Privacy, Security & Government Surveillance

Rush Holt on FISA

by on June 19, 2008 · 4 comments

I’ve previously praised Rush Holt before for his thoughtful and energetic leadership on behalf of civil liberties issues. Over at TPM Cafe, he’s got a post explaining why he will not be supporting the FISA “compromise” tomorrow:

In reviewing the FISA legislation now under consideration, it is clear to me that it does not meet the criteria or the principles I shared with you earlier. The bill lacks the very specific “reverse targeting” protections I secured in the two previous House FISA bills we’ve passed. This goes to the issue of not being precise in who we are targeting. It appears to me that innocent Americans who are not “targeted” still may have their communications intercepted with ultimately damaging results. Also, the telecom immunity provisions are tilted in favor of the government and telecommunication firms, not the citizens. If enacted, this bill will ensure the plaintiffs never get their day in court. This bill contains an “exigent circumstances” provision–something so broad and undefined that virtually anything could be considered an “exigent circumstance.” That is not the way to conduct targeted intelligence collection designed to provide us with reliable, actionable intelligence on verified bad actors. This bill also has a four year sunset provision, which is entirely too long and which would have the effect of tying the hands of the next Congress and the next President in terms of making changes to the law. I agree with others who have commented that we have time to get this right. We do. The existing FISA statute has served us well and will continue to do so until we pass a more balanced FISA reform bill. This is not that bill.

Quite so. It’s too bad the majority of Holt’s colleagues don’t seem inclined to listen.

SHARE: 4 comments

FISA Doesn’t Expire

by on June 19, 2008 · 4 comments

The Hill generally does a great job of covering the Hill, but this story needed some fact-checking:

The Foreign Intelligence Surveillance Act (FISA) will be brought to the House floor on Friday, Majority Leader Steny Hoyer’s (D-Md.) office said.

The Foreign Intelligence Surveillance Act was brought to the House floor 30 years ago. What’s being brought to the floor tomorrow is an amendment to FISA that is likely to significantly weaken the system of judicial scrutiny established in that law.

This isn’t just nitpicking. Back in February, the president and his allies did their best to create the impression that FISA itself was expiring, and that the NSA would no longer have the authority to spy on terrorists. This was nonsense. FISA isn’t set to expire ever, and on top of that the president has all the authority granted by the FISA provisions of the Patriot Act. Writing that Congress is bringing “FISA” to the floor re-enforces this misleading narrative.

SHARE: 4 comments

Nuclear Plans and Privacy

by on June 16, 2008 · 4 comments

Over at Cato@Liberty, I have a post up about how the suspected release of nuclear plans to the A.Q. Khan smuggling network relates to your privacy – and to copyright law.

SHARE: 4 comments

Rigid federal mandates hinder privacy technologies

by on June 16, 2008 · 6 comments

Privacy laws threaten e-commerce innovation, as Wayne Crews and I argue in an op-ed in yesterday’s San Jose Mercury News:

Politicians have long used corporations as convenient whipping boys, and the technology industry is no exception. Today, tech companies face political attacks over their online privacy policies. Rep. Joe Barton, R-Texas, for instance, recently demanded that Google provide a detailed explanation of how it stores user search queries. The federal government, so eager to safeguard privacy, is itself the worst offender, unwilling to abide by the same stringent opt-in standards that regulations would impose on private firms. The post-Sept. 11 push for compulsory national ID cards, warrantless wiretapping and escalating data retention mandates reveal a government inclined toward violating privacy, not protecting it.

Continue reading →

SHARE: 6 comments

The Kozinski Kerfuffle: Dueling Privacy Analogies

by on June 14, 2008 · 5 comments

Via Randy Barnett on Volokh: Larry Lessig has a passionate defense of 9th Circuit Judge Alex Kozinski, whose family’s file server had some edgy and ribald files on it, which files could be accessed over the Internet. A lawyer with a grudge against Kozinski is apparently seeking to discredit the judge for the appearance of these files on his server, and there has been some discussion of whether Judge Kozinski should recuse himself from trying an obscenity case. (Though he is a circuit judge, he is sitting by designation as a trial judge.) Eugene Volokh has a similar post.

Kudos to Professor Lessig for his defense of Judge Kozinski, with whom he likely has some ideological differences. He didn’t have to say anything, and it’s to his credit that he did. Volokh is good to his long-time professional colleague.

On the merits, I share the views of both – what I’ve seen of the files are risque and sometimes boorish or gross, but they’re well within the mainstream of naughty Web humor. Were he not a respected judge sitting at an obscenity trial, the presence of these files on a family server would mean less than nothing.

The pair of comments intrigues me, though, because both draw real-world analogies to illustrate the privacy issues at play. Here’s Lessig: Continue reading →

SHARE: 5 comments

AZ Legislature: No to REAL ID

by on June 12, 2008 · 5 comments

The Arizona legislature has passed a bill to refuse participation in the REAL ID Act. The House vote was 51 to 1.

SHARE: 5 comments

ID Checks are About Control, Not Security

by on June 9, 2008 · 40 comments

If there was ever any doubt that ID checks at airports are about control and not security, the Transportation Security Administration is clearing that up. Starting June 21, it says, “passengers that willfully refuse to provide identification at security checkpoint [sic] will be denied access to the secure area of airports.”

The claim is that this initiative is “the latest in a series designed to facilitate travel for legitimate passengers while enhancing the agency’s risk-based focus – on people, not things.” So let’s take a moment to look at how refusing airport access to the willful enhances security.

. . . OK! We’re done!

No terrorist or criminal would draw attention to him or herself by obstinately refusing an ID check. This is only done by the small coterie of civil libertarians and security experts who can’t stand the security pantomime that is airport identification checking. The rest of the people traveling without ID have lost theirs – and TSA officials at airports have no way of knowing which is which.

This new rule will do nothing to improve airport security, but watch for the incident when a TSA agent “doesn’t believe” someone who has truly lost his or her driver’s license and tries to strand a traveler in a faraway city.

SHARE: 40 comments

Orin Kerr: Not an Empty Vessel and Not Responsive to my Point

by on June 6, 2008 · 5 comments

Orin Kerr has a post up on the Volokh Conspiracy addressing my post here on his draft paper defending the third-party doctrine.

He echoes back the divide between us on what should animate analysis of the Fourth Amendment:

I treat the Fourth Amendment as a doctrine about criminal procedure, while Jim treats it as a way of ensuring a free society. The two approaches lead to very different criteria for analyzing Fourth Amendment rules. My approach generally focuses on whether rules pragmatically balance public safety and civil liberties in a regime backed by the exclusionary rule, whereas Jim’s approach looks to what is necessary to protect civil liberties and generally assumes that other legal mechanisms can take care of public safety concerns.

I do treat the Fourth Amendment as a tool for ensuring a free society, but I don’t put the “free society thesis” ahead of the text of the amendment, which I parroted repeatedly in my post. It’s odd – though well within mainstream legal thought – to treat as criminal procedure a part of our fundamental law that makes no mention of criminals whatsoever.

Kerr raises the original meaning of the amendment – actually, what motivated its authors. I’m not sure why he does this – to justify not working with its actual text? According to one scholar, the intent of the Framers in the Fourth Amendment was to prevent general warrants. They did this and proscribed unreasonable searches so, whatever their intention, they included more in the amendment. And I maintain that it was to secure the people against unreasonable searches, because that’s what it says.

“I suspect many criminal procedure scholars are drawn to this notion because many crimpro scholars are strongly civil libertarian,” Kerr says. “But the judges see themselves doing something very different; they see themselves figuring out the rules of criminal investigations. As a result, judges normally find most Fourth Amendment scholarship pretty unhelpful.”

He is writing for these judges: “My general approach is to work within the consensus understanding held by the rulemakers and to think about how to apply that understanding rather than to change it.” Kerr characterizes his work as “descriptive: I think this is what the Fourth Amendment means because this is what the Justices and the judges think it means.”

But there’s a problem with this claim: His paper is called “The Case for the Third-Party Doctrine” (emphasis added) and it provides justification for that doctrine. That’s not description. Would you believe it if a lineman in a football game stood up between plays and said, “Y’know, I’m not really in this.”

But before I’m sucked under by the legal-academic vortex Kerr threw in front of me, I should note that he never addresses my challenge to his theory of technological neutrality:

The interplay of the Fourth Amendment and technology is interesting, but I don’t think technological neutrality is a terribly relevant or useful metric for Fourth Amendment doctrine. Since the Fourth Amendment was adopted, technology has certainly shifted the scope of human enterprise. I imagine that in the late 1700’s most everything of deep import to people’s lives—personal and professional—happened in or near the home, so it was natural that the home was a place of high Fourth Amendment protection, and “home” was a useful proxy for “what should be protected.” Since then, technological changes of all kinds have given us the freedom to take our lives outward. We move around much more within our communities and from one to another; we stay in different places and move our residences much more often; we communicate and transact using new technologies; and our things—both tangible and digital—come to rest many more places than they used to.

What matters is not maintaining “technological neutrality,” but maintaining people’s security in their persons, houses, papers, and effects despite changes in technology. Kept in place, the third-party doctrine will cause changes in technology to undermine people’s privacy. It must be abandoned to preserve the privacy status quo and to restore the level of privacy sought by the Framers through the language they used in the Fourth Amendment.

SHARE: 5 comments

Google, California’s Privacy Policy Law & Our Sci-Fi Future

by on June 4, 2008 · 12 comments

As Jim has mentioned, Google stands accused of violating a California law that requires a website operator to “conspicuously post” a link to its privacy policy on its “home page or first significant page after entering the Web site” with the word “Privacy” in a larger font than the rest of the page’s text.

Are we not fortunate to have state laws that make it possible for customers to actually find website privacy policies? With all the billions of documents floating out there in the dark and mysterious pipes and tubes of the so-called “Internet,” how on earth would any simple user ever find the Google privacy policy if Google were not required by law to include an obvious link to that policy on its homepage? Some modern-day da Vinci would have to invent a technology that could magically index every single webpage in existence and let users find—or “search,” to use a classic science-fiction term—for that particular webpage by typing the words “Google privacy policy” and clicking a button.

Until such fantastic Jules Verne-style technologies are developed in some distant century, it is obviouslyvital that each and every state government develop its own requirement as to how website operators—especially those that purport to offer fantastic-but-as-yet-clearly-impossible “search” services—must clutter their websites’ homepages with links to information that no user could ever possibly find on his or her own with today’s crude technology.

Of course, even if such “search engines” (to coin an unlikely phrase) actually existed, the burden on consumers of typing seventeen (17!) letters—plus two (2) spaces and perhaps even two (2) more quotation marks for a total of up to twenty-one (21!) agonizing-to-type characters—would have to be reduced dramatically through some additional innovation or Esperanto-like simplification of the English language before we could reasonably expect that average consumers might be able to find privacy policies on their own without the benefit of California’s enlightened net-paternalism. Continue reading →

SHARE: 12 comments

Tunneling your way around ISP traffic manipulation

by on May 22, 2008 · 40 comments

Stuck with limited ISP choices, broadband users are increasingly angry with the growing number of providers that poke around in their customers’ traffic. From resetting Bittorrent sessions to sniffing packets for URLs, more and more providers are wielding their power as the “man in the middle” to monitor and manipulate traffic in unpopular and possibly illegal ways. While these practices can be beneficial, tech-savvy consumers are understandably agitated. Congress is now considering legislation that would outlaw these ISP practices.

Instead of urging lawmakers to enact sweeping new laws that would often do more harm than good, broadband users should look to the recent emergence of commercial secure tunneling services. These services remind us that the marketplace is perfectly capable of resolving skirmishes without government getting involved.

Numerous companies have begun to offer encrypted tunnels using Virtual Private Networks (VPNs). These networks have long been used for a variety of reasons, and are popular with network security experts because of how well they protect data from outside snooping. By tunneling traffic through secure links, broadband users can break free from the constraints imposed by ISPs on certain types of traffic. Routing peer to peer applications through these tunnels makes them almost entirely indistinguishable from other types of traffic—even to stateful packet inspection tools like Sandvine that are undeterred by header encryption.

Tunneling traffic via encrypted, remote servers is also one of the toughest targets for ISPs. Many corporate users and university students connect to VPNs for necessary reasons, and there’s no easy way for an ISP to distinguish “legitimate” VPN traffic from the other kind. And with new secure tunneling firms popping up all the time, simply blocking the IP-address ranges of known tunnels is no solution. Absent a VPN Whitelist—highly infeasible given the growing number of VPNs in the wild—ISPs will soon realize that, no matter how much they invest in packet inspection tools like Sandvine and Phorm, informed users will always find a way to stay a step ahead.

Continue reading →

SHARE: 40 comments

← Previous Entries

Next Entries →