Jul 072013
 

There is so much to say about the emerging news about the data capture programs run by the NSA it’s hard to know where to begin. Part of the issue is that there are multiple programs and multiple statutes in play, and details about everything are continuing to emerge, which makes analyzing any respective legality complicated. Ostensibly some of these programs may in fact be “legal” under some of these statutes, although there are credible arguments that many of these programs transcend even what these laws might purport to authorize.

But even if these programs are consistent with either their enabling statutory language or previous Fourth Amendment case law, it is not at all clear that they are consistent with either the spirit or bare language of the Fourth Amendment:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Over time, on a case by case basis specific to the facts before them, courts have whittled away at what we might understand the Fourth Amendment to protect. Which is unfortunate, because on its face it would appear to protect quite a bit of personal privacy from government intrusion, except under very narrow circumstances. But as we learn more about these surveillance programs we see how, even if “legal,” they intrude upon that privacy, and in a way that essentially destroys all vestiges of it for everyone, criminal (or foreign) or not.

Which is what the rest of this post intends to focus on, albeit in a more humorous than purely analytical manner. But such flippancy shouldn’t discredit its overall point, and indeed, humor is often an excellent vehicle for illustrating policy shortcomings. In this case what follows highlights the problem with Section 215 of the Patriot Act, a post-9/11 law that allows government authorities to access, without a warrant and only with the questionable oversight of the itself apparently unaccountable Foreign Intelligence Surveillance Court, all sorts of “tangible things.” By accounts, it seems the NSA has used this provision to underpin at least one of its programs.

Because everything this court does is shrouded in secrecy, no one knows exactly what “tangible things” applies to. But we can make some reasonable suppositions, and the following articulates a few of them. Sung to the tune of The Sound of Music’sMy Favorite Things,” here is a modern update:

“My Tangible Things.” Continue reading »

Mar 272013
 

I was interviewed yesterday about my concerns for the new Golden Gate Bridge toll system. Like an increasing number of other roadways, as of this morning the bridge will have gone to all-electronic tolling and done away with its human toll-takers, ostensibly as a cost-cutting move. But while it may save the Bridge District some money on salaries, at what cost does it do so to the public?

With the toll-takers bridge users could pay cash, anonymously, whenever they wanted to use the bridge. Fastrak, the previous electronic toll system, has also been an option for the past several years, offering a discount to bridge users who didn’t mind having their travel information collected, stored, and potentially accessed by others in exchange for some potential expediency. But now bridge users will either have to use Fastrak, or agree to have their license plates photographed (and thereby have their travel information collected, stored, and potentially accessed by others) and then compared to DMV records in order to then be invoiced for their travels.
Continue reading »

Mar 272013
 

I’ve written before about the balance privacy laws need to take with respect to the data aggregation made possible by the digital age. When it comes to data aggregated or accessed by the government, on that front law and policy should provide some firm checks to ensure that such aggregation or access does not violate people’s Fourth Amendment right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Such limitations don’t forever hobble legitimate investigations of wrongdoing; they simply require adequate probable cause before the digital records of people’s lives be exposed to police scrutiny. You do not need to have something to hide in order not to want that.

But all too often when we demand that government better protect privacy it’s not because we want the government to; on the contrary, we want it to force private parties to. Which isn’t to say that there is no room for concern when private parties aggregate personal data. Such aggregations can easily be abused, either by private parties or by the government itself (which tends to have all too easy access to it). But as this recent article in the New York Times suggests, a better way to construct the regulation might be to focus less on how private parties collect the data and more on the subsequent access to and use of the data once collected, since that is generally from where any possible harm could flow. The problem with privacy regulation that is too heavy-handed in how it allows technology to interact with data is that these regulations can choke further innovation, often undesirably. As a potential example, although mere speculation, this article suggests that Google discontinued its support for its popular Google Reader product due to the burdens of compliance with myriad privacy regulations. Assuming this suspicion is true — but even if it’s not — while perhaps some of this regulation vindicates important policy values, it is fair to question whether it does so in a sufficiently nuanced way so that it doesn’t provide a disincentive for innovators to develop and support new products and technologies. If such regulation is having that chilling effect, we may reasonably want to question whether these enforcement mechanisms have gone too far.

Meanwhile public outcry has largely been ignoring much more obvious and dangerous incursions into their privacy rights done by government actors, a notable example of which will be discussed in the following post.

Feb 182012
 

Last week’s links:

Jan 052012
 

Maybe there’s more TSA news breaking these days. Or maybe it’s just that I’m noticing it more. Whatever the reason, on the heels of the last post I have some new items to add. But maybe it makes sense to begin by explaining what this topic is doing on this technology blog. Continue reading »

Dec 272011
 

This upcoming week’s Quicklinks was starting to have quite a few examples related to aviation safety, so I thought I’d distill them into one post. There is likely universal agreement: we want to be able to travel through the air safely. There is not, however, agreement on what sort of public policy is necessary to ensure such an outcome.

Even regarding the same safety issues there’s not consensus. For example, passengers are forbidden from using certain portable electronics during takeoffs and landings for fear they’d cause electromagnetic interference that could disable the plane’s instruments. Unfortunately, whether that is a valid concern or a modern old wives’ tale is still subject to debate. This article in the New York Times Bits blog ran some tests on various objects and noted that they did not seem to emit interference that would approach dangerous levels, even in the aggregate. On the other hand, it’s worth reading this recent article from Salon.com’s Ask the Pilot columnist Patrick Smith as a counterpoint. He notes that even a minor blip in airplane instrument functionality could be risky, but moreover, the other reason to ban such devices during these periods is because they can become dangerous projectiles in case of emergency. Sure, he observes, so can books, which aren’t banned, but if one is going to draw a line somewhere this could be a reasonable place.

The other links relate to the security theater surrounding airport operations. I won’t categorize this post as “commentary” despite the preceding pejoratives because I am sure at some point(s) in the future I will use even more excoriating language to indict the shameful state of affairs that is the TSA than this here. Instead I will point to this Vanity Fair interview of security expert Bruce Schneier to describe the problem. And also link to this story about the TSA confiscating a passenger’s cupcake because the frosting was “too gel-like” and let you draw your own conclusions.

Update 12/29/11: I missed an article I’d meant to link when I wrote this. “Aviation security expert: TSA wasted $56B on junk security,” Cory Doctorow, BoingBoing, Dec. 7, 2011.

Dec 242011
 

Other items of interest this past week:

Dec 242011
 

From EPIC.org:

EPIC has filed a Freedom of information Act lawsuit against the Department of Homeland Security to force disclosure of the details of the agency’s social network monitoring program. In news reports and a Federal Register notice, the DHS has stated that it will routinely monitor the public postings of users on Twitter and Facebook. The agency plans to create fictitious user accounts and scan posts of users for key terms. User data will be stored for five years and shared with other government agencies.The legal authority for the DHS program remains unclear. EPIC filed the lawsuit after the DHS failed to reply to an April 2011 FOIA request. For more information, see EPIC: Social Networking Privacy.

(h/t Pogo Was Right)

Dec 242011
 

This article in the Los Angeles Times describes TSA deployment to other public transport, including train stations, subways, ferry terminals, cruise ships, and highway weigh stations.

“We are not the Airport Security Administration,” said Ray Dineen, the air marshal in charge of the TSA office in Charlotte. “We take that transportation part seriously.”

The TSA’s 25 “viper” teams — for Visible Intermodal Prevention and Response — have run more than 9,300 unannounced checkpoints and other search operations in the last year. Department of Homeland Security officials have asked Congress for funding to add 12 more teams next year.

According to budget documents, the department spent $110 million in fiscal 2011 for “surface transportation security,” including the TSA’s viper program, and is asking for an additional $24 million next year. That compares with more than $5 billion for aviation security.

TSA officials say they have no proof that the roving viper teams have foiled any terrorist plots or thwarted any major threat to public safety. But they argue that the random nature of the searches and the presence of armed officers serve as a deterrent and bolster public confidence.

“We have to keep them [terrorists] on edge,” said Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University in Washington. “We’re not going to have a permanent presence everywhere.”

U.S. officials note that digital files recovered from Osama bin Laden’s compound in Pakistan after he was killed by U.S. Navy SEALs in May included evidence that the Al Qaeda leader had considered an attack on U.S. railways in February 2010. Over the last decade, deadly bombings have hit subways or trains in Moscow; Mumbai, India; Madrid; and London.

But critics say that without a clear threat, the TSA checkpoints are merely political theater. Privacy advocates worry that the agency is stretching legal limits on the government’s right to search U.S. citizens without probable cause — and with no proof that the scattershot checkpoints help prevent attacks.

“It’s a great way to make the public think you are doing something,” said Fred H. Cate, a professor at the Indiana University Maurer School of Law, who writes on privacy and security. “It’s a little like saying, ‘If we start throwing things up in the air, will they hit terrorists?’”