In February, Department of Homeland Security Secretary Michael Chertoff said the following about the REAL ID Act: “If we don’t get it done now, someone is going to be sitting around in three or four years explaining to the next 9/11 Commission why we didn’t do it.”
Alice Lipowicz of
Washington Technology reported on REAL ID today:
[Chertoff] and other DHS officials have said that older drivers present a lower terrorism risk and, therefore, might be allowed more time to switch to Real ID licenses. According to the Washington Post, DHS might extend the deadline to 2018 for drivers older than 40 or 50. Moreover, states will have more time to implement the act, Chertoff said.
DHS had previously extended the statutory May 2008 deadline for beginning implementation to December 2009 and recently set 2013 as the deadline for full implementation.
2013 is more than 5 years from now – 2018 is more than eleven. For all Chertoff’s urgency at the beginning of the year, has the Department abandoned its mission to secure the country?
Of course not. But Chertoff and the DHS were clearly trying to buffalo the Congress and the American people on REAL ID earlier this year. They haven’t succeeded.
Happily, this national ID system doesn’t add to our country’s security as its proponents have imagined. We are not unsafe for lacking a national ID. I explored all these issues in my book
Identity Crisis.
If REAL ID were a sound security tool, pushing back the deadline for compliance would be a security risk, of course, as would reducing the quality of the cardstock used to make REAL ID-compliant cards – another measure DHS is considering.
Forget security, though. DHS is straining to get the program implemented just so it can claim success and save some face.
“[T]hose who are singing a funeral dirge, I think they’re singing the wrong tune,” Chertoff said November 6th. Alas, as before, Secretary Chertoff is the one more likely to sing a different song.
Ryan Singel points out even more problems with Joe Klein’s follow-up post on his train wreck of a column:
In his two follow-up blog posts, Klein compounds his errors and valiantly argues he is right that the Dems are coddling terrorists because a bill passed by the House says that if the NSA targets a foreigner or group of foreigners who will likely communicate with someone inside the United States, the spies need to get court approval.
Klein says this gives foreign terrorists the same rights as Americans.
But, this restriction is only true when the nation’s spies are wiretapping fiber optic cables, telecom switches and web mail providers INSIDE the United States.
Klein continues to miss this most crucial distinction in the debate, which is why THREAT LEVEL, paraphrasing Klein’s column, continues to believe that Klein is well beyond stupid. He’s dangerous.
Outside the United States, such wiretapping isn’t even defined as surveillance and it never has been.
If the NSA is listening in on cell phone calls in Iraq, they don’t need a warrant nor do they need court approval of their techniques.
If the Iranian cell phone user they are listening in on calls an American, they don’t have to stop and get a warrant. Instead they follow long-established minimization procedures that disguise the American’s name, unless there’s a good reason not to.
Wiretapping inside America is the whole reason various bills are being debated. After a secret spying court decided last spring that the government’s wiretapping inside America without having particularized warrants was illegal, the Administration began pushing for new powers from Congress. The administration then scared Congress into rush passage of a bill that massively expanded the government’s spying powers outside and inside the United States, without any real expansion of oversight.
But Klein can’t grasp this simple point, which may be why he defends himself by saying that bills are hard to read and details are unimportant
I can write half-baked articles about subjects I don’t understand. Where’s my
Time column?
I had fun just now looking over the Northern Virginia Technology Council’s upcoming dog-and-pony show promoting the REAL ID Act. It’s a big business opportunity for Washington, D.C.-area technology vendors – nevermind that this national ID law is dying because of nationwide disapproval.
Why fun? Because clicking on the link to Gold Sponsor Wiley Rein LLP, I saw the promotional blurb below their Web banner: “‘Demonstrates a high-caliber command of privacy’ issues. – Computerworld” (It rotates through blurbs – you might have to hit reload once or twice to see it for yourself.)
You can’t promote REAL ID and claim a command of privacy issues. So which is it gonna be?
And what other promotional blurbs might go there? Let’s see ’em in the comments. A few to prime the pump, after the jump.
Continue reading →
The most frustrating thing about the Klein fiasco is that I can think of a number of people who actually know a lot about the FISA issue and could have provided Time‘s readership with useful information about the state of the debate. At a minimum, they should be able to find someone who can at least take the trouble to read the text of the legislation he’s writing about.
The RESTORE Act is about 20 double-space pages long. You can read it in under an hour. I did it when I was writing up the story for Ars. Ars has a lot fewer readers than Time, and I guarantee you that Klein got paid more for his column than I got paid for my article.
There’s been a lot of commentary of late blaming the Internet for undermining the high journalistic standards of the mainstream media. Well, it doesn’t get more mainstream than Time. So why didn’t the magazine’s vaunted editors notice that Klein’s “summary” was riddled with errors? If Klein couldn’t be bothered to read the bill, shouldn’t Time have assigned a fact-checker to do so? And how do we explain the fact that Internet-centric journalists like Greenwald and Singel (not to mention up-and-coming journalists like Julian) can run circles around Klein on the FISA issue?
Last week, Joe Klein penned a column purporting to show that the Democrats still didn’t “get” national security issues. It included this charming paragraph:
There is broad, bipartisan agreement on how to legalize the surveillance of phone calls and emails of foreign intelligence targets. The basic principle is this: if a suspicious pattern of calls from a terrorist suspect to a U.S. citizen is found, a FISA court warrant is necessary to monitor those communications. But to safeguard against civil-liberty abuses, all records of clearly nontargeted Americans who receive emails or phone calls from foreign suspects would be, in effect, erased. Unfortunately, Speaker Nancy Pelosi quashed the House Intelligence Committee’s bipartisan effort and supported a Democratic bill that — Limbaugh is salivating — would require the surveillance of every foreign-terrorist target’s calls to be approved by the FISA court, an institution founded to protect the rights of U.S. citizens only. In the lethal shorthand of political advertising, it would give terrorists the same legal protections as Americans. That is well beyond stupid.
Now, as Glenn Greenwald and Ryan Singel ably explain, virtually every word of this is false. In fact, it’s so confused that it’s hard to figure out what he’s even talking about. I have no idea what the “House Intelligence Committee’s bipartisan effort” is supposed to refer to (Greenwald and Singel are equally confused), but it certainly doesn’t require warrants for overseas surveillance, which has always been outside the purview of domestic laws. And the RESTORE Act specifically exempts domestic wiretapping of foreign-to-foreign calls from the reach of the FISA courts.
Continue reading →
Hmmm. What to do. I’ve already got a law. Harper’s law states: “The security and privacy risks increase proportionally to the square of the number of users of the data.”
So maybe I also have to have a theorem. Harper’s Theorem states: “People call privacy a ‘right’ just before they drop it in the blender.”
So my blender detector went on high alert today when I saw Hugo Teufel characterize privacy as a “fundamental right”
twice in a recent post on the Department of Homeland Security’s Leadership Journal blog. He’s Chief Privacy Officer at DHS.
Continue reading →
I’ve testified and written several times about how such things as REAL ID and “electronic employment eligibility verification” are threats to our identity system. Collecting identity information in one place is the creation of new security risks. Now the UK has proven it – so we don’t have to!
The sensitive personal details of 25 million Britons could have fallen into the hands of identity fraudsters after a government agency lost the entire child benefit database in the post.
A major police investigation is being conducted after Alistair Darling, the Chancellor, admitted yesterday that names, addresses, birth dates, national insurance numbers and bank account details of every child benefit claimant in the country had gone missing.
Most likely, this data is just lost, but in the wrong hands it would provide criminals all they need to impersonate any of these 25 million people.
The persons responsible have been sacked. Specifically, Paul Gray, chairman of HM Revenue & Customs office.
Patient Privacy Rights is campaigning to restrict the use of prescription information. I was impressed by their video.
http://www.youtube.com/v/sdoyMFPxlBY&rel=1%22%3E%3C/param%3E%3Cparam%20name=
The thing I like about the campaign is that it’s mostly directed at pharmacy chains. I’d like pharmacies’ practices with prescription information to be one of the dimensions on which they compete. We need more information and we should use it when we decide which pharmacy to go to.
A wee quibble: The video talks about what the law should be, and the campaign cc:s members of Congress. I’m not impressed with legislative attempts to protect privacy. The legislative process is a playground dominated by organized interests – governments, corporations, and their lobbyists – not by consumers. In fact, the PPR site links to a Hastings Center report that documents nicely how the HIPPA “privacy rule” is not a privacy protection at all. My own effort on that score, from a few years back, is here.
That gloss aside, though, restriction of prescription information is the right outcome, and addressing the issue to pharmacy chains in the right way to pursue it.
Glenn Greenwald reports that the House will be bringing the RESTORE Act up for a vote today. I wasn’t thrilled with this legislation last time it was brought up for a vote, but there have apparently been enough improvements made to convince Rep. Holt to vote for it, which is a good sign. It’s certainly much better than the horrible legislation in the Senate version, and crucially it includes no immunity for telecom providers.
Here are some good comments by Rep. Lloyd Doggett of Texas:
http://www.youtube.com/v/E-BZGYRUu28&rel=1
Now might be a good time to call your Congresscritter and let him or her know how you feel about warrantless surveillance and telecom immunity.
Update: Just to be clear, the suggestion that you call your member of Congress is a personal recommendation, and shouldn’t be construed as the position of any organizations with which I might be affiliated.
When Google Privacy Counsel Peter Fleischer introduced the company’s call for global privacy standards, I thought he mangled some basic concepts. He’s not the first, and others have gotten it worse – and more threateningly so – since.
But I’m impressed with the general tenor of his recent comments encouraging a focus on preventing consumer harm. Many in the privacy community are deeply wedded to “Fair Information Practices” – a varying set of rules that, followed by rote, would allegedly take care of privacy. Well, they don’t. They produce a lot of churn, and they soak up a lot of energy with regulation, compliance efforts, and what-have-you. But they don’t address what matters: protection of actual privacy and prevention of consumer harm.
“FIPs” aren’t all bad. Some of them are good. Some conflict with others. They’re just not a helpful framework for addressing the problems presented to us by the information age.
Last year, the DHS Privacy Committee produced a document unpacking the human values that matter (generally referred to as “privacy”). The focus should be on how information practices affect privacy and related values – chiefly, whether modern information practices cause people harm.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.