Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
Arrington reports that a G-mail archiver called G-Archiver, which backs up all of your Gmail emails to your hard drive, sends every user’s email address and password to the creator’s own email account, giving him access to all of their Gmail messages. And he observes:
That has led a number of experts to conclude that Google Apps can never be a real threat to Microsoft Exchange and Sharepoint. All of the sensitive business information of a company, if stored on Google’s servers, is just a password guess, or in this case what is effectively a phishing scam, away.
This reprises his earlier observation (which I amplified here) that “unauthorized document access is a simple password guess or government ‘request’ away.”
Looking down the horizon, I don’t see why it’s better to have computing and storage done remotely. Better security (for the corporation and individual alike) will come from owning and physically controlling your storage and computing. The winners won’t be the providers of computing in the cloud (think Google); it’ll be the ones who make the portable and easy-to-use devices (think Apple).
An EFF release issued Thursday tells of another telecom employee who has revealed government access to Americans’ communications.
Babak Pasdar, a computer security consultant, has gone public about his discovery of a mysterious “Quantico Circuit” while working for an unnamed major wireless carrier. Pasdar believes that this circuit gives the U.S. government direct, unfettered access to customers voice calls and data packets. These claims echo the disclosures from retired AT&T technician Mark Klein, who has described a “secret room” in an AT&T facility.
Given the lack of information available to Congress on this and other allegations, three House Committee Chairmen have written their colleagues arguing against a “vote in the dark” on FISA reform and telecom immunity.
At the Burton Group Identity Blog, Mark Diodati has a write-up of Microsoft’s acquisition of Credentica.
Microsoft’s Kim Cameron and Stefan Brands of Credentica are two people I know to be doing important work in the identity area. I featured Stefan in the final chapter of my book, Identity Crisis. I believe both are working to make identity and credentialing systems that support secure transacting without promoting surveillance – no easy task.
Perhaps this summer, I will have time to translate the technical details of their work into libertarian English and report more about it.
Via the always carefully inoffensive ValleyWag, Psychology Today has a post about a study of the motivations of open source programmers and other participants in collaborative online projects. The study finds that “software contributors placed a greater emphasis on reputation-gaining and self-development motivations, compared with content contributors, who placed a greater emphasis on altruistic motives.”
We’ve discussed here before how open source projects often represent a more efficient way of producing information goods than firms. Some are eager to class open source as “non-market” (read altruistic) behavior, but I think it’s better considered as market behavior that happens to trade in human capital, reputation, self-satisfaction, etc. rather than money.
For all its wonders, technology is not something policymakers can sprinkle on deep-seated economic and social problems to make them go away. Electronic employment eligibility verification – the idea of automated immigration-background checks on all newly hired workers – illustrates this well.
A national EEV program would immerse America’s workers and businesses in Kafkaesque bureaucracy and erode the freedoms of the American citizen, even as it failed to stem illegal immigration.
Ultimately, there is no alternative but for Congress to repair the broken immigration system by aligning legal immigration with our nation’s economic demand for labor.
As to the spin that applying for a REAL ID extension amounts to planning for compliance, nothing takes the cake quite like an email that was forwarded to me today. Because I can’t find an online version, I’ve screen-capped the relevant part of an email sent out by Digimarc lobbyist Mark Rhoads:
For reference, here is the relevant language from the regulation. You can infer from this what everyone involved in the process knows – the extension to December 31, 2009 is a free pass. It requires no statement of compliance, and it has been given to states that will not comply:
Sec. 37.63 Extension of deadline.
(a) A State may request an initial extension by filing a request with the Secretary no later than March 31, 2008. In the absence of extraordinary circumstances, such an extension request will be deemed justified for a period lasting until, but not beyond, December 31, 2009. DHS shall notify a State of its acceptance of the State’s request for initial extension within 45 days of receipt.
(b) States granted an initial extension may file a request for an additional extension until no later than May 10, 2011, by submitting a Material Compliance Checklist demonstrating material compliance, per Sec. 37.51(b) with certain elements of subparts A through E as defined by DHS. Such additional extension request must be filed by October 11, 2009. DHS shall notify a State whether an additional extension has been granted within 45 days of receipt of the request and documents described above.
(c) Subsequent extensions, if any, will be at the discretion of the Secretary.
No state will comply with the REAL ID Act’s requirement to begin issuing a national ID by the forthcoming statutory deadline, May 11th.
Because of this, the Department of Homeland Security is giving states deadline extensions just for the asking. Interestingly, it’s turning around and spinning the acceptance of those extensions as commitments to comply. Many of the states shown in green on this map have passed statutes outright refusing to implement the law. (For readers new to planet earth, the color green typically means “go.” Green is at least a strange choice of color for states which have legally barred themselves from issuing the DHS’ national ID.)
With her state – the first in the nation to pass anti-REAL ID legislation – considering refusing even the deadline extension, Senator Susan Collins (R-ME) is once again working with DHS in support of the national ID law.
She has written a letter to the governor of her state, asking him to go ahead and take the waiver, playing into the DHS strategy. Followers of REAL ID know that delaying implementation helps a national ID go forward by giving the companies and organizations that sustain themselves on these kinds of projects time to shake the federal money tree and get this $11 billion surveillance mandate funded.
The cumulative profit margin of the airline industry is less than 1%. Should even a single state refuse to accept this national ID mandate, the airline industry, airport operators (faced with reconfiguring their operations), and travelers groups would be on the Hill in an instant. The Congress would have to revisit the issue.
Evidently, Senator Collins doesn’t want to risk the chance of an up-or-down vote on whether the U.S. should have a national ID. Her work behind the scenes in favor of REAL ID reveals where she stands.
“. . . [B]eing covered under HIPAA rules does not guarantee privacy; rather it gives government and the health-care industry control over your personal health information,” says Sue Blevins, founder and president of the Institute for Health Freedom.
Equal parts credit go to Google and discredit to the HIPAA law. No better proof is needed that legislation and regulation are no way to get privacy protection.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology. Learn more about TLF →
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.