Privacy discussion (US vs EU)

A couple of weeks ago, Georgetown University hosted a panel discussion on the differences between privacy issues in the US and the EU. This is a fascinating issue given that as people travel more and more, and governments try to protect their borders via information discovery, the implications to the loss of privacy are quite large. Although I think this panel spent too much time mentioning a few issues (passenger list disclosure, if corp. aggregation or govt. aggregation of data is more concerning and the differences between US and EU privacy law, much of the electronic privacy law issues (like if IP addresses are Personally identifiable Information (PII)) was left out. Of course in a one hour discussion you can’t really even begin to touch all the privacy issues but it seems a shame that such a great panel of experts was stuck on the surface of many issues and didn’t dig that deep into many. None the less, it’s a interesting listen if you are interested in privacy issues and the law.

Tell the world you're made in America

American Apparel is proud to say they are at the forefront of marking their clothing with radio transmitters (called Radio Frequency Identification tags (or RFID tags for short)). While touting the supply chain benefits of these RFID tags they don't quite mention small details (like whether the tag gets turned off after you leave the store. This kind of potential surveillance (and the ensuing PR issues) led American Eagle to drop a similar plan in 2006. I've covered RFID tags before and their privacy implications. The folks over at Spychips also have a long list of interesting research they have done on RFID chips (including a book that's a little bit over the top but does raise some really interesting issues based upon patent applications). I figure if people have tried out tracking folks with Nike+iPod running gear then it can be only a matter of time before someone tries this with American Apparel's system.

Aren't you glad your government listens to you?

Well, I guess that might depend on who you are. If you are one of the folks who was wiretapped in the past year, then you might not be that excited about it. The Administrative Office of the United States Courts released its yearly report on wiretaps. Of course this only covers the "public" wiretaps (e.g. FISA approved wiretaps are not listed). None the less, we can see the wiretapping is on the rise and the costs are falling (though arstechnica points out that $48,477 per investigations isn't exactly money to be found in your couch cushions). The major use of these taps seems to be for drug related offenses (though we don't know about the FISA taps to know about what our war on terrorism is costing us in government surveillance). Of course all of this is only including the taps that occurred before wiretaps were cut off because we hadn't paid the bills for the ones we'd already implemented. The folks at the Electronic Privacy Information Center have a synopsis of this report as well.

Chip hacking; ain't just for ninjas at the Lays factory

Chip hacking you say? That's right. This was quite a surprise to me but apparently some folks have started to explore the concept of making malicious semiconductors. The concept here is that a specially designed chip would be able to function just as the standard chip but would also allow back doors and access to data that would be undetectable from software. Of course, if you can access someone's physical computer, security has already been compromised. The danger here is not that someone will do a 'sneak and peek' and replace a systems microprocessors (though in theory this could happen; in reality it is far more likely that someone would take a copy of the hard drive to look at; install spy-ware or just plug in a key logger to be retrieved at a latter date).

What is of concern is that someone would put these chips into the commercial stream (or even target it at specific customers). If that sounds outlandish; you may be in for a surprise that some of the computer communications routers (the devices that send messages around the net) have already been hit by counterfeit chips. Indeed; in this case the routers that were purchased went to the US military. Although there is no proof at the moment that these chips were compromised (in terms of having a back door installed) no-one really knows. This has sent the Department of Defense scrambling to inspect all of it's routers for these phony chips (for those who think this sounds like overkill; it may be given that the US (and Chinese) governments have already insisted that communications equipment makers design their equipment to be able to allow transmission monitoring (Cisco documentation).

The interesting part here is that this is forcing government agencies to flip the usual "privacy for security" trade-off" discussion on its head. In this case, the way they can ensure the security of their populations, is though increased privacy (this is the same argument that people make about anonymity being important to avoid governmental tyranny). Although governments are likely to do a two-step about how what's good for them is bad for you; the real danger here is that chips coming from unidentified sources (say Fabs (fabrications facilities) outside of the US) and then put in products to be resold could have back doors waiting to be unlocked (or have the machines disabled at a critical time). The fear for governments here is obvious but the impact to business and users is also important. I'd love to see a solution for how to protect against malicious hardware (somewhat akin to the challenge of sending secret messages across monitored channels that encryption faced until public key encryption was discovered).

Why Didn't I Think of That; Research in Thought Crime

Last week there was a really interesting article by Nita Farahany in the Washington Post. The article talks about DARPA research into remote brainwave analysis and it's applicability for crime prevention. The article spends most of it's time talking about the technology but there are a few short references made to the civil liberty issues that this research raises. Of particular privacy concern is the 4th amendment protections from unreasonable search and seizure as scanning someone's brain certainly falls into the area most of us would consider private. There is also the possibility that there are 5th amendment issues of self-incrimination from asking questions and then looking at the brain scans of the suspect to define guilt (or perhaps just reasonable suspicion for more questions or a more invasive search). An argument can also be made that there is a lack of due process in such actions. as guilt could be decided based upon nothing more than a machines output. These are definitely some interesting things to question, and ones we should answer before we introduce such technologies; but I don't think that it's quite time to call for tinfoil hats.

The best analogy I can think of is the polygraph (Lie detector) machine. Such machines are banned for compulsory use in prosecutions and have questionable use in defense or civil proceedings. Employers are also banned from using them though that came about via federal law (Employee Polygraph Protection Act of 1988 (EPPA)). The danger in such a thing might come from its "illegal" use in pointing law enforcement in the right direction or if covered up by gag rule legislations (like that which accompanies NSLs).

Perhaps the part of this article that bothers me most is the scenarios that are presented. For some reason the "ticking timebomb" example gets evoked with alarming frequency these days. Forgive my naive nature but how frequent an occurrence is someone in custody who knows about a time bomb that we are so willing to curtail our rights for it? I would think it would be much more common for people with anxiety disorders to be detained and questioned because their condition might create a "false positive" reading. Is this the balance of liberty we want?

Of course this is also assuming that those in power only ever use their power for the good of the society. If someone with such a device were much more unscrupulous (#2). In such a situation authority figures could use such tools to detect which people would pay a bribe; or even worse who might not report an illegal action like a beating or rape by that official.

The real danger is that in such a society, it’s not the though reading that is the end result; it's just the start. Thought reading necessarily leads people to thought control where people are afraid to even think certain thoughts (and in this it sounds quite Orwellian). Just think if everyone around you could read your mind, you would probably think very different thoughts. Such coerced thought control is antithetical to a society that believes in liberty.

If the best reasons for such a technology is to catch a person with knowledge of a "ticking timebomb" then I think it's time we really evaluated the risk/benefit trade off. We debate the safety of Mercury in fish, BPA in bottles and alcohol in drivers; each of these impacts many more people a year than "ticking timebombs". Still; people get angry when police set up "sobriety checkpoints"; why would we want something that stops far less crime and is far more invasive?

Why RFID Should Never be Taken to Mean Private or Secure

I came across two interesting videos this week showing just how insecure RFID can be. I’ve linked them below. You should note that the first uses a system called Oyster that is used in many cases (including entry cards (as the video shows). The second shows an American Express card. Caveat emptor.

Note: the second video is done with a $0.99 reader off eBay (plus $7.99 in shipping). In general these cost around $50 but the prices are dropping and $50 is not much of a barrier. Tracking based on these things we carry (in this case an id or credit card) has the potential to be cheap and ubiquitous.

Oyster cards hacked and cloned by college kids

American Express cards are easily readable

Power Corrupts; Absolute Power Corrupts; Absolutely

Hidden between the salacious headlines about a prostitute patronizing governor, the release of a report by the Department of Justice seeped out. Apparently the government we have entrusted with our security, and with the legal, and moral, requirement to protect our privacy has been playing fast and loose with the second of those obligations. According to the report, the FBI was using National Security Letters (authorized under the USA PATRIOT Act for surveillance outside of usual 4^th amendment protections and requirements) to spy on subject who they were not allowed to, forbidden by courts from monitoring or simply casting their net much wider than they had approval to do.

For those wondering how this ties to our current debate about providing telecoms with immunity for prosecution (the telecoms are who the FBI delivered these NSLs to and were then given people’s private records or access to wiretaps), The Senate has already approved such immunity while the House voted this week to pass surveillance legislation without telecom immunity. Bush has threatened a veto without this clause and there has been much discussion about this issue. What is interesting here is that our government, entrusted to protect us, has asked for powers to monitor us out side of its abilities and in violation of the constitution. As in the past (think Hoover administration, Files that showed up on the Clinton White House, etc.) we see that those given the ability to secretly monitor are abusing that privilege. When we discuss the concepts of domestic spying and why that must be done out the oversight, we should also ask who watches the watchers?

IP address; Your Home on the Net

OK, so here’s a quick primer on Internet traffic. Much like the traffic on the streets, it finds its way to its destination via an address (well except for male traffic which wanders randomly around until it sees its destination, luckily for us all, Internet traffic is androgynous). The world of computer technology (especially early technology in the space) used very descriptive naming and IP (or Internet Protocol) is one of those amazingly descriptive names. Every time you communicate with another machine on the internet (e.g. every time you type in an email address, a web-site or IM someone) your IP address is communicated to that site. Don’t believe me, go to www.WhatsMyIPAddress.com and it will tell you what your IP address is. The current version of IP addresses is called IPv4 (for version 4). The problem with IPv4 is that as the number of devices that are connected to the Internet has expanded (think of every server, Internet capable cell phone, desktop, laptop, etc.) the number of available addresses is getting pretty slim (much like with telephone numbers). Also like telephone numbers (or street addresses) sections are given out in blocks (blocks of numbers or just street blocks). To deal with the lack of addresses, organizations (probably like your workplace or school) set up a set of IP addresses and then allow the traffic to get sent to addresses only it knows within its network (this is called DHCP within a reverse-proxy, don’t worry about the tech parts of this, just accept that your IP address changed periodically to allow others to use that address when you weren’t). Your Internet Service Provider (ISP) most likely does this as (just like you might have an office number at work that the post office has no idea where it is). This has all changed.

Two things are changing this system. First off is IPv6. IPv6 has much more “addressing space” which means that if this were a city, you just built a ton of new roads and everyone can easily have their own address. This means that there is no need for dynamic addressing and thus people may keep their IP addresses for long periods of time (effectively making them personally identifiable). The second change was around data aggregation.

Data aggregation has become cheap enough that storing massive amounts of data is quite cheap. Right now I can go buy a terabyte of space (that’s 1,000,000 Megabytes (MB)) for a couple hundred dollars (US $). Since storage is cheap, organizations started to store this information and associate it with other information. IP address could be linked to users (say if you logged into an online website then linking your login time and IP address would give you a user’s identity, then use that IP address on other sites and you know where the person has been). You can even use this information to get a person’s physical location (or at least the location of the machine/access point they are using). Search engines use this information to build a profile of a user and use that information to build marketing profiles. In this is where Google has found itself on the bad side of the European Union’s Privacy initiatives.

Recently the EU, decided that IP addresses are personal information (called PII or personally Identifiable Information in the US). Google, in particular is fighting this as they argue that IP addresses aren’t personally identifiable. If comments on that blog are any indication, the net community isn’t buying this line any more than the EU is. In fairness to Google, they really don’t care if it personally identifies you as long as it uniquely identifies a person (since that’s where their targeted ad business (the core of how they make money) makes its money). Google is trying several steps to convince people they aren’t keeping info that is personally identifiable but in reality, anyone who is storing IP addresses (even without things like search histories that invariably have PII in them) is going to have this issue. Using ISP records, IP addresses can be linked to users and from a Govt. standpoint this is the magic connection.

If you are concerned about such actions, I can recommend two actions to take. The first is to use a service like Scroogle. You can make a search plug-in for your browser for them or just go to their homepage. They proxy searches to Google but take out the ads and the tracking cookies. In this way you can access the value of a search engine (like Google) without worrying about the nasty tracking aspects of such a company. The second option is to use an anonymizing service like TOR. TOR sends all your traffic though at least three other nodes. The data is thus Anonymized from its original source but it is NOT confidential (e.g. if you log into a website that is not using SSL (the little lock icon on your browser) then the person on the end of that chain of servers could capture your login and password). This is just as true if you aren’t using TOR but just a reminder that anonymity is different than privacy.

RFID – What it is and Why is it Showing Up Everywhere?

So by now you’ve probably heard of RFID. If not this technology is Radio Frequency Identification. At a technological level it’s actually a pretty cool technology that could enable slick things like taking a semi-full of goods and driving it to a dock and sensors could automatically update inventory by reading the tags while the semi was pulling up to the warehouse (no clerks, no data entry errors, not time spent filling out paperwork). This is the same technology used in things like the EZ Pass for bridge tolls in certain parts of the US. Without going into a technical description of RFID, it’s easies to think of RFID as a broadcasting technology. So, when the tag is not “shielded” (think of this a quite literally putting a tinfoil hat on the device) then it is broadcasting information. Where this gets into interesting privacy issues is when this technology is integrated into things that are more personally associated. Think driver’s licenses, bus passes, clothing, pets, passports, charge cards, cell phones and even people. Since this data is remotely collectable this give people with inexpensive readers the ability to track movements as the data is aggregated. Technology like the Enhanced Drivers License also has all the data that is on your driver’s license so that data can be collected (say, like when you take it out as ID at a store).

Some organizations are pretty much against this RFID in all forms (like the folks at CASPIAN) while other folks see it as applicable for industrial use but not consumer products (as Tesco tried so that it could track consumer’s actions in their stores). Still others think this technology is fine as long as it isn’t used in humans. Finally there are those who are volunteering it be tagged. It is probably biasing but worthy of note that RFID “non-removable” bracelets are used at Guantanamo to track prisoners in much the same way that the Nazis used tattooed numbers to track prisoners in their death camps (IBM is one of the leading patenters of RFID technology as well as the folks who made the computer systems for the Nazis).

As it turns out some of this info isn’t even well secured as a German hacker proved with the e-passports. As with any technology, it can be used for good or for evil. In this case, RFID has the ability to be used for significant privacy invasion; the funny part is that there is not that much to gain for individuals when their materials are tagged. This begs the question, why adopt it?

If you want to read about how scary some of the folks patenting this technology are getting (at least in their patents) the book Spychips is a bit alarmist but quite eye opening.

You sound familiar… Writing Style Matching in a Blogged World

So the National Science Foundation created a program called Dark Web. For those not familiar it’s a project that tries to collect all the extremist and terrorist sites on the net. For monitoring, this is probably something that seems perfectly practical. Some of the technology has interesting applications. One in particular is a writing style matching technology Writeprinting. Writeprinting looks at things like your writing style, structure and semantics to identify who you are (or more appropriately identify writings by the same individual. The benefit to be able to identify “anonymous” extremists from other writings they have done online (or other sources) is of obvious benefit which few people would deny we should be looking into in an effort to keep all people safe. Indeed, the Unibomber was caught after his manifesto was published and his brother recognized the thoughts and writing style.

Of course, like most technologies, it can be used for good or evil as machines and algorithms are apathetic to purpose by definition. This means that the same technology we rely on to keep us safe from terrorists may also be the same technology that keeps us from expressing our thoughts and feelings about what is happening in our communities, country or world. Anonymous speech was important to our founding fathers (as much of what they were doing was treasonous under English rule) and this technology could easily be used for other “well meaning” though totally unintended purposes such as catching students who write other’s papers or unmasking anonymous whistle blowing bloggers.

Of course, not making any public writings available would thwart such a technology but it also has a down side. Right now public shows of dissent are the ways that people form movements against programs, policies, organizations and governments that they don’t agree with. This form of association allows a safety valve for people to express their concerns and help make change if their views are shared by enough individuals. If such speech is tracked and the authors found and punished (like those that have protested President Bush in the United States or were thrown out of the US Capital for shirts relating to the Iraq occupation). In individual cases this leads to motivating those who believe in the cause being suppressed. In extreme cases it leads people to go directly to much more drastic means such as subversion and terrorism.

The point here is that freedom of speech is as much about having a voice as it is about maintaining a civil society. The creation of technologies that remove that anonymity may have the ironic result of actually making things less safe in the long run as those who feel that they are being oppressed and don’t feel free to express their grievances (free from reprisal) move to more extreme tactics.

Will technology meant to make us safer actually have the opposite affect? I certainly hope not. But as we develop such technologies we should bear such possible outcomes in mind.

Of course, people also may just start to come up with obfuscation programs (such as used in computer code) to mask their identities; only time will tell.

RFID: Tag Your Kids For More Efficient Busses… Hu?

The Associated Press is reporting that a Rhode Island town is going to implement a “test” program where they will RFID (Radio Frequency Identification) children’s backpacks to see where they get on and off the bus. They will also use a GPS system to track the busses location. The ACLU of RI is fighting this action as unnecessary. I’ll avoid the obvious question of why they need this at all since they could just GPS the bus and then have the driver record the number of kids that get on the bus without needing to identify each individual student. The school dismisses concerns that others could use this information to track children since they say it is “just a number”. If this sounds familiar, it might be the ghosts of the debates over the Social Security Number program (and we see how that number has remained just a number and not a personal identifier, right?). The push for RFID stalled some time ago over the debacle with Tesco and its hidden tracking of UK shoppers (and Gillette razors at Wal-Mart here in the US). It appears this is back in the news. There is no question that RFID (Radio Frequency Identification) has many uses, but tracking people is one that many folks are rightfully skeptical of (see www.spychips.com). I’ve not covered RFID yet in this blog (I will some time in the future) but there is good reason to be skeptical about technology that makes its carrier remotely traceable if we believe that people should have personal privacy). At least in the US, privacy is a balance; even in the case of the 4^th amendment, there are weighing factors that have been used to determine the limits of privacy protections v govt. intrusions. In this case, all I can wonder is who thinks this is an appropriate trade off?

AT&T reborn, Former Death Star now Net Nanny

This is a great article about what AT and T is going to do; monitor every bit of information that goes across its network. Oh sure, we’ve known for a while that they do this for the government, but apparently now they are doing it for the RIAA (recording industry) and MPAA (film industry). If this feels a little strange, maybe it’s because it reverses the idea of innocent until proven guilty (granted that is for govt. and no such principal necessarily applies to private industry). The article does a great job of pointing out that the telecoms pushed for (and got) a protection from liability for providing material (as opposed to what happened to Napster or Grokster) assuming that they had no part in deciding what it was. This would seem to contravene that. This also brings in an interesting question about which is more important as a service provider; serving your customers, or helping another industry. If free enterprise is correct, then this knowledge should mean terrible impacts on AT and T’s financial (as the article predicts). If not, then we have a profound example of user’s naïveté about privacy and control measures that is destined to play itself out with potentially unfortunate consequences in the future (the TIA program’s plant to use letter carriers as agents for the govt. and then later firefighters comes to mind as such things in the govt. sector). As for how the public will react, and if AT and T will suffer any measurable financial impact, only the future will tell.

Border Seizure: Is All Information Equal?

The New York Times reported that border guards have seized computers and searched hard drives. The auspices of such actions are based around the noble effort to stop the trafficking of child pornography into the country. The reference to two cases (supporting searches, blocking searches) about the same kinds of searches, the concern that I have in such cases is how a line is drawn between different kinds of data. If the government is allowed to take copies of the data on a hard drive, what is to distinguish between medical records or diary entries from child porn or calls to treason? On a hard drive they are all just zeros and ones and there in lies the difference between real and “intellectual” property. Perhaps one solution is technological (like the use of the carnivore (DCS 1000) email reading system that the NSA uses). Another option is to decide which is the more important liberty to our society. If we search all hard drives looking for illegal material and we find no illegal material but we do find information about a crime that was committed but unprosecuted, should the govt. be allowed to use that? What about the cost of the lost ability to be secure in your “papers” if such things are searchable? If we are not presented a technological solution then how do we draw this line and is this a bright line or one that changes with the times and other information? I personally question if such searches are worth the loss of liberty they provide. Carrying such data across borders is certainly less efficient than just copying it across the internet (Gmail account, LiveDrive, BitTorrent, Anonymous FTP, etc.) so the ability to transmit such data does not seem to me to be significantly impeded by such an action. On the flip side, the self-censorship that would be imposed by individuals who travel abroad based upon the knowledge that the government would have access to such data seems to have great ill effects on first and forth amendment protections. Likewise, the implications of such searches being used against political opponents (like that of Hoover’s FBI) or as a way to monitor US citizens should be something that we should not allow without eminent threat. How do we make decisions about such things in the current time is left to the courts but I think we should not tread recklessly on such tings as they are likely to set precedent for how digital data is perceived by the law in our world where all data is quickly becoming just ones and zeros.

If you are concerned about such searches, I suggest you check out encryption software, like TrueCrypt, and use it to create “virtual drives” that contain the files you would not want searched.

Steve Rambam on Why Privacy is Dead at ToorCon

OK, this lecture is a bit long (almost 2 hrs) but it covers many reasons why the genie may already be out of the bottle. He’s Ex-Law enforcement and a currently private Investigator. He goes over a lot of the sources where info is collected and how people are accessing that data. If you are interested in privacy, it’s worth your time to watch this: http://video.google.com/videoplay?docid=-383709537384528624&q=privacy&total=12601&start=0&num=10&so=0&type=search&plindex=0