Privacy

Tomorrow night on PBS’s Frontline is “Spying on the Homefront”: FRONTLINE addresses an issue of major consequence for all Americans: Is the Bush administration’s domestic war on terrorism jeopardizing our civil liberties? Reporter Hedrick Smith presents new material on how the National Security Agency’s domestic surveillance program works and examines clashing viewpoints on whether the president has violated the Foreign Intelligence Surveillance Act (FISA) and infringed on constitutional protections. In another dramatic story, the program shows how the FBI vacuumed up records on 250,000 ordinary Americans who chose Las Vegas as the destination for their Christmas-New Year’s holiday, and the subsequent revelation that the FBI has misused National Security Letters to gather information. Probing such projects as Total Information Awareness, and its little known successors, Smith discloses that even former government intelligence officials now worry that the combination of new security threats, advances in communications technologies, and radical interpretations of presidential authority may be threatening the privacy of Americans.(Via the Electronic Frontier Foundation.)

Today’s the day that providers of VoIP and broadband Internet in the United States must comply with CALEA, mandating that they supply a way for law enforcement to eavesdrop on any communications carried over those mechanisms. I suspect many VoIP providers are in compliance but that fewer broadband Internet providers are, since the draft standard for CALEA for data over broadband Internet only came out in March. (And if you’d like to read the standard, it will cost you $164 for the PDF or $185 for a paper copy.) Bob Hagen at the Global Crossing blog points out some free tools that can be used to protect your privacy.

Last night I attended a small event where Rep. Ron Paul (R-TX) spoke about his candidacy for president as a Republican. I found it a bit of a disappointment. On the plus side, he is making opposition to both the drug war and the war in Iraq a major part of his campaign. He also opposes warrantless wiretapping, the USA PATRIOT Act, and the Military Commissions Act. And in response to a question from one of several atheists present, he indicated his support for the separation of church and state (and opposition to Bush’s faith-based initiatives). On the minus side, his stance on illegal immigration is to “secure the border,” deny benefits to illegal immigrants, and eliminate birthright citizenship. New Mexico Gov. Bill Richardson’s stance on illegal immigration (double Border Patrol officers, implement a guest worker program, and provide a mechanism for illegal immigrants to pay a fine and become legal residents) makes a whole lot more sense than that. Also on the minus side, as Sameer Parekh has pointed out at his blog, his stance on free trade is to oppose anything that he sees as a compromise on free trade (like major free trade agreements), which makes him look like he’s pandering to protectionists–his web page makes no indication that he support free trade, which strikes me as dishonest. Nutjob Arizona State Senator Karen Johnson was there, and she asked a question about Bush’s “stealth campaign” to establish a North American Union; Paul responded that he opposes creation of such an entity and a common currency for such an economic area (the “amero”). This is going into WorldNetDaily and Alex Jones conspiracy theorist territory, conflating the Security and Prosperity Partnership of North America (a meeting between the three heads of state to increase economic cooperation) with the ideas of Robert Pastor, a professor at American University, about creating a political union. If the EU can’t approve a Constitution (with France and the Netherlands rejecting it) and still has holdouts on the euro (Britain and Norway), how likely is it that countries as different as the U.S., Mexico, and Canada would combine into a single political entity? I’m glad Ron Paul has provided a consistent voice in Congress against the war in Iraq and erosion of our civil liberties in the name of the global war on terror, but I’m afraid he probably wouldn’t make a very good president (though I did make a small contribution to his campaign which I’m feeling some buyer’s remorse for this morning). My preference is to see a Democratic president and split control of Congress–gridlock seems to be the most effective way of achieving economic growth and slowing the erosion of our civil liberties. UPDATE (April 12, 2007): The argument that Paul makes about illegal immigration–that we should stop it because of the impact on welfare–is aptly turned on its head in this post from last year at David Friedman’s blog. UPDATE (February 11, 2008): Here’s a debunking of a number of Ron Paul claims, including the NAFTA superhighway. ...

News.com has a nice article about how Global Crossing (my employer) has criticized the extension of CALEA wiretapping rules to VoIP and broadband: Paul Kouroupas, vice president of regulatory affairs for Global Crossing, strongly criticized the Federal Communications Commission’s broadening of a 1994 law–originally intended to cover telephone providers–as disproportionately costly, complex, and riddled with privacy concerns. His company is one of the world’s largest Internet backbone providers. “Our customers are large Fortune 500 companies–not too many of those companies are conducting drug deals or terrorist activities out of Merrill Lynch’s offices or using their phones in that way,” Kouroupas said at an event here sponsored by the DC Bar Association. “By and large we don’t get wiretap requests, yet we’re faced with the costs to come into compliance,” which he estimated at $1 million. ...

The TRUSTe program is supposed to certify that a website has a reasonable privacy policy. But Ben Edelman has cross-referenced TRUSTe certifications with SiteAdvisor ratings, and found that sites with TRUSTe certifications are twice as likely as those without to be listed as “untrustworthy” in SiteAdvisor’s database–meaning that they send out spam, distribute spyware, etc. Edelman calls out four particularly notorious sites that have or have had TRUSTe certification: Direct-Revenue.com, Funwebproducts.com, Maxmoolah.com, and Webhancer.com. All four are heavily involved with spyware. Direct Revenue and Maxmoolah have had their TRUSTe certifications revoked, but should never have been certified in the first place if TRUSTe was doing the validation they should have been doing. TRUSTe has long been criticized by anti-spammers for giving certifications to organizations that don’t deserve them. Ryan Singel has raised similar questions about TRUSTe’s reliability. ...

AT&T has filed a lawsuit against 25 unnamed data brokers for using “pretexting” to obtain customer call data records. These data brokers would pose as the legitimate customers in order to obtain billing records for third parties for a fee. Data brokers selling this data over the Internet got some negative public attention last summer and in January of this year, but Congress has not made pretexting illegal for phone records the way it is for financial records. It came out in June of this year that law enforcement and federal agencies were active customers of these data brokers, using them to obtain data without having to go through the process of getting warrants. The Electronic Privacy Information Center already filed an FTC complaint against one data broker, Bestpeoplesearch.com. ...

Although the ACLU’s lawsuit against AT&T in Illinois was thrown out, a separate case in Michigan filed on January 17 of this year against the NSA for warrantless wiretapping without approval of the FISA Court has resulted in a ruling by U.S. District Judge Anna Diggs Taylor that the practice is unconstitutional and must stop immediately. This is not the final decision in the case, but the granting of an injunction for the plaintiff. The Electronic Frontier Foundation’s lawsuit against AT&T also continues.

AOL has published logs showing web activity data for 650,000 users–it’s 20 million searches in about 800MB. Although the AOL screen names were converted to random numbers, the numbers are consistent across an individual user’s activity and in many cases is no doubt sufficient to identify the individual based on ego surfing and other activity. As Tech Crunch points out: The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.The Paradigm Shift blog notes an instance of an AOL user who appears to be plotting to kill his wife (though there are, of course, possible innocent explanations). Commenters note that over 100 users used search terms which included references to child porn. There is no doubt that this will be used to argue for greater release of data to the government with fewer safeguards against misuse; commenters have already made the claim that “if you don’t do anything wrong, then you have nothing to be afraid of - even if people can view your search history.” Commenter Robert follows up with a good response: Do you ever search for your SSN#, phone number and/or name on line to see if it was posted without your consent? Do you ever worry your day care provider might be a child molester so you search for child molestation and the care takers name or their business name? Do you ever want to find ways to explain sex to your teen age daughter? Gee I wonder what those search terms might look like? Are you famous? Imagine if you type in the name of restaurant you want to go to and the word paparazzi to see if they are known to hang there. Let’s hope they do not see that? Oh, do you have a rare disease or maybe you are pregnant and are looking for clinic in your area so you type in your zip code? In a rural areas that might leave oh 1-30 people it could be? Oh, maybe you think your son is gay? I wonder what you would search for then? Do you have any fetishes or other unusual hobby that might be embarrassing for people to know about but is not illegal. Remember that rural issue again? Getting it yet, because I could go on and on. This is an personal invasion at its most basic level. Not only does it expose personal details of peoples lives, but it is open to wild misinterpretations. Take the wife killing search. Has anyone thought they were simply looking for news they had heard of on the topic, looking for a good book they had heard about with that topic whose title they could not remember, were a wife worried their husband was thinking about this, or maybe that it was exactly what they were looking for but it was only a private fantasy that let them cool off one day after an angry argument? Without context any term can seem scandalous or even criminal. Finally, there is the greater issue. When you start taking away more and more privacy. Each time you chip away at the greater fundamental concept that you deserve this right at all.Releasing this data to the general public was sheer idiocy on AOL’s part (and apparently a mistake), and demonstrates that an AOL account is not a good idea even when it’s free. The data has been downloaded hundreds of times and is now being redistributed on other websites. UPDATE August 8, 2006: AOL has admitted and apologized for its mistake. News.com has an article which gives some more examples of the kind of information that can be gleaned from the search records. ...

A 91-page document describing the Republican strategy for the 2006 elections has been leaked and is available online (PDF). The document was obtained by The Raw Story website, which has published a summary: The document, signed by Senators Rick Santorum (R-PA) and Kay Bailey Hutchison (R-TX), reveals plans to focus Republican Senatorial campaigns on three themes. Next week, Republicans will tout efforts to “secure America’s prosperity” through a variety of programs. Plans for small business health insurance pooling, spending reductions, increased domestic oil drilling, and “permanent death tax reform” are all to be pushed at the state level. ...

The Information Technology Association of America (ITAA) has issued a report on “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP” (21-page PDF) by Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. This report comes at a time when the FCC and courts have already ruled that VoIP and facilities-based broadband providers must provide lawful interception capabilities under CALEA for VoIP services that are “interconnected” with the publicly-switched telephone network (PSTN). ...