Global POV: At the Intersection of Technology and Culture

Hypocritical hill staffers discover privacy

by David Holtzman

Hill staffers are angry at a new website, LegiStorm, that has published their salary information along with personal particulars like bank statements and home address. The information is public and the employees are required by law to submit the particulars annually.

LegiStorm argues that they are publishing the information as a community service and after all, it's publicly available anyway. The staffers are bitterly complaining that it makes them vulnerable to identity theft.

Boo hoo. Cry me a river for the staffers. Congress has in almost every case, voted against protecting the privacy rights of citizens when confronted with an alternative need like national security, freedom of speech or more importantly the influence of powerful lobbyists representing companies like say, AT&T.

Let's see if the Capitol Hill pointyheads can muster up a little more sympathy for the rest of us now that it's happening to them.

Posted on April 09, 2008

THe once and future DNA sample

by David Holtzman

The police can surreptitiously lift your DNA off of discarded cigarette butts, coke cans and water glasses. Although the legality of this technique is still untested in court, it's becoming common practice. Part of what's to blame here is more sophisticated DNA testing methods that can work with increasingly smaller samples.

It's pretty clear that for a myriad of good and practical reasons, law enforcement has been creating uber-databases of all kinds of information, much of which is being done in a legal vacuum.

Posted on April 03, 2008

TJX handslapped, I get a speeding ticket

by David Holtzman

I got a speeding ticket last month. I was going 40 something in a 25 mph zone. Never mind the fact that the speed limit abruptly dropped when you turned a corner and small-town cop was waiting right there, pulling everyone over and handing them a ticket--I was wrong and I paid them a hundred something bucks and admitted I was guilty by paying the fine by mail.

How come several big companies were hand-slapped by the FTC yesterday for exposing millions of consumer data records and did not have to pay a single penny in fines? TJX, the parent company of Marshalls and TJ Maxx exposed between 45,000,000 and 100,000,000 consumer credit cards because of improper, even unethical handling of credit card information. If they got hit with something nominal in the way of fines, say, $1 per credit card, they would have had to pay...well, do the math. As a matter of fact, they didn't even have to admit that they did wrong. They were made to agree to some token security fixes, but got less punishment than I did for speeding.

How many cases of identity theft will occur out of those 100 million identity breaches? Say, 1 in a 100? That still means 1 million hard luck cases because of a greedy company not treating their customers' personal information with the respect that's deserved. With an average loss of about $5000 per identity theft, that means TJX cost our country at least $5 billion in damages (assuming that the 1% identity theft percentage holds up--actually history would indicate that it would be much higher).

So why didn't the FTC penalize them? Well, they can't. Congress has never given the FTC the right to financially penalize companies for data breaches. There's something that political candidates could debate. As if they would.

Posted on March 28, 2008

Weak and weaker--Lexis bids for Choicepoint

by David Holtzman

Reed-Elsevier, the publisher of the legal and news archive Lexis-Nexis made a $4.1 billion offer for Choicepoint, the data brokerage company this week.

Choicepoint has data files on pretty much everyone. They have become the darling of the government's counterintelligence units, because they are quite good at cross-matching and correlating between disparate databases, enabling them to comprehensively track target assets and distinguish between multiple identity records.

Lexis is the preeminent legal database, not only serving as the primary source of legal decision-making, but when used in conjunction with its sister database, Nexis, also has significant information on individuals, including legal judgements and news references.

Both companies have had major, embarrassing data break-ins. In Choicepoint's case, they lost personal and financial information for millions of US consumers.

Will the blended company be more secure than each of them individually or combine the worst of both? I opt for the latter. It's scary that the protecting bar for our privacy is constantly being raised by the actions of companies like these who by amassing and centralizing our personal information, make themselves a more inviting target for hackers as well as increasing the potential damage to us when they get gotten.

Posted on February 22, 2008

Popular Science article on anonymity

by David Holtzman

An interesting article about an experiment that I advised on. A Popular Science writer tried to be "anonymous" for a week in San Francisco. Read it at : link.

Posted on February 18, 2008

Human chipping

by David Holtzman

I have an op-ed in Business Week Online today about human RFID chipping.

Posted on February 13, 2008

The sons no one forgets in the British Empire

by David Holtzman

One of the few saving graces in this era of decreasing American privacy is that it is worse in Britain. Privacy International's annual country privacy ranking has consistently ranked the UK as one of 3 or 4 worst in the world for privacy. America is typically in the tier slightly above; still bad, but at least not the worst.

A new plan to track youngsters' educational achievements beyond school has drawn fire from privacy critics. Every 14 year-old in the country will be given a lifelong "learner number" which will follow them and be updated throughout their life, until they retire. The database will record all of their education throughout their career as well as any disciplinary actions in school such as expulsions. The educational piece of these records only (supposedly) would be made available to future employers who wanted to check up on an employee's academic bona fides.

The problems with this plan are pretty obvious, I would think. Like every other scheme, it optimistically assumes the best possible scenario, ie, that the UK government would carefully protect this information for decades without an incident, let alone abuse the information itself.

This is one of the battles being fought around the world for a universal ID card. The announcement yesterday that Europe may start fingerprinting visitors, the fact that the US already does, the slow chipping away (no pun intended) at the resistance to the US "Real ID" and parallel efforts underway throughout the Western world are all leading to cradle-to-grave databasing of us all. It's sad that the formerly globe spanning powerhouse must be the country to lead the rest of the world into the unknown one more time.

Posted on February 13, 2008

One ringy-dingy

by David Holtzman

The negotiation between the Dems and the 'Publicans in Congress over extending the ironically named "Protect America Act" wiretapping continues. By voice vote, the bill was extended for another 15 days.

The hardball issue that's being thrown back and forth between the political players is not just the legitimization of President Bush's latest erosion of Constitutional privacy; it is the amnesty provisions for the telecommunications companies that the Republicans so desperately want and the Dems have not completely rolled over on yet.

I wonder how joyously offensive the telcos' actions will turn out to be. I suspect that many people will be shocked when they discover the extent of the phone putzes' perfidy.

Posted on January 31, 2008

Myspace becomes relevant again (for the wrong reasons)

by David Holtzman

A security hole in Myspace permitted some hackers to create a 17 gig file comprised of over half a million photographs of Myspace users, many of them marked "private." The file was one of the most popular downloads on BitTorrent last week.

Most social networking sites have weak security, at best, lulling their mostly Gen Y users into a false sense of security as to their control of their information. The distinction between locally stored and network-centric data is a fine, but an important one. After all, a hole in Myspace exposes everyone.

I wonder if it isn't too late for social networking sites to add some kind of real protection for their users. You either design it in up front or you don't. Myspace may turn out to be a great object lesson for privacy advocates, providing the same kind of target for finger-waggers as the Pets.com sock puppet did for tulip-bulb, market crash doomsayers.

Posted on January 28, 2008

Browsing by numbers

by David Holtzman

The EU's Commissioner committee on data privacy head, Peter Sharr announced yesterday that he believes that TCP/IP addresses are private data. This viewpoint is in stark contrast to what most American companies believe, which is that since they identify the machine, not a person, they are public.

These addresses are numeric identifiers that are used to route network traffic, both locally and across the Internet at large. Since in many cases (especially for those with Broadband) users consistently use the same IP address, it can be used to maintain continuity of that person's browsing and in many cases, equate to the person's name, address and telephone #.

In other words, by retaining and using the IP address, a company can often know exactly who is "anonymously" browsing on their website.

Many companies have built a great deal of their business model on exploiting this personal information. Google, for one.

I agree in principle with the EU's philosophy, but as a practical matter, do not believe that US companies would ever accept being told that they could no longer retain the information.

Posted on January 22, 2008

Snooping comes home

by David Holtzman

I see many things happening that make me think that common use of encryption may soon be a reality. One trend that I've been following closely is the government's ever-increasing willingness to electronically snoop at border crossings.

The NY Times has an article today that ties together several cases involving searches of the contents of hard drives at border crossings. US Customs now feels that a digital search is the same as luggage search and therefore they are entitled. In one particularly interesting case, a gentleman who used PGP, shared his password with them on request, giving them the ability to see that he had some child pornography on his hard drive. He was arrested. The password that he gave them no longer worked and this time when he was asked to unlock the files, he refused. The issue of whether he can be legally compelled to do so is working its way through the court system now.

Depending on how the courts rule, it would seem that routinely encrypting personal data would be a smart move for travelers, even for people not hiding things. After all, even if you trust the US government not to copy or otherwise misuse your information, presumably other governments will soon enact a similar policy and start looking at American travelers' computers.

Posted on January 07, 2008

Losing Face, book

by David Holtzman

I was actually hoping this would blow over, but sigh. Another arrogant, young, venture-funded social networking company has done something counter-consumer, caused a furor and backed down, apologizing with a hearty "my bad." Yes, it's Facebook and their notorious Beacon program, which monitors things that members buy on 3rd party affiliated sites and broadcasts these purchases to the member's network, regardless of whether he/she wants them to or not. Originally Beacon was a compulsory "feature"--now it is kinda opt-out. It should have been opt-in all along, but I guess Facebook doesn't see it that way.

Facebook's CEO, Mark Zuckerberg (who is by the way, younger than most of my dental work), has apologized to the user community. In an interview, he said: "I'm not proud of the way we've handled this situation and I know we can do better." I believe Mr. Zuckerberg has completely missed the point--it's not a problem of how he reacted, it's the fact that they rolled out an evil f**king system to begin with.

Even now, the opt-out is transactional, you have to say no each time. The fact these bastards are tracking people at all on 3rd party sites is highly creepy and invasive anyway.

However as most of the critics have said, you don't have to use Facebook.

Good idea. Let's not.

Posted on December 06, 2007

Coke's the real thing--Facebook just sucks

by David Holtzman

The NY Times has a blurb this morning saying that Coke is maintaining a hands-off attitude towards Facebook because of privacy concerns (or rather waiting to see if there are any consumer concerns towards privacy.)

Facebook's recently turned on social marketing feature called Beacon has been a lightning rod bringing the wrath of consumer groups and political advocacy organizations like Moveon.org down on the social networking company's young and curly heads. Beacon, for some reason that I do not understand, tells your friends what you just bought from one of the advertisers, assuming that they will be more inclined to buy something that you've just bought. Even though Facebook implied that the service was opt-in, it turned out to be opt-out. The Washington Post detailed the case of a man who bought his wife an expensive Christmas present and Facebook "told" her with Beacon because she was on his friend list.

Great for Coke. I have always seen them as more of a marketing company than a beverage company and a very consumer savvy one, too. If they're nervous about a privacy backlash, then maybe they spot some kind of a groundswell that other companies haven't clued in to---yet.

Posted on December 03, 2007

Britain gets cheeky with privacy

by David Holtzman

The British government has lost data on 25,000,000 citizens. The data includes personal information such as national insurance numbers (like our social security numbers) for every family in the UK that receives a government financial benefit for having children.

The data was sent on 2 CDs via a commercial delivery service and lost.

How stupid is that? They could easily have encrypted the data (they just used a password) and why did they feel the need to ship a physical CD anyway? Don't they have network connections.

This kind of incident, like the much larger Veteran's Administration case in the US a few years ago, highlights a key problem: government people have too much valuable personal information on their citizenry and too little responsibility and accountability.

I believe that when this kind of thing happens, there should be a witch hunt and everyone up and down the chain of command should be crisply toasted. Resignations are the minimum; how about criminal charges and financial sanctions? Until mass market identity screwups are punished in a grown up way, they will continue to occur.

Posted on November 21, 2007

Do not track registry is a bad idea

by David Holtzman

Several privacy groups made a proposal to the FTC yesterday that they create a "Do not Track" registry, similar to the successful FTC "Do not Call" registry started 4 years ago. The idea would be that consumers would register with some database and that advertisers would have to check that list and not track someone if they were on it.

I can see why people would think that this is a good idea.

I think that it's a really bad idea. For three reasons:

1. The technology really isn't there to do this. It would require browser mods which would be one more thing that might break
   
2. It leads to backward-thinking design. We are starting to deemphasize the browser now, in favor of tightly integrated software. Cell phones use mini browsers as do XBox3s. They would all have to support the mod or the scheme would break.
   
3. Most importantly, it is actually anti-privacy. The only way that this would work would be for everyone to use a fixed number of registered pseudonyms, or IP addresses or both. I don't want a central repository with that information available to advertisers, the government or indeed anyone.

   This is a bad, bad idea. A much better one would be to levy a serious fine on each case of privacy abuse by a marketing company. Sure let Double Click collect the info, but if they screw up, fine their ass. With an average screwup affecting maybe 10-30 million people, hit them with $10 per violation and the accumulated money might teach them a better lesson.

   Why has the world gotten so screwed up that consumers have to enter their information into "Donot" lists to avoid having bad things happen to them?

   How about a "Do not Rob me" list? if you're not on it, then you can be mugged.

Posted on November 01, 2007

Verizon was only following orders

by David Holtzman

That good old phone company is back at it again. Whether you call it Ma Bell, C&P telephone or Verizon, they've been hard at work since 9/11 cooperating with the government by giving them details of your phone and internet transactions, even in compliance with illegal or seriously dubious requests.

The latest scoop is revealed in a letter that Verizon sent to Congress explaining that the company sent consumer information to the federal government "hundreds" of times without a court order. Of course, Verizon went on to explain; these were "emergency" cases.

Not only did Verizon provide the details of any given call, they provided a list of everyone that the target had called. But wait...there's more. They also provided a list of everyone that that person who had been called had called. So if a suspected terrorist had called me for some reason (wrong number, political contribution, ?) my entire calling history would have been turned over to the feds. Without a court order. But hey, it was an emergency. How did Verizon know? Because the government told them it was. The telco testified that they never validated the emergency because it wasn't their business to do so.

Oh by the way, the Republican powers-that-be are desperately trying to get the phone companies blanket and unconditional immunity from litigation or prosecution from these kinds of acts. I will not vote for any candidate that supports this bill.

Posted on October 16, 2007

Google's Paltrey Privacy Protection

by David Holtzman

I have an op-ed in Business Week Online today discussing Google's proposed international privacy standard.

Posted on October 12, 2007

George Clooney violated by 40 doctors

by David Holtzman

One of the problems that privacy zealots have in explaining privacy problems is that it sounds a little conspiratorial. LIke who would really look at your credit report or your medical record? Well, maybe you're not famous enough. Like George Clooney, for instance.

Clooney was involved in a motorcycle accident in New Jersey last month and broke a rib. He was treated at the Palisades medical center in North Bergen and released. Afterwards a scandal broke out when it was discovered that his confidential medical records were passed around the hospital. Over 40 doctors supposedly looked at Clooney's record and several lesser functionaries were suspended for a week without pay as punishment.

The lesson? If you enable people to snoop on others and make it interesting enough, they'll do it. So what will happen when Jessica Alba walks in front of one of those to-the-skin x-ray machines that TSA is installing in airports?

The solution? Toe the line punitively and treat every case of privacy violation and inappropriate data access seriously. Kudos to the hospital although they might want to whack a couple of doctors too.

Posted on October 11, 2007

Don't take AT&T off the hook

by David Holtzman

Much of the privacy bally-hoo comes down to trust. People who worry about the application of some particular technology do not trust the owners/employers; either the ones today or the ones to come. People who don't worry quite so much are trusters. They believe in the system and they have observed throughout their life that the really dreaded conspiracy things never really materialize.

Neither side is absolutely right, of course. Like all conundrums and tootsie pops, the part to chew on lies in the middle. The Bush administration, as bad as they have been, never did anything that bad with their expanded espionage powers, although they certainly could have. We are not living in an Orwellian police state. Yet, there is no denying that we have moved several exits closer to the Orwelllian rest stop. If an ill-minded person were to come in power, she would be able to bad things with the technology fast, with no checks and balances on her behavior. So the worry-warts are right, too. Even if Bush is reliable and his people self-constrained in their use of these expanded powers, the next person coming along may not be.

Our job, as Americans, is to figure out how to navigate between this Scylla and Charybdis. I would suggest that we start with accountability. It's important to be able to evaluate a privacy-deadening program, after its inception which means we need an audit trail and we must eventually have a day in the light to discuss what happened, even if after the fact.

To this end, the telecommunications industry islobbying to get immunity for their role in cooperating with the government's illegal wiretapping should be rejected. Let's see how outraged we are when we hear the truth, then we'll discuss immunity. If they, as patriots, did what they thought at the time was the right thing, then they must stand behind their actions today. They are no different than the police officer or the army non-com who takes an action that they think is right, ignoring the personal consequences if it is later found that they acted inappropriately. Patriots are willing to die for their country if need be and do not require immunity.

Posted on October 10, 2007

Chipping away at Cancer

by David Holtzman

I don't really believe this, but spread the word anyway. There is a report out that implanted RFID chips can cause cancer. The report claims that the FDA and Verichip, the company that was formed to "chip" people, ignored studies showing a higher-than-normal incidence of cancer in animals. The tumors may be coming from the injection itself or they may be coming from the chip--who knows?

I don't really believe it because it seems that everything causes cancer: cell phones, relay towers, microwave ovens, milk, you name it. It's difficult to test for long-time carcinogenic tendencies. For one thing, it's well--long term. It takes many years to really know. Hell, the tobacco people are still putting up a pretense that tobacco doesn't cause cancer.

The good news is that this cancerous rumor will almost certainly slow down the inevitable adoption of chipping human beings.

Posted on September 14, 2007

Nasty bits of Patriot Act ruled unconstitutional

by David Holtzman

A New York District judge struck down some key provisions of the Patriot Act yesterday. Judge Marrero ruled that the use of National Security Letters by the FBI must stop. These letters were issued by mid-level FBI agents (with no outside or judicial review) and handed to service providers, ISPs or telephone companies, requiring them to turn over customer records. The companies were barred by law from informing the client that they were being investigated.

Judge Marrero's ruling stated that usage of the National Security Letters violated Americans' First Amendment rights and constitutional separation of powers, presumably those of the judicial branch, because courts had little or no opportunity to review these orders.

The Bushies will undoubtedly appeal the ruling, but until then, the practice will stop.

This ruling made my week because it blocked one of the more egregious privacy violations perpetrated by the Bush administration. These FBI letters gave law enforcement a blank check to investigate Americans for essentially any reason. Several reports have come out this summer indicating that the FBI did in fact, abuse these letters, in thousands of cases, no less.

Our nation is built on checks and balances. Every action taken by a public official should be reviewed by SOMEONE. Anyone who claims that what they're doing is too important to be subject to any external review is too arrogant. Watch them.

Posted on September 07, 2007

Please to make my day punk

by David Holtzman

This is weird. China is using "virtual cops" to warn off people seeking no-no content on the Internet. The cartoon characters will speed across the screen in a little patrol car, scaring Chinese surfers and warning them to obey the content laws. If they click on the coppers, they get taken to the police station website.

It's easy to imagine the next stage of this kind of project...animated cops that have profiled someone's behavior and pop on the screen to warn or even arrest the surfer. "Mr. Chang, you have broken the law...stay right there until the authorities come to your door." Then there's a knock. In the meantime, the phone dies, the power goes off and the dissident is arrested.

Posted on August 29, 2007

You looking at me?

by David Holtzman

by Suzanne

New York City cab drivers are getting ready to strike in less than two weeks. The issue? Driver privacy. The Taxi and Limousine Commission uses Global Positioning System (GPS). The New York Taxi Workers Alliance claims about 10,000 members and says it will start striking on September 5th. Their leader argues that the Commission will use GPS data to audit drivers' income and to report illegal immigrants who are driving cabs. The other union, New York Federation of Taxi Drivers, says its near 7,000 members will not strike. Their leader, Fernando Mateo, lauded the use of GPS citing its tracking benefits . Mateo went as far as saying, "We don't have to be radicals about privacy in a cab. If you want privacy, you don't drive a cab."

You might not even drive in a cab if you want privacy, New York cabs have transformed from driving billboards to mini-television commercials. Some of them have television screens built into the back of the driver's seat looping commercials.

Why does the Commission feel the need to track each taxi? This is part of the larger national trend to spy on employees in the name of "safety", security's little brother. This issue also brings the question of "Do employees check their right to privacy at the employers' door?" Unfortunately, it looks like the answer is increasingly, yes.

Posted on August 27, 2007

I curse thee, E*Trade

by David Holtzman

I had an interesting dispute with E-Trade recently that I'm still disturbed about. I was trying to move some funds and of course they asked me to identify myself. Okay that's reasonable, I thought, as I began answering the standard questions like name and address. Then the weirdness began. A piece of land was bought last year by a Mrs. Holtzman...could I tell them the details? Well, the problem was that the person in question was an ex-wife and I didn't know (or care). The service rep huffily informed me that E-Trade had bought 3rd party information on me from a database provider and was using that info to "validate" me.

Ugh. How creepy is this? After several phone calls and a flat-out refusal on my part to even participate in id'ing myself to those bastards with any information that I had not given them myself, they begrudgingly gave me my own money.

The arrogance of this company is remarkable. I also wonder what else they're doing with purchased information since their privacy policy says that they might buy info for "marketing purposes."

I don't believe in voodoo, but I have made a doll anyway and named it E-frigging-Trade. If you're an investor, sell the stock now before the curse hits. Internet brokerages are for consumer convenience only, and when they cease to become convenient (because they're a pain in the privacy ass), they will wither and die.

Posted on August 20, 2007

Do not pass Go, Collect $225 million

by David Holtzman

In my book, Privacy Lost, I talk about a privacy problem which is caused by unintended consequences of legislation. Big sweeping, identity-related procedures creates a dragnet that often catches many fish. A classic example was how tax returns were linked to student loan payments, enabling the government to snatch refund checks from scofflaws.

A new variation of this falls out of the cross-border passport rules that have kicked into effect this year. The State Department checks passport applications for people who owe child support and refuse to issue a passport until the money is paid back. $225 million has been collected so far this year.

Here's an unpopular opinion--I don't like this one bit. The easier that you make it for an identification system to be used for an alternative purpose, the less the scrutiny that is placed on its validity as well as oversight that it's being run appropriately. And of course, each additional organization involved in a database increases the likelihood that it will be rendered unsecure, ie; some 3rd party will snab the data.

I worry about this continued trend of cross data matching for any purpose, no matter how noble. This cavalier usage of data is why we have identity theft problems today.

Posted on August 15, 2007

Bigger boobs exist than Anna Nicole

by David Holtzman

The indignities suffered by poor, dead Anna Nicole Smith never end. Most recently, a Texas doctor, Gerald Wayne Johnson, tried to shop a videotape of him performing breast augmentation surgery on Anna Nicole. He was blocked in court yesterday by Smith's former lawyer, Howard K. Stern. The tape was made by the good doctor, who routinely taped all his surgeries, assuring his patients that he would respect their privacy "while they were alive."

Ugh.

The lack of sufficient privacy protection for Americans is a cradle-to-grave problem. This case emphasizes the need to shroud some legal support around the huge amounts of digital information floating out there on each and every one of us.

Posted on August 08, 2007

We Know What You Did This Summer

by David Holtzman

Late Friday evening (August 3rd) the Senate buckled under White House Pressure and passed a Republican plan to temporarily expand the federal government's terrorist surveillance laws. By a vote of 60-28, the bill (Senate Bill number 1927) would immediately allow the administration to begin conducting warrantless surveillance of foreign targets, regardless of whether the target is communicating with someone in the United States. It would require the attorney general, in consultation with director, to write procedures on how the executive branch collects that information. Those procedures would be subjected later to the FISA (Foreign Intelligence Surveillance Act) court for approval. The bill would expire after six months, giving Congress a window to work out a longer-term FISA overhaul in the fall. The Senate and the House each voted down competing Democrat bills that would have called for closer court supervision of government surveillance. According to the Washington Post , earlier this year a federal intelligence surveillance court judge ruled that a key part of the wiretap effort is illegal. The Washington Post says that this ruling is the motivation for this week's Congressional push to expand President Bush's spying powers. The House is expected to approve the Senate bill today. As of this writing, Saturday evening, a vote has not been taken.

Apparently, earlier in the day on Friday, President Bush threatened to hold Congress in session until its scheduled recess if it didn't approve the changes he wanted. Apparently, the thought of no vacation was enough for many Senators to roll over and play dead. If this bill becomes law, Americans making overseas phone calls will have no privacy.

Given all of the election year posturing of prominent Democrats regarding these wiretaps, you might think that one of them would have managed to kill this bill. The truth is that they care more about the President abrogating their responsibility (he didn't ASK them), then they do about protecting the privacy of Americans.

Posted on August 07, 2007

Candid Surveillance Camera

by David Holtzman

An ABC News/Washington Post poll says Americans, by a nearly 3 -to-1 margin, are willing to give up their privacy in favor of crime fighting cameras in public areas. The media outlets conducted the poll in mid-July by telephone using a random sample of 1,125 adults across the U.S. They break down their subjects by demographics to reveal insights. For example, according to analysts, participants who are democrats, especially those who support Barak Obama, are less likely to approve London style surveillance cameras. A similar " Ring of Steel surveillance network will be in place at the lower end of Manhattan. By the end of 2007, 100 new cameras will be in place. By 2010, 3,000 public and private cameras will blanket the Big Apple. Chicago and Baltimore also plan expanded surveillance systems. The New York Civil Liberties Union is calling on the City of New York to use public input and external oversight on any planned cameras to prevent abuse.

I think the most notable thing about the poll is the comments section. Participants overwhelmingly disagree with the findings. My favorite entry is "The answer to 1984 is 1776".

Posted on August 02, 2007

Reform School

by David Holtzman

President George W. Bush and the ACLU are suggesting reforms for the Foreign Intelligence Surveillance Act (FISA) and the Patriot Act. Not surprisingly, their ideas differ greatly.

In his weekly radio address, the President said his administration is proposing legislation that would modernize the 29 year old law to cover technologies that have been developed since FISA's passage. He cited four key reforms: updating legal language to accommodate new technology, protecting privacy interests of people within the United States, allowing the government to work more efficiently with private-sector entities like communications providers, whose help is essential. And lastly, the bill calls for streamlining administrative processes so the intelligence community can gather information quickly and effectively while protecting civil liberties. Reform number three is alarming while number four is questionable, at best. The Bush administration is twelve days overdue in answering a subpoena issued by Congress asking for documents related to the warrantless surveillance. Senate Judiciary Committee Chair Patrick Leahy (VT) granted an extension on July 17. The Committee is expected to issue a new compliance date soon. Earlier this month, the U.S. Court of Appeals for the Sixth Circuit dismissed a legal challenge to the Bush administration's warrantless surveillance program by a vote of 2-1.
For the full decision see. The ACLU is weighing its options, an appeal to the U.S. Supreme Court is a possibility.

Meanwhile, the ACLU's Patriot Act reform < http://action.aclu.org/reformthepatriotact/ > focuses on the National Security Letters (NSL) provision. This section of the Patriot Act allows the F.B.I. to demand (without judicial review) telephone and e-mail records, financial records, and credit information from a recipient of an NSL. There is a gag order associated with NSL prohibiting the recipient from disclosing the fact that they received a letter to the subject of the search and from disclosing the records provided. The ACLU challenged the gag order provisions in Doe v. Ashcroft and Doe v. Gonzales. In both cases the judges ruled that the gag orders were unconstitutional on First and Fourth Amendment grounds. The Patriot Act Reauthorization Act of 2005 changed some of the provisions. An NSL recipient can now disclose that they have been a recipient while seeking legal advice or complying with the request. Recipients may also challenge compliance with the NSL and the gag order provisions. Additionally, the government was given the ability to seek judicial enforcement of NSLs in non-compliance situations. Congressmen Jerrold Nadler (D-NY) and Jeff Flake (R-AZ) introduced a bill on Thursday that proposes a fix for the gag rule. It also calls for a limit to the use of NSL's to investigations directly connected to terrorism thus limiting fishing expeditions that became public in the Office of the Inspector General's Report.

In case you're keeping score, NSL requests prior to the passage of the Patriot Act (2000)? About 8,500. NSL requests between 2003-2005 (after the passage of the Patriot Act)? 143,074. See Inspector General's Report.

Posted on July 30, 2007

Sony's harmonic EULA

by David Holtzman

This is hilarious. Here's the Sony/BMG end-user license sung by Toronto recording artist Brian Joseph Davis, thanks to Boing-Boing.

Posted on July 26, 2007