes how these U.S. attorneys issued a federal grand jury subpoena to Indymedia.us administrator Kristina Clair demanding “all IP traffic to and from www.indymedia.us" for a particular date, potentially identifying every person who visited any news story on the Indymedia site.

Among other things, it instructed Clair to "include IP addresses, times, and any other identifying information," including e-mail addresses, physical addresses, registered accounts, and Indymedia readers' Social Security Numbers, bank account numbers, credit card numbers, and so on.

After talking to other Indymedia volunteers, Clair ended up calling the Electronic Frontier Foundation in San Francisco, which represented her at no cost.

EFF Senior Staff Attorney Kevin Bankston explains that this overbroad demand for internet records not only violated federal privacy law but also violated Clair’s First Amendment rights, by ordering her not to disclose the existence of the subpoena without a U.S. attorney’s permission. Other problems with the subpoena, include that it was not personally served, that a judge-issued court order would be required for the full logs, and that Indymedia did not store logs in the first place.

As Bankston notes, "Because Indymedia follows EFF’s Best Practices for Online Service Providers and does not keep historical IP logs, there was no information for Indymedia to hand over, and the government withdrew the subpoena. However, as the report describes, that wasn’t the end of the tale: Ms. Clair wanted EFF to be able to tell the story of the subpoena and shine a light on the government’s illegal demand, yet the subpoena ordered silence. Under pressure from EFF, the government admitted that the subpoena’s gag order had no legal basis, and ultimately chose not to go to court to try to force Ms. Clair’s silence despite earlier threats to do so."

Bankston then sums up why this story is important:

This story is an an important example of how government abuses breed in secrecy, and an argument for Congress to step in and require meaningful reporting about how the government uses its surveillance authorities. How often does the government attempt such illegal fishing expeditions through internet data? How many online service providers have received similarly bogus demands, and handed over how much data, violating how many internet users’ privacy? How many of those subpoena recipients have been intimidated into silence by unconstitutional gag orders?

...until Congress exerts stronger oversight, we can’t know, except in those occasional instances where a brave online service provider steps up, pushes back, and tells the world. We encourage other online service providers to follow the example of Indymedia.us and Kristina Clair by standing up for their users' rights when the government secretly overreaches. If you're an ISP, a web host, an email provider, an app developer, a Web 2.0 start-up or any other kind of online service provider and you receive a government demand for your users' data, please call a lawyer. If you don't have a lawyer, call EFF.

As noted by CBS news, this is not the first time that the Feds have focused on the liberal Indymedia Web site whose that hosts a myriad of activist writers and advocates. In 2004, the Justice Department sent a grand jury subpoena asking for information about who posted lists of Republican delegates while urging they be given an unwelcome reception at the party's convention in New York City that year. A Indymedia hosting service in Texas once received a subpoena asking for server logs in relation to an investigation of an attempted murder in Italy.

The fact that the government is actively targeting liberal media sites should be a concern to everyone.

For a full fleshing out of this story, the EFF report is the place to go. For those without the time to read it all, here is the closing summation entitled "Closing Lessons":

The experience of Ms. Clair in dealing with the subpoena for Indymedia's logs brings with it several lessons — not only for online service providers but also for the average Internet user, Americans who care about civil liberties, and Congress.

The first lesson is for the average Internet user: yes, your IP address can be and typically is logged by the online services that you use, and yes, the government can obtain those logs, sometimes with only a subpoena issued directly by a prosecutor. If you want to anonymize your IP address to prevent the violation of your online privacy, you can use anonymizing software such as "Tor". You can find out more about Tor and how it works in this section of EFF's Surveillance Self-Defense Manual and at http://www.torproject.org/.

For online service providers, the second lesson is straightforward, and one that EFF has highlighted both in its "Best Practices for Online Service Providers" and its Surveillance Self-Defense manual: if you don't have it, they can't get it. When providers avoid keeping unnecessary Internet logs, responding to subpoenas and other legal demands for such information becomes very simple: "Sorry, but we don't keep those logs and so we don't have any information that's responsive to this subpoena."

The third lesson, again for providers, is that they can and should seek legal advice when they receive legal demands for information. Without a lawyer's advice, providers may hand over data that the government isn't legally entitled to or that the provider is legally forbidden from disclosing, and may be cowed into silence by bogus gag demands.

For example, assume that the subpoena in this case had been served on a service that did keep logs of site visitors' IP addresses. Without advice from counsel like EFF, the recipient would not have known that the request, purportedly based on the SCA, actually violated the SCA, and that providing the information to the government could have created liability for the service provider.

Nor would the provider have understood that the subpoena's purported requirement of secrecy was actually an unenforceable request, or that if there was a gag order it could be challenged in court on First Amendment grounds. Absent advice from a lawyer, the provider's unquestioning silence would unnecessarily add to the growing fog of secrecy that surrounds the government's practices in this area.

This leads to our fourth and final lesson, for members of Congress and their constituents: the level of secrecy surrounding how the government uses its surveillance authority under the Stored Communications Act encourages abuses. Sunlight is the best disinfectant, and the best protection against such abuses is more clarity and transparency when it comes to how the SCA is used. Americans who care about civil liberties should press Congress to update the SCA to further clarify what it does and does not authorize, and to require detailed public reporting about how the statute is used, just like the federal wiretap statute requires annual reports on law enforcement's wiretapping activities.

Without such reform, we may never know how often the government issues unlawful demands like the one described here, or how often providers secretly comply with those demands. The government must be held accountable for its uses — and abuses — of its surveillance authority, and with your and Congress' help, it can be held to account.

Until that day, EFF continues to stand ready to provide assistance the next time the government knocks on someone's door with an unlawful, invalid, overbroad, free speech-threatening, privacy-invasive demand for your sensitive Internet data.

Click here to read the report in its entirety.

For now I'll just send my personal thanks to EFF for their outstanding work!

Is Your Prescription Private?

First, the bad news. The answer to the question I posed in the title is largely "no" (as in no, your prescription drug records are not private). For Californians, the good news is the answer to that same question is largely "yes" (a privacy protection that the Consumer Federation of California fought hard to preserve last year). I suppose also falling into the "good" category is the fact that there is a provision in President Obama's stimulus plan that may significantly increase privacy protections related to prescription drug records.

As the New York Times notes, "The federal stimulus law enacted in February prohibits in most cases the sale of personal health information, with a few exceptions for research and public health measures like tracking flu epidemics. It also tightens rules for telling patients when hackers or health care workers have stolen their Social Security numbers or medical information, as happened to Britney Spears, Maria Shriver and Farrah Fawcett before she died in June.

Before I get to more of the Times article on this issue I want to first discuss a bit more about what was at stake just recently here in California, and how it relates to the larger issue of prescription record privacy. The general rule of thumb in our country when it comes to prescriptions is that "all the information on them — including not only the name and dosage of the drug and the name and address of the doctor, but also the patient’s address and Social Security number — are a commodity bought and sold in a murky marketplace, often without the patients’ knowledge or permission."

Here in California, the state with some of the strictest ( New Hampshire, Maine and Vermont too) protections of prescription record privacy in the nation, a bill nearly passed the legislature in 2007 (that CFC vigorously opposed) that would have permitted drug stores to share confidential patient prescription information with third parties.

The bill raised significant privacy and health care concerns for patients - concerns that Americans should have in states across the country. The bill would have created an exception to California's Medical Information Act, and allowed the sharing of confidential patient drug prescription information among pharmacies, third party corporations and pharmaceutical companies without a patent's consent.

Californians expect that their private medical records will be held in confidence by their doctors and pharmacists. SB 1096 would have allowed pharmacies to share prescription information with businesses that provide mailings to the patient – ostensibly reminders that patients should continue to take their medications. The reminder would appear to come from the pharmacy, but in fact it would be paid for by the drug manufacturer.

The bill's main backer, Adheris Inc., is a subsidiary of inVentiv Health Inc., a drug marketing company currently being sued for privacy breaches related to patient prescription records.

A patient’s doctor - not a third party marketing company - is the best source for informing a patient about how to manage his or her health condition. By intruding upon and confusing this relationship, this bill could have put patients’ health, as well as privacy, at risk.

For example, a physician might discontinue a prescription if a patient complained of an adverse reaction. Unaware of the changed course of treatment, the drug marketing company would continue sending reminders that appear to come from the drug store, urging the patient to keep taking the old prescription. The bill placed no liability on drug markets that provide bad information to patients.

The legislative battle was a fierce and contentious one, pitting privacy and consumer groups and physicians against drug store chains and drug marketers. Thanks to a significant public outcry against the legislation - helped by some good reporting on the issue, the bill was defeated (representing an important victory for California’s landmark medical records privacy law).

I think this California case study I have sourced serves as a useful tool in understanding what remains at stake for patients privacy around the country, how close California came to losing the protections we enjoy, and, why it could be a very important and positive development if the Obama Administration can strengthen our rather lax privacy protections when it comes to prescription records.

The New York Times reports:

MORE than 10 years after she tried without success to have a baby, Marcy Campbell Krinsk is still receiving painful reminders in her mail. The ads and promotions started after she bought fertility drugs at a pharmacy in San Diego. Marketers got hold of her name, and she found coupons and samples in her mail that shadowed the growth of an imaginary child — at first, for Pampers and baby formula, then for discounts on family photos, and all the way through the years to gifts suitable for an elementary school graduate.

...

“The new rules will plug some gaping holes in our federal health privacy laws,” said Deven McGraw, a health privacy expert at the nonprofit Center for Democracy and Technology in Washington. “For the first time, pharmacy benefit managers that handle most prescriptions and banks and contractors that process millions of medical claims will be held accountable for complying with federal privacy and security rules.”

The law won’t shut down the medical data mining industry, but there will be more restrictions on using private information without patients’ consent and penalties for civil violations will be increased. Government agencies are still writing new regulations called for in the law.

Ms. Krinsk was never able to find out who sold her information, but companies that have been accused in lawsuits of buying and selling personal medical data include drugstore chains like Walgreens and data-mining companies like IMS Health and Verispan. CVS Caremark, which handles prescriptions for corporate clients, has also been accused of violating patients’ privacy. These companies all say that names of patients are removed or encrypted before data is sold, typically to drug manufacturers. But as Ms. Krinsk’s case shows, there are leaks in the system.

...

Selling data to drug manufacturers is still allowed, if patients’ names are removed. But the stimulus law tightens one of the biggest loopholes in the old privacy rules. Pharmacy companies like Walgreens have been able to accept payments from drug makers to mail advice and reminders to customers to take their medications, without obtaining permission. Under the new law, the subsidized marketing is still permitted but it can no longer promote drugs other than those the customer already buys.

The ban on marketing is even more strict in California, where Walgreens is fighting off a class-action lawsuit filed on behalf of customers who received the subsidized mailings before the state outlawed them in 2004. Michael Polzin, a Walgreens spokesman, defended the mailings as a cost-cutting measure. “Patients who fail to properly take their medication cost the U.S. health care system $177 billion a year,” when they fall sick and need treatment, he said.

...

IN another big change, the stimulus law provides $19 billion to push doctors toward installing electronic records systems. It is a milestone on the road toward President Obama’s goal of digitizing all medical records within five years. But digitization creates the potential for more abuses by hackers, as well as blackmail and insurance fraud.

“Privacy is under greater duress than ever before as medical records are switched from paper to electronic,” said Pam Dixon, a consumer advocate and executive director of the World Privacy Forum near San Diego.

...

Google, Microsoft and WebMD all say they will not show advertising alongside a person’s health records. But visitors to WebMD, Google Health and Microsoft’s site, HealthVault, see ads for drugs for diseases like osteoporosis or acid reflux as they seek information on an array of ailments.

Technology experts say identities of viewers and their health interests are often captured at the moment they click on online ads for a drug. That provides the advertiser with a prospective customer to pursue online or by mail.

...

Since 2003, more than 45,000 complaints have been filed at the civil rights office in the Department of Health and Human Services by people who said their medical privacy was violated. The office says it has taken enforcement actions on more than 8,900 cases in that period, covering millions of people.

A single case can involve thousands of patients. For example, CVS paid a $2.25 million settlement early this year after an Indianapolis television station found paper records with CVS customers’ personal drug information had been tossed into Dumpsters. In the settlement agreement, CVS promised to protect patient information at all 6,300 CVS stores.

A survey sponsored by the Federal Trade Commission suggested that tens of thousands of patients each year had their records broken into by hackers and unauthorized employees of hospitals and other health industry companies. Keith B. Anderson, an economist at the F.T.C., estimated that the personal information of about 890,000 adults was misused between 2001 and 2006. Stolen identities and data were used to trick Medicare, Medicaid and other insurers into paying for bogus medical treatment and supplies, he said.

Click here to read the rest of the article.

Its not hard to predict that these kinds of technological advancements will also lead to an increasingly contentious and important battle between identity thieves and data miners on one side, versus those of us that believe in ironclad privacy protections simply being a non-negotiable component of any system that stores medical or prescription drug records.

As the Times points out, not all people think that the stimulus law goes far enough to protect patients’ privacy (I would be one). While it bans paying a pharmacist for marketing to patients, it does not bar the sale of personal drug information by one pharmacy to another. Baby steps I suppose...