Well Known Biases

Politics, Economics, and the Law

Category Archives: Privacy

They Shan’t be Content Till We’re All Naked and Tagged

“They would be the shepherds over us, their sheep. Certainly such an arrangement presupposes that they are naturally superior to the rest of us. And certainly we are fully justified in demanding from the legislators and organizers proof of this natural superiority.” – Frédéric Bastiat

Or, perhaps another quote would have sufficed; “Who watches the watchmen?”

Technology marches on, steadily introducing new avenues for oppression. And it would seem that They won’t rest until the whole of us have been examined, numbered, and cataloged. “They” seems to encompass a variety of people and organizations, all of whom appear to believe that the key to making the world More Decent is just a little less privacy for everyone.

For example, the FBI wants tech companies to provide built-in back doors for government access. Presumably, if you oppose the idea of all your social media and communications software coming set up for government snooping, you probably support Terrorism and/or Child Pornography. The rhetoric nearly always frames these sorts of things as the false choice between either “Giving law enforcement the Tools It Needs” or “Letting the bogeymen win.”

The NSA, as part of their continuing efforts to elevate themselves to the status of comic book villains, informed the Senate’s Intelligence Oversight Committee that they essentially had no idea how many Americans had been spied on, couldn’t devote the manpower to figure this out without hindering their ability to continue spying, and would consider it a violation of citizens’ right to privacy to say, even if they did know. I don’t even know where to begin. I would certainly hope the NSA knows how many Americans it has intentionally spied upon. That should be simple math, counting up the files. I can certainly believe they may not know how many Americans have been accidentally spied upon. This is an agency that is attempting to analyze all communications. All. That they’d be unaware they were listening in on your calls to Aunt Mavis back at the farm until someone told them it was happening is completely believable. That doesn’t mean it’s okay, just that it seems like a very real possibility. But that they would tell the people in charge of their oversight that it would violate Americans’ privacy to know that their privacy was being violated is some kind of insane troll logic. It’s hard to formulate a good reply, because you don’t even know how they could arrive at that conclusion.

Or perhaps we do know how they arrive at these sorts of conclusions. These are the kind of statements and policies put forward by people who firmly believe themselves to be our betters. They’re doing important work; protecting the sloppy masses from the demons that live in this world. Demons we may not even be aware exist. Their power has made them arrogant, and given them a profound sense of entitlement. Good People do Good Things, and they are Good. As such, how could anything they do be Bad? They are the Holy Paladins, who’ve turned into the demons they fight.

Or perhaps they’re just thugs. It’s probably a coin toss.

But at least neither the FBI nor the NSA is advocating that everyone be bar-coded (at least not yet). Elizabeth Moon is suggesting just that. This is one of those fanciful ideas that probably seems just swell to the same sort of people who’d advocate for more surveillance. The idea being that our wise rulers are hampered greatly due to the fact that they’re not omniscient. So, naturally, instead of restricting their powers to minimize the damage they can do, we should instead try and get them as close to omniscience as possible.

Moving right along, a company called IDair has developed a system capable of reading fingerprints from six meters away.  The current customers are, predictably, military. But the creator sees the system being rolled out for civilian purposes, foreseeing, among other uses, being used as a way to purchase things without bringing your wallet. This presupposes a system where your bank account is tied to your biometrics. This is probably one of those things that either bothers your a lot, or not at all. I’m firmly in the first camp.

Perhaps IDair could be used right alongside the cameras being deployed around twenty San Francisco bars. SceneTap is the company installing the cameras, and the goal is apparently to build demographic data so that you know which establishments you’d like to go to, when you’re out on the town. Fair enough. But if we take a stroll down the slippery slope, how soon until a system such as this would be used for more objectionable purposes? Facial recognition linked to biometric databases could be used to determine whether a bar patron is of age. Or perhaps subpoenaed for a divorce case to cast one parent’s visits to the local watering hole as evidence of their unfitness to raise children. Crack open a cold one, and let slip the dogs of well-founded paranoia.

In the name of fighting the never-ending War on Drugs™, the DEA would like to scan the license plates of all vehicles travelling I-15 in Utah. Then they’d like to keep that data for two years. This would create a record of movement that I feel certain wouldn’t stay tied to only drug investigations. Mission creep inevitably sets in, and the data would surely be used for purposes that weren’t initially considered. And when they sort out who you are, they could just track you via your cell phone, even if it’s not GPS-enabled.

Or, as Futurama put it, describing the evil robotic Santa, “He knows when you’ve been sleeping! / He knows when you’re on the can! / He’ll hunt you down and blast your ass from here to Pakistan!”

Yet Another Rehash of Social Media and “E-privacy”. Again.

It wasn’t “news” the last time I wrote about social media and the degredation of privacy, and it isn’t this time either. It wouldn’t have even been “news” if I’d written on this a couple of weeks ago, when I meant to.

Paul Venezia wrote a good article comparing what is being done in digital space to analogous situations in physical space. The thrust seems to be that these sort of snooping activities, all too common now, are widespread mainly because they’re very easy to do, and there aren’t as many laws concerning them. Reading your email is somehow different from reading your physical mail beacuse, well… it just is. Internet snooping, while it would certainly seem to violate the legal protections of privacy, doesn’t violate the letter. And that makes it A-okay.

A Texas researcher added an app to Facebook, allowing you to name enemies. I haven’t kept up with the story, if there’s indeed a story to keep up with, but by now the app could well have been axed. It’s well known that Facebook has consistently told users to get bent regarding a ‘dislike’ feature. The advertisers-first angle is, of course, spot-on. Facebook is an artificially friendly(ish) place, and that’s good for Facebook’s customers. If the only available options are to either like something, or ignore it, that suits companies just fine. No one can ever hate them, and they’re all seperated only by the degree to which people love them. It’s hard to fault Facebook, really. Most of us would probably do something quite similar, if hawking users’ information would net us $4.27 billion dollars during the year.

On the topic of Facebook, the House shot down a bill that would have outlawed the practice of employers requesting Facebook login information. Also fun, they’re claiming rights to the word ‘book.’ And here’s a look at what Facebook sends police if they subpeona your account.

More in privacy and security news:

Found on Popehat, the Ninth Circuit rejects the government’s attempts to base criminal prosecution on violations of usage agreements. The majority opinion is a pretty entertaining read, too.

The NSA, fattened on post-9/11 dollars, is building a gigantic data center in Utah. I’ll have more to say on this in the future, because it’s a Really Big Deal, but for now I’m just somewhat alarmed. I’d encourage you to be alarmed as well. I’d also encourage you to download a copy of TrueCrypt, and encrypt all your data. Maybe your email too, just for giggles. If my tax dollars are in some small way paying for this, I want to make sure they’ve got plenty to keep them entertained. AES encryption with a suitably strong password should keep even the government busy for a while.

Get out your chemicals and rubber hose, the FBI wants to “advance the science of interrogation.”

Public Education and Social Control

Austin Carroll, a (former) student at Garrett High School in Indiana, was expelled for a post he made on his personal Twitter account. There seems to be some lack of clarity of whether or not he accessed Twitter from his home computer or a school computer. In either case, it appears that the school’s computer system is able to (and apparently does) track posting’s from students’ accounts.

Where to even begin? Stories such as this angry up my blood before I’ve even begun to unpack and examine the implications.

Naturally, if the student is using a school computer, the school is within their rights to regulate the manner in which their computers are used. Yet even if we accept the school’s position that Carroll accessed Twitter from one of their machines, that still leaves several issues. Firstly, isn’t expulsion for a bit of relatively harmless profanity rather harsh? It seems like the sort of transgression which could be addressed with lesser punishments. And if expulsion is on the table for an offense such as this, one would hope that this is clearly spelled out in the usage policy. I’m sure there are provisions for punishments “up to and including expulsion,” but I somehow doubt that any of the students would have seriously expected expulsion to be leveled for cursing. It seems more like a thing you bring to bear if a student has made threats of violence.

Now let’s consider what it means for us if the school is mistaken (or, to be somewhat cynical, misrepresenting the facts). If the school is allowed to regulate speech in cases where a student is neither using school property, nor engaging in threatening speech or speech related to illegal acts, then the school is asserting total control over students’ speech, and the students effectively have “privileges” to speak, and not “rights.” Privileges which can be revoked at the school’s pleasure, if a student expresses themselves in a manner which offends the empowered school officials. The rights of minors are of course already curtailed, but given Carroll is a senior in high school, and it is nearly April, it is reasonable to assume he could easily have already turned eighteen, and therefore is legally an adult. To condense and make explicit, if Carroll is eighteen, and had posted his tweet from home, the school district is asserting the right to punish adults for (and thus control) their private speech, based not upon public-safety necessity, but simply upon what they feel to be appropriate.

Numerous locales have various “anti-bullying” legislation either enacted or in the works, which would regulate both what occurs at the school, and what occurs outside of school. Most of these seem to be overly-broad, to the point of chilling what is, or should be, protected free speech. The Carroll expulsion appears to lack even the flimsy “public safety” framing of these statutes, resting wholly on the school administrators’ sense of propriety. Happily the student body of Garrett High School appears to have reacted to the expulsion quite poorly. But if we as a society roll over on issues such as this, we set rather unnerving precedents, confirming to those in these positions of power that control of our private speech is a thing they can do. It invites authoritarianism. Those who would act as our censors should be called out, shunned, and their power delegitimized.

(I considered posting a link to Garrett High School’s website, but as I cannot be certain of directing you to the correct place, I shall refrain.)

More On Decryption

I’ve previously discussed encryption, and the state subsequently forcing decryption.

Well, appeals courts have made rulings. The 10th has rejected an appeal on the grounds that no verdict has been rendered in the original case, and the 11th is saying that decryption is tantamount to testimony, and therefore subject to fifth amendment protections. I like this reasoning, myself. The issue going to the Supreme Court is most likely inevitable, but in the meantime it can’t hurt to accumulate some rulings that forbid forced decryption of data. A distinction being made by courts seems to be between data investigators know is on a hard drive, and investigators wishing to decrypt data so that they can poke around a hard drive and see what they can find.

The Increasingly Troublesome Baggage of Social Networking

Social networking is now the method by which most of us keep up with one another. I’ve done Myspace, Facebook, Google+, and have dipped my toe into LinkedIn. Most people in my age group have at least an active Facebook, and a handful maintain a G+ account as well. Myspace is a ghost town, but still has a few users. And who else remembers Friendster? Add to this YouTube, the various photo uploading sites, webcam services where you can chit-chat with complete strangers, the abomination unto God and man that is Twitter, and countless more.

These networks have given us all a forum in which to stand up and say “Hey! Look at me!” and we’ve wholeheartedly taken them up on this offer. Whatever part of the human mind makes this sort of thing irresistible has been expertly marketed to, and it should come as no surprise that the people who own these sites have found their own way to capitalize on our deep-seated need to tell everyone everything. We’ve solved a number of market research problems by telling the entire internet what we enjoy, think about, and want to do and buy. All this information divulged without ever having been formally requested. I have a great many friends who are constantly ‘liking’ this and that on Facebook, despite knowing full well that they’re acting as unpaid market research subjects, and that this benefits them in no concrete way.

It is by now fairly well known that Facebook retains your data forever. I began to have my own suspicions as to this being the case when the service would occasionally glitch, and display items from years ago. There are also allegations that Facebook collects information to build a skeletal “shadow profile” of people who are not (yet?) users of the service. And let’s not forget the troubling facial recognition software which “helps” you by automatically tagging people. The truly staggering amount of money that is made selling this information to marketers is an obvious motivation for harvesting and retaining it, yet there appears to be more to the story.

Articles are beginning to appear, mainly on tech-oriented websites, concerning usage of social media information by banks and other money-lenders, both to help assess you as a credit risk, and to additional people to whom they can market their products and services. More disconcerting still is the fact that the government increasingly monitors social networks for their own purposes. The Department of Homeland Security keeps tabs on people and news outlets, and monitors them for dissent. This information is then made available to the various other alphabet soup agencies. Not to be outdone, the FBI has expressed interest in a program to automatically collect information from various social and news sites, filter it, and plot the location from where it originated onto a map.

Facebook is certainly commonly thought to be the worst offender, but G+ should be catching up soon, as Google has changed its terms of service, and intends to fully integrate their various services, all in an effort to better serve you. Whether or not this will in fact better serve the end-user remains to be seen, but I would assume it will better serve Google’s pocketbook, and in the meantime could certainly streamline the process of information gathering by third parties.

Towards the end of this past year I decided to abandon the Facebook account that I’d had for several years, and to begin a new one under a pseudonym. I did this for various reasons, privacy being only one of them. This certainly won’t provide any deterrence to an entity with a genuine interest in discovering who I am, but it provides at least a small measure of separation between my name, and my online presence. Eben Moglen would argue that this still makes me part of the problem, and I’m inclined to agree with him, though I’m not yet sure what to do about it. The intelligent and principled thing to do would be to commit “web suicide” and never look back, but few of us would use these services to begin with if they didn’t provide some utility. However I have greatly scaled back my online persona, and have created my own personal policies regarding what sort of information I intend to provide. It’s not perfect, but it’s some kind of start.

The ever-building mountain of evidence that social networking is being exploited by various parties, none with our best interests in mind, should act as a reminder that it’s exceedingly foolish to depend upon another party to safeguard our information and maintain our privacy.

Additional links:

Europe v. Facebook
Electronic Privacy Information Center on ‘Facebook Privacy’

US Citizens May Be Forced to Decrypt Hard Drives

CNET posted an article yesterday concerning a distressing ruling by a Colorado federal judge where he decided that American citizens can be forced to decrypt hard drives in order to allow law enforcement to examine the contents.

In his ruling, Judge Blackburn writes:

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents…”

I suppose this is the sort of thing about which reasonable people can disagree. The fifth amendment asserts that, among other things, a citizen cannot “be compelled in any criminal case to be a witness against himself.” One might assert that, in decrypting your data, you are not actually witnissing against yourself. Can we reason that the typing of the passphrase is a form of speech, and therefore would qualify as a form of “witnessing”?

As one might expect, Judge Blackburn trots out the “public interest” show pony in his justification, and asks to Think of the Children™, remember the terrorists, etc.

“Public interests will be harmed absent requiring defendants to make available unencrypted contents in circumstances like these.  Failing to compel Ms. Fricosu amounts to a concession to her and potential criminals (be it in child exploitation, national security, terrorism, financial crimes or drug trafficking cases) [. . .]”

There have been other cases where this has come up (referenced in the CNET article), and given the conflicting end results it seems likely this will make its way to the U.S. Supreme Court in the semi-near future. The case immediately in question involves money laundering and fraud.

This seems as good a time as any to segue into the topic of encryption and file erasure. While it remains to be seen what the final word is regarding the courts’ ability to compel you to decrypt your data, it is still good practice to encrypt anything you wish to remain private, especially on portable devices which may be lost or stolen. Most likely you have no crimes to hide from the police, but you almost certainly have some kind of information that you’d prefer not to be disclosed to all and sundry. Bank information, various email and social accounts left logged-in, etc.  Truecrypt is a fantastic open source encryption program that I’d highly recommend. Also, as you may or may not be aware, deleting files from your computer does not actually remove them, but only marks the space free. If you want something to acutally disappear, it must be overwritten. I would recommend Eraser for this task. In a world of ever-shrinking privacy, you must take personal responsibility to keep what you can of it.

(Hat tip to The Agitator for posting the article link.)

UPDATE: Discussion to be found on The Volokh Conspiracy.

SCOTUS Ruling on GPS Tracking

The Day After

In the wake of the “blackout” against SOPA/PIPA, various House and Senate members have jumped ship, and are no longer supporting the bill. ‘Reason’ has a good article concerning the issue.

It would be tempting to suppose that Washington has heard the cries of the people, and decided to actually represent them. The more likely explanation is they heard the cries of the wealthy and influential opposition.

Good news for now, but it’s hardly over and done.


I cannot vouch for this list being 100% accurate, so contact your congresscritter, but here it is:

Stances of House Representatives
Stances of Senators

SOPA/PIPA Blackout

Very soon a number of websites (Wikipedia being a noteworthy one) will be blacking out for a day in protest of SOPA/PIPA, bills which amount to nothing less than the major media concerns (MPAA, RIAA, et al) assaulting the internet in an effort to control and censor content, and establish a legal framework which can be used to abuse anyone they see fit. A side “benefit” of this legislation would be to lay the groundwork for a Chinese-style national firewall, allowing political interests to decide what we can and cannot see. Mountains of information and commentary has been written about this, and so I shall refrain from adding much further. Popehat has a good piece, written just today. And if you’re confused by all of this, having just emerged from a Cold War fallout bunker, I advise you to look into the matter.

So write about it. Call your congresscritter, and let it know you’ll do your best to make sure it’s out of a job if it supports this. Take some form of action, even if it’s only to get informed, get angry, and tell your friends.

ADDENDUM: A worthwhile use of your internets is to go here: http://americancensorship.org/
House takes Senate’s bad Internet censorship bill, tries making it worse