Privacy, Security & Government Surveillance

Cyber-Intrigue and Miscalculation

by on February 11, 2011 · 3 comments

If you haven’t been following the intrigue around Wikileaks and the security companies hoping to help the government fight it, this stuff is not to be missed. Recommended:

The latter story links to a document purporting to show that a government contractor called Palantir Technologies suggested unnamed ways that Glenn Greenwald might be made to choose “professional preservation” over his sympathetic reporting about Wikileaks. A later page talks of “proactive strategies” including: “Use social media to profile and identify risky behavior of employees.”

Wikileaks has no employees. I take this to mean that the personal lives of Wikileaks supporters and sympathizers would be used to undercut its public credibility. Because Julian Assange hasn’t done enough…

While we’re on credibility: This may well be Wikileaks’ rehabilitation. Wikileaks erred badly by letting itself and Julian Assange become the story. We’re not having the discussion we should have about U.S. government behavior because of Assange’s self-regard.

But now defenders of the U.S. government are making themselves the story, and they may be looking even worse than Wikileaks and Assange. (n.b. Palantir has apologized to Greenwald.) That doesn’t mean that we will immediately focus on what Wikileaks has revealed about U.S. government behavior, but it could clear the deck for those conversations to happen.

The concept of “miscalculation” seems more prominent in international affairs and foreign policy than other fields, and it comes to mind here. Wikileaks and its opponents are joined in a negative duel around miscalculation. The side that miscalculates the least will have the upper hand.

SHARE: 3 comments

Rep. Speier’s “Do Not Track” Privacy Legislation

by on February 11, 2011 · 0 comments

Rep. Jackie Speier introduced legislation today that would require the Federal Trade Commission to establish standards for a “Do Not Track” mechanism and require online data collectors to obey consumer opt-outs through such a tool.

As I’ll explain in more detail in my comments on the FTC’s privacy report (due next Friday), I’ve argued for the last two and half years that user empowering users to make their own choices about online privacy is, in combination with education and enforcement of existing laws, the best way to start adddressing online privacy concerns. In principle, some kind of “Do Not Track” mechanism could be a valuable user empowerment tool.

But actually implementing “Do Not Track” without killing advertising won’t be easy. Just as consumers need to be empowered to make effective privacy choices, so too must publishers of ad-supported websites be able to make explicit today’s implicit quid pro quo: Users who opt-out of tracking might have to see more ads, pay for content and so on.

Government cannot design a “marketplace for privacy” from the top down, nor predict the costs of forcing an explicit quid pro quo. It would be sadly ironic—as Adam Thierer and I pointed out over a year ago—if the same FTC that has agonized so much about the future of journalism wound up killing advertising, the golden goose that has sustained free media in this country for centuries.

The market is evolving quickly here, with two very different “Do Not Track” tools debuting in Internet Explorer 9 and Firefox 4 just this week. Ultimately, it is the Internet’s existing standards-setting bodies, not Congress or the FTC, that have the expertise to resolve such differences and make a “Do Not Track” mechanism work for both consumers and publishers, as well as advertisers and ad networks.

SHARE: 0 comments

Goldsmith on Assange, WikiLeaks, the First Amendment & Press Freedoms

by on February 11, 2011 · 4 comments

There’s a sharp piece in today’s Washington Post from Jack Goldsmith, currently with Harvard Law but formerly an assistant attorney general in the Bush administration, about “Why the U.S. Shouldn’t Try Julian Assange.”  Goldsmith points to the sticky First Amendment / press freedom issues at stake should the U.S. try to go after Assange and WikiLeaks:

A conviction would also cause collateral damage to American media freedoms. It is difficult to distinguish Assange or WikiLeaks from The Washington Post. National security reporters for The Post solicit and receive classified information regularly. And The Post regularly publishes it. The Obama administration has suggested it can prosecute Assange without impinging on press freedoms by charging him not with publishing classified information but with conspiring with Bradley Manning, the alleged government leaker, to steal and share the information. News reports suggest that this theory is falling apart because the government cannot find evidence that Assange induced Bradley to leak. Even if it could, such evidence would not distinguish the many American journalists who actively aid leakers of classified information. One reason journalists have never been prosecuted for soliciting and publishing classified information is that the First Amendment, to an uncertain degree never settled by courts, protects these activities. Convicting Assange would require courts to resolve this uncertainty in a way that narrows First Amendment protections. It would imply that the First Amendment does not prevent prosecution of American journalists who seek and publish classified information. At the very least it would render the First Amendment a less certain shield. This would – in contrast to WikiLeaks copycats outside our borders – chill the American press in its national security reporting.

Quite right, and it’s a point bolstered by another editorial that also appeared in the Post a few weeks ago by Adam Penenberg of New York University, in which he made the case for treating Assange as a journalist. Penenberg asks: “What constitutes “legitimate newsgathering activities”? How do you differentiate between what WikiLeaks does and what the New York Times does?”

Continue reading →

SHARE: 4 comments

Two Years on the Internet is an Eternity

by on February 8, 2011 · 1 comment

Video is now available for all of the excellent programming at this year’s State of The Net 2011 conference. (Programming will also be available over time on C-SPAN’s video library.) The Conference, organized by the Advisory Committee to the Congressional Internet Caucus, featured Members of Congress, leading academics, Administration, agency, and Congressional staff and other provocateurs. Topics this year ranged from social networking, Wikileaks, COICA, copyright, privacy, security, broadband policy and, of course, the end-of-the-year vote by the FCC to approve new rules for network management by broadband providers, aka net neutrality. Continue reading →

SHARE: 1 comment

Is a U.S. Company Assisting Egyptian Surveillance?

by on February 6, 2011 · 15 comments

Boeing subsidiary Narus reports on its Web site that it “protects and manages” a number of worldwide networks, including that of Egypt Telecom. A recent IT World article entitled “Narus Develops a Scary Sleuth for Social Media” reported on a Narus product called Hone last year:

Hone will sift through millions of profiles searching for people with similar attributes — blogger profiles that share the same e-mail address, for example. It can look for statistically likely matches, by studying things like the gender, nationality, age, location, home and work addresses of people. Another component can trace the location of someone using a mobile device such as a laptop or phone.

Media advocate Tim Karr reports that “Narus provides Egypt Telecom with Deep Packet Inspection equipment (DPI), a content-filtering technology that allows network managers to inspect, track and target content from users of the Internet and mobile phones, as it passes through routers on the information superhighway.”

It’s very hard to know how Narus’ technology was used in Egypt before the country pulled the plug on its Internet connectivity, or how it’s being used now. Narus is declining comment.

So what’s to be done?

Narus and its parent, The Boeing Company, have no right to their business with the U.S. government. On our behalf, Congress is entitled to ask about Narus’/Boeing’s assistance to the Mubarak regime in Egypt. If contractors were required to refrain from assisting authoritarian governments’ surveillance as a condition of doing business with the U.S. government, that seems like the most direct way to dissuade them from providing top-notch technology capabilities to regimes on the wrong side of history.

Of course, decades of U.S. entanglement in the Middle East have created the circumstance where an authoritarian government has been an official “friend.” Until a few weeks ago, U.S. unity with the Mubarak regime probably had our government indulging Egypt’s characterization of political opponents as “terrorists and criminals.” It shouldn’t be in retrospect that we learn how costly these entangling alliances really are.

Chris Preble made a similar point ably on the National Interest blog last week:

We should step back and consider that our close relationship with Mubarak over the years created a vicious cycle, one that inclined us to cling tighter and tighter to him as opposition to him grew. And as the relationship deepened, U.S. policy seems to have become nearly paralyzed by the fear that the building anger at Mubarak’s regime would inevitably be directed at us. We can’t undo our past policies of cozying up to foreign autocrats (the problem extends well beyond Egypt) over the years. And we won’t make things right by simply shifting — or doubling or tripling — U.S. foreign aid to a new leader. We should instead be open to the idea that an arms-length relationship might be the best one of all.

SHARE: 15 comments

Doing Nothing to Save the Internet

by on January 30, 2011 · 6 comments

My essay last week for Slate.com (the title I proposed is above, but it must have been too “punny” for the editors) generated a lot of feedback, for which I’m always grateful, even when it’s hostile and ad hominem.  Which much of it was.

The piece argues generally that when it comes to the Internet, a disruptive technology if ever there was one, the best course of action for traditional, terrestrial governments intent on “saving” or otherwise regulating digital life is to try as much as possible to restrain themselves.  Or as they say to new interns in the operating room, “Don’t just do something.  Stand there.”

This is not an argument in favor of anarchy, or even more generally for social Darwinism.  I have something much more practical in mind.  Disruptive technologies, by definition, do not operate within the “normal science” of those areas of life they impact. Its problems can’t be solved by reference to existing systems and institutions. In the case of the Internet, that’s pretty much all aspects of life, including regulation. Continue reading →

SHARE: 6 comments

The New York Times’ Glib Call for Internet and Software Regulation

by on January 30, 2011 · 7 comments

You have to read all the way to the end to get exactly what the New York Times is getting at in its Sunday editorial, “Netizens Gain Some Privacy.”

Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.

That means Congress—or the federal agency it punts to—would tell authors of Internet browsing software how they are allowed to do their jobs. Companies producing browser software that didn’t conform to federal standards would be violating the law.

In addition, any Web site that tailored ads to their users’ interests, or the networks that now generally provide that service, would be subject to federal regulation and enforcement that would of necessity involve investigation of the data they collect and what they do with it.

Along with existing browser capabilities (Tools > Options > Privacy tab > cookie settings), forthcoming amendments to browsers will give users more control over the information they share with the sites they visit. That exercise of control is the ultimate do-not-track. It’s far preferable to the New York Times‘ idea, which has the Web user issuing a request not to be tracked and wondering whether government regulators can produce obedience.

[I got enough push-back to a recent post arguing the existence of market nimbleness in the browser area that I’m unsure of the thesis I expressed there. The better explanation of what’s going on may be that regulatory pressure is moving browser authors and others to meet the peculiar demands of the pro-regulatory community. The reason they have waited to act until now is because they do not perceive consumers’ interests to be met by protections against tailored advertising. The question of what meets consumers’ interests won’t be answered if regulation supplants markets, of course.]

SHARE: 7 comments

Digital Sensors, Darknets, Hyper-Transparency & the Future of Privacy

by on January 28, 2011 · 3 comments

A headline in the USA Today earlier this week screamed, “Hello, Big Brother: Digital Sensors Are Watching Us.”  It opens with an all too typical techno-panic tone, replete with tales of impending doom:

Odds are you will be monitored today — many times over. Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.
They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped. Several developments have converged to push the monitoring of human activity far beyond what George Orwell imagined. Low-cost digital cameras, motion sensors and biometric readers are proliferating just as the cost of storing digital data is decreasing. The result: the explosion of sensor data collection and storage.

Oh my God! Dust off you copies of the Unabomber Manifesto and run for your shack in the hills!

No, wait, don’t. Let’s instead step back, take a deep breath and think about this. As the article goes on to note, there will certainly be many benefits to our increasing “sensor society.”  Advertising and retail activity will become more personalized and offer consumers more customized good and services.  I wrote about that here at greater length in my essay on “Smart-Sign Technology: Retail Marketing Gets Sophisticated, But Will Regulation Kill It First?”  More importantly, ubiquitous digital sensors and data collection/storage will also increase our knowledge of the world around us exponentially and do wonders for scientific, environmental, and medical research.

But that won’t soothe the fears of those who fear the loss of their privacy and the rise of a surveillance society in which our every move is watched or tracked. So, let’s talk about what those of you who feel that way want to do about it.

Continue reading →

SHARE: 3 comments

Egyptian Government Attacks Egypt’s Internet

by on January 28, 2011 · 3 comments

In response to civil unrest, the Egyptian government appears to have ordered service providers to shut down all international connections to the Internet. According to the blog post at the link just above, Egypt’s four main ISPs have cut off their connections to the outside world. Specifically, their “BGP routes were withdrawn.” The Border Gateway Protocol is what most Internet service providers use to establish routing between one another, so that Internet traffic flows among them. I anticipate we might have comments here that dig deeper into specifics.

An attack on BGP is one of few potential sources of global shock cited by an OECD report I noted recently. The report almost certainly imagined a technical attack by rogue actors but, assuming current reporting to be true, the source of this attack is a government exercising coercion over Internet service providers within its jurisdiction.

That is far from an impossibility in the United States. The U.S. government has proposed both directly and indirectly to centralize control over U.S. Internet service providers. C|Net’s Declan McCullagh reports that an “Internet kill switch” proposal championed by by Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine) will be reintroduced in the new Congress very soon. The idea is to give “kill switch” authority to the government for use in responding to some kind of “cyberemergency.” We see here that a government with use “kill switch” power will use it when the “emergency” is a challenge to its authority.

When done in good faith, flipping an Internet “kill switch” would be stupid and self-destructive, tantamount to an auto-immune reaction that compounds the damage from a cybersecurity incident. The more likely use of “kill switch” authority would be bad faith, as the Egyptian government illustrates, to suppress speech and assembly rights.

In the person of the Federal Communications Commission, the U.S. government has also proposed to bring Internet service providers under a regulatory umbrella that it could turn to censorship or protest suppression in the future. Larry Downes has a five-part analysis of the government’s regulatory plan here on TLF (1, 2, 3, 4, 5). The intention of its proponents is in no way to give the government this kind of authority, but government power is not always used as intended, and there is plenty of scholarship to show that government agencies use their power to achieve goals that are non-statutory and even unconstitutional.

The D.C. area’s surfeit of recent weather caused the cancellation yesterday of a book event I was to participate in, discussing Evgeny Morozov’s The Net Delusion: The Dark Side of Internet Freedom. I don’t know that he makes the case overwhelmingly, but Morozov argues that governments are ably using the Internet to stifle freedom movements. (See Adam’s review, hear Jerry’s podcast.)

Events going on here in the United States right now could position the U.S. government to exercise the kind of authority we might look down our noses at Egypt for practicing. The lesson from the Egypt story—what we know of it so far—is that eternal vigilance is the price of freedom.

SHARE: 3 comments

Data Privacy Day is Among Us

by on January 27, 2011 · 2 comments

Data Privacy Day is January 28. And as Steve DelBianco writes at the NetChoice blog, now is an opportune time for it as Congress, the Commerce Department, and the Federal Trade Commission each have proposed new rights and rules for data privacy.

To appreciate Data Privacy Day you must first ignore the Euro-babble description of what is Data Privacy Day (“an international celebration of the dignity of the individual expressed through personal information”) and take it for what it really is: a prodding for Internet users to take a critical look at how they share and communicate information online.

Importantly, this is not a day for governments, but for users. As Steve writes, “the role for government should be in areas where users and business cannot act alone, including law enforcement, international data flows, and pre-empting a patchwork of state laws. Government should use is powers to pursue online fraud and criminal misuse of data, not to create rules that narrowly prescribe what and how data should be used.”

Also, check out the tech-friendly quotes from Obama’s State of the Union in Steve’s post.

SHARE: 2 comments

← Previous Entries

Next Entries →