Privacy, Security & Government Surveillance

Tom puzzles out the Petraeus Report’s recommendation for a more active military presence in cyberspace:

I first heard this on the radio, and it seemed a little weird to me. Not because I doubt the existence of insurgent-run websites filled with flash video of roadside bombs, LOLcatted stills from A Mighty Heart and comment threads filled with “INSURGENCY FTW!!”, “ANBAR SUX0Rz” and unflattering analogizing of Sunni Islam to the Playstation 3. I’m sure those sites are out there. I can even believe that they serve a significant recruiting function for people who do genuinely bad, genuinely non-virtual things. But it was a bit odd to hear a military commander say that, in addition to the attention we’re paying to people getting shot and blown up, we also need to spend more time dicking around on the internet, presumably countering the nasty internet trouble made by our enemies. For one thing, suppressing online content does not have a particularly storied history. Given that, it seems like the intelligence value of these sites would probably outweigh the utility to be gained by shutting them down. DMCAing the Mahdi Army’s MySpace page would just shut down a marginal source of propaganda. Why bother? It’d be far better to just quietly keep an eye on their top 8 (who is this shady “CamGirl69” character, anyway?).

In a follow-up post, he answers his own question:

In response to my last post a much-better-informed little birdy sent me a transcript of a Homeland Security Committee hearing about online Islamic extremism. It was an interesting read, and I may say something else about it later. But for now, here’s the part that was most immediately striking: “In an effort to raise its visibility and recruit new members… an Iraqi insurgent group held a website design contest open to anyone in the world with an Internet connection. And what was the prize given to the winner of that contest? The opportunity to launch a rocket attack against American forces in Iraq with just the click of the mouse from the winner’s computer.” It’s inhuman and morally outrageous, yes. But man, that’s a pretty good idea for an online contest. If you could just tone down the evil you might really have something there.

In an excellent post, Michael Arrington at TechCrunch has picked up and expanded on my post here about the ITAA’s advocacy in favor of REAL ID. His title “Conflicts of Interest: . . .” draws out nicely the schism that ITAA’s advocacy for REAL ID creates for its membership. They work to serve us when they sell products directly, but work to hurt us when they sell surveillance infrastructure to the government.

Helpfully, he also provides links to information at WashingtonWatch.com about the House and Senate bills to repeal REAL ID.

I was frank about Google miscontruing privacy the other day. I’ll be frank about DHS Secretary Michael Chertoff likewise missing the mark in his recent Leadership Journal post, “Privacy and Security.”

Like Google’s Peter Fleischer, Chertoff calls privacy a “right” – in this case, a “fundamental right.” (Two data points is a trend!: People call privacy a “right” just before they drop it in the blender.)

Unlike Fleischer, Chertoff edges up to Orwellian: “Our efforts to secure our homeland need not harm our privacy. Rather, in many cases they can actually strengthen it.”

I’m dubious. How so?

Continue reading →

Indirectly, anyway. They are members of the Information Technology Association of America, which continues to plead lamely for federal funding of the REAL ID Act, the United States’ moribund national ID law.

I’d been considering writing about an opinion poll purporting to favor REAL ID that ITAA has been touting this week, but mostly thought it should remain obscure. The headline of a Washington Technology article by Alice Lipowicz was too good to pass up, though:

ITAA to Congress: Cut a Check for REAL ID Now

I’ve long thought highly of the ITAA – they’ve taken many sensible pro-innovation and anti-regulatory positions over the years – but it’s embrassing to watch their slavish begging for federal dollars – all to build infrastructure that attacks the nation’s values.

A trade association representing the interests of its members in Washington is one thing. A gaggle of lobbyists that fishes around the Beltway for federal money – that’s quite another. I don’t think the people and companies in the tech industry are well represented by an organization that tries to promote a national ID, given the surveillance and tracking that attends it.

Take a look at their membership list for companies you’re familiar with. Indirectly, they’re supporting the REAL ID Act too. You could let them know what you think of that directly by contacting them or indirectly by withdrawing your patronage.

Here’s conservative Republican presidential candidate Mike Huckabee on the REAL ID Act:

. . . REAL ID, that’s a huge mistake. It’s putting a burden on a state that should not be the state’s function, which is to provide the frontline of national security defense at the hands of a DMV worker at a state office. That’s absurd. And then not funding it. That’s a real problem. If you’re going to have federal program then the feds ought to pay for it.

Everyone should have a windmill to tilt at, right? Mine is collection of SSNs by accounting departments that don’t need them, such as when they reimburse me for travel expenses.

Here’s my latest effort to work that issue, in an email sent to the American Institute of Certified Public Accountants:

Continue reading →

Following on my post yesterday, Tim Lee has written a story at Ars Technica. Anne Broache of CNET also investigated the REAL ID advocacy training DMV bureaucrats are getting.

Update: Ryan Singel on Wired’s Threat Level blog also picked up the story.

So, here’s a question: Are state DMV bureaucrats using or planning to use DHS grant funds to lobby for REAL ID? Whether or not that’s a legal violation, it is certainly an ethical one.

In a breezy post on the Department of Homeland Security’s new blog, DHS Secretary Michael Chertoff writes about the federal government’s lawsuit to overturn an Illinois workplace privacy law. The “Right to Privacy in the Workplace Act” will restrict the ability of Illinois employers to enroll in the federal government’s “E-Verify” system, which runs all new employees through a federal background check to determine if they’re entitled to work under federal law. Illinois has got it right. There shouldn’t be a federal background check before you can work.

Chertoff takes on some objections to “E-Verify” one by one. Let’s take his responses one by one.

Continue reading →

Throw out everything you learned in civics class. The legislators who represent you in Congress and your statehouse are just figureheads. The real work of governing is done behind the scenes, by the bureaucracy. This is why the REAL ID Act – all but dead – is still a threat to your privacy.

This week, state bureaucrats are gathering at a vendor-sponsored conference on REAL ID at the Renaissance Washington Hotel here in D.C. Session titles include Clarifying The Different Funding Options – Where Exactly Is The Money Going To Come From? and Developing A Practical Roadmap For Real ID Implementation. With public opinion set against REAL ID, here’s a session that’s particularly interesting:

Bringing Your Public Onboard For Smoother Legislature Changes . . . [E]very State DMV needs to find a way to educate their public so that they can ensure the legislature changes necessary to become Real ID compliant. So how exactly can you do this? This session will examine how you can change your public’s perception as quickly and as cost effectively as possible.

• Listen to your people: Examining the direct impact on your public so that you understand the perception you are trying to change
• Know which marketing methods will be most effective at reaching your public
• Examine how much of your budget a public relations exercise is worth: Measuring cost against outcome