5 posts tagged “privacy”
Thrift store MP3 player contains secret military files
(CNN) -- A man walks into a thrift store.
It sounds like the opening line to a bad joke. And this case was a bad joke -- for the Pentagon.
Chris Ogle of New Zealand was in Oklahoma about a year ago when he bought a used MP3 player from a thrift store for $9. A few weeks ago, he plugged it into his computer to download a song, and he instead discovered confidential U.S. military files.
"The more I look at it, the more I see, and the less I think I should be," Ogle said with a nervous laugh in an interview with TVNZ.
The files included the home addresses, Social Security numbers and cell phone numbers of U.S. soldiers. The player also included what appeared to be mission briefings and lists of equipment deployed to hot spots in Afghanistan and Iraq. Most of the information appears to date to 2005.
The New Zealand journalist who first reported the story was able to contact at least one of the soldiers by dialing a phone number found in the files. He hung up once she explained why she was calling...
Afterthoughts:
A minor rant: Who in the hell are these people that are storing
confidential military files on MP3 players? Why is it so easy for
said person to copy the files onto it? and in my life experience if one
person is doing something at work, everyone is probably doing it. As I
key this comment I would bet someone at the Pentagon is heading out to
lunch with a thumb drive in their pocket. Sometimes I think my head is
going to explode.
In April of 2008, President Bush signed into law S.1858 which allows the federal government to screen the DNA of all newborn babies in the U.S. This was to be implemented within 6 months meaning that this collection is now being carried out. Congressman Ron Paul states that this bill is the first step towards the establishment of a national DNA database.
S.1858, known as The Newborn Screening Saves Lives Act of 2007, is justified as a "national contingency plan" in that it represents preparation for any sort of public health emergency. The bill states that the federal government should "continue to carry out, coordinate, and expand research in newborn screening" and "maintain a central clearinghouse of current information on newborn screening... ensuring that the clearinghouse is available on the Internet and is updated at least quarterly". Sections of the bill also make it clear that DNA may be used in genetic experiments and tests.
Read the full bill: http://www.govtrack.us/congress/bill.xp...Twila Brase, president of the Citizens' Council on Health Care warns that this new law represents the beginning of nationwide genetic testing. Brase states that S.1858 and H.R. 3825, the House version of the bill, will:
• Establish a national list of genetic conditions for which newborns and children are to be tested.
• Establish protocols for the linking and sharing of genetic test results nationwide.
• Build surveillance systems for tracking the health status and health outcomes of individuals diagnosed at birth with a genetic defect or trait.
• Use the newborn screening program as an opportunity for government agencies to identify, list, and study "secondary conditions" of individuals and their families.
• Subject citizens to genetic research without their knowledge or consent.Read her entire analysis of the implications of this bill here: http://www.cchconline.org/pdf/S_1858_NB...
Brase states that under this bill, "The DNA taken at birth from every citizen is essentially owned by the government, and every citizen becomes a potential subject of government-sponsored genetic research." All 50 states are now routinely providing results of genetic screenings to the Department of Homeland Security and this bill will establish the legality of that practice plus include DNA.
Ron Paul has also vigorously argued against this bill making the following comments before the US House of Representatives:
"I cannot support legislation...that exceeds the Constitutional limitations on federal power or in any way threatens the liberty of the American people. I must oppose it."
"S. 1858 gives the federal bureaucracy the authority to develop a model newborn screening program. Madame Speaker, the federal government lacks both the constitutional authority and the competence to develop a newborn screening program adequate for a nation as large and diverse as the United States. …"
"Those of us in the medical profession should be particularly concerned about policies allowing government officials and state-favored interests to access our medical records without our consent … My review of S. 1858 indicates the drafters of the legislation made no effort to ensure these newborn screening programs do not violate the privacy rights of parents and children, in fact, by directing federal bureaucrats to create a contingency plan for newborn screening in the event of a 'public health' disaster, this bill may lead to further erosions of medical privacy. As recent history so eloquently illustrates, politicians are more than willing to take, and people are more than willing to cede, liberty during times of 'emergency."
This video is dedicated to the First and Fourth Amendments to the United States Constitution and a special shout out to the United States Bill of Rights.
The FISA Amendments Passed.
1. The law retroactively legalizes a massive electronic operation to spy on the personal communications of millions of Americans - within the United States
2. The law allows physical searches of Americans’ homes and places of work without a search warrant or any other proof that anyone being spied upon is suspected of any crime at all
3. The law allows the same kind of unaccountable spying online and by telephone
4. Under the FISA Amendments Act, the only person with the ability to stop the spying is the same person who actually orders the spying to take place: The Attorney General of the United States.
First Amendment the Constitution of the United States and part of the United States Bill of Rights.
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
Fourth Amendment the Constitution of the United States and part of the United States Bill of Rights
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
Judge Orders YouTube to Give All User Histories to Viacom
By Ryan Singel July 02, 2008 | 7:16:54 PM
Google will have to turn over every record of every video watched by YouTube users, including users' names and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube, a judge ruled Wednesday.
Viacom wants the data to prove that infringing material is more popular than user-created videos, which could be used to increase Google's liability if it is found guilty of contributory infringement...
...Although Google argued that turning over the data would invade its users' privacy, the judge's ruling described that argument as "speculative" and ordered Google to turn over the logs on a set of four tera-byte hard drives...
...The order also requires Google to turn over copies of all videos that it has taken down for any reason...
FBI's Net surveillance proposal raises privacy, legal concerns
April 25, 2008
by Declan McCullagh
The FBI director and a Republican congressman sketched out a far-reaching plan this week for warrantless surveillance of the Internet.
During a House of Representatives Judiciary Committee hearing, the FBI's Robert Mueller and Rep. Darrell Issa of California talked about what amounts to a two-step approach. Step 1 involves asking Internet service providers to open their networks to the FBI voluntarily; step 2 would be a federal law forcing companies to do just that.
Both have their problems, legal and practical, but let's look at step 1 first. Issa suggested that Internet providers could get "consent from every single person who signed up to operate under their auspices" for federal police to monitor network traffic for attempts to steal personal information and national secrets. Mueller said "legislation has to be developed" for "some omnibus search capability, utilizing filters that would identify the illegal activity as it comes through and give us the ability to pre-empt" it.
These are remarkable statements. The clearest reading of them points to deep packet inspection of network traffic--akin to the measures Comcast took against BitTorrent and to what Phorm in the United Kingdom has done, in terms of advertising--plus additional processing to detect and thwart any "illegal activity."
"That's very troubling," said Greg Nojeim, director of the project on freedom, security, and technology at the Center for Democracy and Technology. "It could be an effort to achieve, through unknowing consent, permission to monitor communications in a way that would otherwise be prohibited by law."
Unfortunately, neither Issa nor Mueller recognized that such a plan is probably illegal. California law, for instance, says anyone who "intentionally and without the consent of all parties to a confidential communication" conducts electronic surveillance shall be imprisoned for one year. (I say "probably illegal" because their exchange didn't offer much in the way of details.)
"I think there's a substantial problem with what Mueller's proposing," said Al Gidari, a partner at the Perkins Coie law firm who represents telecommunications providers. "He forgets the states have the power to pass more restrictive rules, and 12 of them have. He also forgets that we live in a global world, and the rest of the world doesn't quite see eye to eye on this issue. That consent would be of dubious validity in Europe, for instance, where many of our customers reside."
For its part, the FBI isn't talking. After we made repeated attempts to get the bureau to explain what Mueller was talking about, FBI spokesman Paul Bresson responded by saying, "At this point, I'm going to let the director's comments, in the context of the exchange with Rep. Issa, speak for themselves."
What step 1 appears to involve is persuading Internet providers to amend their terms of service and insert an FBI-can-monitor-everything clause. Informed consent is one thing. But does anyone actually read the fine print on their contracts with their broadband or wireless provider? If not, is that fine print good enough?
Informed consent is important because of the wording of the Electronic Communications Privacy Act, or ECPA, which says providers may share the contents of customers' communications only "with the lawful consent" of the user. Otherwise, providers are breaking the law and can be sued for damages. And without consent, the FBI would bump up against the Fourth Amendment's prohibition on unreasonable searches.
Originally, Congress seemed to take a liberal view of what constituted "lawful consent." When ECPA was enacted in 1986, a House committee report said "consent may be inferred from a course of dealing," and if "those rules are available to users," consent can be implied.
But that was written way back in the early, pre-Internet days of Compuserve and bulletin board systems. More recently, courts have interpreted ECPA more strictly.
The 2003 In Re Pharmatrak decision from the U.S. Court of Appeals for the 1st Circuit offers one useful measuring stick. The court ruled in a case involving Web tracking "that it makes more sense to place the burden of showing consent on the party seeking the benefit of the exception." The judges approvingly cited a second case, which said "consent can only be implied when the surrounding circumstances convincingly show that the party knew about and consented to the interception."
The Federal Trade Commission, too, has taken a relatively strict view of informed consent. In its lawsuit filed against Odysseus Marketing, the FTC argued that it was unlawful for a company not "to adequately disclose" to customers that it was sharing information with third parties. The case ended in a settlement.
Translation: Obtaining "lawful consent" for FBI monitoring means making sure that your customers actually know what's going on and agree. Hiding it in the terms of service doesn't qualify.
But assume that the FBI can persuade Internet providers to include a prominent notice in every monthly bill, or some other mechanism that would be legally sufficient. Another problem is that even if the person who pays the bills consents to monitoring, other people may use the connection--think homes with open wireless connections. ECPA's legal protections follow individual people, not customer accounts.
Rewriting U.S. surveillance laws
Because the FBI would run into serious problems doing wide-scale Internet surveillance under existing state and federal law, step 2 may be necessary. That means rewriting U.S. surveillance law.
Issa said he wants to "craft" legislation that would give the FBI the power to look "for those illegal activities, and then act on those, both defensively and, either yourselves or certainly other agencies, offensively in order to shut down a crime in process." He worried about "national-security secrets and just the common information of private individuals" being at risk. In his response, Mueller said he wants Congress to "give us the ability to pre-empt that illegal activity."
"Looking for" a crime in process on the Internet can take multiple paths. If it's a denial-of-service attack against eBay or Amazon.com originating from Russian servers, it can be detected by measuring the amount of traffic without inspecting the contents each packet. But to detect fraud and "national-security secrets," as well as personal information being transferred, deep packet inspection would be necessary--roughly on a scale of the Great Firewall of China.
Needless to say, detecting "illegal activity" would soon be extended to copyright infringement and peer-to-peer networks. Under the No Electronic Theft Act, swapping music or video files is a federal crime, if the total value of the files exceeds $1,000. If the value tops $2,500, the penalties jump up to not more than five years in prison. And as Jammie Thomas found out last year, allegedly sharing 24 files can lead to $222,000 in civil penalties.
"I think you bump squarely into the Fourth Amendment when you get into the required waiver of constitutional protections to use a service," said Gidari, the attorney at Perkins Coie. "Why don't we extend it to include not criticizing the government? Which right is next? 'You may use our service, as long as you don't disparage Verizon?' Why not that one?...You've still got to have, at the end of the day, a constitutionally supportable legal process to get access to anyone's communications. This cannot be an end run around that."
The problem of how to "shut down a crime in process" and "pre-empt that illegal activity" is more difficult and, perhaps, more worrisome.
Here's what Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation in San Francisco, had to say when I asked him to read the transcript of Wednesday's hearing:
It certainly is Mueller's responsibility to explain what it is that he's looking for. But it seems that he's saying, essentially, that the surveillance society is the best society. A society in which the government has complete information about illegal activities and is able to enforce that. Throughout our country's existence, we've lived in a society where the government doesn't have perfect information.
Is (Mueller) suggesting that there's a search capability using filters that would identify an infringing work and fail to deliver a message containing that work? Is that the choke point? If that is the case, how can that be done well? How about fair uses? How will the government tell whether a copyrighted work is sent pursuant to a license? Will it have a centralized database of licenses? How does he propose to have this work, so it only identifies illegal activities and doesn't overly choke?
The FBI has some obligation to explain: what is it going to focus on here? Once you have the technology in place, will it then be used for more and more?
If you thought the tussles over Net neutrality were heated before, imagine a broadband provider throttling certain applications--and being able to blame that throttling capability on law enforcement. At the very least, it would be a wonderful excuse.
Which is why it's a shame, and somewhat troubling, that the FBI has chosen not to say what its director is proposing (and apparently will be working with Congress to write into law).
Odds of FBI-filtering legislation: Zero?
One possible germ for this Internet-monitoring idea lies in Homeland Security's so-called Einstein program, which is designed to monitor Internet mischief and network disruptions aimed at federal agencies. Not much about Einstein is public, but a privacy impact assessment offers some details.
Homeland Security Spokeswoman Laura Keehner said in a telephone interview that the primary focus of Einstein at the moment is protecting federal-government networks. "Obviously, the FBI could clarify or elaborate on what they said," Keehner said. "I do know that (from Homeland Security's perspective) we now first need to get our .gov in order. We need to concentrate on our federal networks...We're also bringing in the private sector to open those lines of discussion and figure out ways that the private sector can better equip themselves to stop any cyberincursions."
Another possibly related effort is the Bush administration's so-called Cyber Initiative. In January, President Bush signed a pair of secret orders--National Security Presidential Directive 54/Homeland Security Presidential Directive 23--that apparently deal with detecting and preventing Internet disruptions. Issa is a member of the House Intelligence Committee, which held a closed-door hearing on Thursday devoted to the Cyber Initiative--and, during the exchange with Mueller a day earlier, he said his monitoring idea was related.
The House Intelligence committee didn't want to talk. But a representative of the House Homeland Security committee chaired by Rep. Bennie Thompson (D-Miss.) sent us three bullet points in an e-mail message:
1. Chance of a legislative initiative that would allow FBI to place filters to identify illegal activity at choke points on the .com space: 0
2. We still have concerns and questions about the initiative, and we continue to do oversight.
3. Legislation is not being considered for any of the new proposals, outside of the budget requests made by the administration.
Point No. 3 seems to relate to the administration's 2009 budget request, which asks Congress for $293.5 million to expand Einstein to the entire federal government.
The Senate Homeland Security and Governmental Affairs Committee, which is headed by Joe Lieberman of Connecticut, also held a classified hearing last month on the administration's Cyber Initiative.
But a committee aide told us, "The idea of filtering for criminal activity has never been discussed with us. Nor has any new statutory authority been discussed. In fact, the administration explicitly said it didn't need any legislation. Furthermore, the idea of monitoring nongovernment domains has never been proposed in briefings the committee has received."
It's true that, at least in the current political climate, legislation of the sort Issa wants to draft isn't likely to slide through Congress unopposed.
Still, it's worth keeping in mind that the FBI has a recent, and not very flattering, history of trying to expand the scope of surveillance methods. Bureau agents used so-called exigent letters to obtain records from telephone companies, claiming that an emergency situation existed.
In reality, there was often no emergency at all. The Justice Department's inspector general found similar abuses of national-security letters. The FBI also tried to bypass the Foreign Intelligence Surveillance Court when it denied requests to obtain records.
Perhaps Mueller can provide a convincing argument for why laws giving the FBI "omnibus search capability utilizing filters that would identify the illegal activity" would be wise. Perhaps not. But when politicians weigh the idea of trusting the FBI with such broad and unprecedented authority, they should consider the abuses that have already taken place with far less powerful tools.
