Blown To Bits

Archive for the ‘Surveillance’ Category

Privacy, Montana Style

Thursday, June 18th, 2009 by Harry Lewis
The buy cheap serevent percentage also varied depending on whether people were using Opdivo cheap viagra in usa in combination with another cancer treatment. There is more colonization purchase flovent online with a bacteria called Staph aureus among eczema patients, which generic synthroid can make a person more susceptible to impetigo. For people order cephalexin lowest dosage cheapest price who want an environmentally safe alternative, mineral sunscreens such as purchase cheap dexamethasone without prescription india zinc oxide or titanium dioxide are available in many products. buy quinine online Apps that sent images to a dermatologist also missed some find discount nexium online of the skin lesions or were unable to analyze them. cheapest flovent Two types of radiation therapy to treat invasive cervical cancer order diflucan are external beam radiation (EBRT) and brachytherapy. People should be buy free xalatan mindful of salt content in processed foods and restaurant dishes discount remeron and when adding table salt to meals. This triggers ovulation and.

The City of Bozeman, Montana is demanding that those applying for jobs supply passwords for their accounts with social networking sites such as Facebook and Myspace, apparently so the City can check out what kind of acquaintances they have. What about the guarantee in the Montana constitution, which states, “the right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest”? Well, says the City’s attorney, that has to be balanced against the need “to make sure the people that we hire have the highest moral character and are a good fit for the City.” Montana is a funny state, not as individualistic as the mythology of Western America might make you think. Nor are Facebook and Myspace as private as their terminology may lead users to expect. Still, I’m guessing the city won’t keep this practice up long — for one thing, “good fit” tests are easily abused, and for another, these sites typically have a term of service such as (to quote Facebook’s) “You will not share your password, let anyone else access your account, or do anything else that might jeopardize the security of your account.”

Encryption is the answer

Wednesday, June 17th, 2009 by Harry Lewis

In Blown to Bits we spend all of Chapter 5 making the argument that (a) perfect secrecy is possible through public key encryption and (b) almost no one encrypts their email anyway. Why this would be the case is one of those small mysteries of the universe. Few of us actually know people who know that their email has been read, but most of the time we’d have no way to know that. If you are sitting in Starbucks and the guy with the double mocha latte is running a packet sniffer, you’d never know the difference.

Today’s New York Times has the kind of story that might lead more people to take the issue seriously. It seems likely that the NSA is snooping on more email than they’d like to admit. The simple fact that the cost of surveillance has plummeted in itself makes abuse more likely. (THe NSA doesn’t need to loiter at Starbucks. They can get access to ISPs’ switching equipment.)

If you use Google’s Gmail, you can encrypt all your mail. The preference setting is pretty obscure, and you have to opt-in: the default is no encryption. Chris Soghoian, I, and a number of other computer scientists and security experts have just called on Google to make encryption the default. Our letter explains it all: You can read it here.

Privacy and Swine Flu

Tuesday, April 28th, 2009 by Harry Lewis

The swine flu panic is going to be electronically mediated in a way no previous threat to public health has been. Flu information sites have sprung up in which news stories and data are being aggregated — the Flu Wiki Forum and Wikia’s Flu Wiki, which has a nice Google map mashup showing where the cases are.

The intrepid and slightly paranoid (I know he won’t mind my saying so) Chris Soghoian has another angle in his post on Swine Flu and the Threat to Privacy. Eight students from one New York City school are suspected of having contracted this strain of influenza while on a school trip to Mexico. If they were suspected terrorists, the government would by this time have gotten their cell phone carriers to turn over lists of all the people they had telephoned recently. It would be easy enough — yes, this is true — to ask the carriers to turn over lists of the names of all people with cell phones that had been within 100 feet of one of the students’ cell phones during their Mexico trip or thereafter. Now stored cell phone geolocation information isn’t that precise, so the data request would probably yield a lot of false positives — people in the same general area but not that close.

The information may well have been collected already. And that may well be exactly the right thing to do. After all, the first rule of epidemics is that controlling them becomes exponentially harder if they are allowed to spread; you don’t wait until they are severe before reacting. Do we know? If the data has been collected, do we have any confidence that it isn’t going to be repurposed, and that it will be discarded eventually?

The Resignation of Bob Quick

Friday, April 10th, 2009 by Harry Lewis

Britain’s chief anti-terrorism officer has resigned after a newspaper printed a photo of him getting out of a car. Huh? Well, you see, he was carrying a secret document, and the text on it was clearly legible. (Some words have been redacted in the photo on the web site — they were not redacted in the original.) A round-up of terrorist suspects had to be accelerated because of the leak.

The government moved to block the Evening Standard from printing the photo, but it was too late — the image was already up on the Internet.

Which raises two interesting questions. As it happens, the photo was taken by a media photographer, but what if it had been taken by a tourist with a high-resolution camera? All the niceties about prior restraint of the press, and media self-policing, would have been irrelevant. I could have taken the photo myself and had it up on this blog within minutes. It doesn’t make sense to have the press laboring under restrictions more severe than those imposed on citizen journalists, does it?

And with high-resolution digital photography now a consumer game, there are lots of embarrassing web sites that could be created. For example, take Latanya Sweeney’s research in which she was able to capture fingerprints just by having people wave their hands in front of a camera (well, several cameras so she could get multiple views). That’s a laboratory exercise at this point, but in a few years, any clown could watch a crowd with a camera and post a web site with lots of images of fingerprints ‚Ķ with facial photos ‚Ķ with names, which could perhaps be recovered from the facial photos by searching the web using face-matching software ‚Ķ.

French Parliament Stands Up Against Internet Surveillance

Thursday, April 9th, 2009 by Harry Lewis

In a surprising vote, French legislators have defeated a bill that would monitor Internet communications and cut off from the Internet people accused of illegal downloading by the music and movie industries. The defeat resulted in cries of anguish from the industry spokespeople, and a promise from Sarkozy to bring it back after Easter, when more than a handful of legislators will actually be present to vote.

It’s surveillance, guys. If it’s legal to inspect everybody’s data packets because you are pretty sure somebody is sharing songs illegally, surely it should be legal to open everyone’s mail because we know that there are illegal acts carried out through the postal service. And to listen to everyone’s telephone calls because we know some people are doing bad things over the phone.

The French see these things differently, and the big fear is that ubiquitous Internet surveillance will establish a beachhead in Europe and then be transported stateside through international treaties. Watch this one closely.

Sarkozy, by the way, is fuming.

AT&T Broadband Customers: You Are Being Watched

Friday, March 27th, 2009 by Harry Lewis

AT&T has announced that it is teaming up with the Recording Industries Association of America to fight illegal music downloading. Subscribers to AT&T Internet service will have their traffic monitored, and will receive warning letters if their activities are suspicious. This is the other shoe dropping after the RIAA’s announcement in December 2008 that it would no longer go after individual downloaders (mainly young, music-loving individuals) with draconian threats. It’s the roll-out of a plan that has long been expected: the RIAA, unable to staunch the leakage of bits by using legal methods to punish the guilty or educational methods to persuade the population at large, has instead persuaded a private corporation to presume all of its customers guilty and worthy of unwarranted surveillance. The only surprise, perhaps, is that a major ISP is leading the way.

Bad as the RIAA’s previous system of extortion letters was, this is, in its way, even worse. The odds were heavily stacked against anyone alleged to have downloaded a song illegally, and the private police force the RIAA hired was beyond the scrutiny of the people it was policing. But at least there was some reason to believe that someone had downloaded something before the demand letter went out. The RIAA might get wrong who and what, but the letters were, presumably, triggered by actual events.

Not so with the new program. Now, apparently, all customers will watched all the time. It is as though the RIAA had worked out a deal with FedEx to open all packages looking for compact disks, and to send a warning letter if you seemed to be receiving too many of them.

[AT&T executive Jim] Cicconi told attendees of the Leadership Music Digital Summit that the notices, which are sent via e-mail, are part of a “trial.” AT&T wants to test customer reaction, he said.

I hope any AT&T customers out there will freely offer AT&T their reactions, and I hope those reactions are furious. Surveillance is not OK and no one should put up with it.

There seems to be some confusion on the part of the various spokespeople about what AT&T may or may not do about terminating accounts. Of course they don’t want to drive business to other ISPs — but many locations do not have competing ISPs in the first place.

In any case, the fundamental problem is that broadband services should be treated as common carriers. The fact that the ISPs own the “wires” should not give them the right to pick and choose who uses the wires, on the basis of private surveillance and unproven allegations. They can’t legally do it on their long distance lines, and they shouldn’t be able to do it on their Internet service either.

Bill Would Require Logs of Internet Use

Friday, February 20th, 2009 by Harry Lewis

Oncer again, in the name of protecting America’s children from exploitation, Congress is considering a massive increase in data collection about the activities of you, me, and everyone else. Specifically, the SAFETY Act (click for the full text) would require that

A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.

That means not just your Internet Service Provider at home, but Starbucks. And the beneficiaries would be not just police looking for pedophiles, but the recording industry looking for people who downloaded music in an airport lounge.

As we have said before (here and here, for example), the Internet threats to child safety have been mischaracterized and exaggerated, and spending resources on programs like this draws resources away from places where they are badly needed, helping troubled children from troubled families. Bills like this are transparent attempts to exploit the child safety issue to ramp up government data collection about innocent citizens, data that will be repurposed and abused once it has been collected. It’s the kind of Big-Brother surveillance proposed in the UK, as we discussed last fall.

Stop this madness. There is zero evidence that this is a sensible solution to the problem the bill claims to be aimed at, and it is an unconscionable invasion of our rights to privacy.

Is Google Street View an Illegal Invasion of Privacy?

Thursday, February 19th, 2009 by Harry Lewis

Well, we don’t really know, but a case alleging that was just¬†decided in favor of Google.¬†Aaron and Christine Boring claimed that their privacy had been violated when the Google camera car photographed their house, and asked for a bunch of money. Unfortunately for them, they had an awful case. They presented no evidence they’d been damaged, and they also made no effort to hide their street address when they filed their lawsuit (something that’s easy to do if you are worried about that information being made public). For privacy zealots, not the case with which you want to go forward. It sets a precedent that will make it at least a bit harder for any other plaintiff to prevail.

Frankly, I can’t get excited about this as a privacy violation. But I have to acknowledge that it’s a little weird that people can be sitting in Rwanda looking at what kind of car I drive and whether I keep my bushes trimmed.

Updates: Stimulus Censorship, Tracking for Taxes

Wednesday, February 11th, 2009 by Harry Lewis

Here is news on both of yesterday’s posts.

First, it appears that the anti-net-neutrality, pro-ISP-censorship language did not make it into the Senate version of the Stimulus bill. But Public Knowledge reports that Senator Feinstein is still hoping to include it in the “compromise” (who knew that a compromise could include things in neither bill between which it is a compromise?) and urges you to again let your voices be heard. (Here, by the way, is the actual amendment. The reference to “reasonable” network management practices is a dead giveaway that what the ISPs will do will not be reasonable — just as Senator Feinstein calling this an “uncontroversial amendment” is a good signal that it’s highly controversial!)

On the vehicle tracking front, today’s Herald makes clear that the Commonwealth is just exploring Oregon’s system. A GPS keeps LOCAL track of where the car is moving around and occasionally uploads the MILEAGE TOTAL, not the trajectory, perhaps when the vehicle is at a gas station. There are lots of privacy problems with this technology, and I am disappointed that Governor Patrick seems not to care. But at least we have a little better picture now what he’s talking about.

Tracking Your Car in Massachusetts

Tuesday, February 10th, 2009 by Harry Lewis

Buried in a story about Governor Patrick’s plans about the Massachusetts gas tax is an interesting detail:

Patrick is also considering a new system that would charge drivers based on the miles they travel. Those trips would be measured by a chip installed in a vehicle inspection sticker.

No more information is provided, and I couldn’t find anything on the Commonwealth’s web site. It sounds vaguely like the Oregon proposal about which I previously blogged, which didn’t make a lot of sense as it was described — a GPS monitor used only to log miles traveled, which would be uploaded at gas stations when you refilled your car. This sounds different, but I don’t even understand the theory here. For a “chip” (an RFID presumably) to be embedded in a “sticker,” it would have to be a passive device, no battery, and could be read only from a distance of a few inches or at most a foot or two — not the active RFIDs like the ones in toll booth transponders. How would such a “chip” be used to track how many miles you’ve driven?