Tag Archives: Privacy

NSA, Phone Records, and access to data systems

Posted on by

NSA – Nothing to See Anywhere around here. The past two days have been bad for the Obama administration for both leaks and for privacy concerns. It was leaked yesterday to the Guardian’s reporter Glenn Greenwald whom a lot of people in the US aren’t fans of because he sticks to his morals regardless of which party is in power. This leak showed something that really shouldn’t be that big of a surprise to anyone. In fact, Senators are all like, what’s the big deal this has been going on since 2007. This was originally just AT&T that was wrapped up in this, but everyone suspected other telecoms were involved. After that had come to light congress retroactively gave immunity to the telecoms, despite an ongoing law suit from the EFF – which was dismissed, although EFF filed another shortly their after.

Today was another turn of events where operation PRISM was unmasked, by both the Guardian and Washington Post. This system has direct access to major technology companies servers including Google and Facebook, although both companies deny this. Superficially, PRISM is intended to filter through to a majority of foreign based data. In this case it’s seriously the slimmest majority – only 51% – a majority though, although in the US Senate you’d never know.

How are these things possible? Two major reasons, the Patriot Act and the “Secret” FISA Court. I use quotes around “Secret” because it’s as “secret” as the drone program. However, we don’t know what decisions are being made, we don’t know what is being taken before the court, and we have no idea what sort of “do process” standards have been implemented in this court. If it’s anything like the drone program it’s likely just a few people sitting in a room talking about how bad terrorism is and data like the above to determine the guy needs to die. It’s no way to run a democracy.

With the combination of the data in our phone records and our internet usage the NSA can create a massive time based network of connections between both Americans and Foreigners. Abrupt changes in the make up of a persons network with people from countries of interest likely flag them as a risk for interacting with Terrorist. Additionally, if a new pattern was detected the NSA would likely go back and look at historic data to try to understand why this new pattern arose and what they could do to predict future shifts in networks towards engaging with these groups of people. It would also lead the NSA to create models that could indicate how likely someone is to develop behavior patterns of terrorists after their network shifts from one sub group to different subgroups. Furthermore, it’s likely that this information would be even more of interest if there’s a full shift of members of that person’s network towards more potential extremists.

We need to work to change this. The Senate knew about this and plans to hold closed door meetings to discuss it. These discussions should be public not behind closed doors. It’s a disgrace.

Obama’s DOJ assault on civil liberties

Posted on by

Obama’s been really bad for privacy, due process, and discretion when it comes to a litany of topics. Many of these issues aren’t really discussed in the mainstream media and it’s beginning to really bother me. I take that back, it’s been bothering me for quiet some time, but I’m going to be talking about it a lot more now. In fact, many of these issues have dated back to before this past election. I was extremely close to voting for a third party candidate for president because I find it repugnant that the US president would kill US citizens abroad without a trial by jury, because the Bush administration created a legal gray zone called “enemy combatant.” I’m not a fan of conjecturing what our founding fathers think about modern day issues, however, I feel that this one is pretty obvious. People were being imprisoned and killed without trail under British rule. The right to a trail was to ensure this wouldn’t happen to a citizen.

The next area that’s really starting to disturb me is the efforts to shut down some types of DDoS activities. It was just discovered within the past few days that the FBI has backdoor access into a company that does DDoS for hire. Which likely means that they’re used as part of the US Cyber Security Defense League of National Homeland Safetiness. It also means that anyone that uses a service like this can be tracked and arrested for using the service, if the FBI decides to – essentially if the FBI feels that the use would have been justified from their perspective the customer wouldn’t be bothered. However, this isn’t the case at all when it comes to teenagers, young adults, or whatever age you are if you’re in Anonymous, Lulzsec, or just Kim Dot Com. According to a great Guardian article, http://www.guardian.co.uk/technology/2013/may/04/security-alert-war-in-cyberspace, there’s a general all out attack on people that decide to use the internet in new ways to do different things. These are people that are notifying others of risks to their own security. For example, Weev, was just sentenced to 3 years in prison for alerting AT&T that the had some email addresses associated with iPads exposed, sure he went through Gwaker, but this information was easily accessible and in plain text. This creates a risk to all security researchers, the people that are called “white hats” that are the good Samaritan hackers which find security exploits, inform the firm give them 30 days or so to fix the issue and then release the information into the public to force the fix. Many cases of hacking are “Black hat” hackers that are really up to no good, but as the generation younger than mine continue to explore the web there will be continued clashed of culture of what is right and wrong on the internet. To me, these prison terms (and attacks that lead to Aaron Swartz’s suicide) is the old guard trying to assert authority in an area they don’t understand and cannot control.

The final area of DOJ assault is on whistle blowers and journalists. I’ve long been an advocate for releasing more information to the public and applying more scrutiny to the government. The scandals with the IRS, Benghazi, and military leaderships only indicate we need more transparency not less. The Obama administration has taken the idea of national security needs to new heights and this has created a pervasive atmosphere throughout the US that governments can simply do as they please. For example New York City, which famously said privacy is off the table, refuses to respond to legally binding Freedom of Information Requests. They are simply ignored. If it’s good for the federal government then it’s good for state and city government! Greater transparency to the public is the only way to prevent corruption throughout the government. I believe the only reason we learned of the IRS fiasco is because it was a government issued report to the public. Otherwise, it would have been buried for years and we wouldn’t have heard of it for some time, and even then there would have been a nasty fight over getting the information public.

Back to my main point of the assault on journalism – the DOJ secretly sopenaed phone records from the AP, then charged an investigative reporter from Fox as a co-conspirator which allowed the DOJ to access emails and other records skirting typical judicial oversight when dealing with the press. Furthermore, nearly all aspects of the US Government feel they can just access whoevers email they want without a warrant.

All of these things are setting really bad precedents and we need to hold people accountable to them. I know that many of you out there are apathetic towards voting. Instead of not voting, vote for a third party. Aside from Obama and the guy that ran against Lamar Smith, I voted third party for anything I could. I knew it wouldn’t have much of an impact, but I’m starting to do that and I plan to continue to do so. I also plan to support activities to get money out of our government. You should too.

A bit remiss

Posted on by

Sorry dear readrs, I’ve been very bad about writing any blogs lately. I’ve had some pretty big changes in the past two months as you all know. I’ve moved back from the Netherlands to the US, did some consulting work and I just started a job at AMD. Consequently, I’ve not been able to post as much as I have in the past. Big changes have been happening in my life.

Because of these changes I wasn’t able to pay enough attention to the CISPA fiasco that just occurred in the US. This law is a terrible step in the direction of data tyranny. I’m even being hyperbolic about this either. I wrote about the risks of having a voluntary data sharing program and in my review of Consent of the Networked I discussed the different data and Government regimes out in the “wild.” These concerns are valid. We need to be aware of what’s going on. Now, I have to say we pretty much blew our collective internet protest load with the SOPA/PIPA protests. Which is actually a problem. I would hazard that in many ways CISPA is as bad or worse than SOPA, however I didn’t see as much chatter about CISPA on reddit, twitter, Google+ or Facebook about CISPA as I did about SOPA.

I think there are a few reasons for this actually. First, the majority of the people were able to clearly understand the risks associated with SOPA. These risks are pretty straight forward and understandable. These risks affect us tomorrow not in some future time period. In many ways SOPA like acts can already happen today. This makes it extremely obvious why SOPA/PIPA are terrible laws and should be opposed at many levels. Second, with CISPA coming so quickly after the SOPA/PIPA protests there was likely something of a protest overload or disbelief that another law could come through so quickly that is as bad or worse than SOPA. Especially with the language that was being used at the time of SOPA. It would have broken the Internet, how could anything be worse than that? Third, there was more support by large companies for this law than for SOPA. Apparently that actually matters more than we realized. We were able to push Wikipedia, Facebook, and other large companies to protest this law. However in this case Facebook and Microsoft supported the law while Google sat on the sideline saying nothing about the law.

I think from this stand point, people that weren’t happy with CISPA but didn’t understand the importance likely didn’t do anything about it. However, whenever a fantastic website like Wikipedia blacks out in protest for a law it will get people who are only on the fence about the law to actually do something about the law.

CISPA and SOPA are both bad but in very different ways. CISPA is something of an abstraction of risk. Losing your privacy when so many people already voluntarily give up so much information about themselves on Facebook and Twitter might not seem like as big of a deal. The secondary abstraction is a lack of understanding of the impact of the data sharing. It’s unclear of what exactly the Feds would do with the data once they have it. It’s unclear how data sharing would occur within the government. However, it is likely that the data would be shared throughout the government including the military. Which many privacy experts are say essentially legalizes military spying on US civilians. The third problem is that many people also feel that if you aren’t doing something wrong you don’t have anything to worry about. However, this is a fallacy as even people who are doing things that aren’t wrong can get in trouble. I’ve discussed the cases where people are fired for posting drunken pictures on Facebook. Additionally, this type of law represents the biggest of the big government that we can imagine. There’s no reason why the government needs to know what we’re doing in this level of detail.

It’s going to be a long and difficult fight to keep our internet free. However, it’s something that we must do and I believe we can do it. We will just need to keep vigilant and work together to ensure that our internet stays our internet.

Free-market, Small Government and Regulations

Posted on by

The free-market has been used to argue against regulations and for small government for years. However, I believe that the major supporters of using the free-market argument are disingenuous in their application of the argument. In addition, the free-market is a flawed theory which needs to be revisited by neoclassical scholars and adjusted.

The free-market theory comes from the idea that there is an invisible hand that guides the market towards equilibrium between supply and demand. This assumes that once the equilibrium is hit it will stay at that point until there is some shock to the system which would find a new equilibrium. Each time that there is a shock, the invisible hand would push the market into a new equilibrium. This idea came as a side comment in the Wealth of Nations. This idea has become enshrined in the minds of neoclassical economics in a manner that Newtonian Physics was presumed to be accurate. In both cases the theory is incorrect. Relativistic Physics has replaced Newtonian, but in Economics the free-market is still the prevailing mechanism for policy creation. There has been no evidence for an invisible hand at all. In fact Metcalf created the theory of a networked economy which argues that the value of a good becomes more valuable as more people use it. I’ve mentioned this in the past. Essentially, this will prevent any equilibrium from every being found as the price can increase and people will still adopt the networked item because it’s becoming more valuable to the user. Or the price can remain constant even when it should drop for other factors such as a reduction in cost of production. A perfect example is the iPhone. According to research Apple has a whopping 72% margins on the iPhone, even if production was moved to the US Apple would still make 42% margin on the iPhone. There also is an over production of the iPhone and strong competition, which would indicate that the iPhone should drop prices as they are capable with that large of a margin. This market has a great deal of competition and has a large number of companies producing, which indicates that it Apple should be under pressure to drop prices. However this isn’t happening because of the networked value of the iPhone. There are a huge number of apps for the phone, the apps are high quality and the product works well with other iPhones. The market has had no impact on the cost of the iPhone.

However, free-market champions would look at any effort to change the labor practices of Apple as wrong headed and regulation that isn’t required. The Market isn’t demanding any change to labor practices because the market can bear the current prices and the demand indicates that people don’t care about labor practices. However, it’s well known that there are no alternatives to Apple’s iPhone that are produced in an ethical manner. So voting with your money wouldn’t actually work here. The problem arises because there is something of a monopoly in the manufacturing of the smart phones in FoxConn. In this case there is a market failure. Which is something that neoclassical theorists argue cannot occur. The market cannot send a signal to firms because there is no mechanism in which the market could send a signal. This is can be understood if you view this industry as a networked economy. Where you see the ties between manufacturers and handset companies, which would show a massive connection to FoxConn.

Efforts to regulate the manufacturing of devices have been argued as the reason for moving the manufacturing to other countries. However, this is not the case in the case of Apple, as they would still have huge margins. It’s because the company is attempting to maximize profits, not reduce costs to be profitable. The same arguments have been used to argue for smaller government. Saying that since there are no market failures the government should not intervene in the industry.

The unfortunate thing is that these arguments immediately disappear when it comes to protecting the profits of record industries. The same free-market advocates then move to argue that intellectual property must be protected. Essentially, creating protection for a specific product through IP causes a market failure and prevents the market from operating at its most efficient because there are not other competitors in the market. Creating IP requires a huge regulatory framework from the mechanisms of registering, logging complaints and prosecuting actors that infringe on the IP.

This type of industrial policy is typically derided by the small government fans, as it is a type of regulation that selects a “winner” (IP owners) over “losers” (non IP owners). Which may be fine. However, whenever this selection pushes our government to select a winner (Music) over the fastest growing, possibly only growing, part of our economy (internet based companies) there is a serious risk to the future. As I’ve mentioned before these laws represent huge risks for innovation.

These laws are SOPA and PIPA, which I’ve discussed extensively. However, the next round of internet regulations come in the form of CISPA. This bill, which requires allows companies to share extensively with government agencies. This type of sharing of user data and information about the activities going on at the company would not go over very well from the the free-market advocates if this was a request for data about customer data for car dealerships or steel mills. Essentially, this is going to increase the cost of doing business in the US. This may prevent companies from working in the US and prevent innovation. If I was to create a company that dealt with social data I would not want to do so after the passing of this bill. It would be likely that I would be blackmailed into giving the government data about my users that I had no desire to give them.

The internet is the perfect example of a networked economy. Facebook’s value comes from the fact that it has a huge user base. This is true for Google, Amazon and Instagram (List of companies that support CISPA). Without the users the services is literally worthless. With the users a company without any revenues can be worth $1 Billion (Instagram). The difference between this bill and other bills like SOPA and PIPA is that the agreement is bidirectional. The government will likely help Facebook and Google fight Chinese attacks and give information to each other about the activities of online hacktivist groups like Anonymous. It is likely that 4chan will end up giving over IP data and other information related to anonymous and Anonymous users.

This is regulation that the internet doesn’t need and will stifle innovation. The government already has these powers, which maybe why the Obama administration is opposed to CISPA. It is also ironic that Obama plans on sanctioning countries that use Tech to abuse human rights specifically committing genocide. A whistle blower has recently announced that the NSA has intercepted 20 TRILLION emails and likely has copies of all of these stored somewhere. The passing of CISPA and any other law of similar persuasion  would likely protect companies like AT&T from future lawsuits for being complicit with these activities.

For devotes of the Free-Market these laws create market distortions and will cause serious harm to innovation on the internet. For people that understand networked economies, this will greatly undermine the value of these networks as users will likely change their behavior to mitigate the amount of information the Government can compile on them. CISPA and its sister laws SOPA and PIPA represent big government actions attempting to control and regulate industries that do not need to be regulated. In this case there is no market failure that needs to be addressed. Privacy is something that the users have been pushing for and Facebook and Google have steadily improved on those accounts. Surprisingly industry is doing a decent job at regulating itself. Finally, regulations being pushed by advocates of small government and free-market smack of hypocrisy and a lack of understanding. These laws require a deep understanding of the internet and how the market of the internet works. Without this understanding terrible laws will be passed that will damage our privacy and freedoms. For the issues that this law would protect from there are other methods that could be employed to gain the desired results without passing laws.

Contact your congressional members to fight against this bill.

Data protection, anonymity and copyright

Posted on by

I talk a great deal on this blog about data issues, privacy and ownership, anonymity and copyright, however is there a clear connection between them? Should we care about who has access to our data, who we are and control over our access to data?

I think that these issues are so connected that we need to do something about how they are managed at a federal level. Currently, it’s rather easy for governments to request data from internet sites. Some times they require warrants or court orders other times the companies simply hand over the data. Savvy users understand how their data is collected and used by companies. I’ll be the first to admit that I’m learning about this as I’m going. It’s not easy because some times it’s really inconvenient to really protect your data. The more sites that are connected together the more likely one of your accounts are to be hacked. Linking sites also creates other problems. Specifically Facebook and Google. Twitter isn’t as bad, but it easily could be.

Why are Facebook and Google bad though? First Facebook is the worst by far. Both Zuckerbergs have made statements proclaiming privacy a bad thing.We can see this erosion with the creation of Facebook’s OpenGraph and seamless information sharing. We’ve all see the increase in the amount of information that our friends are sharing. Such as Spotify and articles they’ve read. Which now no longer click through, but end up going to some app from that company. All of this information is being stored and sold to customers with your name on it. Effectively you’ve lost your ability to view websites freely without it being stored on multiple servers by multiple companies at the same time.
Google comes in a close second with their privacy problems. They aren’t any better with Google+ as they require names at this time. We also don’t know what Google does with the information that you give them when you link accounts together. By giving access to Google when you sign into another website Google is learning more about you which will likely be used to adjust your filter bubble.

Without anonymity or at least pseudonymity it’s significantly more difficult to control access to your data. Putting a buffer between you and the people that are interested in learning about you as a person can protect you from a lot of bad people. However, whenever there are discussions about anonymity or pseudonyms some one almost always makes the argument that it will increase the safety for child molesters or terrorists.

The Copyright industry is one of the most vocal advocates of this tactic. In fact, this is one of the arguments being used for SOPA. They argue that if you don’t have anything to hide then you have nothing to worry about. Well, I don’t buy that argument. People have privacy fences for a reason around their yard. Why not do the same thing for your data? Being anonymous doesn’t mean your bad, it just means your being safe.

Anonymity makes it more difficult for copyright holders to come after people who download movies without buying the movie. They want to know if your downloading it regardless of the fact that you might actually own the movie in some other physical medium and are using the digital copy as a back up. They also don’t really care if you go out and buy the movie after watching it. In fact the Swiss government came out and said that buying a movie or song after downloading is extremely common.

Based on these three points, I believe that everyone should be pushing leaders to increase the ability for users to be anonymous on the internet. This will protect users data from identity theft, allow users better control over their data and decrease the impact of the filter bubble. We must accept the fact that people may use the freedom in unethical ways. However, this doesn’t mean that it’s unethical for people to be anonymous online and doesn’t mean that they are unethical. It means that we need to define clear laws and procedures to deal with unethical or illegal activities in these systems. Without these guidelines we are likely to have no control over our data.