Wired has dicussion and documentation of how the National Security Agency conducts Internet surveillance, according to former AT&T technician Mark Klein.
Articles by Jim Harper 
Jim is the Director of Information Policy Studies at The Cato Institute, the Editor of Web-based privacy think-tank Privacilla.org, and the Webmaster of WashingtonWatch.com. Prior to becoming a policy analyst, Jim served as counsel to committees in both the House and Senate.
Follow @Jim_Harper
The opponents of broadband regulation have produced an amusing animation that pretty effectively skewers the campaign for “net neutrality.” Why, yes, of course it’s produced by large corporations seeking after their own interests. But the piece effectively points out that the campaign for federal regulation of broadband is also a product of large corporations seeking after their own interests.
So, if it’s a debate between two large corporate interests, we can drop the ad hominem and just discuss which group of large corporations is trying to protect its property and its investments, and which group of large corporations is trying to win rents through the legislative and regulatory process. Figured it out yet? Good.
The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee will be considering a report on the use of RFID in identification documents at its meeting June 7th in San Francisco. A draft of the report has been posted with a request for comments.
The report has already generated a little attention. This Government Computer News story overstates the tone of the report, but it’s good.
From the DHS Privacy Committee Web site:
The Use of RFID for Human Identification (PDF, 15 pages–127 KB) The DHS Emerging Applications and Technology Subcommittee of the Privacy Advisory Committee is seeking comments on this draft report. This report will be considered by the full Committee during the June 7, 2006 public Advisory Committee meeting in San Francisco, CA.
Please provide any comments in writing to privacycommittee@dhs.gov, by postal mail, or by fax by 12:00 p.m. EST on May 22, 2006. All Comments will be considered on an ongoing basis.
For anyone who ever needed to understand what’s so good about derivative works, presenting: 10 Things I Hate About Commandments.
Like its sibling, Must Love Jaws, it fuses many different copyrighted works together into a hilarious, farcical cultural commentary.
It might be easy to assume that the use of each copyrighted work is a fair use because the entire piece is parody. But it’s certainly not a parody of each work it uses. I wonder whether this artist might catch a lawyer letter or a lawsuit pretty soon.
These works also illustrate why there’s some weakness to the argument that there can or should be hermetically sealed copyright-based entertainment and non-copyright based entertainment. If cultural referents from the copyright side can’t be used in the non-copyright side, the non-copyright side is diminished.
(ht: IPCentral)
UPDATE: I e-mailed the creator who declined comment. The conclusion I would draw is that he is not confident that these pieces do not violate copyright.
Ars points out how Skype plans to use, and has used, consumer demand to prevent being blocked by ISPs.
Skype’s battleplan is simple. If their user base is large enough, companies will think twice about tampering with Skype traffic. When Brazil’s biggest telecom pulled the plug on Skype, the outcry in the country was big enough that the decision was soon reversed. [The head of Skype’s European operations, James] Bilefield said, “The community has the power to change things.”
If consumers want unfiltered Internet access, they’ll get it. Regulators, go away.
TechLawJournal has carefully parsed the statements issued by Verizon and BellSouth denying participation in the NSA spying program. I’ll quote TLJ liberally here, with permission.
Regarding the BellSouth statement, TLJ notes that it took three working days and two weekend days to prepare a three paragraph response. As to the substance:
BellSouth uses the phrases “customer calling information” and “customer calling records”. In contrast, the USA Today article uses the phrases “phone call records” and “domestic call records”. BellSouth associates the word “customer” with the word “record”. There is a difference between what USA Today wrote, and what BellSouth now denies.
BellSouth portrays the USA Today article as asserting that BellSouth provided customer identifying information combined with the customer’s call information. In fact, the USA Today article only asserts that BellSouth turned over call information. Moreover, the USA Today article points out the difference. It states that “Customers’ names, street addresses and other personal information are not being handed over as part of NSA’s domestic program”. The article added that “But the phone numbers the NSA collects can easily be cross-checked with other databases to obtain that information.”
Thus, the BellSouth statement denies something that USA Today did not assert, and leaves undenied that which USA Today did actually assert.
Of course, it is another question whether BellSouth, in writing its statement, understood there to be a difference between “customer calling records” and “phone call records”, and intended its statement to constitute a non-denial.
On Verizon’s May 16 statement:
Verizon’s six paragraph statement is longer than BellSouth’s, but employs the same approach. It restates the assertions of USA Today, with variations, and then denies its restatements.
Verizon uses the phrases “customers’ domestic calls”, “customer phone records”, and “customer records or call data”. Like BellSouth, it adds the word “customer”. USA Today wrote about “phone call records”, without the word “customer”.
Verizon does at one point deny that it provided “any call data”, but it then immediately follows this with the phrase “from those records”, which is a reference back to “customer phone records”. This leaves open the possibility that it provided “call data” that it retrieved from a database other that “customer phone records”.
This is helpful insight from a dogged, indpendent reporter. And subscription rates are not too expensive either.
Ask the average American were to go to get an identification card and they will tell you, of course, to go to the local Department of Motor Vehicles. Across the country, DMVs are the dominant source of identification cards, with perhaps the State Department in second because it issues passports. People who think about this carefully might realize that many corporations also issue identification cards.
So, with governments eclipsing all other issuers, who do you suppose Americans trust to issue identity credentials?
Banks.
A Ponemon Institute study, funded by Unisys, has found that banking institutions are most trusted to issue and manage identity credentials (graph, page 6). The least trusted organizations are police and law enforcement.
Banks were trusted on every continent, and tax authorities were distrusted on every continent. Police authorities are distrusted deeply in the United States and Latin America, but not as much in Asia and Europe. Curiously, the postal service is trusted very highly in the United States, while registering little reaction, positive or negative, on other continents.
To avert a national ID, “identity management” is the way to go: cards, tokens, and devices that share only the information required for transactions. Who should be issuing those things? Banks and other private entities.
First things first. For those interested in yelling at your Member of Congress, Privacilla.org has info and advice.
Now that I have a respite from my whirlwind NSA-spying media tour, I’m asking myself (and you): Who is to blame?
I’ve spent years arguing that market processes are the best way to get privacy on the terms consumers want it. And for all my troubles, I get this?! Businesses regularly share information with the government, even informally. A privacy outrage, no?
Well, let’s see. I think it is. But I’m not consumers. I’m just a consumer. The average consumer is a little more concerned with terrorism and proportionately more sanguine about privacy. That’s why a key to winning this privacy debate is getting the risk of terrorism in perspective.
My favorite article ever is John Mueller’s A False Sense of Insecurity? Read the whole thing. (If I wanted to read a whole thing, I wouldn’t be on a freakin’ blog right now.) How about this: If you are outraged by talk of ‘George Orwell’ and ‘privacy’ while there’s a war on, then shut up, sit down, and read the whole thing. 😉
But back to some self-criticism. I am a proponent of the free market, but three out of four large telecommunications providers, in whose tender mercies I would place your privacy, sold us out. Time to commit sepuku? Begin my David-Brock-style conversion from libertarian to . . . not libertarian? Are the Communications Act, the Stored Communications Act, the Cable Act, and all kinds of other regulatory statutes with privacy mandates our saviours?
Not so fast, because comparisons are best made between comparables, not between real and ideal. It’s not like the phones only just started getting used for surveillance recently. The Nation reports this week that telephone and telegraph companies began assisting the NSA during the 1940s. When Ma Bell owed its existence to a government-enforced monopoly, was it in a position to bite the hand that feeds? No. Indeed, it probably let that hand go a lot of places that we would characterize as “inappropriate touching.”
So before anyone goes lambasting the private sector for this – and no one has, but it might be deserved – I wonder whether it is the decreasing control of telecommunications by government (combined with some significant overreach by the current Administration) that has brought the practice of mass surveillance to light.
Qwest, the one hold out against the NSA, recognized the privacy interests of its customers. The importance of privacy to many consumers may have moved Qwest from on-the-fence to refusing the NSA. Now, the seam that opened up between Qwest, the others, and the NSA is one into which cable telephony can move, for example. Their superior (statutory) protection for privacy is in the paper today. VoIP providers like Skype have a real opportunity to point out that communications on their services are encrypted end-to-end, making it difficult – though not impossible – to snoop on the content of calls.
I am not proud today of the telecommunications sector. And I hasten to remind people at a time like this that I am an advocate of markets, not businesses. I’m putting this post in the “When Capitalists Go Bad” category for a reason.
But – with the caveat that this thought deserves more thinking – I believe this failure of businesses to protect privacy is more a product of government arm-twisting and excess than the failure of markets to serve consumers’ demands for privacy which, as I said above, are unnecessarily diminished by the “War on Terror.”
Your Nanny State and your Big Brother are getting together for a drink – and the drink’s on Intelli-Check. Heineken USA has announced proudly that they are going to use Intelli-Check-equipped mobile scanners to verify the ages of drinkers at events where their products are sold.
Surely, this pleases and appeases groups like Mothers Against Drunk Drivers (but don’t hold your breath for these neo-prohibitionists to settle their war against drinking just because alcohol sellers are encouraging responsibility).
If MADD needed any encouragement to support automated age verification, they must have gotten it along with the corporate contribution that Intelli-Check sent along. Indeed, MADD and Intelli-Check are a team. The Intelli-Check Web site also touts the state laws that give affirmative defenses to merchants who use scanners to prove the age and identity of people purchasing alcohol and tobacco products.
So alcohol sellers are being corralled into electronic identity verification. Young drinkers are being corralled into it too, and being conditioned to carry and show identification as a matter of routine.
Thing is, this routine is the groundwork for the surveillance system that everyone should be concerned with. Particularly as identification is conducted by machine, the opportunities to record information about people expand. Of course, Intelli-Check promotes limits on the use of data that is collected via their scanners but, just as surely, the scanners are technically capable of collecting all data on a card. It’s a simple matter of changing policy to convert the system from age verification to comprehensive surveillance.
Our identification and credentialing systems are designed for the benefit of institutions and not individuals. As I argue in my forthcoming book, these systems should share only the information necessary to complete transactions. Need proof of age? You should be able to provide proof of age, not ID.
The technology already exists. The Clear card proves to the Transportation Security Administration that people are approved to use Registered Traveler lines at the Orlando airport, but it doesn’t identify travelers to the TSA. If the feds can handle that in the national security context, your local ABC should be able to handle it for booze control.
Ryan Singel at Wired blogs/reports that the U.S. federal government plans to intervene in the Electronic Frontier Foundation’s case against AT&T for allegedly facilitating the NSA’s warantless domestic surveillance of communications. The government plans to assert the military and state secrets privilege and to seek dismissal of this case.
If it succeeds, the corporate surveillance state will be that much closer to completion. The federal government will be able to secretly collect data from the private sector and prevent information about this surveillance from being debated and litigated. Even more than it already does.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.