Privacy, Security & Government Surveillance

The Department of Homeland Security often invokes the 9/11 Commission when it discusses REAL ID. A recent DHS press release called REAL ID a “core 9/11 Commission finding.”

In fact, the 9/11 Commission dedicated about three-quarters of a page to identification security – out of 400+ pages of substance. See for yourself. Page 390.

I originally started studying and writing about privacy policy because I thought the advocates in Washington, and Congress itself, didn’t have a full grasp of the issues. They were treating privacy as a political football, and grinding their political, ideological, and self-interest axes on “the privacy issue.”

Illustrating how that problem may persist, Declan McCullagh has a strong rip on the Electronic Privacy Information Center on his Iconoclast blog. It seems that EPIC and some of its allies recently filed a strongly worded complaint with the Federal Trade Commission about problems with AskEraser that no longer exist.

The AskEraser cookie originally had a time-stamp that could act like a unique identifier, so Ask.com changed it. Nonetheless, in went EPIC’s “Complaint and Request for Injunction, Request for Investigation and for Other Relief.”

The government’s undirected, surveillance-heavy overreaction to the 9/11 terrorist attacks brought me together with lots of folks with whom I disagree on lesser issues like private-sector regulation and privacy practices. I often joke that people will know their privacy is pretty well protected when I’m back to fighting with EPIC and the ACLU. Well, I don’t intend to pick a fight now, because there’s still too much to be done, but a privacy advocacy group shouldn’t just be an FTC-complaint mill.

Declan speculates that EPIC files with the FTC rather than suing (there are some arguable causes of action) because courts would sanction them for frivolous filings. Prospectively calling EPIC’s future bluffs, he says: “The next time you see them complaining to the FTC about some alleged wrongdoing, remember these attorneys’ odd reluctance to litigate.”

Jon Stokes at Ars Technica analyzes the REAL ID Act from in terms of Americans’ data security and personal security. He finds REAL ID wanting.

(Shades of Harper’s Law.)

John Yoo has a deeply self-indulgent, book-promoting essay in the Philadelphia Inquirer today about the legal case filed against him by convicted terrorist Jose Padilla. A commenter on Volokh quotes Yoo, takes his point, and makes him downright ridiculous.

Think about what it would mean if Padilla were to win. Government officials and military personnel have to devise better ways to protect the country from more deadly surprise attacks.

Yes that would be horrible.

Too funny. Legal merits aside, I guess we should all be with Padilla now!

Incidentally, I think I might have to try this next time I fly. Chris says that not only does the TSA rarely give him a lot of trouble, but often it actually gets him through the line faster, because they stick him in a special (shorter) trouble-makers’ line. Or if you don’t feel like explicitly asserting your rights, you can just state that you forgot to bring your ID.

I’m at Princeton’s cloud computing workshop. One of the most interesting people I’ve met here is Chris Soghoian, creator of the legendary TSA boarding pass generator and author of a CNet blog on privacy and security issues. Somehow until now his blog had not yet made its way into my feed reader, but that oversight has been corrected.

One of the conference speakers is the founder of wesabe, a fascinating site for managing your finances. As Luis notes, they seem to be a company that takes security and user autonomy seriously.

At his press conference announcing the REAL ID Act last week, Department of Homeland Security Secretary Michael Chertoff said:

We are not going to have a national database. REAL ID does not require that states start to collect additional information from applicants that they have not already created. We are not going to wind up making this information available willy-nilly. In fact, the steps we are taking under REAL ID will enhance and protect privacy rather than degrade and impair privacy.

[A]mong the things we’re doing under REAL ID is requiring that state motor vehicle agencies have in place background checks and security plans for their databases at – in terms of the motor vehicle information. Traditionally, again and again we have seen corruption at motor vehicle agencies leading to people improperly disseminating personal information. These security plans and these background checks will actually minimize the risk that employees will improperly take that information and disseminate it.

Meanwhile, Section 508 of the Court Security Improvement Act of 2007, signed into law by President Bush last week, allows federal judges and Supreme Court Justices to withhold their addresses from the REAL ID database system, giving the addresses of their courts instead.

The federal judiciary evidently doesn’t trust Secretary Chertoff’s assurances.

I earlier suggested that the upcoming Heritage event on the REAL ID Act was a “must miss” because it featured only national ID proponents.

Since then, I have been turned on to Digimarc lobbyist Janice Kephart’s YouTube page. It’s a must see. Here’s a taste:

http://www.youtube.com/v/cMA7ckoOBYI&rel=1

She also has a MySpace page. The entertainment value of the Heritage event has risen.

Update: The video I originally selected has been taken down. I’ve inserted another.

Confirming my suspicions about its involvement, here’s an AP story reporting that Beaverton, OR-based Digimarc spent $350,000 lobbying for the REAL ID Act. Direct lobbying is only a small part of the PR and outreach efforts that go into a public policy effort.

Previously, I noted that Digimarc lost money in 2007. A wounded animal is the most dangerous. I think that may apply to this corporation, which is now clearly a direct enemy of Americans’ freedom.