Blown To Bits

Archive for the ‘Privacy’ Category

The Fourth Amendment Protects Your Email

Wednesday, December 15th, 2010 by Harry Lewis

A year and a half ago I blogged about the case of Steven Warshak, whose email the US government had obtained without a search warrant. At that point the opinion of the court was that no warrant was needed to obtain your email from your ISP. The reasoning was a bit like the original court view of telephone wiretapping–no warrant needed, since after all, what did you think was going to happen to your conversation once it left the confines of your house?

A US court of appeals has now held that the government needs a search warrant to get your email. “Given the fundamental similarities between email and traditional forms of communication,” the court writes, “it would defy common sense to afford emails lesser Fourth Amendment protection.” The court has elected to go with common sense. Bad people do a lot of bad stuff by email, but there is no reason why investigators shouldn’t have to take the same steps to justify their searches they would have to do to open postal mail or listen in on a phone call.

Read the EFF’s announcement, which has a link to the decision.

Short Course on Privacy, Secrecy, and Censorship

Thursday, October 28th, 2010 by Harry Lewis

I will be teaching a 2-day course, 9-5 on January 10 and 11, on Privacy, Secrecy, and Censorship. This Harvard Division of Continuing Education Professional Development course is for anyone who wants to learn about the digital explosion in one short burst, for either professional or personal reasons.

Several of my colleagues are also teaching fascinating short courses in January, listed on the same web page. There are links for inquiries and registration, or just shoot me an email, to if you want to get info from the horse’s mouth!

Facebook: More Privacy Woes

Monday, October 18th, 2010 by Harry Lewis

The Wall Street Journal reports on leakage of Facebook data to the advertising world, even data held behind what were supposed to be Facebook’s highest level of privacy settings.

Why does this keep happening? Surely not by design on Facebook’s part. The company has been bitten enough times over the past year not to be venal without good cause. I have much less confidence in the intermediaries in the leakage, the data aggregation firm Rapleaf for example, which pled that “We didn’t do it on purpose.” Uh-huh.

Facebook is not just a social network any more. It is an entire operating system on top of which applications run. If you take it with a grain of salt and a roll of the eyes that Windows still has bugs, you should not be surprised that Facebook has bugs. And the more innovative and experimental a computer system is the more likely it is to be buggy.

Of course, any software developer does a risk-reward calculation. The people who build air traffic control systems do more careful testing (and more careful design up front) than the people who build social networking sites, because the harm to the company of a failure is lower, and the benefit to the company of a success is higher. Absent liability for privacy failures, Facebook will keep producing neat products that people love, and patching them when someone points out their problems.

Good job by the WSJ journalists, one of whom, Geoff Fowler, was a reporter for the Harvard Crimson (see this piece on diversity, for example), and also a student in my Bits course when he was an undergraduate at Harvard.

File under: If it can be done it will be done

Monday, August 30th, 2010 by Harry Lewis

Now here is an interesting Twitter feed: A running report on every book being checked out of all of Harvard’s libraries. Feels voyeuristic to me, but you have to stretch your imagination to figure out how this would be an invasion of privacy. If the tweets are close to real time, maybe somebody could watch who comes out of Widener library right after “Anglo-Saxon Wills” was checked out, and maybe identify the person who is trying to challenge a millennium-old bequest. (That is a real example — at least the name of the book part.) Still, even without being able to figure out who is reading this stuff, knowing that SOMEBODY is RIGHT NOW finding a need to read that classic tome, “Documents diplomatiques. Deuxième Conférence internationale pour la répression de la traite des blanches (18 avril-4 mai 1910),” — well, I just can’t help thinking it is none of my business. The book is about the white slave trade. Am I just a prude?

Re-identification is a very sophisticated art these days. Maybe someone can figure out how to make mischief by correlating these data with some other source. I can’t think of a way off the top of my head. What think you?

In the category of anything that can happen, will happen

Thursday, August 5th, 2010 by Harry Lewis

Especially if it is the government that has the capability.

How many times were we told that the full body scanners at airports would be incapable of storing and transmitting images? Turns out they actually do have that capability. In one courthouse they have been used to store tens of thousands of images, apparently to reduce staffing demands (CNET report here). If something bad happens later, they can go back and check the images. The Electronic Privacy Information Center has filed suit about this.

The TSA spec document (pdf here), obtained by EPIC, says “the capability to capture images of non-passengers for training and evaluation purposes is needed,” a capability that seems to have been used by one TSA worker to tease another about the size of his genitalia (ACLU report here).

I happen to have no problem personally with full body scanners, but I am sympathetic with people who do. (This is a little a homeless person saying he has no problem with burglars. My body scan would not bring much on the image market.) Of course, what the government has accomplished by misrepresenting what the machines can do is to make it more likely that people like me will resist using them, or cooperating with any other kind of government data gathering. This should have been the lesson of the Bush warrantless wiretaps. It is one of the side effects of government growth that it becomes harder to monitor and those inside it become increasingly relaxed about infringements of publicly stated policies, as along as they judge that the exceptions either minor or due to extraordinary circumstances, and are meant ultimately to benefit the public.

A File With 100 million Facebook Users’ Data

Wednesday, July 28th, 2010 by Harry Lewis

So some clown, sorry, security researcher has done a scan of every Facebook profile his robot could reach and assembled a file of all their public information, and posted it for download. 100 million profiles.

I could have done it. You could have done it. No need to bother, though, because Ron Bowes did it for you.

This is one of those things that is not a technology story. It’s an ontology story, or a spiritual story, or something.

Facebook reports that it’s all public information, public because the users wanted it public. So there is no news here, in their view.
“No private data is available or has been compromised,” as they say. And they are correct technically. Why is it creepier to have your data in a file with 99,999,999 other profiles, on everybody’s laptop, when the same information about you would have turned up in a Facebook query, or a Google search for that matter? Public is public, right?

The aggregation sure makes it feel different. But that is a matter of feelings, and Facebook’s response was written by its legal team. For lawyers, everything is a binary. Things are either black or white. But privacy has lots of grey.

The Telegraph has a good report on it.

Speech control news from all over

Wednesday, July 14th, 2010 by Harry Lewis

More than a year ago, when the Supreme Court upheld the FCC’s authority to fineFox Television Stations for “fleeting expletives” uttered by Bono and others, we noted that the court made only a technical ruling and some of the opinions were sympathetic to Fox’s position on the underlying and more important First Amendment question:  was the rule the FCC applied too vague, capricious, and uncertain so that it chilled speech? Technology has changed, we noted, and perhaps it is time for the rules to change too, since they were always premised on an argument that television and radio were exceptional technologies, by comparison with books, for example.

The case went back to the lower court, which took up the constitutional question, and ruled against the FCC. (New York Times story.) The judge in the case made a number of correct observations–why should the standards be different for cable TV than for broadcast TV, for example. She did not rule out the possibility of the FCC adopting rules that would be constitutional, and noted that she was bound by the Supreme Court’s 1978 Pacifica decision which made that FCC authority clear. But for the moment, the networks can relax a bit about prosecution for the occasional cuss out of the blue — for example, the one in a discussion of Middle East policy that was spoken by a US President to a British Prime Minister, and which the broadcast networks had to bleep out.

It will be interesting to see what the government does now. It could appeal, but the case seems like a loser, and an appeal all the way to the Supreme Court could backfire, since Justice Thomas signaled that there may well be five votes for overturning Pacifica and costing the government all of its regulatory authority over televised speech.

In other speech control news:

A judge in Pennsylvania signed an order, drafted by a defense attorney, requiring newspapers to expunge their archives of all mention of the defendants’ arrest. The defense attorney actually has part of the logic right: “What’s the sense in having your record expunged if anyone can Google you and it comes up?” He’s right that expungement orders have been blown to bits. He’s just wrong that the way to fix that problem is retroactive censorship of the printed word. It’s a problem that can’t really be fixed, in the U.S. anyway. What was this judge thinking?

Also, a couple of notes on anonymity. I was reading Richard Clarke’s book Cyber War, which makes a compelling case for a more controlled version of the Internet by riding roughshod over civil liberties concerns. Having described the Internet as basically a hippie invention (“the Internet as we know it today is deeply imbued with the sensibilities and campus politics of [the 1960s]”), Clarke scornfully distances himself from any respect for anonymous speech, or reading.

The “open Internet” people believe that if you wish to read The Communist Manifesto, or research treatments for venereal disease, or document China’s human rights violations, or watch porn online, your access to that information will not be free if anyone knows that you are looking at it.

So much not just for Vint Cerf, but for the professional and legal standards governing libraries in most states in the U.S. He comes off sounding just like the Chinese government in its latest “explanation” about how it will control the Internet. “We will make the Internet real name system a reality as soon as possible,” a Chinese official said recently, referring to a requirement that Chinese will in the future have to use their actual names in all Internet communications, no anonymous postings or emails allowed. Just what Clarke would like to see happen here.

Oh Dear, A Windows Messenger Privacy Mess

Tuesday, June 29th, 2010 by Harry Lewis

In the world of social media, it is hard to get the privacy defaults right, because the whole point of social media is to connect with other people. So you want to make that easy, so people don’t have to fight the system. And of course there is a network effect so the designers tip toward connecting more people to each other rather than less, where there is a choice. They don’t always get the design right, as the Google Buzz fiasco showed.

But then things happen that are just bugs, or unanticipated reactions between multiple databases and applications. In which category it seems the current problem with Microsoft Messenger falls. InfoWorld explains it thus:

Consider this sobering scenario: You and your boss use Windows Live Messenger (or MSN Messenger or Windows Messenger) to keep in touch. One day, you get a job offer from Snidely Whiplash at a competing company across town. You and Snidely have a brief IM conversation, using Messenger. Innocent and private, yes? Well, no.

The next time your boss logs into Hotmail — not Messenger, mind you, but Hotmail — your boss glances at the initial Hotmail screen and sees that you and Snidely have become “friends.” That’s what the notice says: “Woody Leonhard and Snidely Whiplash are now friends.”

Or think wife and girlfriend, instead of boss and competitor. Any two people with whom you are IM’ing who should certainly not be made aware that they are both part of your social circle.

This problem persists no matter how you have the privacy settings set. It’s the sort of high-stakes privacy glitch that undermines people’s trust in the entire Internet. Who knows what will go wrong with the next release of your favorite communications app?

Privacy and Petitioning

Friday, June 25th, 2010 by Harry Lewis

A fascinating case has been before the US Supreme Court this spring. Opponents of a gay civil union statute in Washington state petitioned to place its repeal on the ballot so voters could have the last word. Backers of the law asked the Secretary of State to declare the names of the petitioners a public record and post the names on the Web. The petitioners sued the state to prevent publication, saying they feared harassment.

It’s a wonderful puzzle. Both sides claim their free speech rights are at stake: the one side holding that the names are really part of the legislative process for which transparency is essential; and the other side arguing that their capacity to speak freely requires a level of anonymity. It’s an Internet-created issue, because although petitions have been around for centuries, until now it would have been impossible to publish them quickly enough to influence an election, and to sort and analyze them effectively enough to be a serious privacy threat.

The court’s decision is at once one-sided and inconclusive. By an 8-1 vote the court decided the immediate question before it: Petitions are, generally speaking, public. But the near-unanimity is only superficial, and may not even settle the question of the case at hand. Most, but not all, of the 8 allowed that there might be circumstances—some credible risk of harm, for example—under which petitioners would have a right to keep their names from being published. So the case goes back to a lower court, but may rise back up again.

What is most interesting is that the views of the justices cut obliquely across the usual liberal-conservative lines. In fact, the justice who is the most dismissive of any privacy right, and the sole justice who would have made privacy the norm, not the exception, are the two most conservative justices, Scalia and Thomas, who rarely split their votes on anything. Scalia called for “civic courage, without which democracy is doomed,” and added that he does “not look forward to a society which … exercises the direct democracy of initiative and referendum hidden from public scrutiny and protected from the accountability of criticism.” Thomas held with equal conviction that routinely publishing the names of petition signers would unacceptably chill free speech through a loss of “associational right to privacy.”

A case of the Internet confusing the traditional alignments on free speech issues.

Another Attack on Anonymity

Sunday, May 30th, 2010 by Harry Lewis

Is it really a threat to our national security that people can pay cash for prepaid cell phones? That is the thought behind federal legislation that has been introduced in the Senate by Democrat Chuck Schumer and Republican John Cornyn. To buy a phone you would have to provide identification and the retailer would have to retain the information for 18 months. In Schumer’s words,

This proposal is overdue because for years, terrorists, drug kingpins and gang members have stayed one step ahead of the law by using prepaid phones that are hard to trace. We caught a break in catching the Times Square terrorist, but usually a prepaid cell phone is a dead end for law enforcement. There’s no reason why it should still be this easy for terror plotters to cover their tracks.

Of course, as they say, if you have done nothing wrong you have nothing to worry about.

As Jim Dwyer points out in the New York Times, a lot of people other than gangsters and terrorists like the anonymity of prepaid phones. Tipsters contacting journalists, and journalists calling tipsters who don’t want to be receiving identifiable calls. Battered women. Cheating spouses.

It’s an old story. We can make it harder for the bad guys to hide by enabling the government to track everything we do. Where do we draw the line and say we’d rather take the risk–when the tradeoffs are so hard to quantify, and the worst case scenarios so terrifying?

It’s coming, I’d guess; as is registration for Internet services, already the law in South Korea. When the left (which is happy with more social intervention and control) and the right (which foresees the end of civilization in the bungling Times Square bomber) line up, the libertarian arguments don’t have much traction.

But wait: In Mexico you have to register your cell phone, and there is widespread resistance! I wonder why.

As the government pushed citizens to register their phones, the newspaper El Universal sent a reporter out to the notorious black market bazaar in Mexico City known as Tepito and found that for $12,000 a person could buy the complete data set for every registered voter in Mexico — their names, addresses, dates of birth, driver’s license and social security numbers. The vendors said their best customers included organized crime and police agents.

The technical term for that is “repurposing” data.