“The FBI’s plan would effectively make an entire category of emerging secure platforms — such as the encrypted voice app Silent Circle or the Dropbox-like cloud storage service Spider Oak — illegal overnight.”
The FBI has some strange ideas about how to “update” federal surveillance laws: They’re calling for legislation to penalize online services that provide users with too much security.
I’m not kidding. The proposal was revealed in The Washington Post last week — and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it.
Why? Federal law enforcement agencies like the FBI have long feared their wiretap capabilities would begin “going dark” as criminals and terrorists — along with ordinary citizens — shift from telephone networks, which are required to be wiretap-ready under the 1994 Communications Assistance for Law Enforcement Act (CALEA), to the dizzying array of online communications platforms available today.
While it’s not yet clear how dire the going-dark scenario really is, the statutory “cure” proposed by the FBI — with fines starting at $25,000 a day for companies that aren’t wiretap capable — would surely be worse than the disease.
The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals.
A recent article in The Wall Street Journal by Google Executive Chairman Eric Schmidt, “The Dark Side of the Digital Revolution,” makes for very scary reading. It is not so much because of what he and co-author Jared Cohen, the director of Google Ideas, have to say about how dictators can use new information technology to suppress dissent; we know those guys are evil. What is truly frightening is that the techniques of the totalitarian state are the same ones pioneered by so-called democracies where commercial companies, like Google, have made a hash of the individual’s constitutionally guaranteed right to be secure in his or her private space.
The dictators, mired in more technologically primitive societies, didn’t develop the fearsome new implements of control of the National Security State. Google and other leaders in this field of massively mined and shared information did. As the authors concede and expand on in their new book:
“Despite the expense, everything a regime would need to build an incredibly intimidating digital police state—including software that facilitates data mining and real-time monitoring of citizens—is commercially available right now. … Companies that sell data-mining software, surveillance cameras and other products will flaunt their work with one government to attract new business. It’s the digital analog to arms sales. …”
The Google execs have inadvertently let us in on the world that they inhabit, where the data mining of individual preferences—for such interests as sex and politics—can be cross filed and tabulated by supercomputers to be exploited for commercial gain. The drive for ever more detailed information on individual behavior is on with a vengeance in the profit-driven world of data mining, as anyone who observes the ads that mysteriously pop up during Internet browsing sessions well knows. But that invasive technology is now undergoing a massive revolutionary upgrade provided by the collection of vast numbers of biometric markers.
“Don’t think the data being collected by autocracies is limited to Facebook posts or Twitter comments,” Schmidt and Cohen warn. “The most important data they will collect in the future is biometric information, which can be used to identify individuals through their unique physical and biological attributes. Fingerprints, photographs and DNA testing are all familiar biometric data types today. … With cloud computing, it takes just seconds to compare millions of faces. … By indexing our biometric signatures, some governments will try to track our every move and word, both physically and digitally.” [++]
The legislation is intended to force these companies into finding technology solutions that would enable real-time surveillance.
A bipartisan committee voted on Thursday to advance a bill to clamp down on warrantless government searches of email and other private electronic information.
The bill seeks to modify the 1986 Electronic Communications Privacy Act (ECPA) and require government and law enforcement agencies to get a judge’s approval in most cases in order to access electronic communications. A vote is now expected next month, but while the bill has cross-party support law officials, regulators and some senators are pushing for amendments to weaken its impact.
Democratic senator Patrick Leahy, co-sponsor of the bill with Utah’s Republican senator Mike Lee, said: “I think Americans are very concerned about unwanted intrusions into our private lives in cyberspace. There’s no question if someone wants to go into your house and go through your files and draws you are going to need a search warrant. But if you have those same files in the cloud you ought to have the same sense of privacy.”
Takes less than a minute.
It’s a sign of just how badly the Obama administration’s record on civil liberties is
regardedthat the first reaction to the news that the White House is threatening to veto the Cyber Intelligence Sharing and Protection Act (CISPA) was a sense of surprise.
CISPA is designed to make it easier for private companies to share information about “cybersecurity” issues — hacker attacks, Chinese sabotage, etc. — with government agencies. Under CISPA companies such as Facebook or Microsoft could freely hand over personal information — emails, texts, news feed postings — without having to worry about potential negative consequences, including litigation from outraged users. Naturally, CISPA enjoys wide support from by the tech lobby; IBM sent more than 200 executives to Washington this week to push for its passage. The bill also enjoys bipartisan backing. The House of Representatives is set to vote on the bill either Wednesday or Thursday.
But the White House wants stronger protections for privacy and civil liberties, and stated flatly on Tuesday that “if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill.”
The Administration… remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately.
Privacy activists are delighted by the news. Even if the House ends up passing the bill as it stands, opposition from the White House could doom the legislation’s chances of being taken up in the Senate — a replay of what happened last year, when an earlier version of CISPA failed to become law.
The way to understand these huge empires—Google, Facebook, Apple, Amazon—is they’re all like continents of the world. Imagine it’s the late 19th century. They’ve each got a continent—North America, South America, Asia, Africa. And their continent is their gusher monopoly basis, where they’re the monopoly, they get these huge profits. And then they use those profits in order to branch out and take attacks on the other continents to get a bigger chunk of it, because they really know everyone’s out to take over the world, but they’re the only players in the game. If you don’t have a continent, you’re not a player. And what’s happened on the Internet, too, is that with the rise of patents that these companies use to basically prevent newcomers from coming in, in addition to network economics, it’s become much more closed off than it was 10 or 15 years ago. A lot of the—Google has been the first to admit: ‘We could never start Google today; we’d have to go through so many lawsuits just to even get out of our office. It would be unthinkable.’
Robert McChesney (via azspot)
On Robert W. McChesney’s latest book, Digital Disconnect: How Capitalism is Turning the Internet Against Democracy:
[In] the United States, personal information is bought and sold, without consent, by unidentified third parties. Most users don’t even know if or when they’re being tracked. It should be criminal. But it makes sense to the rulers of the Web, it’ll generate profits. McChesney: “In short, the rational course for these firms—even the ones not presently working closely with the military and security agencies—is to cooperate with the national security state. Any other course of action would threaten their profitability. It’s a no-brainer.”
So when McChesney makes the claim that the, “evidence is clear: the Internet corporations place a lower priority on human rights and the rule of law than they do on profits,” it isn’t the ramblings of a conspiracy theorist. The amble, and always approachable, context he has provided reinforces his perceptiveness, rather than writing him off as some sort of academic outlier. The Internet, once seen as a great democratizing engine, might actually be an indispensable tool for the powerful to remain so.
The Internet is here to stay. That is not in doubt. It is too useful, too entertaining, too enmeshed in everyday life to go the way of the dodo. But it doesn’t seem to be the gift from the gods it once was. Consider: “In 1935, New Republic editor Bruce Bliven characterized himself as among those ‘who find advertising so obnoxious that they wish the radio had never been invented.’ One wonders if the Internet will produce its modern Blivenites—or if, as with broadcasting, people will come to accept its degradation as the natural way of the world and barely recognize, let alone question, what is taking place.”
What seemed to be an increasingly open public sphere, removed from the world of commodity exchange, seems to be morphing into a private sphere of increasingly closed, proprietary, even monopolistic markets. The extent of this capitalist colonization of the Internet has not been as obtrusive as it might have been, because the vast reaches of cyberspace have continued to permit noncommercial utilization, although increasingly on the margins.
Robert McChesney (via azspot)
The CIA’s chief technology officer outlined the agency’s endless appetite for data in a far-ranging speech on Wednesday.
Speaking before a crowd of tech geeks at GigaOM’s Structure:Data conference in New York City, CTO Ira “Gus” Hunt said that the world is increasingly awash in information from text messages, tweets, and videos - and that the agency wants all of it.
“The value of any piece of information is only known when you can connect it with something else that arrives at a future point in time,” Hunt said. “Since you can’t connect dots you don’t have, it drives us into a mode of, we fundamentally try to collect everything and hang on to it forever.”
Hunt’s comments come two days after Federal Computer Week reported that the CIA has committed to a massive, $600 million, 10-year deal with Amazon for cloud computing services. The agency has not commented on that report, but Hunt’s speech, which included multiple references to cloud computing, indicates that it does indeed have interest in storage and analysis capabilities on a massive scale.
This isn’t something the free market can fix. We consumers have no choice in the matter. All the major companies that provide us with Internet services are interested in tracking us. Visit a website and it will almost certainly know who you are; there are lots of ways to be tracked without cookies. Cellphone companies routinely undo the web’s privacy protection. One experiment at Carnegie Mellon took real-time videos of students on campus and was able to identify one-third of them by comparing their photos with publicly available tagged Facebook photos.
Maintaining privacy on the Internet is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, and you’ve permanently attached your name to whatever anonymous service you’re using. Monsegur slipped up once, and the FBI got him. If the director of the CIA can’t maintain his privacy on the Internet, we’ve got no hope.
In today’s world, governments and corporations are working together to keep things that way. Governments are happy to use the data corporations collect — occasionally demanding that they collect more and save it longer — to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they’re not going to give up their positions of power, despite what the people want.
Fixing this requires strong government will, but they’re just as punch-drunk on data as the corporations. Slap-on-the-wrist fines notwithstanding, no one is agitating for better privacy laws.
So, we’re done. Welcome to a world where Google knows exactly what sort of porn you all like, and more about your interests than your spouse does. Welcome to a world where your cell phone company knows exactly where you are all the time. Welcome to the end of private conversations, because increasingly your conversations are conducted by e-mail, text, or social networking sites.
And welcome to a world where all of this, and everything else that you do or is done on a computer, is saved, correlated, studied, passed around from company to company without your knowledge or consent; and where the government accesses it at will without a warrant.
Welcome to an Internet without privacy, and we’ve ended up here with hardly a fight.
A quote I posted several months ago comes to mind:
Don’t you assume that every email of yours, every blog post and comment, every telephone call, anything you write or say using media of any kind is monitored by some government agency or other, if only they decide to check up on you, for any reason they dream up or for no reason at all, just because they’re bored and, hell, you look like you might be fun to investigate for a while? I have assumed exactly that for years. I find it hard to believe that everyone doesn’t make the same assumption. … But ‘privacy’? You don’t have any. You haven’t had any for a long, long time. And this latest story? Fodder for conversation, and outraged posts and articles of course, for a week or two, perhaps three. Then everybody will forget about it.
Sadly, true, and we’ve willingly exposed ourselves every slow, lurching, “this will affect everyone except me” step of the way.