Privacy, Security & Government Surveillance

Lost Laptop Follies, Part 8: ATF Loses Laptops… and Guns!

by on September 18, 2008 · 8 comments

And so the series continues.  The Washington Post reports that the Department of Justice has just released “a scathing report” finding that over a 5-year period the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) “lost dozens of weapons and hundreds of laptops that contained sensitive information.” The DOJ’s Inspector General Glenn A. Fine found that 418 laptop computers and 76 weapons were lost. According to the report:

Yesterday’s report showed that ATF, a much smaller agency than the FBI, had lost proportionately many more firearms and laptops. “It is especially troubling that that ATF’s rate of loss for weapons was nearly double that of the FBI and [Drug Enforcement Administration], and that ATF did not even know whether most of its lost, stolen, or missing laptop computers contained sensitive or classified information,” Fine wrote.  […] Many of the missing laptops contained sensitive or classified material, according to the report. ATF began installing encryption software only in May 2007. ATF did not know what information was on 398 of the 418 lost or stolen laptops. The report called the lack of such knowledge a “significant deficiency.” Of the 20 missing laptops for which information was available, ATF indicated that seven — 35 percent — held sensitive information. One missing laptop, for example, held “300-500 names with dates of birth and Social Security numbers of targets of criminal investigations, including their bank records with financial transactions.” Another held “employee evaluations, including Social Security numbers and other [personal information].” Neither laptop was encrypted.

The findings regarding lost weapons were equally troubling, if not a bit humorous:

Continue reading →

SHARE: 8 comments

Tech-related Lolcats

by on September 15, 2008 · 8 comments

I love the lolcats. (Or perhaps I should say, Iz Luvz Da Lolcats.) Here are a couple of my favorite tech-related cats from recent months:

cat
more animals

humorous pictures
more animals

on ur myspace
more animals

cat
more animals

SHARE: 8 comments

Still Cloudy on Cloud Computing: A Matrix to Guide the Coming Policy Debates

by on September 12, 2008 · 0 comments

The introduction below was originally written by Berin Szoka, but now that I (Adam Marcus) am a full-fledged TLF member, I have taken authorship.

Adam Marcus, our exceptionally tech-savvy new research assistant at PFF, has published his first piece at the PFF blog, which I reprint here for your edification.

Today Google’s DC office hosted an interesting panel on cloud computing.  What was missing was a good definition of what “cloud computing” actually is.

While Wikipedia has its own broad definition of cloud computing, many think of cloud computing more narrowly as strictly web-based for which clients need nothing but a web browser. But that definition doesn’t cover things like Skype and SETI@home.  And just because PFF has implemented Outlook Web Access so we can access the Exchange server via the Web, doesn’t necessarily mean we’ve implemented what most people might think of as “cloud computing.”  Yet these are all variations on a common theme, which leads me to propose my own basic definition: any client/server system that operates over the Internet.

To understand the potential policy and legal issues raised by cloud computing so-defined, one must break down the discussion into a 4-part grid.  One axis is divided into private data ( e.g., email) and public data (e.g., photo sharing).  The other axis is divided into data hosted on a single server or centralized server farm and data hosted on multiple computers in a dynamic peer-to-peer network (e.g., BitTorrent file sharing).

Examples User Data is Public User Data is Private
Centralized Server(s) Blogs Discussion boards Flickr Web-based email servers Windows Terminal Services
Peer-to-Peer BitTorrent FreeNet (article) Skype Wuala

Continue reading →

SHARE: 0 comments

Why Google won’t do evil

by on September 12, 2008 · 16 comments

In response to Adam and Berin’s excellent introduction to their Googlephobia series, invaluable TLF commenter Richard Bennett succinctly sums up the rap on Google.

There’s no denying that Google has the capacity to do some pretty heinous things with all the sensitive data stored on its servers. But the relevant question isn’t whether Google could do evil, but whether it realistically will. What incentive is there for Google to do anything but keep private data as secure as humanly possible? Sure, Google could earn a nice chunk of change if it were to sell user search queries to the highest bidder. But why would Google put its entire business on the line for a comparatively insignificant short-term gain?

A major privacy breach is Google’s nightmare scenario. If anything happened to cause users to lose trust in Google, they’d go someplace else for email and search. Advertisers would follow suit, causing Google’s stock price to plummet. Google might never be able to recover from a severe privacy fiasco. Obviously, Google is well aware of its vulnerabilities on privacy, which is why Google has incredibly strong safeguards to ensure that sensitive data can’t be uncovered by a rogue product manager with an itchy trigger finger.

Then there’s the liability issue. The multi-billion dollar lawsuits that would ensue were Google to suffer a data breach or an internal leak would deal a serious financial blow to the company, especially because Google’s privacy policy is more than just a comforting statement—it’s legally binding.

Continue reading →

SHARE: 16 comments

U.N. Attacks Internet Anonymity – VeriSign Lending a Hand?

by on September 12, 2008 · 8 comments

Declan McCullagh has done some great reporting this morning on an ITU plan to trace the source of all Internet communications. Meaning: no more anonymous speech online.

The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public.

Read the whole thing.

It’s particularly interesting to note the role of VeriSign in developing this surveillance capability for the ‘net. McCullagh quotes Tony Rutkowski of VeriSign stepping up to defend the plan. Rutkowski published a summary of the plan in May.

Great reporting by McCullagh. Not a great thing for VeriSign to be doing.

SHARE: 8 comments

Googlephobia: Part 5 – Google at Ten & Its Competition

by on September 11, 2008 · 0 comments

By Berin Szoka & Adam Thierer

As we noted in our intro to this ongoing series, Google’s tenth anniversary has passed with Googlephobia reaching new heights of hysteria.

But is Google really too big and dangerous, or are people just too lazy to find other alternatives to each of the wonderful services that Google offers?  If one is truly paranoid about the firm’s supposed dominance, it doesn’t take much effort to live a Google-free life. To prove it, we set out to find alternatives to each of the services that Google provides.  After awhile, we got a little tired of compiling alternatives in each category and just provided links for the additional choices at your disposal.  It’s tough to see what the fuss is about with the cornucopia of choices at our disposal.  If you don’t like Google, then just don’t use it or any of its services.  The choice is yours.

In each case, we’ve listed Google first, even though Google may not be the market leader ( e.g., Google’s relatively unknown social network Orkut).

Search Engines

Continue reading →

SHARE: 0 comments

Googlephobia: The Series

by on September 11, 2008 · 9 comments

By Berin Szoka & Adam Thierer as part of an ongoing series

With Google celebrating its 10th anniversary this week, many panicky pundits are using the occasion to claim that Google has become the Great “Satan” of the Internet.  Nick Carr wonders what the future holds for “The OmniGoogle.” The normally level-headed Mike Malone worries that Google is “turning into Big Brother.”  And Washington Post’s Rob Dubbin says that he can’t escape Google’s “tentacles,” even for just 24 hours.  Meanwhile, speculation abounds that the Justice Department is preparing a major antitrust lawsuit against Google concerning its advertising partnership with Yahoo! or perhaps even a broader suit concerning Google’s “dominance” of online advertising generally.

Carr quotes Google co-founder Sergey Brin’s now-famous 2003 interview:

I think people tend to exaggerate Google’s significance in both directions.  Some say Google is God.  Others say Google is Satan.  But if they think Google is too powerful, remember that with search engines, unlike other companies, all it takes is a single click to go to another search engine. People come to Google because they choose to.  We don’t trick them.

In the last five years, Google has become far more than just a search engine.  As Google’s suite of suite of complementary products continues to grow, so too does the specter of Google as an all-knowing and therefore all-powerful economic colossus.  Yet Google isn’t even close to being the sort of nefarious monopolist out to destroy user privacy at every turn, as some seem to imply—if not exclaim.  Indeed, in our view, the Net is overall a far better place because of the existence of Google and the many free services it provides consumers.

Our point is not that Google should be immune from criticism.  Indeed, healthy criticism of corporate actions plays a vital role in the free market by disciplining corporate policies and behavior—often thus providing an effective alternative to government regulation.  This is particularly important in the area of consumer privacy protection, as demonstrated by Google’s quick response to public concern about its Chrome EULA. Continue reading →

SHARE: 9 comments

Privacy Solutions (Part 2): Adblock Plus

by on September 8, 2008 · 16 comments

By Adam Thierer & Berin Szoka

The goal of our “Privacy Solution Series,” as we noted in the first installment, is to detail the many “technologies of evasion” (i.e., user-empowerment or user “self-help” tools) that allow web surfers to better protect their privacy online—and especially to defeat tracking for online behavioral advertising purposes.  These tools and methods form an important part of a layered approach that, in our view, provides an effective alternative to government-mandated regulation of online privacy.

In this second installment in this series, we will highlight Adblock Plus (ABP), a free downloadable extension for the Firefox web browser (as well as for the Flock browser, though we focus on the Firefox version here).

Adblock Plus

Purpose: The primary purpose of Adblock Plus is to block online ads from being downloaded and displayed on a user’s screen as they browse the Web.  In a broad sense, this functionality might be considered a “privacy” tool by those who consider it an intrusion upon, or violation of, their “privacy” to be “subjected” to seeing advertisements as they browse the web.  But if one thinks of privacy in terms of what others know about you, Adblocking is not so much about “privacy” as about user annoyance (measured in terms of distracting images cluttering webpages or simply in terms of long download times for webpages).  In this sense, ABP may not qualify as a “technology of evasion,” strictly speaking.  But, as explained below the fold, ABP does allow its users to “evade” some forms of online tracking by blocking the receipt of some, but not all, tracking cookies.

Cost: Like almost all other Firefox add-ons, both the ABP extensions and the filter subscriptions on which it relies (as described below) are free.

Popularity / Adoption: While there are a wide variety of ad-blocking tools available, Adblock Plus is far and away the leader.  ABP has proven enormously popular since its release in November 2005 as the successor to Adblock, which was first developed in 2002 and reached over 10,000,000 downloads before being abandoned by its developer and even today garners nearly 40,000 downloads a week.  This history of Adblock provides further details.

ABP was named one the 100 best products of 2007 by PC World magazine and is now the #1 most downloaded add-on for Firefox with over 500,000 weekly downloads, up significantly for just a few months.  In a blog post last month, ABP creator Wladimir Palant estimated that “no more than 5% of Firefox users have Adblock Plus installed,” but that percentage is bound to grow larger as more people discover Adblock.  As one indicator of ABP’s popularity, the number of Google searches for “Adblock” has nearly eclipsed the number of searches for “identity theft,” which seems like a far more serious concern than having to look at web ads. Continue reading →

SHARE: 16 comments

Privacy Solutions (Part 1): Introduction

by on September 5, 2008 · 10 comments

By Adam Thierer & Berin Szoka

Whatever ordinary Americans actually think about online privacy, it remains a hot topic inside the Beltway. While much of that amorphous concern focuses on government surveillance and government access to information about web users, many in Washington have focused on targeted online advertising by private companies as a dire threat to Americans’ privacy — and called for prophylactic government regulation of an industry that is expected to more than double in size to $50.3 billion in 2011 from $21.7 billion last year.

In 1998, when targeted advertising was in its infancy, the FTC proposed four principles as the basis for self-regulation of online data collection: notice, choice, access & security. In 2000, the Commission declared that too few online advertisers adhered to these principles and therefore recommended that Congress mandate their application in legislation that would allow the FTC to issue binding regulations. Subsequent legislative proposals (indexed by CDT by Congress here along with other privacy bills) have languished in Congress ever since. During this time self-regulation of data collection (e.g., the National Advertising Initiative) has matured, the industry has flourished without any clear harm to users and the FTC has returned to its original support for self-regulation over legislation or regulatory mandates.

But over the last year, the advocates of regulation have succeeded in painting a nightmarish picture of all-invasive snooping by online advertisers using more sophisticated techniques of collecting data for targeted advertising. The Federal Trade Commission (FTC) has responded cautiously by proposing voluntary self-regulatory guidelines intended to address these concerns, because the agency recognizes that this growing revenue stream is funding the explosion of “free” (to the user) online content and services that so many Americans now take for granted, and that more sophisticated targeting produces ads that are more relevant to consumers (and therefore also more profitable to advertisers).

Continue reading →

SHARE: 10 comments

Market Forces At Work: The PR Backlash Against Google Chrome’s EULA

by on September 4, 2008 · 29 comments

Most debates–from privacy to net neutrality–about consumer protection in Internet policy come down to the following increasingly-cliched exchange:

1. Advocate of Regulation: “The government must intervene to protect users against Companies who want to [___________] by writing new laws or regulations!”

2. Regulatory Skeptic: “Why don’t we rely on the FTC’s enforcement of End User License Agreements (EULAs), privacy policies and other terms of service (TOS) under existing law?  If companies spell out their policies clearly and then are required to stick to them, those policies will become part of competition:  Companies will compete for consumers by offering attractive policies the same way they compete for consumers by offering attractive products & prices.”

3. Advocate of Regulation: “That doesn’t work because nobody actually reads all that legalese!  They’re impossibly dense for non-lawyers, so companies always make such agreements as broad as possible to allow them to do whatever they damn well please–and bury all the really scary provisions.”

And yet… within 12 hours of releasing its new Chrome Browser, Google removed a clause from the Chrome EULA that essentially would have Given Google the right to whatever it liked with all content posted by users anywhere online using Chrome.  If this incident demonstrates anything, it’s that there are significant “market forces” at work to restrain companies from writing agreements & policies that allow them to screw consumers.  Indeed, it beautifully demonstrates why the Regulatory Skeptic ultimately wins this debate with one final response:

4. Regulatory Skeptic: “It doesn’t matter if 99%+ of users never read a EULA or TOS.  No matter how hard companies might try to bury some ominous provision, the relatively small number of consumer protection watchdogs who do read such provisions protect everyone else by calling attention to true areas of concern.  Not every blogger who complains about something he doesn’t like in a EULA is going to make Slashdot, but overall, provisions that cross a certain line will get public attention and most companies will bend over backwards to avoid bad PR.  So, the market does work to protect consumers without the need for further government regulation.”

Continue reading →

SHARE: 29 comments

← Previous Entries

Next Entries →