Erosion of Individual Privacy

“Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons. . . . This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is important to individual autonomy as well.” -Kim L. Scheppele, Legal Secrets 302 (1988) “Knowledge is Power” -Sir Francis Bacon

“The technotronic era involves the gradual appearance of a more controlled society. Such a society would be dominated by an elite, unrestrained by traditional values. [...] [T]he capacity to assert social and political control over the individual will vastly increase. It will soon be possible to assert almost continuous surveillance over every citizen and to maintain up-to-date, complete files, containing even most personal information about the health or personal behavior of the citizen in addition to more customary data. These files will be subject to instantaneous retrieval by the authorities.” -Zbigniew Brzezinski, protegé of David Rockefeller, cofounder of the Trilateral Commission, and NSA to Jimmy Carter, from his 1971 book Between Two Ages

Individual privacy rights are an impediment to the oligarchy of power brokers. They increase the self-respect and mutual respect of those who would be ruled, and they decrease the thoroughness with which their compliance with the dictates of the oligarchy can be evaluated. In particular, individual privacy rights make it harder for the oligarchy to detect and snub in the crib cultural and technological innovations that threaten their hegemony. This archive of Guy Polis's Cryptography Manifesto details many of the techniques and strategies intelligence agencies (and other organizations) use in mining personal information, including a treatment of the infamous Echelon network. Something to consider: a representative of the National Security Agency visits the Altavista site in Palo Alto once a week to collect data on site traffic. In 1996, the CFO of the facility personally confessed this to me, when prodded. The other major search engines probably have similar arrangements.

The Echelon articles are mostly in a dedicated subchapter on Echelon. That subchapter contains most of the coverage of the signals intelligence establishment.

EFF's list of printers that rat out their owners

from the New York Times, 2009-Jan-17, by Robert Pear: Privacy Issue Complicates Push to Link Medical Data WASHINGTON — President-elect Barack Obama's plan to link up doctors and hospitals with new information technology, as part of an ambitious job-creation program, is imperiled by a bitter, seemingly intractable dispute over how to protect the privacy of electronic medical records. Rahm Emanuel, the White House chief of staff-designate, said it was “essential” to protect personal health information. Lawmakers, caught in a crossfire of lobbying by the health care industry and consumer groups, have been unable to agree on privacy safeguards that would allow patients to control the use of their medical records. Congressional leaders plan to provide $20 billion for such technology in an economic stimulus bill whose cost could top $825 billion. In a speech outlining his economic recovery plan, Mr. Obama said, “We will make the immediate investments necessary to ensure that within five years all of America's medical records are computerized.” Digital medical records could prevent medical errors, save lives and create hundreds of thousands of jobs, Mr. Obama has said. So far, the only jobs created have been for a small army of lobbyists trying to secure money for health information technology. They say doctors, hospitals, drugstores and insurance companies would be much more efficient if they could exchange data instantaneously through electronic health information networks. Consumer groups and some members of Congress insist that the new spending must be accompanied by stronger privacy protections in an era when digital data can be sent around the world or posted on the Web with the click of a mouse. Lawmakers leading the campaign for such safeguards include Representatives Edward J. Markey of Massachusetts and Pete Stark of , both Democrats; Senator Patrick J. Leahy, Democrat of Vermont; and Senator Olympia J. Snowe, Republican of Maine. Without strong safeguards, Mr. Markey said, the dream of electronic health information networks could turn into “a nightmare for consumers.” In the last few years, personal health information on hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. These breaches occurred despite federal privacy rules issued under a 1996 law. Congress is trying to strengthen those privacy protections and make sure they apply to computer records. Lobbyists for insurers, drug benefit managers and others in the health industry are mobilizing a campaign to persuade Congress that overly stringent privacy protections would frustrate the potential benefits of digital records. One of the proposed safeguards would outlaw the sale of any personal health information in an electronic medical record, except with the patient's permission. Another would allow patients to impose additional controls on certain particularly sensitive information, like records of psychotherapy, abortions and tests for the virus that causes AIDS. Patients could demand that such information be segregated from the rest of their medical records. Under other proposals being seriously considered in Congress, health care providers and insurers would have to use encryption technology to protect personal health information stored in or sent by computers. Patients would have a right to an accounting of any disclosures of their electronic data. Health care providers and insurers would have to notify patients whenever such information was lost, stolen or used for an unauthorized purpose. And patients — or state officials acting on their behalf — could recover damages from an entity that improperly used or disclosed personal health information. Rahm Emanuel, who will be the White House chief of staff for Mr. Obama, advocated such safeguards when he was a House member from Illinois. “As we move forward on health information technology,” Mr. Emanuel said, “it is absolutely essential that an individual's most personal and vulnerable information is protected.” Advisers to Mr. Obama say he favors strong privacy protections but does not want the dispute to slow down the bill. Mary R. Grealy, president of the Health Care Leadership Council, which represents large health care corporations, said the proposed safeguards could be an impediment to the widespread adoption of health information technology and counteract any economic stimulus effect. In a letter to Congressional leaders, Karen M. Ignagni, president of America's Health Insurance Plans, a trade group for insurers, expressed “serious concern about privacy provisions being considered for inclusion in the economic stimulus bill.” She criticized, in particular, a proposal that would require health care providers to obtain the consent of patients before disclosing personal health information for treatment, payment or “health care operations.” Such a requirement, she said, could cripple efforts to manage chronic diseases like diabetes, which often require coordination of care among many specialists. At the moment, senior House Democrats are determined to include privacy safeguards in the economic recovery bill. But some insurance lobbyists said they hoped Congress would punt on the issue, leaving privacy standards to be developed by the Health and Human Services Department, where they believe they can make their case more effectively. has joined many consumer groups in supporting stronger safeguards. The software giant has developed products that allow consumers and providers to store and share medical data in a secure format. “Health information technology will succeed only if privacy is protected,” said Frank C. Torres, director of consumer affairs at Microsoft. “For the president- elect to achieve his vision, he has to protect privacy.” Senator Sheldon Whitehouse, Democrat of Rhode Island, and Peter R. Orszag, director-designate of the White House Office of Management and Budget, said electronic medical records could be more secure than paper records. “If the files are electronic,” Mr. Whitehouse said, “computers can record every time someone has access to your medical information.” But, he said, the challenge is political as well as technical. “Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it's vitally important that we err on the side of privacy.” The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives. “Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members. from Investor's Business Daily, 2008-Oct-29: Obama's Plumbers Election '08: Ohio Democrats refused to act on ACORN's massive vote fraud. Yet they have time to scour the private records of Joe the Plumber. No wonder Barack Obama finds the Constitution an inconvenience. Joe Wurzelbacher (also known as Joe the Plumber) has learned there's a price to pay for being the one to get Obama to admit that he has a socialist dream to "spread the wealth." Not only are you thrust into the public eye, you get the privilege of having government officials who support Obama rifle through private files looking for dirt on you. Helen Jones-Kelley, director of the Ohio Department of Job and Family Services and a maxed-out contributor to the Obama campaign, has confirmed that she approved the check on Samuel Joseph Wurzelbacher after the Oct. 15 presidential debate. Jones-Kelley explained her governmental prying by saying, "Our practice is when someone is thrust quickly into the public spotlight, we often take a look" at them. For example, she cited the case of a lottery winner who was found to owe back child support. But Wurzelbacher didn't win the lottery; he merely asked how much more of his hard-earned money was going to be taxed away under the Obama plan. According to the Columbus-Dispatch, at least four state computer checks on Wurzelbacher were conducted shortly after Republican John McCain frequently brought up "Joe the Plumber" during the final presidential debate. In addition to the Department of Job and Family Services, driver's license and vehicle registration information on "Joe" was pulled from Bureau of Motor Vehicles computers. BMV information on Wurzelbacher also was obtained through accounts assigned to the Cuyahoga County Child Support Enforcement Agency and the Toledo Police Department. In a 2001 radio interview in which Obama again expressed belief in the "redistribution of wealth," the Illinois senator regretted that the Supreme Court "didn't break free from the essential constraints that were placed by the Founding Fathers in the Constitution." Will Obama, through his appointments to the court, remove those constraints? Is "Joe" only the first on an Obama's enemies list? Contrast this investigative frenzy with the refusal of Ohio's Democratic Secretary of State, Jennifer Bruner, to use government records to check the thousands of new voters registered by ACORN and others for registration fraud. She also refused notify local election officials when fraud was discovered. This isn't the first time team Obama has sought to stifle dissent, threatening to use the powers of government to intimidate and punish its opponents. A recent report on KMOV-TV in St. Louis said: "The Barack Obama campaign is asking Missouri law enforcement to target anyone who lies or runs a misleading TV ad during the presidential campaign." The Obama campaign will target anyone who says this emperor has no clothes. It wasn't long ago that a team of 30 lawyers, investigators and Democratic party operatives trekked up to Alaska to find dirt on Sarah Palin. they're after Joe the Plumber. Should Obama, Sen. Harry Reid and House Speaker Nancy Pelosi gain unfettered control of the powers of government and the Supreme Court and reinstate the so-called Fairness Doctrine, they might come after you. from IDG via the New York Times, 2008-Oct-28, by Jaikumar Vijayan: Contractor suspected in 'Joe the Plumber' privacy breach The Ohio State Highway Patrol has identified a suspect in a criminal case involving illegal access to information in a state government database about Joseph Wurzelbacher, the plumber made famous by Sen. John McCain, R-Ariz., during the Oct. 15 presidential debate. Sgt. Tim Karwatske, a spokesman for the state highway patrol, Tuesday said that the investigation is focusing on a contractor working for the Ohio Department of Insurance in Columbus. A Hewlett-Packard computer belonging to the agency has been seized as evidence, Karwatske said. He did not name the person because the investigation is still under way and no formal charges have been filed in the case, he said. The criminal investigation came at the behest of Ohio State Attorney General Nancy Rogers' office after it was discovered that someone had surreptitiously used an old test account created by the attorney general's IT team to access Wurzelbacher's records. This is not the first time that illegal access to records of high-profile individuals by insiders with privileged access has surfaced during this election. Earlier this year, U.S. Department of State officials disclosed that private contract employees working for the agency had repeatedly accessed passport records belonging to Sen. Barack Obama, D-Ill., Sen. Hillary Clinton, D-N.Y., McCain and others. Jennifer Brindisi, a spokeswoman at the Ohio attorney general's office, Tuesday said that the test account used to access Wurzelbacher's data was created four years ago during the development of Ohio's Local Law Enforcement Information Sharing Network (OLLEISN). The test account was shared with several unidentified contractors when OLLEISN was being built, Brindisi said. When the illegal use of the account was discovered, the matter was turned over the Highway Patrol, which launched a criminal investigation into the unauthorized access, Brindisi said. "No one from the Attorney General's Office was involved in the unauthorized inquiry into Joe Wurzelbacher's records," Brindisi said via e- mail. The attorney general's office has changed the security codes and taken other "appropriate measures" to tighten access to OLLEISN data, Brindisi said. OLLESIN was created by the Ohio Association of Chiefs of Police as a tool to help local law enforcement agencies in the state share multi-jurisdictional information on suspects, wanted individuals, warrants, incident data and field interview notes, according to an official description of OLLESIN. The data behind OLLESIN is part of the state attorney general's Ohio Law Enforcement Gateway (OHLEG) Web portal and can be accessed either via a Web interface or through the Computer Aided Dispatch and Records Management Systems used by law enforcement officers. Users need individual accounts issued directly from the Rogers' office to access the records and all access is logged. The illegal access case is just one of four similar incidents involving Wurzelbacher's information after the plumber shot into the news following McCain's repeated use of his name to highlight a point about Obama's tax plans. The data checks were initially uncovered by the The Columbus Dispatch, which on Saturday reported that Wurzelbacher's file at the Ohio Bureau of Motor Vehicles (BMV) had been accessed at least three times by unknown individuals using state government computers in the days immediately following the debate. According to the paper, the information in the BMV computers was accessed from accounts assigned to at least two state government agencies in addition to the one in Rogers' office. In a follow-up report Tuesday morning, the paper noted that Ohio's inspector general is also investigating why the director of the Ohio Department of Job and Family Services had approved a check of Wurzelbacher's background in the agency's child-support computer system. It is not clear yet what exactly motivated these searches. McCain's camp has accused Obama's team of being somehow involved in the matter, while the latter's campaign has flatly dismissed such suggestions. Such incidents highlight the relative absence of proper access controls and measures for enforcing them, said Brian Cleary, a vice president of marketing at Aveksa, a Waltham, Mass.-based security vendor. Organizations that want to mitigate the risk for such incidents need to implement controls to ensure that privileged insiders have access to critical information only on an as-needed basis and then only when it is needed, he said. from the New York Times, 2008-Nov-12, by Jackie Calmes: For a Washington Job, Be Prepared to Tell All WASHINGTON — Want a top job in the Obama administration? Only pack rats need apply, preferably those not packing controversy. A seven-page questionnaire being sent by the office of President-elect Barack Obama to those seeking cabinet and other high-ranking posts may be the most extensive — some say invasive — application ever. The questionnaire includes 63 requests for personal and professional records, some covering applicants' spouses and grown children as well, that are forcing job-seekers to rummage from basements to attics, in shoe boxes, diaries and computer archives to document both their achievements and missteps. Only the smallest details are excluded; traffic tickets carrying fines of less than $50 need not be reported, the application says. Applicants are asked whether they or anyone in their family owns a gun. They must include any e-mail that might embarrass the president-elect, along with any blog posts and links to their Facebook pages. The application also asks applicants to “please list all aliases or `handles' you have used to communicate on the Internet.” The vetting process for executive branch jobs has been onerous for decades, with each incoming administration erecting new barriers in an effort to avoid the mistakes of the past, or the controversies of the present. It is typically updated to reflect technological change (there was no Facebook the last time a new president came to town). But Mr. Obama has elevated the vetting even beyond what might have been expected, especially when it comes to applicants' family members, in a reflection of his campaign rhetoric against lobbying and the back-scratching, self-serving ways of Washington. “President-elect Obama made a commitment to change the way Washington does business, and the vetting process exemplifies that,” said Stephanie Cutter, chief spokeswoman for the Obama transition office. Jobs with the mortgage-finance giants Fannie Mae and Freddie Mac have served as lucrative incubators for Democratic and Republican administration officials. But those affiliations have become potentially toxic since the government seized both companies after years of financial irregularities that have stoked the economic crisis. Not surprisingly, then, Question 18 of the Obama application asks whether “you, your spouse or any member of your immediate family” have been affiliated with Fannie, Freddie, American International Group, Washington Mutual and any other institution getting a government bailout. Under “Domestic Help,” the questionnaire asks the immigration status of applicants' housekeepers, nannies, chauffeurs and yard-workers, and whether applicants have paid the required taxes for household employees. (Those questions reflect controversies that tripped up President 's first two nominees for attorney general in 1993.) “Every transition is cumulative,” said Michael Berman, a lawyer and lobbyist who worked in the transitions of both Mr. Clinton and President Jimmy Carter. After reviewing the Obama application, Mr. Berman added, “I am very happy I am not seeking a job in the federal government.” A former Clinton White House official who insisted on anonymity said in an e-mail message, “I believe it is considerably more detailed than we had to fill out in '93. Interesting that they want spouse information on everything — means lots of folks are going to have to list the very prominent — and controversial — companies that their spouses work/lobby for.” The first question asks applicants not just for a résumé, but for every résumé and biographical statement issued by them or others for the past 10 years — a likely safeguard against résumé falsehoods, one Clinton administration veteran said. Most information must cover at least the past decade, including the names of anyone applicants lived with; a chronological list of activities for which applicants were paid; real estate and loans over $10,000, and their terms, for applicants and spouses; net worth statements submitted for loans, and organization memberships — in particular, memberships in groups that have discriminated on the basis of race, sex, disability, ethnicity, religion or sexual orientation. There are no time limits for some information, including liens, tax audits, lawsuits, legal charges, bankruptcies or arrests. Applicants must report all businesses with which they and their spouses have been affiliated or in which they have had a financial stake of more than 5 percent. All gifts over $50 that they and their spouses have received from anyone other than close friends or relatives must be identified. Just in case the previous 62 questions do not ferret out any potential controversy, the 63rd is all-encompassing: “Please provide any other information, including information about other members of your family, that could suggest a conflict of interest or be a possible source of embarrassment to you, your family, or the president-elect.” The answer could duplicate the response to Question 8: “Briefly describe the most controversial matters you have been involved with during the course of your career.” For those who clear all the hurdles, the reward could be the job they wanted. But first there will be more forms, for security and ethics clearances from the Federal Bureau of Investigation and the Office of Government Ethics. from the Times of , 2008-Oct-19, by David Leppard: Government faces fight from within for spy database A Home Office revolt is stalling a plan to store our e-mails and calls but a more sinister one may take its place Jacqui Smith, the home secretary, faces a revolt from her senior officials over plans to build a central database holding information on every telephone call, e- mail and internet visit made in the UK. A “significant body of Home Office officials dealing with serious and organised crime” are privately lobbying against the plans, a leaked memo has revealed. They believe the proposals are “impractical, disproportionate, politically unattractive and possibly unlawful from a human rights perspective”, the memo says. Their stance puts them at loggerheads with the spy-masters at GCHQ, the government's eavesdropping centre in Cheltenham, who have been driving through the plans. The Home Office rebels appear to have forced Smith to stall plans to announce a bill in the Queen's speech authorising the database. She has instead ordered her officials to review the proposals. This weekend a top law enforcement body further dented the government's case for the database. Jack Wraith, of the data communications group of the Association of Chief Police Officers, described the plans as “mission creep”. He said there was an “inherent fear” of the data falling into the wrong hands. “If someone's got enough personal data on you and they don't afford it the right protection and that data falls into the wrong hands, then it becomes a threat to you,” he said. Smith is already studying less explosive but equally effective alternatives. One option involves a system based on sending automated requests to databases already held by telephone and internet firms. Privacy campaigners believe the proposals form part of a “pentagon” of five huge databases, all linked together in real time to create the ultimate surveillance society. This would include compulsory registration of all Britain's 72m mobile phones, more than 40m of which are prepaid. Terrorists and criminals prefer to hide behind the anonymity of prepaid phones, so a communications database needs to include accurate details of prepaid subscriber details. The Home Office yesterday declined to comment on the plans. But the office of Richard Thomas, the information commissioner, said it expects this register to be included in the database proposed in the draft communications data bill. Vodafone is believed to be one of the mobile phone firms now drawing up plans for compulsory customer registration. Such a system, already used in Europe, would require a passport or ID to register a phone. Phones can be located to within a few yards using cell site analysis – which tracks mobile phone users as they move from one signalling area to the next. The system would then link with the automatic number plate recognition (ANPR) system of traffic cameras, which provides live coverage of motor-ways and main roads. It, in turn, is linked to the DVLA in Swansea which holds the records of all registered vehicles in the country. By monitoring a single telephone call it would be possible to identify exactly where its user was and the registration number of the car in which he or she was travelling. This car could then be found within seconds by the ANPR cameras and tracked along its journey. Simon Davies, of Privacy International, said: “If you can do this in real time, with all the databases being interoperable, you have absolute perfect surveillance.” The plans for a communications database are equally intrusive. At their heart is a massive extension in an existing network of black boxes plugged into the internet. They intercept data on the web and extract information to be routed into computers held by MI5 and GCHQ, if required. Little is known about the extent of the system, but sources say that last year GCHQ was given £1 billion to extend it. Total costs for the project are estimated to be as high as £12 billion. Advocates of the database say terrorists are stateless and highly mobile and their communications are hard to detect among the billions of pieces of data on the internet. Last year about 14% of all calls were made over the internet, prompting police to complain that they are losing the ability to track calls. Unlike telephone companies, which must keep data for billing, internet call firms such as Skype have no reason to keep the records. A European Union directive introduced after the London and Madrid terror attacks compels service providers to keep all telephone and e-mail data for two years.This requirement will be extended to cover websites in March. But it does not include calls via the internet. Anyway, call and e-mail data is held separately in hundreds of company databases. Opponents fear the cost and ethical implications of a central database are too great. Liberty, the civil rights group, has said that it will mount a legal challenge. Lord Carlile, the independent reviewer of terrorist legislation, said the idea was “awful”. from the Times of London, 2008-Oct-19, by David Leppard: Passports will be needed to buy mobile phones Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society. A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say. The move is targeted at monitoring the owners of Britain's estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details. The pay-as-you-go phones are popular with criminals and terrorists because their anonymity shields their activities from the authorities. But they are also used by thousands of law-abiding citizens who wish to communicate in private. The move aims to close a loophole in plans being drawn up by GCHQ, the government's eavesdropping centre in Cheltenham, to create a huge database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain. The “Big Brother” database would have limited value to police and MI5 if it did not store details of the ownership of more than half the mobile phones in the country. Contingency planning for such a move is already thought to be under way at Vodafone, where 72% of its 18.5m UK customers use pay-as-you-go. The office of Richard Thomas, the information commissioner, said it anticipated that a compulsory mobile phone register would be unveiled as part of a law which ministers would announce next year. “With regards to the database that would contain details of all mobile users, including pay-as-you-go, we would expect that this information would be included in the database proposed in the draft Communications Data Bill,” a spokeswoman said. Simon Davies, of Privacy International, said he understood that several mobile phone firms had discussed the proposed database in talks with government officials. As The Sunday Times revealed earlier this month, GCHQ has already been provided with up to £1 billion to work on the pilot stage of the Big Brother database, which will see thousands of “black boxes” installed on communications lines provided by Vodafone and BT as part of a pilot interception programme. The proposals have sparked a fierce backlash inside Whitehall. Senior officials in the Home Office have privately warned that the database scheme is impractical, disproportionate and potentially unlawful. The revolt last week forced Jacqui Smith, the home secretary, to delay announcing plans for the database until next year. from the Washington Post, 2008-Aug-1, p.A1, by Ellen Nakashima: Travelers' Laptops May Be Detained At Border No Suspicion Required Under DHS Policies Federal agents may take a traveler's laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement. "The policies . . . are truly alarming," said Sen. Russell Feingold (D-Wis.), who is probing the government's border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin. DHS officials said the newly disclosed policies -- which apply to anyone entering the country, including U.S. citizens -- are reasonable and necessary to prevent terrorism. Officials said such procedures have long been in place but were disclosed last month because of public interest in the matter. Civil liberties and business travel groups have pressed the government to disclose its procedures as an increasing number of international travelers have reported that their laptops, cellphones and other digital devices had been taken -- for months, in at least one case -- and their contents examined. The policies state that officers may "detain" laptops "for a reasonable period of time" to "review and analyze information." This may take place "absent individualized suspicion." The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cellphones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as 'pocket trash' or 'pocket litter.' " Reasonable measures must be taken to protect business information and attorney-client privileged material, the policies say, but there is no specific mention of the handling of personal data such as medical and financial records. When a review is completed and no probable cause exists to keep the information, any copies of the data must be destroyed. Copies sent to non- federal entities must be returned to DHS. But the documents specify that there is no limitation on authorities keeping written notes or reports about the materials. "They're saying they can rifle through all the information in a traveler's laptop without having a smidgen of evidence that the traveler is breaking the law," said Greg Nojeim, senior counsel at the Center for Democracy and Technology. Notably, he said, the policies "don't establish any criteria for whose computer can be searched." Customs Deputy Commissioner Jayson P. Ahern said the efforts "do not infringe on Americans' privacy." In a statement submitted to Feingold for a June hearing on the issue, he noted that the executive branch has long had "plenary authority to conduct routine searches and seizures at the border without probable cause or a warrant" to prevent drugs and other contraband from entering the country. Homeland Security Secretary Michael Chertoff wrote in an opinion piece published last month in USA Today that "the most dangerous contraband is often contained in laptop computers or other electronic devices." Searches have uncovered "violent jihadist materials" as well as images of child pornography, he wrote. With about 400 million travelers entering the country each year, "as a practical matter, travelers only go to secondary [for a more thorough examination] when there is some level of suspicion," Chertoff wrote. "Yet legislation locking in a particular standard for searches would have a dangerous, chilling effect as officers' often split-second assessments are second-guessed." In April, the U.S. Court of Appeals for the 9th Circuit in San Francisco upheld the government's power to conduct searches of an international traveler's laptop without suspicion of wrongdoing. The Customs policy can be viewed at: http://www.cbp.gov/linkhandler/cgov/travel/admissability/search_authority.ctt/sear ch_authority.pdf. from the Wall Street Journal, 2008-Mar-10, p.A1, by Siobhan Gorman: NSA's Domestic Spying Grows As Agency Sweeps Up Data Terror Fight Blurs Line Over Domain; Tracking Email WASHINGTON, D.C. -- Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks. But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system. The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people's communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks. Congress now is hotly debating domestic spying powers under the main law governing U.S. surveillance aimed at foreign threats. An expansion of those powers expired last month and awaits renewal, which could be voted on in the House of Representatives this week. The biggest point of contention over the law, the Foreign Intelligence Surveillance Act, is whether telecommunications and other companies should be made immune from liability for assisting government surveillance. Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering. Supporters say the NSA is serving as a key bulwark against foreign terrorists and that it would be reckless to constrain the agency's mission. The NSA says it is scrupulously following all applicable laws and that it keeps Congress fully informed of its activities. According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called "transactional" data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA's own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge's approval when a link to al Qaeda is suspected. The NSA's enterprise involves a cluster of powerful intelligence-gathering programs, all of which sparked civil-liberties complaints when they came to light. They include a Federal Bureau of Investigation program to track telecommunications data once known as Carnivore, now called the Digital Collection System, and a U.S. arrangement with the world's main international banking clearinghouse to track money movements. The effort also ties into data from an ad-hoc collection of so-called "black programs" whose existence is undisclosed, the current and former officials say. Many of the programs in various agencies began years before the 9/11 attacks but have since been given greater reach. Among them, current and former intelligence officials say, is a longstanding Treasury Department program to collect individual financial data including wire transfers and credit-card transactions. It isn't clear how many of the different kinds of data are combined and analyzed together in one database by the NSA. An intelligence official said the agency's work links to about a dozen antiterror programs in all. A number of NSA employees have expressed concerns that the agency may be overstepping its authority by veering into domestic surveillance. And the constitutional question of whether the government can examine such a large array of information without violating an individual's reasonable expectation of privacy "has never really been resolved," said Suzanne Spaulding, a national- security lawyer who has worked for both parties on Capitol Hill. NSA officials say the agency's own investigations remain focused only on foreign threats, but it's increasingly difficult to distinguish between domestic and international communications in a digital era, so they need to sweep up more information. The Fourth Amendment In response to the Sept. 11 attacks, then NSA-chief Gen. Michael Hayden has said he used his authority to expand the NSA's capabilities under a 1981 executive order governing the agency. Another presidential order issued shortly after the attacks, the text of which is classified, opened the door for the NSA to incorporate more domestic data in its searches, one senior intelligence official said. The NSA "strictly follows laws and regulations designed to preserve every American's privacy rights under the Fourth Amendment to the U.S. Constitution," agency spokeswoman Judith Emmel said in a statement, referring to the protection against unreasonable searches and seizures. The Office of the Director of National Intelligence, which oversees the NSA in conjunction with the Pentagon, added in a statement that intelligence agencies operate "within an extensive legal and policy framework" and inform Congress of their activities "as required by the law." It pointed out that the 9/11 Commission recommended in 2004 that intelligence agencies analyze "all relevant sources of information" and share their databases. Two former officials familiar with the data-sifting efforts said they work by starting with some sort of lead, like a phone number or Internet address. In partnership with the FBI, the systems then can track all domestic and foreign transactions of people associated with that item -- and then the people who associated with them, and so on, casting a gradually wider net. An intelligence official described more of a rapid-response effect: If a person suspected of terrorist connections is believed to be in a U.S. city -- for instance, Detroit, a community with a high concentration of Muslim Americans -- the government's spy systems may be directed to collect and analyze all electronic communications into and out of the city. The haul can include records of phone calls, email headers and destinations, data on financial transactions and records of Internet browsing. The system also would collect information about other people, including those in the U.S., who communicated with people in Detroit. The information doesn't generally include the contents of conversations or emails. But it can give such transactional information as a cellphone's location, whom a person is calling, and what Web sites he or she is visiting. For an email, the data haul can include the identities of the sender and recipient and the subject line, but not the content of the message. Intelligence agencies have used administrative subpoenas issued by the FBI -- which don't need a judge's signature -- to collect and analyze such data, current and former intelligence officials said. If that data provided "reasonable suspicion" that a person, whether foreign or from the U.S., was linked to al Qaeda, intelligence officers could eavesdrop under the NSA's Terrorist Surveillance Program. The White House wants to give companies that assist government surveillance immunity from lawsuits alleging an invasion of privacy, but Democrats in Congress have been blocking it. The Terrorist Surveillance Program has spurred 38 lawsuits against companies. Current and former intelligence officials say telecom companies' concern comes chiefly because they are giving the government unlimited access to a copy of the flow of communications, through a network of switches at U.S. telecommunications hubs that duplicate all the data running through it. It isn't clear whether the government or telecom companies control the switches, but companies process some of the data for the NSA, the current and former officials say. On Friday, the House Energy and Commerce Committee released a letter warning colleagues to look more deeply into how telecommunications data are being accessed, citing an allegation by the head of a New York-based computer security firm that a wireless carrier that hired him was giving unfettered access to data to an entity called "Quantico Circuit." Quantico is a Marine base that houses the FBI Academy; senior FBI official Anthony DiClemente said the bureau "does not have 'unfettered access' to any communication provider's network." The political debate over the telecom information comes as intelligence agencies seek to change traditional definitions of how to balance privacy rights against investigative needs. Donald Kerr, the deputy director of national intelligence, told a conference of intelligence officials in October that the government needs new rules. Since many people routinely post details of their lives on social-networking sites such as MySpace, he said, their identity shouldn't need the same protection as in the past. Instead, only their "essential privacy," or "what they would wish to protect about their lives and affairs," should be veiled, he said, without providing examples. Social-Network Analysis The NSA uses its own high-powered version of social-network analysis to search for possible new patterns and links to terrorism. The Pentagon's experimental Total Information Awareness program, later renamed Terrorism Information Awareness, was an early research effort on the same concept, designed to bring together and analyze as much and as many varied kinds of data as possible. Congress eliminated funding for the program in 2003 before it began operating. But it permitted some of the research to continue and TIA technology to be used for foreign surveillance. Some of it was shifted to the NSA -- which also is funded by the Pentagon -- and put in the so-called black budget, where it would receive less scrutiny and bolster other data-sifting efforts, current and former intelligence officials said. "When it got taken apart, it didn't get thrown away," says a former top government official familiar with the TIA program. Two current officials also said the NSA's current combination of programs now largely mirrors the former TIA project. But the NSA offers less privacy protection. TIA developers researched ways to limit the use of the system for broad searches of individuals' data, such as requiring intelligence officers to get leads from other sources first. The NSA effort lacks those controls, as well as controls that it developed in the 1990s for an earlier data-sweeping attempt. Sen. Ron Wyden, an Oregon Democrat and member of the Senate Intelligence Committee who led the charge to kill TIA, says "the administration is trying to bring as much of the philosophy of operation Total Information Awareness as it can into the programs they're using today." The issue has been overshadowed by the fight over telecoms' immunity, he said. "There's not been as much discussion in the Congress as there ought to be." Opportunity for Debate But Sen. Kit Bond of Missouri, the ranking Republican on the committee, said by email his committee colleagues have had "ample opportunity for debate" behind closed doors and that each intelligence program has specific legal authorization and oversight. He cautioned against seeing a group of intelligence programs as "a mythical 'big brother' program," adding, "that's not what is happening today." The legality of data-sweeping relies largely on the government's interpretation of a 1979 Supreme Court ruling allowing records of phone calls -- but not actual conversations -- to be collected without a judge issuing a warrant. Multiple laws require a court order for so-called "transactional'" records of electronic communications, but the 2001 Patriot Act lowered the standard for such an order in some cases, and in others made records accessible using FBI administrative subpoenas called "national security letters." (Read the ruling.) A debate is brewing among legal and technology scholars over whether there should be privacy protections when a wide variety of transactional data are brought together to paint what is essentially a profile of an individual's behavior. "You know everything I'm doing, you know what happened, and you haven't listened to any of the contents" of the communications, said Susan Landau, co- author of a book on electronic privacy and a senior engineer at Sun Microsystems Laboratories. "Transactional information is remarkably revelatory." Ms. Spaulding, the national-security lawyer, said it's "extremely questionable" to assume Americans don't have a reasonable expectation of privacy for data such as the subject-header of an email or a Web address from an Internet search, because those are more like the content of a communication than a phone number. "These are questions that require discussion and debate," she said. "This is one of the problems with doing it all in secret." Gen. Hayden, the former NSA chief and now Central Intelligence Agency director, in January 2006 publicly defended the activities of the Terrorist Surveillance Program after it was disclosed by the New York Times. He said it was "not a driftnet over Lackawanna or Fremont or Dearborn, grabbing all communications and then sifting them out." Rather, he said, it was carefully targeted at terrorists. However, some intelligence officials now say the broader NSA effort amounts to a driftnet. A portion of the activity, the NSA's access to domestic phone records, was disclosed by a USA Today article in 2006. The NSA, which President Truman created in 1952 through a classified presidential order to be America's ears abroad, has for decades been the country's largest and most secretive intelligence agency. The order confined NSA spying to "foreign governments," and during the Cold War the NSA developed a reputation as the world's premier code-breaking operation. But in the 1970s, the NSA and other intelligence agencies were found to be using their spy tools to monitor Americans for political purposes. That led to the original FISA legislation in 1978, which included an explicit ban on the NSA eavesdropping in the U.S. without a warrant. Big advances in telecommunications and database technology led to unprecedented data-collection efforts in the 1990s. One was the FBI's Carnivore program, which raised fears when it was in disclosed in 2000 that it might collect telecommunications information about law-abiding individuals. But the ground shifted after 9/11. Requests for analysis of any data that might hint at terrorist activity flooded from the White House and other agencies into NSA's Fort Meade, Md., headquarters outside Washington, D.C., one former NSA official recalls. At the time, "We're scrambling, trying to find any piece of data we can to find the answers," the official said. The 2002 congressional inquiry into the 9/11 attacks criticized the NSA for holding back information, which NSA officials said they were doing to protect the privacy of U.S. citizens. "NSA did not want to be perceived as targeting individuals in the United States" and considered such surveillance the FBI's job, the inquiry concluded. FBI-NSA Projects The NSA quietly redefined its role. Joint FBI-NSA projects "expanded exponentially," said Jack Cloonan, a longtime FBI veteran who investigated al Qaeda. He pointed to national-security letter requests: They rose from 8,500 in 2000 to 47,000 in 2005, according to a Justice Department inspector general's report last year. It also said the letters permitted the potentially illegal collection of thousands of records of people in the U.S. from 2003-05. Last Wednesday, FBI Director Robert Mueller said the bureau had found additional instances in 2006. It isn't known how many Americans' data have been swept into the NSA's systems. The Treasury, for instance, built its database "to look at all the world's financial transactions" and gave the NSA access to it about 15 years ago, said a former NSA official. The data include domestic and international money flows between bank accounts and credit-card information, according to current and former intelligence officials. The NSA receives from Treasury weekly batches of this data and adds it to a database at its headquarters. Prior to 9/11, the database was used to pursue specific leads, but afterward, the effort was expanded to hunt for suspicious patterns. Through the Treasury, the NSA also can access the database of the Society for Worldwide Interbank Financial Telecommunication, or Swift, the Belgium-based clearinghouse for records of international transactions between financial institutions, current and former officials said. The U.S. acknowledged in 2006 that the CIA and Treasury had access to Swift's database, but said the NSA's Terrorism Surveillance Program was separate and that the NSA provided only "technical assistance." A Treasury spokesman said the agency had no comment. Through the Department of Homeland Security, airline passenger data also are accessed and analyzed for suspicious patterns, such as five unrelated people who repeatedly fly together, current and former intelligence officials said. Homeland Security shares information with other agencies only "on a limited basis," spokesman Russ Knocke said. NSA gets access to the flow of data from telecommunications switches through the FBI, according to current and former officials. It also has a partnership with FBI's Digital Collection system, providing access to Internet providers and other companies. The existence of a shadow hub to copy information about AT&T Corp. telecommunications in San Francisco is alleged in a lawsuit against AT&T filed by the civil-liberties group Electronic Frontier Foundation, based on documents provided by a former AT&T official. In that lawsuit, a former technology adviser to the Federal Communications Commission says in a sworn declaration that there could be 15 to 20 such operations around the country. Current and former intelligence officials confirmed a domestic network of hubs, but didn't know the number. "As a matter of policy and law, we can not discuss matters that are classified," said FBI spokesman John Miller. The budget for the NSA's data-sifting effort is classified, but one official estimated it surpasses $1 billion. The FBI is requesting to nearly double the budget for the Digital Collection System in 2009, compared with last year, requesting $42 million. "Not only do demands for information continue to increase, but also the requirement to facilitate information sharing does," says a budget justification document, noting an "expansion of electronic surveillance activity in frequency, sophistication, and linguistic needs." from the Telegraph of London, 2008-Sep-6, by Martin Beckford, Sarah Graham and Betsy Mead: Children aged eight enlisted as council snoopers Children as young as eight have been recruited by councils to "snoop" on their neighbours and report petty offences such as littering, the Daily Telegraph can disclose. The youngsters are among almost 5,000 residents who in some cases are being offered £500 rewards if they provide evidence of minor infractions. One in six councils contacted by the Telegraph said they had signed up teams of "environment volunteers" who are being encouraged to photograph or video neighbours guilty of dog fouling, littering or "bin crimes". The "covert human intelligence sources", as some local authorities describe them, are also being asked to pass on the names of neighbours they believe to be responsible, or take down their number-plates. Ealing Council in West London said: "There are hundreds of Junior Streetwatchers, aged 8-10 years old, who are trained to identify and report enviro-crime issues such as graffiti and fly-tipping." Harlow Council in Essex said: "We currently have 25 Street Scene Champions who work with the council. They are all aged between 11 to 14. They are encouraged to report the aftermath of enviro-crimes such as vandalism to bus shelters, graffiti, abandoned vehicles, fly-tipping etc. They do this via telephone or email direct to the council." Other local authorities recruit adult volunteers through advertisements in local newspapers, with at least 4,841 people already patrolling the streets in their spare time. Some are assigned James Bond-style code numbers, which they use instead of their real names when they ring a special informer's hotline. This escalation in Britain's growing surveillance state follows an outcry about the way councils are using powers originally designed to combat terrorism and organised crime to spy on residents. In one case, a family was followed by council staff for almost three weeks after being wrongly accused of breaking rules on school catchment areas. It also emerged last month that around 1,400 security guards, car park attendants and town hall staff have been given police-style powers including the right to issue on-the-spot fines for littering, cycling on the pavement and other offences. Matthew Sinclair, of the TaxPayers' Alliance, described the recruitment of children as "downright sinister". He said: "We are deeply troubled by these developments - they are straight out of the Stasi copybook. There is a combination of ever-stricter rules and ever more Draconian attempts to control people. "Councils are using anti-terrorist legislation for the tiniest of things, like the people who put out their bins early, and the threats of fines and prosecutions combine to constitute fleecing the people the councils are meant to be serving." The increase in surveillance comes at a time when an estimated 169 councils have dropped weekly rubbish collections. Some local authorities are refusing to collect bins which are placed too far from the kerb, while others are issuing £100 fines to people who fail to comply with recycling rules. Critics have claimed that councils have stopped prosecuting people for flytipping in favour of pursuing easy targets such as fining people for dropping bits of food and cigarette butts. In April, Hull council officials fined a young mother £75 for dropping a piece of sausage roll while trying to feed her four-year-old daughter. Sarah Davies, 20, refused to pay and the matter when to magistrates court where it was dismissed. Doretta Cocks, founder of the Campaign for Weekly Waste Collection, said the use of children by councils was "shocking". She said: "What sort of world are we bringing them up in? I think it's dreadful for neighbour to spy upon neighbour in that way." The Daily Telegraph contacted more than 240 councils across England and Wales to ask if they had recruited environmental volunteers. Of those, 36 or just under one in six, said they had. They included Luton, with 600 volunteers, the highest of any council; Southwark, south London (400) Birmingham (370) Blaenau Gwent (300) and Congleton in Cheshire (300). Among the "environmental crimes" which the snoopers are asked to report, which vary from council to council, are failure to recycle rubbish, vandalism, graffiti, dog fouling, fly-tipping and abandoned vehicles. Some councils merely ask recruits to keep an eye out for problems, while others are sent out on patrols. Several of the councils which do not yet use volunteers said they were considering doing so in future. Many of the town halls said they did not encourage their volunteers to confront offenders or collect evidence, for their own safety. But Bromley Council in Kent offers up to £500 for information that leads to a conviction. Crawley Borough Council in West Sussex said its 150 Streetcare Champions were asked to "report on individuals if known". Bolton Council said its Green Inspectors must "note any relevant information such as registration numbers" if they see criminal activity. Others, including Fareham in Hampshire and Waltham Forest in east London encourage their volunteers to take photographs of rubbish to help investigations. Liz Henthorn, 66, a retired nurse who is one of 120 "Street Hawk" volunteers in Enfield, north London, openly describes herself as a "curtain twitcher" but insists she is not snooping on anyone. She said: "If there is a problem with fly-tipping, general bad behaviour, graffiti etcetera then I ring the Street Hawk person and when I do it is cleared. Enfield has become a lot cleaner because of us curtain twitchers having a look around. "If you can you report an individual but nobody is going to give their name and address. If you know where that person lives you can say you know who it is but other than that you don't." A spokesman for the Local Government Association, which represents town halls across the country, insisted: "Environment volunteers are people who care passionately about their local area and want to protect it from vandals, graffitists and fly tippers. "These residents are not snoopers. They will help councils cut crime and make places cleaner, greener and safer." Dominic Grieve, the shadow home secretary, said: "In any civilised society the community will engage with the police but it would be plain wrong for young children to be recruited and trained for reward. People want to see the police and other appropriate agencies on our streets catching and deterring offenders." Councillor Sue Emment, Ealing Council's cabinet member for environment and street services, said: "Ealing Council works with participating schools so Junior Streetwatchers can learn how to help our local environment, take pride in their community and have a sense of civic responsibility. "Organisations like the TaxPayers' Alliance are fast becoming parodies of themselves and ought to find out about Council schemes before making comments. We feel it is sad that the valuable time these young people are spending on improving the community should be criticised in any way." A spokesman for Harlow Council said: "We need to encourage more people to care for their community. If we can encourage people at a young age to do this then they will grow up to respect the environment. Our Street Champions, which is an entirely voluntary scheme naturally, has the backing and support of parents for children to take part in the scheme. The scheme is highly regarded. "The scheme isn't just about them reporting environmental problems, they also take part in projects to help them learn new skills and in a wider context, about citizenship." from Reuters, 2008-Oct-2, by Sinead Carew with Savio D'Souza in Bangalore and editing by Gerald E. McCormick: Skype admits to storing China text messages NEW YORK - Skype, eBay Inc's Web communications unit, admitted on Thursday that TOM-Skype, its China venture with TOM Online Inc, had been monitoring and storing some of its users' text messages without Skype's knowledge. Skype apologized after a report revealed that the Web service monitors text chats with politically sensitive keywords and stores them along with millions of personal user records on computers that could be easily accessed by anybody -- including the Chinese government. Jennifer Caukin, a spokeswoman for Skype, minority owner of TOM-Skype, admitted to the privacy breach in the servers and said it had now been fixed. However, she said that Skype needed to have further discussions with TOM after it found out that the venture had changed privacy policies without Skype's consent or knowledge in order to store certain user messages. Caukin said it is not a surprise that "the Chinese government might be monitoring communication in and out of the country." "Nevertheless we are concerned to hear about security issues brought to our attention and confirm that TOM was able to fix the flaw." she said adding that "changes in storing and uploading chats will be further discussed with TOM." Caukin said in an e-mailed statement that Skype had publicly acknowledged in 2006 that in order to meet Chinese regulations, TOM was operating a text filter that blocked certain words on TOM-Skype chat messages without compromising customer privacy. But she said that policy had changed. "Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned." Caukin said. TOM Group, the parent company of TOM-Skype's majority owner TOM Online, said in an e-mailed statement that it follows Chinese regulations. "As a Chinese company, we adhere to rules and regulations in China where we operate our businesses. We have no other comment," it said in the statement. The comments follow a University of Toronto Citizen Lab report that said text messages sent between TOM-Skype users and between Skype users and T0M- Skype users, are scanned for phrases like "Taiwan independence" or "Falun Gong" or for opposition to the Communist Party of China. When these keywords are found, the messages and information, such as usernames of subscribers, are stored on publicly accessible Web servers along with an encryption key that could be used to unlock the data, according to the report. from the New York Times, 2008-Oct-1, by John Markoff: Surveillance of Skype Messages Found in China SAN FRANCISCO — A group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words. The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service. The discovery draws more attention to the Chinese government's Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more “Internet police” monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China. The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words. The list includes words related to the religious group Falun Gong, Taiwan independence and the Chinese Communist Party, according to the researchers. It includes not only words like democracy, but also earthquake and milk powder. (Chinese officials are facing criticism over the handling of earthquake relief and chemicals tainting milk powder.) The list also serves as a filter to restrict text conversations. The encrypted list of words inside the Tom-Skype software blocks the transmission of those words and a copy of the message is sent to a server. The Chinese servers retained personal information about the customers who sent the messages. They also recorded chat conversations between Tom-Skype users and Skype users outside China. The system recorded text messages and Skype caller identification, but did not record the content of Skype voice calls. In just two months, the servers archived more than 166,000 censored messages from 44,000 users, according to a report that was published on the Information Warfare Monitor Web site at the university. The researchers were able to download and analyze copies of the surveillance data because the Chinese computers were improperly configured, leaving them accessible. The researchers said they did not know who was operating the surveillance system, but they said they suspected that it was the Chinese wireless firm, possibly with cooperation from Chinese police. Independent executives from the instant message industry say the discovery is an indication of a spiraling computer war that is tracking the introduction of new communications technologies. “I can see an arms race going on,” said Pat Peterson, vice president for technology at Cisco's Ironport group, which provides messaging security systems. “China is one of the more wired places of the world and they are fighting a war with their populace.” The Chinese government is not alone in its Internet surveillance efforts. In 2005, The New York Times reported that the National Security Agency was monitoring large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program, intended to hunt for evidence of terrorist activity, that President Bush approved after the Sept. 11 attacks. [As James Taranto points out, this is a gratuitous comparison, since the PRC is monitoring the political communications of its own reform-minded citizens with a view to thwarting reform, whereas the USG is monitoring the communications of foreigners planning terrorist attacks, with a view to protecting citizens from terrorist violence. -AMPP Ed.] The researchers said their discovery contradicted a public statement made by Skype executives in 2006 after the content filtering of the Skype conversations was reported. At the time the company said that the conversations were protected and private. The Citizen Lab researchers issued a report on Wednesday, which details an analysis of data on the servers. “We were able to download millions of messages that identify users,” said Ronald J. Deibert, an associate professor of political science at the University of Toronto. “This is the worst nightmares of the conspiracy theorists around surveillance coming true. It's `X-Files' without the aliens.” Jennifer Caukin, an eBay spokeswoman, said, “The security and privacy of our users is very important to Skype.” But the company spoke to the accessibility of the messages, not their monitoring. “The security breach does not affect Skype's core technology or functionality,” she said. “It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about the security issue and they have informed us that a fix to the problem will be completed within 24 hours.” EBay had no comment on the monitoring. Other American companies have been caught in controversy after cooperating with Chinese officials. In 2005, Yahoo supplied information to the Chinese authorities, who then sentenced a reporter, Shi Tao, to 10 years in prison for leaking what the government considered state secrets. The company said it was following Chinese law. EBay created the joint venture with the Tom Group, which holds the majority stake, in September 2005. The Tom Group itself was founded in October 1999 as a joint venture among Hutchison Whampoa, Cheung Kong Holdings and other investors. In its annual report this year, the Tom Group, based in Hong Kong, said that the number of Tom-Skype registered users had reached 69 million in the first half of 2008 and revenue had increased tenfold in the last year. The researchers stumbled upon the surveillance system when Nart Villeneuve, a senior research fellow at Citizen Lab, began using an analysis tool to monitor data that was generated by the Tom-Skype software, which is meant to permit voice and text conversations from a personal computer. By observing the data generated by the program, he determined that each time he typed a particular swear word into the text messaging program an encrypted message was sent to an unidentified Internet address. To his surprise, the coded messages were being stored on Tom Online computers. When he examined the machines over the Internet, he discovered that they had been misconfigured and that the computer directories were readable with a simple . One directory on each machine contained a series of files in which the messages, in encrypted form, were being deposited. Hunting further, Mr. Villeneuve soon found a file that contained the numerical key that permitted him to decode the encrypted log files. What he uncovered were hundreds of files, each containing thousands of records of messages that had been captured and then stored by the filtering software. The records revealed Internet addresses and user names as well as message content. Also stored on the computers were calling records for Skype voice conversations containing names and in some cases phone numbers of the calling parties. Mr. Villeneuve downloaded the messages, decrypted them and used machine translation software to convert the Chinese messages to English. He then used word frequency counts to identify the key words that were flagging the messages. The exact criteria used by the filtering software is still unclear, he said, because some messages on the servers contained no known key word. He said that in addition to capturing the Skype messages sent between Tom-Skype users, international conversations were recorded as well, meaning that users of standard Skype software outside China were also vulnerable to the surveillance system when they had text conversations with Chinese users. from the Washington Post, 2008-Jul-4, p.D1, by Ellen Nakashima with Peter Whoriskey contributing: YouTube Ordered To Release User Data Viacom Had Sought Access to Database In Copyright Battle A federal judge in New York this week ordered the video-sharing site YouTube, the world's third-most-visited Web site, to release data on the viewing habits of its tens of millions of worldwide viewers. Tuesday's ruling, which amounted to only seven paragraphs in a 25-page opinion that was mostly about programming code and other matters, alarmed privacy advocates, who said it ignored laws meant to protect peoples' viewing habits. The order comes as part of a $1 billion copyright infringement lawsuit brought against YouTube's owner, Google, by Viacom, the media company that owns large cable networks such as MTV, VH1 and Nickelodeon. Viacom alleges that YouTube encourages people to upload significant amounts of pirated copyrighted programs and that users do so by the thousands, profiting YouTube and Google. It wants to prove that pirated videos uploaded to the site -- video clips of Jon Stewart's "The Daily Show," for instance -- are more heavily viewed than amateur content. On Tuesday, U.S. District Judge Louis L. Stanton granted Viacom's request that YouTube release its 12-terabyte "logging" database -- a database that is larger than the Library of Congress's collection of about 10 million books, to Viacom. Every minute, 13 hours of video are uploaded to YouTube servers. The site logs hundreds of millions of views a week. The database contains the unique login ID of the viewer, the time he began watching, the Internet Protocol, or IP, address of the user's computer and the identification of the video. That database is the only existing record of how often each video has been viewed during various time periods, the opinion said. Its data can recreate the number of views of a video for any particular day. In ordering the data release, Stanton said that YouTube's privacy concerns were "speculative," that Google cited "no authority barring them from disclosing such information in civil discovery proceedings" and that Google itself has noted that an IP address without additional information cannot in most cases identify a person. Privacy advocates said the ruling disregarded the 1988 Video Privacy Protection Act passed by Congress to protect people's video-viewing habits from being disclosed. The law says that records may not be turned over unless the consumer is given the opportunity to object. "People recognize that what videos you watch is deeply private information that can tell a lot about you," said Kurt Opsahl, senior staff attorney for the Electronic Frontier Foundation. "And that might be information you might not want revealed." Viacom General Counsel Michael Fricklas said yesterday that Viacom has no intention of going after individual users. "Even if they uploaded pirated clips, we're not going to use the data to find them. We're not going to use it to sue them. We're not going to use it to look at who they are." Rather, the company has argued, the data could be used to measure the popularity of copyrighted video against non-copyrighted video. Yesterday, lawyers for Google said they would not appeal the ruling. They sent Viacom a letter requesting that the company allow YouTube to redact user names and IP addresses from the data. "We are pleased the court put some limits on discovery, including refusing to allow Viacom to access users' private videos and our search technology," Google senior litigation counsel Catherine Lacavera said in a statement. "We are disappointed the court granted Viacom's overreaching demand for viewing history. We will ask Viacom to respect users' privacy and allow us to anonymize the logs before producing them under the court's order." Fricklas said Viacom is open to the anonymity request and has consulted with the Electronic Frontier Foundation on possible approaches. "Any information that we or our outside advisers obtain -- which will not include personally identifiable information -- will be used exclusively for the purpose of proving our case against YouTube and Google, and will be handled subject to a court protective order and in a highly confidential manner," Fricklas said. But making the records anonymous is not fail-safe. In 2006, an AOL researcher inadvertently posted three months' worth of searches typed in by 650,000 anonymous AOL users. Although their identities were masked -- each user was given a randomly generated unique identification number -- the search terms, which included names, home towns and interests, could be collated and used to identify a person, as an enterprising New York Times reporter showed. The ruling and the response to it underscores the concerns about data collection and Web surfers' lack of control over the use of their personal data. Jennifer Urban, a law professor at the University of Southern California, said that even if Viacom does not use the information to sue users, "a future litigant may not keep the information private." What videos people view, what books they read, have long been considered sensitive information, she said, "intensely personal pieces of information we expect people to be able to keep private." The lawsuit was paired with a similar suit filed as a class action by a British soccer league that broadcasts soccer matches internationally. from the New York Times, 2007-Nov-7, by James Risen and Eric Lichtblau: Ex-Worker at AT&T Fights Immunity Bill WASHINGTON, Nov. 6 — When Mark Klein, then an AT&T technician in San Francisco, stumbled on a secret room apparently reserved for the National Security Agency inside an AT&T switching center, he hardly expected to be caught up in a national debate over the proper balance between American civil liberties and national security. But four years later, Mr. Klein's discovery has led to a spate of class-action lawsuits against the nation's largest telephone companies. The threat posed to the telecommunications industry by those suits has prompted the Bush administration to push Congress to grant companies legal immunity for their secret cooperation in the N.S.A.'s program of eavesdropping without warrants. With many Democrats in Congress seemingly willing to grant the legal protection, Mr. Klein has come to Washington to fight back. Mr. Klein, 62 and now retired, will begin meeting Wednesday with staff members on the Senate and House Judiciary Committees to try to persuade them to put a brake on the immunity legislation. He says the phone companies do not deserve the legal protection. “I think they committed a massive violation not only of the law but of the Constitution,” he said. “That's not the way the Fourth Amendment is supposed to work.” The administration and other supporters of immunity say the companies should get it because they were acting under what they believed to be lawful orders from the government. The administration also argues that if the lawsuits, coordinated by the Electronic Frontier Foundation, a privacy group know as EEF, are allowed to proceed, they could reveal national security secrets, and so the Justice Department has sought to block them by using the “state secrets privilege.” A spokesman for Mike McConnell, director of national intelligence, declined to comment on Tuesday. In 2002, Mr. Klein was working as a technician in AT&T's Geary Street facility in San Francisco when he was told that an N.S.A. agent would be visiting the office to interview another AT&T employee for a special job. He later learned that the job was at an AT&T facility on Folsom Street. In early 2003, Mr. Klein took a tour of the Folsom Street office, where he saw a secret room under construction. By October 2003, he was transferred to that office, and he said he learned that only employees cleared by the security agency were allowed to enter the room. Mr. Klein was responsible for maintaining Internet switching equipment near the secret room, and said he was stunned to discover that special “splitter” equipment had been installed in his area to route copies of all Internet traffic diverted through his lines into the secret room. “What I saw is that everything's flowing across the Internet to this government- controlled room,” he said. Later, Mr. Klein obtained three AT&T documents that he said revealed the computer and equipment design for the room — documents that the company maintains he kept improperly after leaving AT&T in 2004. Those designs, according to Mr. Klein and other telecommunications specialists who have reviewed them, would give the security agency. the ability to sift and reroute international and domestic communications and data from the AT&T lines to another site. “The physical apparatus gives them everything,” Mr. Klein said, adding, “A lot of this was domestic.” Ever since the N.S.A. eavesdropping program was publicly disclosed in December 2005, the administration has said that it was limited to intercepting, without seeking court orders, the international calls and e-mail messages of people inside the United States suspected of terrorist ties. EFF, which brought Mr. Klein to Washington to plead his case, is fearful that Congress will pass an immunity bill just as its class-action lawsuit has made some progress in a federal court in California. A judge there has refused to throw out the lawsuits, and an appellate court is now weighing a government appeal. In a ruling released Tuesday, the district judge hearing the case, Vaughn Walker, ordered that no documents or evidence in it be altered or destroyed. The government had opposed that motion. Administration officials have insisted that the lawsuits, if allowed to proceed, threatens to bankrupt the phone carriers. But Cindy Cohn, staff lawyer for EFF, said its main objective was to get the courts to rule on the legality of the eavesdropping program, which the group maintains violates the Constitution. “I don't want to bankrupt the phone companies,” Ms. Cohn said. “That's not what this is about.” from the Boston Globe, 2007-Nov-17, by Maria Cramer: Police to search for guns in homes City program depends on parental consent Boston police are launching a program that will call upon parents in high-crime neighborhoods to allow detectives into their homes, without a warrant, to search for guns in their children's bedrooms. The program, which is already raising questions about civil liberties, is based on the premise that parents are so fearful of gun violence and the possibility that their own teenagers will be caught up in it that they will turn to police for help, even in their own households. In the next two weeks, Boston police officers who are assigned to schools will begin going to homes where they believe teenagers might have guns. The officers will travel in groups of three, dress in plainclothes to avoid attracting negative attention, and ask the teenager's parent or legal guardian for permission to search. If the parents say no, police said, the officers will leave. If officers find a gun, police said, they will not charge the teenager with unlawful gun possession, unless the firearm is linked to a shooting or homicide. The program was unveiled yesterday by Police Commissioner Edward F. Davis in a meeting with several community leaders. "I just have a queasy feeling anytime the police try to do an end run around the Constitution," said Thomas Nolan, a former Boston police lieutenant who now teaches criminology at Boston University. "The police have restrictions on their authority and ability to conduct searches. The Constitution was written with a very specific intent, and that was to keep the law out of private homes unless there is a written document signed by a judge and based on probable cause. Here, you don't have that." Critics said they worry that some residents will be too intimidated by a police presence on their doorstep to say no to a search. "Our biggest concern is the notion of informed consent," said Amy Reichbach, a racial justice advocate at the American Civil Liberties Union. "People might not understand the implications of weapons being tested or any contraband being found." But Davis said the point of the program, dubbed Safe Homes, is to make streets safer, not to incarcerate people. "This isn't evidence that we're going to present in a criminal case," said Davis, who met with community leaders yesterday to get feedback on the program. "This is a seizing of a very dangerous object. . . . "I understand people's concerns about this, but the mothers of the young men who have been arrested with firearms that I've talked to are in a quandary," he said. "They don't know what to do when faced with the problem of dealing with a teenage boy in possession of a firearm. We're giving them an option in that case." But some activists questioned whether the program would reduce the number of weapons on the street. A criminal whose gun is seized can quickly obtain another, said Jorge Martinez, executive director of Project Right, who Davis briefed on the program earlier this week. "There is still an individual who is an impact player who is not going to change because you've taken the gun from the household," he said. The program will focus on juveniles 17 and younger and is modeled on an effort started in 1994 by the St. Louis Police Department, which stopped the program in 1999 partly because funding ran out. Police said they will not search the homes of teenagers they suspect have been involved in shootings or homicides and who investigators are trying to prosecute. "In a case where we have investigative leads or there is an impact player that we know has been involved in serious criminal activity, we will pursue investigative leads against them and attempt to get into that house with a search warrant, so we can hold them accountable," Davis said. Police will rely primarily on tips from neighbors. They will also follow tips from the department's anonymous hot line and investigators' own intelligence to decide what doors to knock on. A team of about 12 officers will visit homes in four Dorchester and Roxbury neighborhoods: Grove Hall, Bowdoin Street and Geneva Avenue, Franklin Hill and Franklin Field, and Egleston Square. If drugs are found, it will be up to the officers' discretion whether to make an arrest, but police said modest amounts of drugs like marijuana will simply be confiscated and will not lead to charges. "A kilo of cocaine would not be considered modest," said Elaine Driscoll, Davis's spokeswoman. "The officers that have been trained have been taught discretion." The program will target young people whose parents are either afraid to confront them or unaware that they might be stashing weapons, said Davis, who has been trying to gain support from community leaders for the past several weeks. One of the first to back him was the Rev. Jeffrey L. Brown, cofounder of the Boston TenPoint Coalition, who attended yesterday's meeting. "What I like about this program is it really is a tool to empower the parent," he said. "It's a way in which they can get a hold of the household and say, 'I don't want that in my house.' " Suffolk District Attorney Daniel F. Conley, whose support was crucial for police to guarantee there would be no prosecution, also agreed to back the initiative. "To me it's a preventive tool," he said. Boston police officials touted the success of the St. Louis program's first year, when 98 percent of people approached gave consent and St. Louis police seized guns from about half of the homes they searched. St. Louis police reassured skeptics by letting them observe searches, said Robert Heimberger, a retired St. Louis police sergeant who was part of the program. "We had parents that invited us back, and a couple of them nearly insisted that we take keys to their house and come back anytime we wanted," he said. But the number of people who gave consent plunged in the next four years, as the police chief who spearheaded the effort left and department support fell, according to a report published by the National Institute of Justice. Support might also have flagged because over time police began to rely more on their own intelligence than on neighborhood tips, the report said. Heimberger said the program also suffered after clergy leaders who were supposed to offer help to parents never appeared. "I became frustrated when I'd get the second, or third, or fourth phone call from someone who said, 'No one has come to talk to me,' " he said. Residents "lost faith in the program and that hurt us." Boston police plan to hold neighborhood meetings to inform the public about the program. Police are also promising follow-up visits from clergy or social workers, and they plan to allow the same scrutiny that St. Louis did. "We want the community to know what we're doing," Driscoll said. Ronald Odom - whose son, Steven, 13, was fatally shot last month as he walked home from basketball practice - was at yesterday's meeting and said the program is a step in the right direction. "Everyone talks about curbing violence," he said, following the meeting. ". . . This is definitely a head start." from the Washington Post, 2008-Jan-12, p.D1, by Del Quentin Wilber: Fliers' Data Left Exposed, Report Says Official Overseeing TSA Site Had Worked for Contractor A government Web site designed to help travelers remove their names from aviation watch lists was so riddled with security holes that hackers could easily have stolen personal information from scores of passengers, a congressional report concluded yesterday. Thousands of people used the Web site, and as many as 247 submitted detailed personal information between October 2006 and last February, the report says. A spokesman for the Transportation Security Administration, which established the site, said the agency was not aware of any travelers who used the site and became victims of identity theft. Congressional investigators raised concerns about a conflict of interest in how the no-bid contract to create the Web site was awarded. The TSA employee who framed many of the contract's requirements and was in charge of overseeing the site was once employed by the firm that was awarded the contract -- Desyne Web Services, a small firm in Boston, Va. -- and socialized with members of the company, according to the report by the Democratic staff of the House Oversight and Government Reform Committee. The TSA continues to use Desyne on various projects, the report said, and has awarded the company no-bid contracts worth about $500,000. The report also found that the TSA conducted little oversight of the Web site. "It is mindboggling that TSA would launch a Web site with so many security vulnerabilities," Rep. Henry A. Waxman (D-Calif.), chairman of the committee, said in a statement. "The handling of this Web site goes against all good government contracting standards, reveals serious flaws in oversight, and potentially exposed travelers to identity theft." Telephone messages left at Desyne were not returned yesterday. A TSA official said that the issues raised by the report were "old news" and that the problems had been addressed. "Things could and should have been done differently," said Christopher White, a TSA spokesman. "We have learned from those issues." The government provides airlines with security watch lists that give the names of suspected terrorists, fugitives and others considered a "threat to aviation." The lists have been frequently criticized, particularly since the terrorist attacks of Sept. 11, 2001, heightened security concerns. Prominent Americans, including members of Congress, have been singled out for questioning and searches at airports because their names were similar to names on the lists. TSA officials said they had taken steps to reduce the number of people whose names are on the no-fly list, who are not allowed to board planes. They took the same steps, they said, to reduce their "selectee" list. Passengers with names similar to those on the selectee list are subjected to extra screening and questioning at checkpoints. The TSA created a redress procedure three years ago for innocent passengers ensnared by the lists. A flood of requests quickly swamped officials, and by 2006, the TSA began seeking bids from contractors to build, host and maintain "a secure Web-based system" to handle the requests, the committee report says. TSA investigators later determined that the bid request was written in such a way that only one firm -- Desyne -- could win the contract, according to the report. According to the report, the primary author of the contract's requirements was Nicholas Panuzio, a TSA official who also was assigned an oversight role of the Web site. Panuzio "had a prior relationship with Desyne" that included having worked for the company for eight months several years earlier, the report says. Panuzio had also known the company's owner since high school and "still met regularly with Desyne's owner and others for drinks and dinner," according to the report. Panuzio could not be reached for comment yesterday. The report said Panuzio reported the conflict of interest to the agency's chief counsel but not to the project's managers. The report did not say when the disclosure was made, and a TSA spokesman was unable to pinpoint a time. TSA officials said that Panuzio did not profit from the contract, which was valued at $48,816. "A thorough review determined that no disciplinary action was necessary," said White, the spokesman. A few months after the site was launched, Chris Soghoian, a graduate student at Indiana University discovered that it was not secure. Soghoian told investigators that the site's appearance "was so poor that he first suspected it was a 'phishing' site," or one set up by hackers to imitate official sites to lure people into giving personal information that could then be stolen, the report found. Soghoian posted his concerns in February on a blog then picked up by news outlets, including a http://washingtonpost.com security blog. The TSA quickly moved the site to a more secure government domain, at http://https://trip.dhs.gov. from the Taipei Times, 2007-Nov-11, p.2, by Yang Kuo-wen, Lin Ching-chuan and Rich Chang: Bureau warns on tainted discs FOCUSED ATTACK: Large-capacity hard disks often used by government agencies were found to contain Trojan horse viruses, Investigation Bureau officials warned Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said. Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said. The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said. The affected hard discs are Maxtor Basics 500G discs. The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information. Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said. The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved. In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said. The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market. The bureau said that it had instructed the product's Taiwanese distributor, Xander International, to remove the products from shelves immediately. The bureau said that it first received complaints from consumers last month, saying they had detected Trojan horse viruses on brand new hard discs purchased in Taiwan. Agents began examining hard discs on the market and found the viruses linked to the two Web sites. Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said. The distributor told the Chinese-language Liberty Times (the Taipei Times' sister newspaper) that the company had sold 1,800 tainted discs to stores last month. It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers. Seagate's Asian Pacific branch said it was looking into the matter. from the Telegraph blogs, 2007-Nov-2, by Peter Foster: Butt-naked at Heathrow Just back from England and before I move onto a more serious subject I urgently need to share an experience I had at the Heathrow's Terminal 4. After check-in I found myself in the usual interminable queue for security screening - in my view one of al Qa'eda's greatest successes in their attempts to undermine Western living - when along came a young man to tap me on the shoulder. "Sir, you have been randomly selected for body scanning. This is entirely voluntary. It will take only a few moments and you'll go straight to the front of the queue on completion." That was all the convincing I needed, so I agreed with the single pre-condition that I get to see the pictures/images after the scan. "No problem," said the official, who looked about 22. I was directed to remove my shoes and then enter a booth where, at the instruction of the official, I placed my feet on the patches indicated on the floor. One after the other I struck three rather awkward poses, hands reaching for the sky as if trying save a Beckham free-kick curling its way first into the top right corner, and then the top left corner. The whole procedure took a minute at most and it was with some curiosity that I skipped round to the back of the booth to where a technician was reviewing my scan behind a small curtain. Well. There's no polite way of putting this. There I was, on screen, absolutely butt-naked. Everything - and I mean everything - was on display in more detail than I care to recall. I'm really not the bashful type - one of the many strange side-effects of an English public school education - but it was, to say the least, a decidedly odd sensation to find myself standing next to a complete stranger reviewing my naked form on screen. I did think (before I saw them!) of taking my pictures away on a pen-drive to show you all, but you'll be delighted to hear that wasn't possible - not that they were in the least bit publishable in a family newspaper. The scan is voluntary and the British Airports Authority say they are only 'testing' out the equipment, but to be honest if the revealing nature of the pictures becomes common knowledge, I can't imagine many people volunteering. I can see the machine could be used as a less intrusive way of strip-searching people - but I think I'm right in saying that there has to be "reasonable grounds" for a strip search. But if this scanning thing becomes routine, my guess there would be a revolution. Westerners might - just - put up with it in certain circumstances, but for travellers from Asian countries, for example, where the culture is far more modest, it would simply just be unacceptable. from TheInquirer.net, 2007-Oct-2, by Nick Farrell: UK coppers empowered to demand your encryption keys All you data is now belong to the plod FROM today it is a crime to refuse to decrypt data for coppers investigating a crime. Under part three, Section 49 of the Regulation of Investigatory Powers Act (RIPA) if Inspector Knacker of the Yard knocks on your door and wants to have a snuffle on your hard drive and finds a blob of encrypted code he can make you decode it. If you refuse, and the copper is investigating acts of terrorism, you could be eating five years of porridge at her Majesty's Pleasure. If it just happens to be an ordinary crime that the copper is investigating you could be up for two years jailtime. There are a few loopholes. The data must be stored on a UK server or a Johnny Foreigner server which happens to be in the country, perhaps soaking up a bit of sun. If foreign data is passing down down the Interent, the coppers are not allowed to intercept it. The main problem is not that the law forces people to decrypt stuff, but rather the coppers have the right to demand encryption keys if their investigation requires it. This could really put the wind up all the financial institutions. International bankers would be unlikely to want to bring master keys to Blighty if they could be seized as part of legitimate police operations. One bent copper means they could lose shedloads of cash. The Home Office claims that not only will the law help catch terrorists and criminals so hard they can bounce bullets off their chests, it will also help catch pedophiles. However if you are a pedophile and you have shedloads of encrypted nastiness on your hard drive it would be better to do two years in chokey and be done under a computer crime rather than a sex offence. from the Associated Press via ap.google.com, 2007-Sep-3, by Amy Lorentzen: Edwards Backs Mandatory Preventive Care TIPTON, Iowa — Democratic presidential hopeful John Edwards said on Sunday that his universal health care proposal would require that Americans go to the doctor for preventive care. "It requires that everybody be covered. It requires that everybody get preventive care," he told a crowd sitting in lawn chairs in front of the Cedar County Courthouse. "If you are going to be in the system, you can't choose not to go to the doctor for 20 years. You have to go in and be checked and make sure that you are OK." He noted, for example, that women would be required to have regular mammograms in an effort to find and treat "the first trace of problem." Edwards and his wife, Elizabeth, announced earlier this year that her breast cancer had returned and spread. Edwards said his mandatory health care plan would cover preventive, chronic and long-term health care. The plan would include mental health care as well as dental and vision coverage for all Americans. "The whole idea is a continuum of care, basically from birth to death," he said. The former North Carolina senator said all presidential candidates talking about health care "ought to be asked one question: Does your plan cover every single American?" "Because if it doesn't they should be made to explain what child, what woman, what man in America is not worthy of health care," he said. "Because in my view, everybody is worth health care." Edwards said his plan would cost up to $120 billion a year, a cost he proposes covering by ending President Bush's tax cuts to people who make more than $200,000 per year. Edwards, who has been criticized by some for calling on Americans to be willing to give up their SUVs while driving one, acknowledged Sunday that he owns a Ford Escape hybrid SUV, purchased within the year, and a Chrysler Pacifica, which he said he has had for years. "I think all of us have to move, have to make progress," he said. "I'm not holier- than-thou about this. ... I'm like a lot of Americans, I see how serious this issue is and I want to address it myself and I want to help lead the nation in the right direction." He said he would not buy another SUV in the future. The Ford Escape, the first hybrid SUV on the market, gets an estimated 36 mpg in the city and 31 mpg on the highway. from Gun Owners of America, 2007-Apr-26: Congressional Leaders Moving To Pass Gun Control Without A Vote! McCarthy bill would treat gun owners even worse than terrorists Gun Owners of America E-Mail Alert 8001 Forbes Place, Suite 102, Springfield, VA 22151 Phone: 703-321-8585 / FAX: 703-321-8408 http://www.gunowners.org/ordergoamem.htm "Another gun rights group, the Gun Owners of America, is adamantly opposed to the [McCarthy-Dingell] legislation. It said the measure would allow the government to trample privacy rights by compiling reams of personal information and potentially bar mentally stable people from buying guns." -- Associated Press, April 24, 2007 Thursday, April 26, 2007 This is going to be a knock-down, drag-out fight. GOA continues to stand alone in the trenches, defending the rights of gun owners around the country. It's not going to be easy. Gun control supporters want to pass gun control within the next couple of weeks. And that's why, even if you took action earlier this week, you need to do so once again. All the gun haters (who have been keeping silent for a while) are now coming out of the closet and into the open. Take the notoriously anti-gun senator from New York -- Chuck Schumer. He has been very, very excited this week. Recent events have given him a platform, and the excuse, to push legislation that he had sponsored years ago -- legislation that never got through Congress. You see, Senator Chuck Schumer has been, in past years, the Senate sponsor of the McCarthy bill (HR 297). And the recent murders at Virginia Tech have given Senator Schumer the pretext he has been looking for. Appearing on the Bill O'Reilly show earlier this week, Schumer did his best to make a reasonable- sounding pitch for more gun control. He told O'Reilly on Monday that while he and Rep. McCarthy had previously worked together on this legislation, he now wants Congress to take up HR 297 quickly. "The Brady Law is a reasonable limitation," Schumer said. "Some might disagree with me, but I think certain kinds of licensing and registration is a reasonable limitation. We do it for cars." Get the picture? First, he wants the Brady Law strengthened with the McCarthy- Dingell-Schumer legislation. Then it's off to pass more gun control -- treating guns like cars, where all gun owners are licensed and where bureaucrats will have a wonderful confiscation list. In the O'Reilly interview, Schumer showed his hand when he revealed the strategy for this bill. Because it could become such a hot potato -- thanks to your efforts -- Senator Schumer is pushing to get this bill passed by Unanimous Consent in the Senate, which basically means that the bill would get passed WITHOUT A VOTE. This is a perfect way to pass gun control without anyone getting blamed... or so they think. We need to tell every Senator that if this bill passes without a vote, then we hold ALL OF THEM responsible. (Be looking for a future GOA alert aimed at your Senators.) On the House side, the Associated Press reported this past Monday that "House Democratic leaders are working with the National Rifle Association to bolster existing laws blocking" certain prohibited persons from buying guns. Of course, there are at least three problems with this approach: 1. It's morally and constitutionally wrong to require law-abiding citizens to first prove their innocence to the government before they can exercise their rights -- whether it's Second Amendment rights, First Amendment rights, or any other right. Doing that gives bureaucrats the opportunity to abuse their power and illegitimately prevent honest gun owners from buying guns. 2. Bureaucrats have already used the Brady Law to illegitimately deny the Second Amendment rights of innocent Americans. Americans have been prevented from buying guns because of outstanding traffic tickets, because of errors, because the NICS computer system has crashed -- and don't forget returning veterans because of combat-related stress. You give an anti-gun bureaucrat an inch, he'll take a mile -- which we have already seen as GOA has documented numerous instances of the abuses mentioned above. 3. Finally, all the background checks in the world will NOT stop bad guys from getting firearms. As we mentioned in the previous alert, severe restrictions in Washington, DC, England, Canada, Germany and other places have not stopped evil people from using guns to commit murder. (Correction: In our previous alert, we incorrectly identified Ireland as the location of the infamous schoolyard massacre. In fact, it took place in Dunblane, Scotland in 1996 -- a country which at the time had even more stringent laws than we have here.) McCARTHY BILL TREATING GUN OWNERS WORSE THAN TERRORISTS HR 297 would require the states to turn over mountains of personal data (on people like you) to the FBI -- any information which according to the Attorney General, in his or her unilateral discretion, would be useful in ascertaining who is or is not a "prohibited person." Liberal support for this bill points out an interesting hypocrisy in their loyalties: For six years, congressional Democrats have complained about the Bush administration's efforts to obtain personal information on suspected terrorists WITHOUT A COURT ORDER. And yet, this bill would allow the FBI to obtain massive amounts of information -- information which dwarfs any records obtained from warrantless searches (or wiretaps) that have been conducted by the Bush Administration on known or suspected terrorists operating in the country. In fact, HR 297 would allow the FBI to get this information on honest Americans (like you) even though the required data is much more private and personal than any information obtained thus far by the Bush administration on terrorists. And all of these personal records would be obtained by the FBI with no warrant or judicial or Congressional oversight whatsoever!!! Get the picture? Spying on terrorists is bad... but spying on honest gun owners is good. After all, this horrific intrusion on the private lives of all Americans is presumed to be "okay" because it's only being used to bash guns, not to go after terrorists and criminals who are trying to kill us. As indicated in earlier alerts, this information could include your medical, psychological, financial, education, employment, traffic, state tax records and more. We don't even know the full extent of what could be included because HR 297 -- which can be viewed at http://thomas.loc.gov by typing in the bill number -- is so open-ended. It requires states to provide the NICS system with ALL RECORDS that the Attorney General believes will help the FBI determine who is and who is not a prohibited person. Certainly, an anti-gun AG like would want as many types of records in the system as possible. The provision that would probably lead to the greatest number of 'fishing expeditions' is that related to illegal aliens. Federal law prohibits illegal aliens from owning guns. The bill requires all "relevant" data related to who is in this country illegally. But what records pertaining to illegal aliens from the states would be relevant? Perhaps a better question would be, what records are not relevant? ACTION: 1. Please take a moment to communicate your opposition to HR 297 -- even if you already sent your Representative a note earlier this week. We have provided a new letter (below) which provides updated information relating to the battle we are fighting. House leaders are talking about bringing up this bill soon. And Sen. Schumer (in his interview with O'Reilly) even hinted at the fact that the bill could come up WITHOUT the ability to offer pro-gun amendments -- such as a repeal of the DC gun ban or reciprocity for concealed carry holders -- provisions that could potentially serve as killer amendments. Also -- oh yeah, this is going to upset you -- Senator Schumer told O'Reilly, "I got to tell you, a lot of NRA people, they support this." Can you believe that? Senator Schumer is claiming to speak for you! That's why it's so important that you once again tell your congressman that Schumer is wrong... that you're a supporter of gun rights who OPPOSES the anti-gun McCarthy-Dingell bill. 2. Please circulate this e-mail and forward it to as many gun owners as you can. CONTACT INFORMATION: You can visit the Gun Owners Legislative Action Center at http://www.gunowners.org/activism.htm to send your Representative the pre-written e-mail message below. And, you can call your Representative toll- free at 1-877-762-8762. ----- Pre-written letter ----- Dear Representative: As a supporter of Second Amendment rights, I do NOT support HR 297, the NICS Improvement Act. I hope that you will OPPOSE this bill and urge your party leadership to either kill it outright or to allow other pro-gun amendments to be offered (repeal of the DC gun ban, reciprocity for concealed carry holders, etc.). In its current form, HR 297 will treat gun owners even worse than terrorists, giving the FBI a mountain of private information on law-abiding Americans like me. How is it that, despite all the criticism over the Bush administration's attempts to obtain personal information on suspected terrorists without a court order, this bill would allow the FBI to obtain massive amounts of information on ME -- information which dwarfs any warrantless searches (or wiretaps) that have been conducted by the Bush Administration on known or suspected terrorists operating in the country. And all of this personal information would be obtained by the FBI with no warrant or judicial or Congressional oversight whatsoever!!! How is it that spying on terrorists is bad, but spying on honest gun owners is good? Again, I hope that you will oppose HR 297. Gun Owners of America will continue to keep me informed on the progress of this bill. Thank you. Sincerely,

**************************** Streaming Video Update It's an ongoing process of getting permissions, obtaining source discs, and formatting files, but we are continuing to post videos of GOA spokesmen on television as they become available. Please stop by our streaming video section at http://www.gunowners.org/svtb.htm to see what's new this week. from CNET News.com via USA Today, 2007-Jun-1, by Elinor Mills: Google's street-level maps raising privacy concerns SAN JOSE, Calif. — Kevin Bankston, staff attorney at the Electronic Frontier Foundation, was surprised to see his face in a street-level image on a now defunct online map a few years ago. Worse, he was photographed smoking outside the EFF offices in San Francisco, and he had been trying to hide his habit from his family. That's a relatively benign incident, but it illustrates how easy it is for the technology to threaten an individual's privacy, Bankston said at the Where 2.0 conference here, where Google on Tuesday announced its new street-level map view. Google's feature allows users viewing San Francisco to zoom in close enough to read street signs and even see inside front windows. "It is irresponsible for Google to debut a product like this without also debuting technological measures that would obscure the identities of people photographed by this product," he said. "If the Google van happened by your house at the right moment it could even capture you in an embarrassing state of undress, as you close your blinds, for example." Personal indiscretions aside, the larger concern is for people entering and leaving places like domestic violence shelters, Alcoholics Anonymous meetings, fertility clinics and controversial religious or political events, Bankston said. The Google map feature offers a way to request the removal of photos and will take down identifiable images if a person requests. "Street View only features imagery taken on public property. This imagery is no different from what any person can readily capture or see walking down the street," a Google spokeswoman said in a statement. "We provide easily accessible tools for flagging inappropriate or sensitive imagery for review and removal...We routinely review takedown requests and act quickly to remove objectionable imagery." However, removing images of people after the fact doesn't entirely solve the problem, Bankston said. "That is of limited use if you don't know the image is on the site and by the time you find out, whatever privacy harm may already have occurred," he said. Google removed photos of women's shelters before launching the feature, said Cindy Southworth, director of technology at the Washington, D.C.-based National Network to End Domestic Violence, which is the umbrella group for state shelters. "We don't want to call attention to the shelters," Southworth said. "We would rather it look like a choppy horizon line as you pan by. Our hope is that other companies will do a similar thing and reach out to us in advance." Removing the shelters from the map greatly diminishes the privacy threat to battered women, said Ashley Tan, volunteer coordinator at Woman Inc., a San Francisco-based 24-hour domestic violence crisis line. However, there is still a slim chance a stalker could see a victim's whereabouts. "If someone is obsessed with their victim it could be used as another tool, and it will be something we have to consider in safety planning," Tan said. The block view that Amazon.com's A9 map showed is gone, along with A9 maps in general. One of those maps outed Bankston as a smoker. Microsoft offers a bird's-eye view on its maps that doesn't show faces and other ground-level details. The company does have a preview of a street-level technology in San Francisco and Seattle, but it won't likely be launching that product publicly and is, in fact, looking at ways to obscure identifiable images like faces and license plates, according to several Microsoft executives. "I don't think you'll ever see us do what Google is doing," said Erik Jorgensen, general manager for search and mapping at Microsoft. Such up-close imagery on maps might make sense for applications related to travel and real estate, but users don't need and don't necessarily want a picture-perfect world on the map, he said. "The feedback we got was that people like visuals as cues integrated into driving directions," rather than the "exploratory mode" that street-level offers, he said. AOL's MapQuest offers only a satellite aerial view. Yahoo hasn't gone I-Spy on its maps either, and it doesn't sound like it will. "It's a different approach to developing applications. Google puts out the technology and it's not clear what the use-case is," said Jeremy Kreitler, director of product management at Yahoo Maps. "Now that (map images) can see in your windows and not just your roof, there are privacy concerns." As technology gets more advanced it gets harder for individuals to remain invisible, said Greg Sterling, online maps expert and founder of consultancy Sterling Market Intelligence. "In this world of ubiquitous imagery it's hard to avoid privacy issues," he said. "Relatively speaking, privacy has been eroded by all this readily discoverable information." from the Times of London, 2007-Jun-2, by Rhys Blakely: Information hidden in iTunes music files sparks privacy fears Fresh privacy fears have been sparked after it emerged that Apple has embedded personal details into music files bought from its iTunes music store. Technology websites examining iTunes products discovered that personal data, including the names and e-mail addresses of purchasers, are inserted into the AAC files that Apple uses to distribute music tracks. The information is also included in tracks sold under Apple's iTunes Plus system, launched this week, where users pay a premium for music that is free from the controversial digital rights management (DRM) intended to protect against piracy. The Electronic Freedom Foundation, the online consumer rights group, added that it had identified a large amount of additional unaccounted-for information in iTunes files. The foundation said it was possible that the data could be used to “watermark” tracks so that the original purchaser could be tracked down if a track appeared on a file-sharing network, although experts said that it would be relatively easy to “spoof” such data. Ars Technica, one of the first websites to unveil the hidden information, said: “Everyone should be aware that while DRM-free files may lift a lot of restrictions on our personal usage habits, it doesn't mean we can just start sharing the love, so to speak. Sharer beware.” An Apple spokeswoman was unable to comment. The discovery of the data, of which most iTunes users will have been unaware, underscores the reluctance of music groups to allow music to circulate freely over the web. With estimates suggesting that 40 tracks are digitally boot-legged for every legally down-loaded track, piracy remains a massive problem for the industry and music groups have largely proven reluctant to withdraw the controversial DRM technologies. Apple had sought to present itself as a consumer champion, with the group's chief executive, Steve Jobs, insisting earlier this year that his company would drop DRM “in a heartbeat” if allowed to by the labels. Previously, Apple's DRM system had been criticised by European regulators for being anticompetitive because it allowed tracks to be played only on Apple's iPod music players. Apple's iTunes Plus service offers DRM-free music of a higher quality than standard iTunes tracks for 99p a song, compared with 79p for a standard track. Users who opt to pay extra for iTunes Plus tracks will be able to play the music without limitations on the type of music player or number of computers that purchased songs can be played on. The discovery comes amid fears of a creeping culture of consumer surveillance by technology companies. Google also gave rise to fears yesterday when it unveiled thousands of street-level photographs of major American cities as part of its online maps service. Within hours, bloggers picked out images of people, their faces visible, being arrested, sunbathing and urinating in public. from CNET News.com, 2007-Feb-7, by Declan McCullagh: Senator to propose surveillance of illegal images Proposal from Sen. John McCain would force Internet providers to report illegal images, even "cartoons." A forthcoming bill in the U.S. Senate lays the groundwork for a national database of illegal images that Internet service providers would use to automatically flag and report suspicious content to police. The proposal, which Sen. John McCain is planning to introduce on Wednesday, also would require ISPs and perhaps some Web sites to alert the government of any illegal images of real or "cartoon" minors. Failure to do would be punished by criminal penalties including fines of up to $300,000. The Arizona Republican claims that his proposal, a draft of which was obtained by CNET News.com, will aid in investigations of child pornographers. It will "enhance the current system for Internet service providers to report online child pornography on their systems, making the failure to report child pornography a federal crime," a statement from his office said. To announce his proposal, McCain has scheduled an afternoon press conference on Capitol Hill with Sen. Chuck Schumer, a New York Democrat; John Walsh, host of America's Most Wanted; and Lauren Nelson, who holds the title of Miss America 2007. Civil libertarians worry that the proposed legislation goes too far and could impose unreasonable burdens on anyone subject to the new regulations. And Internet companies worry about the compliance costs and argue that an existing law that requires reporting of illicit images is sufficient. The Securing Adolescents from Exploitation-Online Act (PDF) states ISPs that obtain "actual knowledge" of illegal images must make an exhaustive report including the date, time, offending content, any personal information about the user, and his Internet Protocol address. That report is sent to local or federal police by way of the National Center for Missing and Exploited Children. The center received $32.6 million in tax dollars in 2005, according to its financial disclosure documents. Afterward, the center is authorized to compile that information into a form that can be sent back to ISPs and used to assemble a database of "unique identification numbers generated from the data contained in the image file." That could be a unique ID created by a hash function, which yields something akin to a digital fingerprint of a file. Details on how the system would work are missing from McCain's legislation and are left to the center and ISPs. But one method would include ISPs automatically scanning e-mail and attachments and flagging any matches. The so-called SAFE Act is revised from an earlier version (PDF) that McCain introduced in December. Instead of specifying that all commercial Web sites and personal blogs must report illegal images, the requirement has been narrowed. Now, anyone offering a "service which provides to users thereof the ability to send or receive wire or electronic communications" must comply. Most courts have interpreted that language to apply only to ISPs. But it could be interpreted as sweeping in instant messaging providers and Web-based e-mail systems like Microsoft's Hotmail and Yahoo Mail. A 9th U.S. Circuit Court of Appeals opinion that dealt with an airline reservation system, for instance, concluded that "American, through Sabre, is a provider of wire or electronic communication service." The list of offenses that must be reported includes child exploitation, selling a minor for sexual purposes and using "misleading" domain names to trick someone into viewing illegal material. It also covers obscene images of minors including ones in a "drawing, cartoon, sculpture, or painting." (The language warns that it is not necessary "that the minor depicted actually exist.") ISPs are already required under federal law to report child pornography sightings. Current law includes fines of up to $300,000 but no criminal liability. Another section of the draft bill says that anyone convicted of certain child exploitation-related offenses who also used the "Internet to commit the violation" will get an extra 10 years in prison. That would dramatically raise sentences for a whole swath of crimes that do not involve adults having sex with minors. The Justice Department, for instance, indicted an Alabama man in November on child pornography charges because he took modeling photographs of clothed minors with their parents' consent and posted them online. The images were overly "provocative" and therefore illegal, a federal prosecutor asserted. Marv Johnson, a legislative counsel with the American Civil Liberties Union, said the extra 10 years in prison was an odd requirement because the Internet is not inherently dangerous like a firearm. Rather, he said, the bill proposes to punish someone for using a perfectly legal item or service in an illegal way. "It would be like punishing someone additionally for driving a car in the commission of an offense," Johnson said. The proposed SAFE Act is not related to the 2003 SAFE Act, which stood for Security and Freedom Ensured Act, the 1997 SAFE Act, which stood for Security and Freedom Through Encryption, or the 1998 SAFE Act, which stood for Safety Advancement for Employees. March 30, 2007 Confirmed: The U.S. Census Bureau Gave Up Names of Japanese-Americans in WW II Government documents show that the agency handed over names and addresses to the Secret Service Despite decades of denials, government records confirm that the U.S. Census Bureau provided the U.S. Secret Service with names and addresses of Japanese-Americans during World War II. The Census Bureau surveys the population every decade with detailed questionnaires but is barred by law from revealing data that could be linked to specific individuals. The Second War Powers Act of 1942 temporarily repealed that protection to assist in the roundup of Japanese-Americans for imprisonment in internment camps in California and six other states during the war. The Bureau previously has acknowledged that it provided neighborhood information on Japanese-Americans for that purpose, but it has maintained that it never provided "microdata," meaning names and specific information about them, to other agencies. A new study of U.S. Department of Commerce documents now shows that the Census Bureau complied with an August 4, 1943, request by Treasury Secretary Henry Morgenthau for the names and locations of all people of Japanese ancestry in the Washington, D.C., area, according to historian Margo Anderson of the University of Wisconsin–Milwaukee and statistician William Seltzer of Fordham University in . The records, however, do not indicate that the Bureau was asked for or divulged such information for Japanese-Americans in other parts of the country. Anderson and Seltzer discovered in 2000 that the Census Bureau released block-by-block data during WW II that alerted officials to neighborhoods in California, Arizona, Wyoming, Colorado, Utah, Idaho and Arkansas where Japanese-Americans were living. "We had suggestive but not very conclusive evidence that they had also provided microdata for surveillance," Anderson says. The Census Bureau had no records of such action, so the researchers turned to the records of the chief clerk of the Commerce Department, which received and had the authority to authorize interagency requests for census data under the Second War Powers Act. Anderson and Seltzer discovered copies of a memo from the secretary of the treasury (of which the Secret Service is part) to the secretary of commerce (who oversees the Census Bureau) requesting the data, and memos documenting that the Bureau had provided it [see image below]. The memos from the Bureau bear the initials "JC," which the researchers identified as those of then-director, J.C. Capt. "What it suggests is that the statistical information was used at the microlevel for surveillance of civilian populations," Anderson says. She adds that she and Seltzer are reviewing Secret Service records to try to determine whether anyone on the list was actually under surveillance, which is still unclear. "The [new] evidence is convincing," says Kenneth Prewitt, Census Bureau director from 1998 to 2000 and now a professor of public policy at Columbia University, who issued a public apology in 2000 for the Bureau's release of neighborhood data during the war. "At the time, available evidence (and Bureau lore) held that there had been no … release of microdata," he says. "That can no longer be said." The newly revealed documents show that census officials released the information just seven days after it was requested. Given the red tape for which bureaucracies are famous, "it leads us to believe this was a well-established path," Seltzer says, meaning such disclosure may have occurred repeatedly between March 1942, when legal protection of confidentiality was suspended, and the August 1943 request. Anderson says that microdata would have been useful for what officials called the "mopping up" of potential Japanese-Americans who had eluded internment. The researchers turned up references to five subsequent disclosure requests made by law enforcement or surveillance agencies, including the Federal Bureau of Investigation, none of which dealt with Japanese-Americans. Lawmakers restored the confidentiality of census data in 1947. from the New York Times, 2007-Mar-9, by David Johnston and Eric Lipton: Justice Department Says F.B.I. Misused Patriot Act WASHINGTON — The F.B.I. has improperly used provisions of the USA Patriot Act to obtain thousands of telephone, business and financial records without prior judicial approval, the Justice Department's inspector general said today in a report that embarrassed the F.B.I. and ignited outrage on Capitol Hill. The report found that the bureau lacked sufficient controls to make sure that its agents were acting properly when they obtained records using administrative subpoenas, which do not require a judge's prior approval. And the report found that the bureau does not follow some of the rules it does have on the matter. Robert S. Mueller III, the director of the Federal Bureau of Investigation, called a news conference today to accept responsibility for the lapses, and to pledge his best efforts to see that they are not repeated. “How could this happen?” Mr. Mueller asked rhetorically. “Who is to be held accountable? And the answer to that is, I am to be held accountable.” Under the USA Patriot Act, the bureau has issued more than 20,000 demands for information known as national security letters. The report concluded that the program lacks effective management, monitoring, and reporting procedures. The report is available on the Department of Justice's web site. Mr. Mueller noted that the report attributes the lapses to procedural errors rather than malicious intent; that the actual number of abuses was relatively small; that it appeared that no individual or business was harmed; and that the mistakes were committed in the tension-filled atmosphere of the post-Sept. 11 world. Nevertheless, Mr. Mueller said, the abuses were serious because they infringed, at least potentially, on privacy rights that Americans cherish. The director said he welcomed Congress's ideas on how to avoid similar mistakes in the future, and acknowledged Congress's proper “trust but verify” posture. Still, the report touched off a bipartisan storm in the Capitol. “This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized,” said Senator Arlen Specter of Pennsylvania, the top Republican on the Senate Judiciary Committee. Senator Russell D. Feingold, Democrat of Wisconsin and a member of the judiciary panel, said the report demonstrates that “ `trust us' doesn't cut it.” Mr. Mueller said in response to a reporter's question that he had no intention of resigning his post. Details of the inspector general's report emerged on Thursday, a day ahead of its formal publication, as Attorney General Alberto R. Gonzales and other officials struggled to tamp down a Congressional uproar over another issue, the ouster of eight United States attorneys. Mr. Gonzales told Democratic and Republican senators that the Justice Department would drop its opposition to a change in a one-year-old rule for replacing federal prosecutors, senators and Justice Department officials said. Mr. Gonzales offered the concession at a private meeting on Capitol Hill with members of the Senate Judiciary Committee. Mr. Gonzales also agreed to let the panel question Justice Department officials involved in the removals, Congressional aides said. The officials would testify voluntarily without subpoena. Mr. Gonzales's willingness to give in to Senate demands appeared to underscore how the Justice Department had been put on the defensive by the criticism over the prosecutors' ousters. The use of national security letters since the September 2001 attacks has been a hotly debated domestic intelligence issue. They were once used only in espionage and terrorism cases, and then only against people suspected as agents of a foreign power. With the passage of the Patriot Act, their use was greatly expanded and was allowed against Americans who were subjects of any investigation. The law also allowed other agencies like the Homeland Security Department to issue the letters. The letters have proved contentious in part because unlike search warrants, they are issued without prior judicial approval and require only the approval of the agent in charge of a local F.B.I. office. A Supreme Court ruling in 2004 forced revisions of the Patriot Act to permit greater judicial review, without requiring advance authorization. As problems for the Justice Department appeared to be piling up, criticism of Mr. Gonzales seemed to grow more biting as Republicans senators complained about Mr. Gonzales, some because of a letter in USA Today in which he said he had lost confidence in the ousted prosecutors and regarded the question an “overblown personnel matter.” Senator Arlen Specter of Pennsylvania, senior Republican on the judiciary panel, said in a telephone interview that those comments were “extraordinarily insensitive” and that the prosecutors were “professionals who are going to have a cloud over them which could last a lifetime.” “I have been trying to hold down the rhetoric and try to deal with this on a factual and analytical basis, and his letter was volcanic,” Mr. Specter said. “We don't need that,” he added. Earlier at the Judiciary Committee business meeting, Mr. Specter also had harsh words for Mr. Gonzales, saying, “One day, there will be a new attorney general, maybe sooner rather than later.” Mr. Specter said later his remark did not indicate that Mr. Gonzales had any intention of stepping down. Other Republican senators expressed strong criticism of the removals and handling by Mr. Gonzales's aides. Senator John Ensign, Republican of Nevada, was quoted by The Las Vegas Review-Journal as saying the prosecutors' removals had “been completely mishandled.” The United States attorney in Nevada, Daniel G. Bogden, was one of the eight dismissed without explanation until he was told by a senior Justice Department officials that he was being replaced to make room for other appointees. Mr. Ensign said the department fired Mr. Bogden over his objections. Mr. Ensign said last month that he was told that the change was for “performance reasons,” but said he was surprised when a Justice Department official testified at a House hearing on Tuesday that Mr. Bogden's performance had no serious lapses. Even staunch Republican defenders of the department expressed criticism. One ally was Senator Jon Kyl of Arizona, where Paul K. Charlton was among those dismissed. “Some people's reputations are going to suffer needlessly,” Mr. Kyl said. “Hopefully, we can get to the point where we say, `These people did a great job.”` The withdrawal of objections to changing the rules for the prosecutors appears to assure passage of a measure to restore rules changed last March, when the attorney general was given authority to appoint replacement United States attorneys indefinitely, several senators said. “The administration has withdrawn its objections to my legislation,” the sponsor of the bill, Senator Dianne Feinstein, Democrat of California, said. She was one of the senators who met with Mr. Gonzales. Others were Mr. Specter, Charles E. Schumer, Democrat of New York, and Patrick J. Leahy of Vermont, the chairman of the Judiciary Committee. Ms. Feinstein said: “My concerns have been that the firing of people with strong performance reviews all at one time, a number of whom were involved in corruption cases, sends an adverse signal to the rest of the U.S. attorneys, as well as to the general public. They may be hired by the president, but they serve the people and they should not be subjected to political pressure.” The bill would let the attorney general appoint a temporary replacement for 120 days. If the Senate confirms no one after that time, the appointment of an interim United States attorney would be left to a federal district judge. Brian Roehrkasse, a Justice Department spokesman, said Thursday night: “The department stands by the decision to remove the U.S. attorneys. As we have acknowledged in hindsight, we should have provided the U.S. attorneys with specific reasons that led to their dismissal that would have help to avoid the rampant misinformation and wild speculation that currently exits.” from the San Francisco Chronicle, 2007-Mar-15, p.C3, by Verne Kopytoff: Google to tighten its rules to shield search requests Data won't hold identifying links after 18-24 months In a nod to privacy advocates, Google Inc. said Wednesday that it is adopting a new policy so that it's harder to link users to what they search for online. Under the plan, the Mountain View Internet company will shroud the information it collects about users in anonymity, eliminating a potential treasure trove of evidence for government search warrants and subpoenas. By the end of the year, Google expects to purge important identifying information on its computer servers about the sources of virtually all search queries after 18 to 24 months. Subsequently, the company will have access to only partial records, so that no one can trace the queries back to individual users. Google's move is intended to comply with various foreign laws and proposed legislation dictating that Web sites must keep user information for up to two years in case it is needed for legal proceedings. Similar rules are under consideration in the United States. Google is the first major search engine to set a time limit for retention of search information, which can reveal a great deal about an individual such as whether they're sick (as indicated by a number of queries about cancer) and political affiliation (demonstrated by searches for certain blogs). Until now, the company kept search logs indefinitely, raising criticism that the data could be misused by Google, law enforcement or marketers. Google said the changes are in response to feedback from privacy groups and government agencies, including the Norwegian Data Protection Authority, which raised concerns about Google's existing practices. The new policy, Google said, provides more transparency to users about data retention and better protects their privacy. Kurt Opsahl, an attorney for the Electronic Frontier Foundation, a digital rights group, gave measured praise to Google's decision, calling it a step in the right direction. He asked that Google similarly purge information collected about users of its other products, such as YouTube. Retention of search records emerged as a hot-button issue last year after a demand by the Justice Department that several Web sites turn over query data became public. Yahoo Inc., Time Warner's AOL and Microsoft Corp. handed over the information, to the consternation of many privacy advocates, but Google fought the request in court and ultimately got the amount it had to provide reduced. Separately, AOL made a high-profile blunder by posting 19 million search queries online as part of a research project. Ostensibly anonymous, the information was used to identify some of the users responsible for the queries, prompting a public apology by the Web site and a series of resignations. "By taking some technical measures to anonymize this data, there is an extra layer of protection," Opsahl said. "You can't disclose what you don't have." As part of the new policy, Google will erase eight of the bits that make up an Internet Protocol address, known commonly as an IP address, that identifies the computer used to make a search query. It will also make cookies -- the small files that help track user visits to specific Web sites and preferences -- anonymous. After the plan is implemented, Google intends to keep the partial records and associated search query terms, explaining that the information will help the company improve its services and help detect fraud. from TheInquirer.net, 2007-Mar-8: Windows piracy hunt tool phones home if aborted Windows Genuine Annoyance HAVING RUN SOME TESTS, hacks at German wire Heise revealed that Microsoft's updated Windows Genuine Advantage Notification phones home when the installation is aborted. The user is not notified of the communication, but Microsoft claims it is useful for it to know when an installation is cancelled. Using network sniffer Wireshark the hacks say they also detected the software logging those not signing up to Windows update. It says data transmitted may contain enough information to identify individual computers Microsoft told Heise it collected the data to improve the quality of the WGA for users. It was useful, the spokesman said to know if a user had cancelled setup. The spokesVole said the user is not identified. No explanation was forthcoming as to why the software does not tell the user what it is telling Microsoft, much less ask permission to do so. from CNET News.com, 2006-Dec-1, by Declan McCullagh: FBI taps cell phone mic as eavesdropping tool The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years. The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call." Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.) "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added. FBI's physical bugs discovered The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged. But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible. That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded. Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware. One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone. "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by." But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver. In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted. A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down." For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate." Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible." A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment. Mobsters: The surveillance vanguard This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters. In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data. So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible. This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance." from the Privacy Forum, 2006-Dec-3, from Lauren Weinstein: How to Tell If Your Cell Phone is Bugged Greetings. A story is making the rounds right now regarding FBI use of cell phones as remote bugs (e.g. http://news.com.com/2100-1029-6140191.html [seen above -AMPP Ed.]). I originally wrote about this concept in my PRIVACY Forum in 1999 ("Cell Phones Become Instant Bugs!" - http://www.vortex.com/privacy/priv.08.11 ) so the issue is real, but we still need to bring the current saga back down to earth. This discussion doesn't only relate to "legal" bugs but also to the use of such techniques by illegal clandestine operations, and applies to physically unmodified cell phones (not phones that might have had separate, specialized bugs physically installed within them by third parties). There is no magic in cell phones. From a transmitting standpoint, they are either on or off. It is true that many phones have an alarm feature that permits them to "wake up" from their usual "off" state. However, this is not a universal functionality, even in advanced phones such as PDA cell phones, which now often have a "totally off" mode available as well. It is also true that some phones can be remotely programmed by the carrier to mask or otherwise change their display and other behaviors in ways that could be used to fool the unwary user. However, this level of remote programmability is another feature that is not universal, though most modern cell phones can be easily programmed with the correct tools if you have physical access to the phones, even briefly. But remember -- no magic! When cell phones are transmitting -- even as bugs -- certain things are going to happen every time that the alert phone user can often notice. First, when the phone is operating as a bug, regular calls can't be taking place in almost all cases. A well designed bug program could try to minimize the obviousness of this by quickly dropping the bug call if the phone owner tried to make an outgoing call, or drop the bug connection if an incoming call tried to ring through. But if the bug is up and running, that's the only transmission path that is available on the phone at that time for the vast majority of currently deployed phones. Some very new "3G" phones technically have the capability of running a separate data channel -- in which voice over IP data could be simultaneously transmitted along with the primary call. But this is pretty bleeding-edge stuff for now, and not an issue for the vast majority of current phones. Of course, if a cell phone is being used as a remote bug, the odds are that the routine conversations through that phone are also being monitored, right? So this "one call at a time" aspect isn't as much of a limitation to bugging as might otherwise be expected. Want to make sure that your phone is really off? Taking out the battery is a really good bet. Don't worry about the stories of hidden batteries that supposedly can be activated remotely or with special codes. The concept makes no sense in general, and there just isn't room in modern cell phones for additional batteries that could supply more than a tiny bit of added power, if any. But if your battery seems to be running out of juice far too early (despite what the battery status display might claim), that might be an indication that your phone is being used to transmit behind your back (or it might be a worn out battery and a typically inaccurate battery status display). Another clue that a phone may have been transmitting without your permission is if it seems unexpectedly warm. You've probably noticed how most cell phones heat up, especially on longer calls. This is normal, but if you haven't been on any calls for a while and your cell phone is warm as if long calls were in progress, you have another red flag indication of something odd perhaps going on. Finally, if you use a GSM phone (like the vast majority of phones around the world, including Cingular and T-Mobile in the U.S.) you have another virtually fullproof way to know if you phone is secretly transmitting. You've probably noticed the "buzzing" interference that these phones tend to make in nearby speakers when calls or data transmissions are in progress. A certain amount of periodic routine communications between cell phones and the networks will occur while the phones are powered on -- even when calls are not in progress -- so short bursts of buzzing between calls (and when turning the phones on or off) are normal. But if you're not on a call, and you hear a continuing rapid buzz-buzz-buzz in nearby speakers that lasts more than a few seconds and gets louder as you approach with your phone, well, the odds are that your phone is busily transmitting, and bugging is a definite possibility. Note that this particular test is much less reliable with non-GSM phones that use CDMA (e.g. Sprint/Verizon phones), since CDMA's technology is less prone to producing easily audible local interference. This strongly suggests that CDMA phones may be preferred for such bugging operations. The odds of most people being targeted for bugging are quite small. But it's always better to know the technical realities. Don't be paranoid, but be careful. from the Associated Press, 2006-Dec-1: New Rules Make Firms Track E-Mails, IM's If you use e-mail, instant messaging or a BlackBerry at work -- smile! Your company is recording everything you do, thanks to new federal rules that go into effect Friday. According to legal experts, the rules, approved by the Supreme Court in April, require American companies and other entities involved in federal litigation to produce "electronically stored information" as part of the discovery process, when evidence is shared by both sides before a trial. The change makes it more important for companies to know what electronic information they have and where. Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of "virtual shredding," said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. James Wright, director of electronic discovery at Halliburton Co., said that large companies are likely to face higher costs from organizing their data to comply with the rules. In addition to e-mail, companies will need to know about things more difficult to track, like digital photos of work sites on employee cell phones and information on removable memory cards, he said. Both federal and state courts have increasingly been requiring the production of relevant electronic documents during discovery, but the new rules codify the practice, legal experts said. The rules also require that lawyers provide information about where their clients' electronic data is stored and how accessible it is much earlier in a lawsuit than was previously the case. There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, Wright said. That figure could double in 2007, he added. Another expense will likely stem from the additional time lawyers will have to spend reviewing electronic documents before turning them over to the other side. While the amount of data will be narrowed by electronic searches, some high- paid lawyers will still have to sift through casual e-mails about subjects like "office birthday parties in the pantry" in order to find information relevant to a particular case. Martha Dawson, a partner at the Seattle-based law firm of Preston Gates & Ellis LLP who specializes in electronic discovery, said the burden of the new rules won't be that great. Companies will not have to alter how they retain their electronic documents, she said, but will have to do an "inventory of their IT system" in order to know better where the documents are. The new rules also provide better guidance on how electronic evidence is to be handled in federal litigation, including guidelines on how companies can seek exemptions from providing data that isn't "reasonably accessible," she said. This could actually reduce the burden of electronic discovery, she said. from USA Today, 2006-Sep-4, by Kevin McCoy: IRS sends collection agencies calling for back taxes Beginning this week, thousands of Americans who owe taxes to the federal government will start getting phone calls to pay up — from private collection agencies, not the IRS. Despite congressional opposition and criticism from a federal employee union and a taxpayer advisory panel, the IRS is giving three collection agencies information on 12,500 taxpayers who owe less than $25,000 and have not disputed the debt. The IRS has moved to reassure taxpayers about the plan, even outlining steps to guard against potential scam artists posing as private collectors. "We are working hard to protect taxpayer privacy and taxpayer rights," IRS Commissioner Mark Everson said last month announcing the plan. Critics argue that privatizing any part of the IRS' traditional collection role would increase the agency's costs and raise privacy issues, as well as create potential for fraud. "We're continuing to do all we can to shine a light on this program," says Colleen Kelley, president of the National Treasury Employees Union, which represents IRS employees. "When taxpayers hear about what the government is doing, they are outraged." The IRS national taxpayer advocate and the Taxpayer Advocacy Panel, an advisory board chosen by the IRS, have questioned parts of the plan. The House passed a budget bill that, if approved by the Senate, could block the IRS from funding the effort. Kelley's union plans to start contacting senators when Congress reconvenes this week. IRS officials say the plan involves smaller cases that federal agents wouldn't otherwise have time to pursue. The profit potential is large. The collection companies will keep up to 24% of what they recover. That amounts to as much as $336 million of the $1.4 billion the IRS projects the program will recover during the next decade. The IRS chose three firms for the initial cases: The CBE Group of Waterloo, Iowa; Pioneer Credit Recovery of Arcade, N.Y.; and Linebarger Goggan Blair & Sampson, an Austin, Texas, law firm. The IRS says taxpayers targeted by the program will receive written notification from the agency that includes the name of the collection company that will contact them. They will also get a separate letter from the firm. Payment checks should be written to the U.S. Treasury, not to an individual or company, the IRS says. Taxpayers with questions can call 800-829-1040. from the Times of London, 2006-Nov-27, by Lucy Bannerman: Police target dangerous suspects before they can offend Criminal profilers are drawing up a list of the 100 most dangerous murderers and rapists of the future even before they commit such crimes, The Times has learnt. The highly controversial database will be used by police and other agencies to target suspects before they can carry out a serious offence. Pilot projects to identify the highest-risk future offenders have been operating in five London boroughs for the past two months. The Soham murderer Ian Huntley and the serial rapist Richard Baker have been used as examples of the type of man police will identify. However, the database will increase concerns at the growth of official surveillance and anxieties that innocent men are being singled out for offences they have no intention of committing. Experts from the Metropolitan Police’s Homicide Prevention Unit are creating psychological profiles of likely offenders to predict patterns of criminal behaviour. Statements from former partners, information from mental health workers and details of past complaints are being combined to identify the men considered most likely to commit serious violent crimes. The list will draw comparisons with the Hollywood film Minority Report, in which suspects are locked up before they can commit a predicted crime. Laura Richards, a senior criminal psychologist with the Homicide Prevention Unit, told The Times: “My vision is that we know across London who the top 100 people are. We need to know who we are targeting. “It is trying to pick up Ian Huntley before he goes out and commits that murder. Then we have the opportunity to stop something turning into a lethal event.” The team is concentrating on reducing the risk of those with a history of domestic violence turning into murderers. About a quarter of murders are related to domestic violence. “There are some pretty dangerous people out there, so you need these risk models to wheedle them out, separate the wheat from the chaff,” she said. “If you add up all the information, it tells us which people are risky.” Ms Richards said that once an individual had been identified, police would decide whether to make moves towards an arrest, or to alert the relevant social services who could steer those targeted into “management programmes.” The project will be closely watched by the Home Office. However, civil liberties groups and human rights lawyers will be concerned at the plans to intervene in the lives of men before they actually commit a crime. Details of the database emerged after Richard Thomas, the Information Commissioner, said that Britain had “sleepwalked” into a surveillance society. Simon Davies, director of Privacy International, said yesterday: “It is quite right that the police should keep intelligence on suspected criminals, but it is obscene to suggest there should be a ‘crime idol’ list of those who might commit an offence. “The police are systematically moving the boundaries as to where they can exercise their powers. The Minority Report syndrome is pushing the boundary of criminal intervention further into the general community.” There was also concern that the database would be ineffective if the authorities continued to fail to act on the information already available to them. Ray Wyre, a sexual crimes consultant, was supportive of the database but said that it would only work if police acted on the information. “Of course you have to know your enemy, but it is what you do with the data that matters,” he said. from Macworld.co.uk, 2006-Jul-5: Mac OS X Calling Cupertino New Dashboard process contacts Apple servers without user knowledge. Mac users are growing concerned about a new feature within Mac OS X 10.4.7 that contacts servers at Apple HQ on a regular basis. The new Dashboard process is called dashboardadvisory. According to Apple's release notes for 10.4.7, the application contacts Apple's servers for just one purpose--to ensure a user's Dashboard widgets are up-to-date. "You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on [www.apple.com] before installing it," Apple's release notes say, in effect preventing users accidentally downloading less secure widgets. User Discovers Unauthorized Activity The feature was discovered by Daniel Jakult, who uses an application called Little Snitch to check for unauthorized network activity on his machine. He writes: "In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our 'digital house' by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac. Keep me in the loop, Apple. And if I'm not comfortable with it, give me an option (short of Little Snitch) for turning it off. It's my computer, after all." from the Washington Post, 2006-Jun-7, p.A1, by Ann Scott Tyson and Christopher Lee with Ernesto Londoño contributing: Data Theft Affected Most in Military National Security Concerns Raised Social Security numbers and other personal information for as many as 2.2 million U.S. military personnel -- including nearly 80 percent of the active-duty force -- were among the data stolen from the home of a Department of Veterans Affairs analyst last month, federal officials said yesterday, raising concerns about national security as well as identity theft. The department announced that personal data for as many as 1.1 million active- duty military personnel, 430,000 National Guard members and 645,000 reserve members may have been included on an electronic file stolen May 3 from a department employee's house in Aspen Hill. The data include names, birth dates and Social Security numbers, VA spokesman Matt Burns said. Defense officials said the loss is unprecedented and raises concerns about the safety of U.S. military forces. But they cautioned that law enforcement agencies investigating the incident have not found evidence that the stolen information has been used to commit identity theft. "Anytime there is a theft of personal information, it is concerning and requires us and our members to be vigilant," Pentagon spokesman Bryan Whitman said. He said the loss is "the largest that I am aware of." Army spokesman Paul Boyce said: "Obviously there are issues associated with identity theft and force protection." For example, security experts said, the information could be used to find out where military personnel live. "This essentially can create a Zip code for where each of the service members and [their] families live, and if it fell into the wrong hands could potentially put them at jeopardy of being targeted," said David Heyman, director of the homeland security program at the Center for Strategic and International Studies (CSIS). Another worry is that the information could reach foreign governments and their intelligence services or other hostile forces, allowing them to target service members and their families, the experts said. "There is a global black market in this sort of information . . . and you suddenly have a treasure trove of information on the U.S. military that is available," said James Lewis, director of technology and public policy at CSIS. One defense official, speaking on the condition of anonymity because of the sensitivity of the matter, called the extent of the data loss "monumental." The new revelations significantly increase the potential harm from what was already one of the largest data breaches in U.S. history. On May 22, VA disclosed that an external computer hard drive was stolen May 3 from the home of a VA employee and that it contained unencrypted names and birth dates for as many as 26.5 million veterans who were discharged after 1975 or submitted benefit claims. It also included Social Security numbers for 19.6 million of those veterans, VA officials said. Initially VA thought that all of the 26.5 million people affected were veterans, but a database comparison revealed that they also included the bulk of active-duty military services, as well as more than 1 million members of the National Guard and reserves. Montgomery County police released a description yesterday of the stolen laptop and its external hard drive because they said it may have been purchased by someone who does not realize the value of its content. "It could have shown up at a yard sale or a secondhand store," police spokeswoman Lucille Baur said. "This is a time of the year when parents may be buying computers for kids going to college in the fall." Montgomery County police are offering a $50,000 reward for information that allows authorities to recover the laptop. The computer is a Hewlett-Packard model zv5360us and the external hard drive is an HP External Personal Media Drive. The Washington Post is not publishing the name of the career data analyst whose laptop was stolen in response to a request from law enforcement authorities who are investigating its disappearance. The breach outraged veterans -- even more so because senior VA officials knew about the theft within hours of the crime but did not tell VA Secretary Jim Nicholson until 13 days later. The 60-year-old analyst, who had been taking home sensitive data for at least three years without authorization, has been fired, officials have said. His boss resigned last week and another senior VA official is on administrative leave pending investigations by the FBI, the VA inspector general and Montgomery County police. A coalition of veterans groups filed a class-action lawsuit against the federal government yesterday, contending that privacy rights were violated and seeking $1,000 in damages for each affected veteran. The lawsuit, filed in U.S. District Court in the District of Columbia, demands that VA fully disclose who was affected by the theft, and asks a court to prohibit VA workers from using sensitive data until safeguards are in place. Burns said the department does not comment on pending litigation. He said VA has received no reports of stolen data being used for identity theft or other criminal activity. VA receives records for every new recruit because active-duty personnel, National Guard members and reservists are eligible for certain VA benefits, such as GI Bill educational assistance and the home-loan program. "The department will continue to make every effort to inform and help protect those potentially affected, and is working with the Department of Defense to notify all affected personnel," Nicholson said. Rep. Lane Evans (D-Ill.), ranking member of the House Veterans' Affairs Committee, said yesterday that he was "appalled" at the data breach and called for a Government Accountability Office investigation into VA information security practices. Research shows that it is not unusual for government employees to take home sensitive data on laptops, Lewis said. "The rules we have are either chaotic or nonexistent. . . . We still have a paper rules government when we are a digital nation." from the Associated Press, 2006-Jun-9, by H. Josef Hebert: DOE Computers Hacked; Info on 1,500 Taken WASHINGTON -- A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department's nuclear weapons agency. But in the incident last September, somewhat similar to recent problems at the Veterans Affairs Department, senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said. The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said. NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month. Brooks blamed a misunderstanding for the failure to inform either Bodman or Deputy Energy Secretary Clay Sell about the security breach. Brooks' NNSA is a semiautonomous agency within the department and he said he assumed DOE's counterintelligence office would have briefed the two senior officials. "That's hogwash," Rep. Joe Barton, chairman of the Energy and Commerce Committee, told Brooks. "You report directly to the secretary. You meet with him or the deputy every day. ... You had a major breach of your own security and yet you didn't inform the secretary." Bodman first learned of the theft two days ago, according to his spokesman, Craig Stevens. "He's deeply disturbed by the way this was handled," Stevens said. Barton, R-Texas, called for Brooks' resignation because of his failure to inform Bodman and other senior DOE officials of the security failure. The House Energy and Commerce oversight and investigations subcommittee learned of the security lapse late Thursday, on the eve of its hearing on DOE cyber security, said Rep. Ed Whitfield, R-Ky., chairman of the panel. The issue dominated lawmakers' questioning of DOE officials at the hearing. After an open session, the subcommittee continued questioning Brooks and other officials about it at a closed session because of the security implications. Although the compromised data file was in the NNSA's unclassified computer system - and not part of a more secure classified network that contains nuclear weapons data - the DOE officials would provide only scant information about the incident during the public hearing. Brooks said the file contained names, Social Security numbers, date-of-birth information, a code where the employees worked and codes showing their security clearances. A majority of the individuals worked for contractors and the list was compiled as part of their security clearance processing, he said. Tom Pyke, DOE's official charged with cyber security, said he learned of the incident only a few days ago. He said the hacker, who obtained the data file, penetrated a number of security safeguards in obtaining access to the system. Stevens said Bodman, upon learning of the incident, directed that the individuals be immediately told their information had been compromised. Brooks acknowledged that no attempt was made to notify the individuals until now. He declined to elaborate because of security concerns, but indicated he could tell the lawmakers more in the closed session. "If somebody got that information from your file, wouldn't you be a little concerned if nobody told you?" Rep. Diane DeGette, D-Colo., asked Brooks. "Of course I would," he replied. The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE's inspector general, told the committee. But he said that while improvements have been made, "significant weaknesses continue to exist," making the unclassified computer system vulnerable to hackers. Last fall, a so-called "Red Team" of DOE computer specialists - seeking to test the security safeguards - succeeded in hacking into and gaining control of a DOE facility's computer system, the panel was told. "We had access to sensitive data including financial and personal data.... We basically had domain control," said Glenn Podonsky, director of DOE's Security and Safety Performance Assessment. "We were able to get passwords, go from one account to another." Podonsky did not name the facility. But in response to questioning, he said that during the test it was learned that an actual penetration of a DOE computer system had occurred, leading to the theft of the files containing information about the 1,500 contract workers. from TheInquirer.net, 2006-Jun-5, by “Adamson Rust”: The Google monster strikes inhuman resources HUMAN RESOURCE officers are using Google as a supplement to job applications, with would be candidates facing rejection if a search turns up stuff that doesn't fit the corporate profile. Even though a candidate's CV and references may suggest she or he is the perfect soul for a job, the HR bunnies are starting to Google and reject candidates who have interests that could be considered out of the usual. Highly placed sources said that the technique has become common in the USA, with job vetting taking an unusual turn of events. We wonder if our own Mike Magee would ever have got the job if the HR department did a search on Google and discovered the unlikely fact that a Dr Mike Magee advises on health policies, while apparently he's good at poker too? Or what if someone searched for top rumour mongeress Eva Glass only to discover that the would be candidate is part of an adhesion strength study of Eva encapsulants on Glass substrates? A search on Fuad “Fudo” Abazovic understandably reveals loads of INQ stories. But how come he's ended up in a fishing forum? More worryingly, the source that told us about the HR stuff also said it's a growing practice in the USA for people to do a search on suitable partners by “Googling” them before they'll accept a date. * DISCLOSURE A search on Google for my name reveals that I've been dissed by Gizmodo for spending too much time down the pub. I wish. from the Associated Press, 2006-Jun-7, by Allison Linn: Microsoft plans better disclosures of tool SEATTLE - Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction. For example, if the company suddenly started seeing a rash of reports that Windows copies were pirated, it might want to shut down the program to make sure it wasn't delivering false results. "It's kind of a safety switch," said David Lazar, who directs the Windows Genuine Advantage program. Lazar said the company added the safety measure because the piracy check, despite widespread distribution, is still a pilot program. He said the company was worried that it might have an unforeseen emergency that would require the program to terminate quickly. But he acknowledged that Microsoft should have given users more information about the daily interactions. "We're looking at ways to communicate that in a more forward manner," he said. Lazar also said the company plans to tweak the program soon so that it will only check in with Microsoft every two weeks, rather than daily. The tool, part of the Redmond company's bid to thwart widespread piracy, is being distributed gradually to people who have signed up to receive Windows security updates. The company expects to have offered it to all users worldwide by the end of the year. Lazar said that so far, about 60 percent of users who were offered the piracy check decided to install it. Once installed, the program checks to make sure the version of Windows a user is running is legitimate, and gathers information such as the computer's manufacturer and the language and locale it is set for. That information-gathering is disclosed in a licensing agreement. But the agreement does not make clear that the program also is designed to "call home" to Microsoft's servers, to make sure that it should keep running. At least every 90 days, the tool also checks again to see if the copy of Windows is legitimate. Lazar said that's because the company sometimes discovers that a copy of Windows that it thought was legitimate is actually pirated. When Microsoft believes a copy of Windows is pirated, the user begins to get a series of reminders that the copy isn't genuine. Such users also are barred from downloading noncritical updates, such as the new version of its Internet Explorer browser. But anyone who has signed up to automatically receive security updates, which repair flaws to prevent Internet attacks, will still get those fixes. Lauren Weinstein, who is co-founder of People for Internet Responsibility and was one of the first people to notice the daily communications to Microsoft, said he understands and sympathizes with Microsoft's desire to control piracy. But he said it's problematic that Microsoft did not disclose all the program's communications with the company. Weinstein said he also was surprised that Microsoft decided to release so widely a tool that it says is in a "pilot" mode and might need to be suddenly shut down. "Really what you're talking about is someone saying, 'Look we've put something on your computer and it might go screwy, so we're going to kind of check in every day,'" he said. from ZD Net UK News, 2006-May-18, by Tom Espiner: Government to force handover of encryption keys Businesses and individuals may soon have to release their encryption keys to the police or face imprisonment, when Part 3 of the RIP Act comes into effect The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts. The powers are contained within Part 3 of the Regulation of Investigatory Powers Act (RIPA). RIPA was introduced in 2000, but the government has held back from bringing Part 3 into effect. Now, more than five years after the original act was passed, the Home Office is seeking to exercise the powers within Part Three of RIPA. Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. "The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force." Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys. If Part 3 is passed, financial institutions could be compelled to give up the encryption keys they use for banking transactions, experts have warned. "The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Cambridge University security expert Richard Clayton told ZDNet UK on Wednesday. "The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," Clayton added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich." Opponents of the RIP Act have argued that the police could struggle to enforce Part 3, as people can argue that they don't possess the key to unlock encrypted data in their possession. "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it," pointed out encryption expert Peter Fairbrother on ukcrypto, a public email discussion list. Clayton backed up this point. "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'. How much evidence do you need [to convict]? If you can't decrypt [the data], then by definition you don't know what it is," said Clayton. The Home Office on Wednesday told ZDNet UK that it would not reach a decision about whether Part 3 will be amended until the consultation process has been completed. "We are in consultation, and [are] looking into proposals on amendments to RIPA," said a Home Office spokeswoman. "The Home Office is waiting for the results of the consultation" before making any decisions, she said. The Home Office said last week that the focus on key disclosure and forced decryption was necessary due to "the threat to public safety posed by terrorist use of encryption technology". Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton. "My suggestion is to turn on all of Part 3, except the part about trying to seize keys. That won't create such a furore in financial circles," he said. from the San Francisco Chronicle, 2006-May-17, by Bob Egelko: AT&T documents to stay sealed 13:04 PDT SAN FRANCISCO - A federal judge maintained a lid of secrecy today on AT&T documents that allegedly show the company's cooperation with a government electronic surveillance program, and put a privacy-rights group's suit on hold while he considers the Bush administration's request to dismiss the case. The documents were obtained by Marc Klein, a former AT&T technician, who said in a statement that he had seen equipment installed at the company's San Francisco facility in 2003 that would allow the National Security Agency to screen huge volumes of customers' Internet messages. Klein's testimony and supporting documents are the heart of a lawsuit accusing AT&T of illegally turning over phone and Internet data to the federal agency without a warrant or proof of wrongdoing. The Justice Department says the suit must be dismissed because it would expose military secrets. At today's hearing in San Francisco, the first since the suit was filed in January, Chief U.S. District Judge Vaughn Walker refused AT&T's request to require Klein and the plaintiffs to return their copies of the documents. But Walker also denied requests by the plaintiffs, joined by The Chronicle and other media organizations, to unseal the documents and make them available to the public. The documents may contain trade secrets, as the company contends, and should remain under wraps for now, the judge said. He left the door open for the disclosure of other sealed material, including declarations by Klein and an expert witness, but said the next order of business would be a hearing June 23 on motions by AT&T and the government to dismiss the suit. "These are motions that may very well terminate the litigation at an early stage,'' Walker said. He rejected arguments by the Electronic Frontier Foundation, which filed the suit on behalf of AT&T customers, that he should at the same time consider an injunction that would prohibit the company from turning over any more customer information to the government. The Bush administration's motion to dismiss the case, which the government filed at 1 a.m. Saturday, was based largely on secret arguments and evidence about the surveillance program that have been kept in a government facility and have not yet been presented to Walker. When Justice Department lawyer Carl Nichols urged Walker to read the classified material before ruling on the dismissal motion, the judge asked whether that would be fair to the plaintiffs, who will not have access to that material when they argue against the motion. "That is how it has to be done,'' Nichols replied. "To do otherwise would be to disclose facts, the result of which would be harmful to national security.'' Electronic Frontier Foundation lawyer Cindy Cohn contended that the suit against AT&T could be decided without delving into state secrets, by determining whether the company had disclosed customer information to the government without legal authority. But AT&T lawyer Bradford Berenson -- who described the company as "an innocent bystander'' in a dispute between the plaintiffs and the government -- said the question of whether the government had authorized the alleged disclosures may also involve state secrets. from the Los Angeles Times, 2005-May-12, by Joseph Menn and James S. Granelli: As Tech Advances, Privacy Laws Lag Businesses that use advanced tools to track data are caught between customers' expectations of privacy and official demands for access. Never has it been so easy to know so much about so many. Thursday's disclosure that three of the nation's biggest telephone companies gave customer calling records to the National Security Agency again demonstrates that technology is rewriting the rules of privacy faster than the law can adapt. And with their powerful database programs tracking a massive amount of personal details of Americans' daily lives, a growing number of companies find themselves sandwiched between the privacy expectations of their customers and the national security demands of the federal government. "It's so easy to say yes," said technology security expert Bruce Schneier. "The government sings a patriotic song, and you want to do what's right. We all want to band together." With the rise of lightning-fast ways to collect, collate and distribute digital data, county sheriffs, credit card companies and even nosy neighbors can dig up private information. But in many cases it is the federal government that has been looking over the public's virtual shoulder. The NSA program is the most recent example of how personal data collected for commercial purposes can be used in unexpected ways. "You have to think about how that information could be misused or used too zealously," said constitutional law professor Martin S. Flaherty of Fordham Law School in New York. "At the end of the day, you're still talking about information on private parties." The data collected by the NSA over the last four years did not routinely include individual names. The NSA is barred from deliberately tracking U.S. residents. Instead, the data were used to map calling patterns in search of clues to help identify terrorist activity. Even so, civil liberties advocates said the effort raised questions about the government's willingness to use technology to skirt privacy laws. "This is the most comprehensive surveillance of the American public ever undertaken by the American government," said Marc Rotenberg, executive director of the Electronic Information Policy Center. Said attorney Kevin Bankston of the Electronic Frontier Foundation: "There is simply no legal process for this kind of wholesale invasion of privacy. What they claim to be doing with the data is irrelevant because the fact is they could do whatever they choose without any oversight." The foundation already is suing AT&T Corp. — the largest of the companies that provided data to the NSA — over previously disclosed cooperation with the spy agency. That case cites a December report in the Los Angeles Times that the company gave the NSA access to a database cataloging all of its calling records. The foundation also accuses AT&T of maintaining a room in its main San Francisco switching office with equipment that received copies of all e-mail and digitized voice traffic transmitted through the site. The room was accessible only to people cleared by the NSA, former employees said. AT&T declined to comment. Federal intelligence authorities are finding cooperative partners in corporate America, particularly in the wake of the 9/11 attacks on New York and the Pentagon. Companies maintain detailed records on their customers, generally for marketing purposes. Credit card companies can track every purchase and use that information to make customized offers to consumers. Online retailers such as Amazon.com Inc. have software with the uncanny ability to recommend purchases. Search engines that catalog queries can reveal the changing zeitgeist. Companies that have made blunders on privacy issues sometimes have suffered a backlash — while others that safeguarded customer information against outside perusal have won plaudits. Data broker ChoicePoint Inc. saw its stock fall sharply last year, after its databases were infiltrated by identity thieves. Some Internet users switched to Verizon Communications Inc. after it fought recording industry requests to identify customers suspected of piracy. And Google Inc. was hailed by privacy advocates for fighting subpoenas for millions of search queries while other Internet companies complied. The release of phone records resonates because calls have been presumed to be private for decades. Unlike other companies, phone carriers are barred from revealing anything without a court order. Of the four phone companies the NSA asked for information about customer calls, only Qwest Communications International Inc. refused. Qwest declined to comment Thursday on what it said were "matters related to national security." The other carriers — Verizon, BellSouth Corp. and AT&T Inc. — said they followed the law. "For many years, we have cooperated with law enforcement and did that under applicable laws," Verizon spokesman Eric W. Rabe said. "Nothing's changed. Certainly, we also think we take our customers' privacy extremely importantly." Telecommunications industry insiders, speaking without attribution because of the sensitivity of the NSA's activities, described the massive data collection to determine calling patterns as benign. "This was about traffic patterns, aggregate calling from one place to another, [not] tracing a particular call," one said. Other communications companies, such as Internet service provider EarthLink Inc., said they would object to such a broad request. Les Seagraves, EarthLink's chief privacy officer, said his company responded to law-enforcement and intelligence requests, but regarding only one customer at a time. No broader monitoring is allowed, and "no agency has carte blanche," Seagraves said. Former NSA Director Bob Inman said the use of telephone and other databases might not have violated privacy rights. That's because the initial explorations were automated and personal information wouldn't have spread any further in most cases — a position supported by a former Bush administration official familiar with the monitoring program. "Computers may have sorted through hundreds of millions of messages without a person ever seeing it. So no one's e-mail or phone call has been compromised," Inman said. "The problem only starts when the information goes to an analyst to read." Legal experts were less sanguine. "Substantively, I don't really care if they know my address and phone number and my calling habits," said Frank Pasquale, an associate professor at Seton Hall Law School in New Jersey. "But if all the systems of checks and balances are torn down, then that's a matter for concern. How far can they go?" A key law regulating the NSA's domestic activities is 1978's Foreign Intelligence Surveillance Act, or FISA, which was prompted by a congressional investigation begun three years earlier over a Central Intelligence Agency spy campaign. Without warrants, the CIA had intercepted international mail and telegrams headed to the Soviet Union and other Communist nations for 20 years. "The total number of mail and messages intercepted was in the millions, and testimony in Congress showed that the intelligence yield was pretty thin," said Bruce Fein, a former Federal Communications Commission general counsel. "Now we have the ability to track massive amounts of information. We don't even know the full scope of the NSA's activities." Fein disputed the Bush administration's contention that regulations needed to adapt to the realities of fighting terrorism. When FISA was passed, he noted, the U.S. had intercontinental missiles aimed at it, and the Cold War was in full force. "To think all the world changed with 9/11 is wrong," he said. "There have always been threats we faced." Flaherty, the Fordham law professor, said modern technology had raised possibilities no one could envision in 1934, when many of the original laws that still govern telecommunications companies were passed. "Government is sitting on a huge database," he said, "and you have to think about how that information could be misused or used too zealously." from CNET News.com, 2006-May-5, by Declan McCullagh: Appeals court takes dim view of Net-tapping rules WASHINGTON--A federal appeals court suggested on Friday that government regulations levying extensive Internet wiretapping requirements on universities and libraries may go too far. The U.S. Court of Appeals here sharply questioned whether the Federal Communications Commission exceeded its legal authority last year when it ordered "any type of broadband Internet access service" and many Net phone services to rewire their networks for police convenience. Judge Harry Edwards repeatedly pressed a government attorney who had argued that a 1994 law permitted the FCC to extend wiretapping rules to the Internet, even though the U.S. Congress had referred only to telephone networks. "This is wholly ridiculous," Edwards said, saying that Congress' meaning was clear. The FCC's argument "is such gobbledygook, it's really funny.... It's utter nonsense." The Bush administration had pressed for these Net surveillance rules for years, saying they were necessary to make it easier to catch "criminals, terrorists and spies" who would otherwise be able to evade detection. But the organizations behind the lawsuit say Congress never intended to force broadband providers--and networks at corporations and universities--to build in central surveillance hubs for the police. The list of organizations includes Sun Microsystems, Pulver.com, the American Association of Community Colleges, the Association of American Universities and the American Library Association. Judge David Sentelle suggested that the three-judge panel may effectively split the difference, striking down the FCC's regulation of broadband providers but permitting it to impose wiretapping rules on voice over Internet Protocol, or VoIP, companies. "They have to be wrong on at least voice over" Internet Protocol, Sentelle said, referring to the library, education and other groups that filed the lawsuit. Added Edwards: "I don't see how counsel can argue with a straight face" that VoIP could not be covered by the 1994 law, the Communications Assistance for Law Enforcement Act. CALEA did specify that services that begin to supplant traditional phone service could be covered by the rules. Even without the FCC rules that are scheduled to take effect in May 2007, police have the legal authority to conduct Internet wiretaps--that's precisely what the FBI's Carnivore system was designed to do. Still, the FBI has claimed, the need for "standardized broadband intercept capabilities is especially urgent in light of today's heightened threats to homeland security and the ongoing tendency of criminals to use the most clandestine modes of communication." According to the groups that sued the government, the FCC is "relying on an interpretation of CALEA that is contrary to the plain meaning of the statute, arbitrary and capricious, and otherwise not in accordance with law." In other news: At least on the question of whether CALEA covers broadband providers, Edwards seemed sympathetic. "A telephone isn't an orange," Edwards told Jacob Lewis, the FCC's associate general counsel. "And just because it's in a new statute you can't say it's a fruit." In an unusual twist, some of the FCC commissioners who unanimously approved the wiretapping rules have acknowledged that the agency was on shaky legal ground. Then-Commissioner Kathleen Abernathy, for instance, said at the time that she had "concern that an approach like the one we adopt today is not without legal risk." Earlier this week, the FCC unanimously reaffirmed its Internet wiretapping regulations and said that universities and other companies that would be affected would have to pick up their own costs for the network upgrades. from the Washington Post via the San Francisco Chronicle, 2006-Mar-23, p. A14, by Charles Lane: High court confirms limits on warrantless police searches Washington -- The Supreme Court narrowed police search powers Wednesday, ruling that officers must have a warrant to look for evidence in a couple's home unless both partners present agree to let them in. The 5-3 decision sparked a sharp exchange among the justices. The majority portrayed the decision as striking a blow for privacy rights and gender equality; dissenters said it could undermine police efforts against domestic violence, the victims of which are often women. The ruling upholds a 2004 decision of the Georgia Supreme Court, but it still makes a significant change in the law nationwide, because most other lower federal and state courts had previously said police could search with the consent of one of two adults living together. Now, officers must first ask a judicial officer for a warrant in such cases. Justice David Souter's majority opinion said the consent of one partner is inadequate because of "widely shared social expectations" that adults living together each have veto power over who can enter their living space. That makes a warrantless search based on only one partner's consent "unreasonable" and, therefore, unconstitutional. "(T)here is no common understanding that one co-tenant generally has a right or authority to prevail over the express wishes of another, whether the issue is the color of the curtains or invitations to outsiders," Souter wrote. Chief Justice John Roberts, writing his first dissent since joining the court in October, said the ruling's cost would be great, especially in domestic disputes. Roberts wrote that the ruling made no sense, given that the court previously said it is constitutional for police to enter a house with the permission of one partner when the other is asleep or absent. Those rulings were unchanged by Wednesday's decision. Just by agreeing to live with someone else, a co-tenant has surrendered a good deal of the privacy that the Constitution's Fourth Amendment was designed to protect, Roberts argued. "The majority's rule apparently forbids police from entering to assist with a domestic dispute if the abuser whose behavior prompted the request for police assistance objects," he wrote. Souter called that argument a "red herring," saying police still have legal authority to enter homes where one partner is truly in danger. "(T)his case has no bearing on the capacity of the police to protect domestic victims," Souter wrote. "No question has been raised, or reasonably could be, about the authority of the police to enter a dwelling to protect a resident from domestic violence; so long as they have good reason to believe such a threat exists." Souter said Roberts was guilty of declaring that "the centuries of special protection for the privacy of the home are over." Souter's opinion was joined by Justices John Paul Stevens, Anthony Kennedy, Ruth Bader Ginsburg and Stephen Breyer. Breyer backed Souter with a separate opinion that said his decisive fifth vote was cast on the understanding that Souter's analysis applies to cases such as this one, in which police were searching for evidence of a crime, rather than intervening in a violent dispute. The case arose out of a 2001 quarrel over child custody at the home of Janet and Scott Randolph in Americus, Ga. When officers arrived, she told them where to find his cocaine. An officer asked Scott Randolph for permission to search the house. He refused, but she said yes -- and led them to a straw covered in cocaine crystals. Scott Randolph was arrested and indicted for cocaine possession. Georgia's Supreme Court ultimately ruled that the evidence should be suppressed, because it was gathered without a warrant. Justices Antonin Scalia and Clarence Thomas also dissented. Justice Samuel Alito did not vote because he was not yet on the court in November, when the case was argued. The main argument between Souter and Roberts was accompanied by a skirmish between Stevens and Scalia, who used the case as an opportunity to make points in the court's long-running dispute over Scalia's view that the Constitution should be interpreted in light of the Framers' original intent. In a brief concurring opinion, Stevens noted that the court's ruling was based on the concept that neither a husband nor a wife is "master" of the house in the eyes of the law. But at the time the Bill of Rights was drafted, he wrote, only a husband's consent or objection would have been taken into account. Thus, he wrote, "this case illustrates why even the most dedicated adherent to an approach ... that places primary reliance on a search for original understanding would recognize the relevance of changes in our society." Scalia fired back at "Justice Stevens' 'attempted critique' of originalism," arguing that the ruling is unlikely to benefit women. "Given the usual patterns of domestic violence," he wrote, "how often can police be expected to encounter the situation in which a man urges them to enter the home while a woman simultaneously demands they stay out?" The case is Georgia vs. Randolph, No. 04-1067. from the International Herald Tribune (New York Times in Paris), 2005-Dec-15, by Kevin J. O'Brien: Data law passed in EU seen as restrictive BERLIN The European Parliament on Wednesday passed an anti-terror law requiring Internet service providers and telephone companies in the 25-nation European Union to keep phone and Web site records on their customers for as long as two years. By a vote of 378 to 197, with 30 abstentions, European lawmakers meeting in Strasbourg passed what one privacy advocate opposed to the plan called "one of the most restrictive surveillance laws in the world," exceeding the level of communications monitoring allowed in United States. "The EU plans to fingerprint all of its citizens, monitor all communications transactions and surveil all movement and travel," said Gus Hosein, a senior fellow at Privacy International, a London-based watchdog, and a visiting lecturer at the London School of Economics. "All these policies have been rejected by the U.S., but are now law in Europe." European lawmakers, who had been deadlocked on the issue for more than three years, adopted a plan proposed by Home Secretary Charles Clarke of Britain that narrowed the amount of data required to be stored to overcome objections from telecommunications businesses concerned about the costs. Under the new law, telecommunications companies that do not currently store data on unsuccessful calls - which is the majority of operators - will not be required to do so. Also, operators will only be required to keep data that locates a mobile call by its geographic cell at the beginning of the call, not throughout an entire conversation. "While these concessions represent some improvement for European telecom companies, the new law still imposes significant burdens on the industry," said Michael Bartholomew, director of the European Telecommunications Network Operators' Association, a Brussels group representing 41 operators. Bartholomew questioned the effectiveness and feasibility of the law in stopping terrorists, who could simply use U.S.-based e-mail services not subject to EU scrutiny. He also criticized the lack of any provision to reimburse operators for costs of data storage. One European telecommunications company executive echoed those sentiments. "In my opinion, this law is definitely not going to hinder terrorism," said Carl Mühlner, the chief executive of Tiscali Deutschland, an Internet service provider based in Dreieich, Germany. Tiscali, like most German Internet providers, currently stores data on customer Web site visits and e-mail exchanges for up to three months - the maximum permitted under German law. Mühlner predicted that the new EU law would bring a "significant increase in operating costs that could amount to several million euros." Proponents of the law said it would give European law enforcement officials a powerful weapon to track terrorists. The law would require phone operators to store data on completed calls, and Internet providers to log customer Web site visits, from six months to two years. Each EU member state, which must adopt the measure into local law before it can take effect, will determine how long data is kept. Only connected calls, e-mail exchanges and Web site visits will be recorded, not the content of individual conversations or e-mails. from USA Today, 2006-Feb-14, by Judy Keen: Daley wants security cameras at bars CHICAGO — Surveillance cameras — aimed at government buildings, train platforms and intersections here — might soon be required at corner taverns and swanky nightclubs. Mayor Richard Daley wants to require bars open until 4 a.m. to install security cameras that can identify people entering and leaving the building. Other businesses open longer than 12 hours a day, including convenience stores, eventually would have to do the same. Daley's proposed city ordinance adds a dimension to security measures installed after the Sept. 11 attacks. The proliferation of security cameras — especially if the government requires them in private businesses — troubles some civil liberties advocates. "There is no reason to mandate all of those cameras unless you one day see them being linked up to the city's 911 system," says Ed Yohnka of the Illinois American Civil Liberties Union. "We have perhaps reached that moment of critical mass when people ... want to have a dialogue about how much of this is appropriate." Milwaukee is considering requiring cameras at stores that have called police three or more times in a year. The Baltimore County Council in Maryland ordered large malls to put cameras in parking areas after a murder in one garage last year. The measure passed despite objections from business groups. "We require shopping centers to put railings on stairs and install sprinkler systems for public safety. This is a proper next step," says Baltimore County Councilman Kevin Kamenetz, who sponsored the ordinance. Some cities aren't going along. Schenectady, N.Y., shelved a proposal that would have required cameras in convenience stores. "The safer we make the city, the better it is for everyone," says Chicago Alderman Ray Suarez, who first proposed mandatory cameras in some businesses. "If you're not doing anything wrong, what do you have to worry about?" Nick Novich, owner of three Chicago bars, worries about the cost. "Every added expense ... puts a small business in greater jeopardy of going out of business," he says. Daley says cameras will deter crime, but Novich says, "That's what we're paying taxes for." Colleen McShane, president of the Illinois Restaurant Association, says the proposal, which Daley announced last week, is an unfair burden on small businesses. "This is once again more government intrusion," she says. Some business owners say cameras make patrons feel safer. Cameras are in all 30 Chicago bars, clubs and restaurants owned by Ala Carte Entertainment, spokeswoman Julia Shell says: "It's far more cost-effective for us to have them than not to have them." By spring, 30 Chicago intersections will have cameras to catch drivers who run red lights. More than 2,000 cameras around the city are linked to an emergency command center, paid for in part by federal homeland security funds. The newest "smart" cameras alert police when there's gunfire or when someone leaves a package or lingers outside public buildings. The system is based on the one in London that helped capture suspected terrorists after last summer's subway bombings. Chicago is installing those sophisticated camera systems more aggressively than any other U.S. city, says Rajiv Shah, an assistant professor at the University of Illinois-Chicago who studies the policy implications of surveillance technology. Recording what people do in public "is just getting easier and cheaper to do," he says. "Think of your camera cellphone." from the Los Angeles Times, 2006-Jan-19, by Jesus Sanchez: Google Resists Fed Efforts to Secure Records in Porn Probe Federal prosecutors are trying to force Google Inc. to turn over user requests and website addresses stored in its massive Internet search engine to help the government defend a law protecting minors from online porn and other harmful material. The U.S. Justice Department, in papers filed with the U.S. District Court in San Jose on Wednesday, said that Google has refused to comply with the request for information but that other, unnamed search engine operators have cooperated. The government requested that the court order Google, which operates the Internet's most heavily used search engine, to turn over the necessary records. "The production of those materials would be of significant assistance to the government's preparation of its defense of the constitutionality of this important statue," prosecutors said in the court filing. Google has refused to comply with these requests in any way." Prosecutors are asking Mountain View, Calif.-based Google for the text of search engine requests made during a one-week period and a random selection of one million website addresses stored in the company's databases. Google has refused to cooperate in part because compliance would prove to be an "undue burden" and may reveal trade secrets, the government said in its filing. Google attorney Nicole Wong told the San Jose Mercury News that the company will continue to "vigorously" oppose the government's efforts. "Google is not a party to this lawsuit, and the demand for the information is overreaching." The information is needed to help the government defend a challenge filed by the American Civil Liberties Unions against enforcement of the Child Online Protection Act. Federal prosecutors say the information from Google and other search engines will be used to help support their contention that the law is more effective than online filtering software to protect children from online pornography. Prosecutors said the privacy of Google users would be protected because it only wants the text of their requests, not their identities. The court papers noted that other search engine operators, who were not identified, had provided similar information. "Google thus should have no difficulty in complying in the same way as its competitors have," the government said. More than 380 million visitors worldwide use the Google site each month to search the web for information, the company said. from the Los Angeles Times, 2006-Mar-18, by Chris Gaither: U.S. Is Denied Google Queries Privacy activists hail a federal judge's ruling. But he orders the search engine to reveal some information about websites in its database. A federal judge Friday denied a Justice Department demand for access to some Internet search queries of Google Inc. users in a closely watched case testing the limits of online privacy. The ruling by U.S. District Judge James Ware in San Jose was a victory for Google, which argued that handing over the records would violate the privacy of people who might scour the Internet with terms as diverse as "best-actor nominees," "third trimester abortion" or "pipe bomb." Although Ware required Google to reveal some information about the websites in its database, he ordered the government to reimburse the Mountain View, Calif., company for the time and expense required to comply. But for Google — a quirky dot-com with the corporate mantra "Don't be evil" — the more important issue was whether it could restrict access to potentially revealing queries. "We will always be subject to government subpoenas, but the fact that the judge sent a clear message about privacy is reassuring," said Google's associate general counsel, Nicole Wong. "What his ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies." Privacy advocates cheered the decision as a check on the Bush administration's efforts to collect information about people, but noted that the trove of personal data gathered and stored by sites like Google was irresistible to investigators. "This issue is going to come up over and over again," said Cindy Cohn, legal director of the Electronic Frontier Foundation. "I don't think this should make anybody very comfortable about the future. Google still has this stuff and people will still try to seek it." Atty. Gen. Alberto R. Gonzales issued subpoenas to Google and three other top Internet companies last year, seeking details of potentially billions of search queries as part of an investigation into online pornography. The Justice Department also demanded a sample of the millions of websites archived in the search engines' databases. The other companies — Yahoo Inc., Microsoft Corp. and America Online Inc. — complied at least in part. Google executives balked and the case became a test of the government's reach in the Internet Age. Yahoo, Microsoft and America Online declined to comment after Ware's ruling late Friday. Those companies have said that the information they provided did not violate users' privacy, because it did not include names or computer addresses. Even so, the disclosure alarmed civil liberties advocates, who feared that the searches could reveal private information and that the government could pass alarming queries to criminal investigators. "People for too long thought they were anonymous on the Internet," said Andrew Serwin, an attorney specializing in privacy and Internet law. "People now realize they're not." Justice Department officials could not be reached late Friday. Federal lawyers earlier this week slashed their Google request to 5,000 randomly selected search terms entered by users and 50,000 website addresses in the company's searchable index. The government previously had requested a week's worth of queries, which could have numbered in the billions, as well as a million indexed Web addresses. Ware granted the request for the Web addresses but declined to force Google to release the queries. He wrote in his 21-page ruling that he was balancing the government's need to gather data against Google's expectation that it could operate without undue interference or fear that its trade secrets might be revealed. Google lawyers argued at a hearing Tuesday that the company's search engine was popular in part because users trusted that their personal information would be guarded. "The expectation of privacy by some Google users may not be reasonable, but may nonetheless have an appreciable impact on the way in which Google is perceived, and consequently the frequency with which users use Google," Ware wrote. Federal laws generally require a search warrant or court order to procure electronic information without a user's permission, not the simple subpoena presented to Google. Government lawyers had requested the data for an unrelated civil lawsuit regarding the Child Online Protection Act, a 1998 law blocked by a federal court. The Justice Department, seeking to restore the law, said it would use the information from search engines only to test how well Internet filters prevent children from accessing potentially harmful websites. Deirdre Mulligan, a law profesor at UC Berkeley, called the government's request to Google "a fishing expedition." "It's the same as going into a medical clinic and saying, 'The last few people who came in, what diseases did they ask you about?' " Mulligan said. from TheInquirer.net, 2006-Jan-23, by Nick Farrell: Media rounds on Google Someone is being spun, claim FANS OF Google are starting to complain that the media is misreporting the search outfit's defiance of the Bush Government. Google refused a request from the government to hand over data on its searchers. This was widely reported as Google stopping a Bush government initiative on child porn. According to Google watcher Philipp Lenssen, the media seems to have been spun a line, as the law in question had nothing to do with child porn. The law was to make sure that webmasters did more to restrict children from viewing pornographic material. It is another gasp of the Child Online Protection Act, which just didn't get through in the past, and which the Bush administration wants to revive. It wanted Google to hand over (search logs and indexed URLs to prove the law is needed. Writing in his bog, Lenssen said that the first story appeared in the Mercury News and has been copied ever since. He gives a list of newspapers who have copied the mishtake here. The problem is that it makes Google look like the bad guy defending child porn, rather than an outfit preventing censorship and privacy. from MarketWatch.com, 2006-Jan-21, by John Shinal: Internet privacy in China and the U.S. Commentary: Google's battle has broad implications SAN FRANCISCO -- I'm not sure what's more troubling -- the fact that the U.S. government wanted to get its hands on the Internet search results of millions of its citizens, or that some of the leading search firms were so quick to provide the data. Privacy -- or the lack of it -- on the Internet came screaming to the front burner this week on the news that Google Inc. was the only one of four major U.S. search engines to refuse a Justice Department subpoena to provide information on its users' search results. Not that Google has always been the white knight. Like Yahoo Inc. and Microsoft Corp., Google has previously responded to government requests -- in China -- to censor or turn over its data. Rather than tracking down and jailing dissidents, as the Chinese government did with information provided by Yahoo, the subpoena by U.S. Attorney General Alberto Gonzales is part of an effort to revive a 1998 law designed to protect children from seeing or being exploited by online pornography. The U.S. Supreme Court struck down the law as too broad in 2004, saying, among other things, that the government should give Web-filtering software a chance to work. See archived story. Trolling through two month's worth of random results at the world's leading search engine, as the government's original subpoena requested, presumably would give Justice Department investigators a good read on what percentage of those searches were for child porn. But some privacy advocates, coming to Google's defense, called the effort a fishing expedition that completely disregards the privacy of the millions of browsers who conduct innocent searches. "This could have a chilling effect on how people use the Internet," said Evan Hendricks, who's edited and published Privacy Times newsletter in Washington, D.C., since 1981. Even more troubling to Hendricks was that Google's search rivals, including Yahoo Inc. declined to comment on whether it received a subpoena, but a lawyer for the American Civil Liberties Union, which sued to overturn the 1998 law, told MarketWatch the software giant did. Although AOL and Yahoo said they complied in a limited way that would keep its search users anonymous, Hendricks was skeptical of that guarantee. "There's no way to be sure that those search results can't be used later to track people down for all sorts of reasons," he said. One privacy lawyer not involved in the case agreed. Under the Electronic Communication Privacy Act, government prosecutors have fairly wide latitude to subpoena emails and other electronic communications if they have probable cause to believe a crime has been committed, said Andrew Serwin, a partner with the law firm Foley & Lardner LLP. If an individual user had made thousands of searches for child porn, for example, "there's nothing stopping federal prosecutors from issuing another subpoena to learn the Internet address of the person who made those requests," said Serwin. I would argue that anyone exploiting children over the Internet deserves to be tracked down and prosecuted. But what if the government decided to use the same method to track down people who used questionable tax shelters? How much right should the government have to use private-sector records to troll for possible criminal activity? "As a society, we have to decide how far the government can go to establish probable cause" that a crime has been committed, Serwin said. Google has already paid a price for its refusal, at least in the stock market. Shares of the Mountain View, Calif.-based firm, whose stock has risen five-fold since it went public in August 2004, suffered their biggest percentage drop ever Friday. See full story. On a day when the broader technology sector suffered its biggest point drop in more than two years, it's unclear whether the drop was due to general investor bearishness or fears that Internet users may be more reluctant to use search engines if they know the results could be reviewed by law enforcement agencies. Google's shares dropped more than those of Yahoo, Microsoft and Time-Warner, which complied with the subpoena. Part of the Google bearishness stems from the cost that Google might incur from a protracted legal fight. If Google decides to go to court, its success in resisting the government would turn on whether the government's request is allowed under a part of the Electronic Communication Privacy Act that deals with stored communications. That law, according to Serwin, is "cumbersome, difficult to understand and has been interpreted in many ways" by various courts. "As written, it's a bad law," he said. So much gray area makes it likely that the two sides may choose to compromise, rather than slug it out before a judge. Google obviously has other things to do, like figure out how to get their search results on iPods. And should the government pursue the case and lose, its anti- porn efforts would be hamstrung. Still, another privacy watcher said it's important that Google stand on principle. "It's important that they fight this, or else every prosecutor is going to start using Google as its research service," said Jim Harper, director of information policy studies at the Cato Institute, a Washington, D.C., think tank. Given the experience of Internet companies in China, it's important to draw the line now, according to Harper. Last month, Microsoft Corp.'s MSN unit pulled the plug on a Chinese blogger who discussed politically-sensitive issues. Yahoo has also shared such data, which led to the conviction and jailing of a journalist, and Google itself has agreed to make its search results in that country amenable to surveillance. "This request (for Google's data) is disturbing because it's the nose under the camel's tent," Harper said. If we're not careful, control and censorship of Internet data in this country "could look more like China than we thought possible," he said. from the New York Times, 2005-Dec-16, by James Risen and Eric Lichtblau: Bush Lets U.S. Spy on Callers Without Courts WASHINGTON, Dec. 15 - Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials. Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible "dirty numbers" linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications. The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major in American intelligence- gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches. "This is really a sea change," said a former senior official who specializes in national security law. "It's almost a mainstay of this country that the N.S.A. only does foreign searches." Nearly a dozen current and former officials, who were granted anonymity because of the classified nature of the program, discussed it with reporters for The New York Times because of their concerns about the operation's legality and oversight. According to those officials and others, reservations about aspects of the program have also been expressed by Senator John D. Rockefeller IV, the West Virginia Democrat who is the vice chairman of the Senate Intelligence Committee, and a judge presiding over a secret court that oversees intelligence matters. Some of the questions about the agency's new powers led the administration to temporarily suspend the operation last year and impose more restrictions, the officials said. The Bush administration views the operation as necessary so that the agency can move quickly to monitor communications that may disclose threats to the United States, the officials said. Defenders of the program say it has been a critical tool in helping disrupt terrorist plots and prevent attacks inside the United States. Administration officials are confident that existing safeguards are sufficient to protect the privacy and civil liberties of Americans, the officials say. In some cases, they said, the Justice Department eventually seeks warrants if it wants to expand the eavesdropping to include communications confined within the United States. The officials said the administration had briefed Congressional leaders about the program and notified the judge in charge of the Foreign Intelligence Surveillance Court, the secret Washington court that deals with national security issues. The White House asked The New York Times not to publish this article, arguing that it could jeopardize continuing investigations and alert would-be terrorists that they might be under scrutiny. After meeting with senior administration officials to hear their concerns, the newspaper delayed publication for a year to conduct additional reporting. Some information that administration officials argued could be useful to terrorists has been omitted. Dealing With a New Threat While many details about the program remain secret, officials familiar with it say the N.S.A. eavesdrops without warrants on up to 500 people in the United States at any given time. The list changes as some names are added and others dropped, so the number monitored in this country may have reached into the thousands since the program began, several officials said. Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored at one time, according to those officials. Several officials said the eavesdropping program had helped uncover a plot by Iyman Faris, an Ohio trucker and naturalized citizen who pleaded guilty in 2003 to supporting Al Qaeda by planning to bring down the Brooklyn Bridge with blowtorches. What appeared to be another Qaeda plot, involving fertilizer bomb attacks on British pubs and train stations, was exposed last year in part through the program, the officials said. But they said most people targeted for N.S.A. monitoring have never been charged with a crime, including an Iranian-American doctor in the South who came under suspicion because of what one official described as dubious ties to Osama bin Laden. The eavesdropping program grew out of concerns after the Sept. 11 attacks that the nation's intelligence agencies were not poised to deal effectively with the new threat of Al Qaeda and that they were handcuffed by legal and bureaucratic restrictions better suited to peacetime than war, according to officials. In response, President Bush significantly eased limits on American intelligence and law enforcement agencies and the military. But some of the administration's antiterrorism initiatives have provoked an outcry from members of Congress, watchdog groups, immigrants and others who argue that the measures erode protections for civil liberties and intrude on Americans' privacy. Opponents have challenged provisions of the USA Patriot Act, the focus of contentious debate on Capitol Hill this week, that expand domestic surveillance by giving the Federal Bureau of Investigation more power to collect information like library lending lists or Internet use. Military and F.B.I. officials have drawn criticism for monitoring what were largely peaceful antiwar protests. The Pentagon and the Department of Homeland Security were forced to retreat on plans to use public and private databases to hunt for possible terrorists. And last year, the Supreme Court rejected the administration's claim that those labeled "enemy combatants" were not entitled to judicial review of their open-ended detention. Mr. Bush's executive order allowing some warrantless eavesdropping on those inside the United States - including American citizens, permanent legal residents, tourists and other foreigners - is based on classified legal opinions that assert that the president has broad powers to order such searches, derived in part from the September 2001 Congressional resolution authorizing him to wage war on Al Qaeda and other terrorist groups, according to the officials familiar with the N.S.A. operation. The National Security Agency, which is based at Fort Meade, Md., is the nation's largest and most secretive intelligence agency, so intent on remaining out of public view that it has long been nicknamed "No Such Agency." It breaks codes and maintains listening posts around the world to eavesdrop on foreign governments, diplomats and trade negotiators as well as drug lords and terrorists. But the agency ordinarily operates under tight restrictions on any spying on Americans, even if they are overseas, or disseminating information about them. What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, they said. In addition to eavesdropping on those numbers and reading e-mail messages to and from the Qaeda figures, the N.S.A. began monitoring others linked to them, creating an expanding chain. While most of the numbers and addresses were overseas, hundreds were in the United States, the officials said. Under the agency's longstanding rules, the N.S.A. can target for interception phone calls or e-mail messages on foreign soil, even if the recipients of those communications are in the United States. Usually, though, the government can only target phones and e-mail messages in the United States by first obtaining a court order from the Foreign Intelligence Surveillance Court, which holds its closed sessions at the Justice Department. Traditionally, the F.B.I., not the N.S.A., seeks such warrants and conducts most domestic eavesdropping. Until the new program began, the N.S.A. typically limited its domestic surveillance to foreign embassies and missions in Washington, New York and other cities, and obtained court orders to do so. Since 2002, the agency has been conducting some warrantless eavesdropping on people in the United States who are linked, even if indirectly, to suspected terrorists through the chain of phone numbers and e-mail addresses, according to several officials who know of the operation. Under the special program, the agency monitors their international communications, the officials said. The agency, for example, can target phone calls from someone in New York to someone in Afghanistan. Warrants are still required for eavesdropping on entirely domestic-to-domestic communications, those officials say, meaning that calls from that New Yorker to someone in California could not be monitored without first going to the Federal Intelligence Surveillance Court. A White House Briefing After the special program started, Congressional leaders from both political parties were brought to Vice President Dick Cheney's office in the White House. The leaders, who included the chairmen and ranking members of the Senate and House intelligence committees, learned of the N.S.A. operation from Mr. Cheney, Lt. Gen. Michael V. Hayden of the Air Force, who was then the agency's director and is now a full general and the principal deputy director of national intelligence, and George J. Tenet, then the director of the C.I.A., officials said. It is not clear how much the members of Congress were told about the presidential order and the eavesdropping program. Some of them declined to comment about the matter, while others did not return phone calls. Later briefings were held for members of Congress as they assumed leadership roles on the intelligence committees, officials familiar with the program said. After a 2003 briefing, Senator Rockefeller, the West Virginia Democrat who became vice chairman of the Senate Intelligence Committee that year, wrote a letter to Mr. Cheney expressing concerns about the program, officials knowledgeable about the letter said. It could not be determined if he received a reply. Mr. Rockefeller declined to comment. Aside from the Congressional leaders, only a small group of people, including several cabinet members and officials at the N.S.A., the C.I.A. and the Justice Department, know of the program. Some officials familiar with it say they consider warrantless eavesdropping inside the United States to be unlawful and possibly unconstitutional, amounting to an improper search. One government official involved in the operation said he privately complained to a Congressional official about his doubts about the program's legality. But nothing came of his inquiry. "People just looked the other way because they didn't want to know what was going on," he said. A senior government official recalled that he was taken aback when he first learned of the operation. "My first reaction was, 'We're doing what?' " he said. While he said he eventually felt that adequate safeguards were put in place, he added that questions about the program's legitimacy were understandable. Some of those who object to the operation argue that is unnecessary. By getting warrants through the foreign intelligence court, the N.S.A. and F.B.I. could eavesdrop on people inside the United States who might be tied to terrorist groups without skirting longstanding rules, they say. The standard of proof required to obtain a warrant from the Foreign Intelligence Surveillance Court is generally considered lower than that required for a criminal warrant - intelligence officials only have to show probable cause that someone may be "an agent of a foreign power," which includes international terrorist groups - and the secret court has turned down only a small number of requests over the years. In 2004, according to the Justice Department, 1,754 warrants were approved. And the Foreign Intelligence Surveillance Court can grant emergency approval for wiretaps within hours, officials say. Administration officials counter that they sometimes need to move more urgently, the officials said. Those involved in the program also said that the N.S.A.'s eavesdroppers might need to start monitoring large batches of numbers all at once, and that it would be impractical to seek permission from the Foreign Intelligence Surveillance Court first, according to the officials. The N.S.A. domestic spying operation has stirred such controversy among some national security officials in part because of the agency's cautious culture and longstanding rules. Widespread abuses - including eavesdropping on Vietnam War protesters and civil rights activists - by American intelligence agencies became public in the 1970's and led to passage of the Foreign Intelligence Surveillance Act, which imposed strict limits on intelligence gathering on American soil. Among other things, the law required search warrants, approved by the secret F.I.S.A. court, for wiretaps in national security cases. The agency, deeply scarred by the scandals, adopted additional rules that all but ended domestic spying on its part. After the Sept. 11 attacks, though, the United States intelligence community was criticized for being too risk-averse. The National Security Agency was even cited by the independent 9/11 Commission for adhering to self-imposed rules that were stricter than those set by federal law. Concerns and Revisions Several senior government officials say that when the special operation began, there were few controls on it and little formal oversight outside the N.S.A. The agency can choose its eavesdropping targets and does not have to seek approval from Justice Department or other Bush administration officials. Some agency officials wanted nothing to do with the program, apparently fearful of participating in an illegal operation, a former senior Bush administration official said. Before the 2004 election, the official said, some N.S.A. personnel worried that the program might come under scrutiny by Congressional or criminal investigators if Senator John Kerry, the Democratic nominee, was elected president. In mid-2004, concerns about the program expressed by national security officials, government lawyers and a judge prompted the Bush administration to suspend elements of the program and revamp it. For the first time, the Justice Department audited the N.S.A. program, several officials said. And to provide more guidance, the Justice Department and the agency expanded and refined a checklist to follow in deciding whether probable cause existed to start monitoring someone's communications, several officials said. A complaint from Judge Colleen Kollar-Kotelly, the federal judge who oversees the Federal Intelligence Surveillance Court, helped spur the suspension, officials said. The judge questioned whether information obtained under the N.S.A. program was being improperly used as the basis for F.I.S.A. wiretap warrant requests from the Justice Department, according to senior government officials. While not knowing all the details of the exchange, several government lawyers said there appeared to be concerns that the Justice Department, by trying to shield the existence of the N.S.A. program, was in danger of misleading the court about the origins of the information cited to justify the warrants. One official familiar with the episode said the judge insisted to Justice Department lawyers at one point that any material gathered under the special N.S.A. program not be used in seeking wiretap warrants from her court. Judge Kollar-Kotelly did not return calls for comment. A related issue arose in a case in which the F.B.I. was monitoring the communications of a terrorist suspect under a F.I.S.A.-approved warrant, even though the National Security Agency was already conducting warrantless eavesdropping. According to officials, F.B.I. surveillance of Mr. Faris, the Brooklyn Bridge plotter, was dropped for a short time because of technical problems. At the time, senior Justice Department officials worried what would happen if the N.S.A. picked up information that needed to be presented in court. The government would then either have to disclose the N.S.A. program or mislead a criminal court about how it had gotten the information. Several national security officials say the powers granted the N.S.A. by President Bush go far beyond the expanded counterterrorism powers granted by Congress under the USA Patriot Act, which is up for renewal. The House on Wednesday approved a plan to reauthorize crucial parts of the law. But final passage has been delayed under the threat of a Senate filibuster because of concerns from both parties over possible intrusions on Americans' civil liberties and privacy. Under the act, law enforcement and intelligence officials are still required to seek a F.I.S.A. warrant every time they want to eavesdrop within the United States. A recent agreement reached by Republican leaders and the Bush administration would modify the standard for F.B.I. wiretap warrants, requiring, for instance, a description of a specific target. Critics say the bar would remain too low to prevent abuses. Bush administration officials argue that the civil liberties concerns are unfounded, and they say pointedly that the Patriot Act has not freed the N.S.A. to target Americans. "Nothing could be further from the truth," wrote John Yoo, a former official in the Justice Department's Office of Legal Counsel, and his co-author in a Wall Street Journal opinion article in December 2003. Mr. Yoo worked on a classified legal opinion on the N.S.A.'s domestic eavesdropping program. At an April hearing on the Patriot Act renewal, Senator Barbara A. Mikulski, Democrat of Maryland, asked Attorney General Alberto R. Gonzales and Robert S. Mueller III, the director of the F.B.I., "Can the National Security Agency, the great electronic snooper, spy on the American people?" "Generally," Mr. Mueller said, "I would say generally, they are not allowed to spy or to gather information on American citizens." President Bush did not ask Congress to include provisions for the N.S.A. domestic surveillance program as part of the Patriot Act and has not sought any other laws to authorize the operation. Bush administration lawyers argued that such new laws were unnecessary, because they believed that the Congressional resolution on the campaign against terrorism provided ample authorization, officials said. The Legal Line Shifts Seeking Congressional approval was also viewed as politically risky because the proposal would be certain to face intense opposition on civil liberties grounds. The administration also feared that by publicly disclosing the existence of the operation, its usefulness in tracking terrorists would end, officials said. The legal opinions that support the N.S.A. operation remain classified, but they appear to have followed private discussions among senior administration lawyers and other officials about the need to pursue aggressive strategies that once may have been seen as crossing a legal line, according to senior officials who participated in the discussions. For example, just days after the Sept. 11, 2001, attacks on New York and the Pentagon, Mr. Yoo, the Justice Department lawyer, wrote an internal memorandum that argued that the government might use "electronic surveillance techniques and equipment that are more powerful and sophisticated than those available to law enforcement agencies in order to intercept telephonic communications and observe the movement of persons but without obtaining warrants for such uses." Mr. Yoo noted that while such actions could raise constitutional issues, in the face of devastating terrorist attacks "the government may be justified in taking measures which in less troubled conditions could be seen as infringements of individual liberties." The next year, Justice Department lawyers disclosed their thinking on the issue of warrantless wiretaps in national security cases in a little-noticed brief in an unrelated court case. In that 2002 brief, the government said that "the Constitution vests in the President inherent authority to conduct warrantless intelligence surveillance (electronic or otherwise) of foreign powers or their agents, and Congress cannot by statute extinguish that constitutional authority." Administration officials were also encouraged by a November 2002 appeals court decision in an unrelated matter. The decision by the Foreign Intelligence Surveillance Court of Review, which sided with the administration in dismantling a bureaucratic "wall" limiting cooperation between prosecutors and intelligence officers, cited "the president's inherent constitutional authority to conduct warrantless foreign intelligence surveillance." But the same court suggested that national security interests should not be grounds "to jettison the Fourth Amendment requirements" protecting the rights of Americans against undue searches. The dividing line, the court acknowledged, "is a very difficult one to administer." Barclay Walsh contributed research for this article. from the New York Times, 2005-Dec-16, by David Stout: Supporters of Patriot Act Suffer a Stinging Defeat in Senate WASHINGTON - Supporters of the broad anti-terrorism law known as the USA Patriot Act suffered a stinging defeat in the Senate today, falling well short of the 60 votes needed to bring the act to a final vote and leaving it in limbo for the moment. After an emotional debate about the balance between national security and personal liberties and the very character of the republic, the Senate voted, 52 to 47, to end debate and take a yes-or-no vote on the law itself. But since 60 votes are required under Senate rules to end debate, the Patriot Act was left hanging. The House of Representatives voted, 251 to 174, last week in favor of the latest version of the bill, which had been worked out in negotiations between the two chambers. The Senate action today leaves the bill up in the air and due to expire on Dec. 31. President Bush and House Republican leaders had pushed hard for the bill and had spoken strongly against any further compromises. But no one would be surprised if yet another round of talks is undertaken to avoid the prospect of the lawmakers going home for Christmas and allowing the statute to lapse. Today's Senate debate and vote reflected deep divisions that cut across party lines in ways rarely seen. For instance, Senator Larry Craig, a conservative Republican from Idaho who would be expected to support President Bush on most issues, opposes the present form of the Patriot Act. "Of all that we do this year that is lasting beyond tomorrow," Mr. Craig said, the decision on the Patriot Act is the most important. Senator Bill Frist of Tennessee, the Republican majority leader, unsuccessfully pushed for the vote to end debate and move to the bill itself. "Advance or retreat" in the war on terrorism, he said. "It's as simple as that." Another supporter of the bill, Senator Jon Kyl, Republican of Arizona, asserted that if the Patriot Act had been in place before Sept. 11, 2001, the attacks might never have happened. And should another attack occur before the law is reauthorized, "We will have to answer for that," he said. Supporters of the bill, enacted only days after the Sept. 11 attacks, have called it a vital tool for law enforcement in this new age of terrorism. Its opponents have said it infringes too much on personal liberties - too easily allowing wiretaps and surveillance of library records, for instance - in ways that will not enhance national security. The measure that was passed in the House but stalled in the Senate today would make permanent 14 of 16 provisions that are set to expire at year's end, while putting in place additional judicial oversight and safeguards against abuse. Critics of the bill, who insist it does not go far enough to protect individual freedom and privacy, have called for extending the present bill for three months to allow further refinements. But House Republican leaders have so far resisted a three-month extension, as have Mr. Frist and the White House. President Bush "is not interested in signing any short-term renewal," the president's chief spokesman, Scott McClellan, said after the vote. "We urge them to get this done now and pass that legislation." Senator Arlen Specter of Pennsylvania, the Republican who heads the Senate Judiciary Committee, urged the Senate to vote on the act today. He called it "a balanced bill" that does not have all the civil liberties protections he wanted but one that is, nevertheless, acceptable and would give "important tools to law enforcement, in a balanced way." Senator Patrick J. Leahy of Vermont, the ranking Democrat on the panel, urged rejection of the bill in its present form. Yes, he said, there is a threat from terrorism, but "the threat to civil liberties is also very real in America today." Several senators held up copies of The New York Times, which reported today that President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity, but without court-approved warrants ordinarily required for such surveillance. Senator Charles E. Schumer, Democrat of New York, called the disclosure "shocking" and said it had impelled him to vote "no" today. Senator Edward M. Kennedy, Democrat of Massachusetts, said the disclosure showed that "this administration feels it's above the law," and that "we cannot protect our borders if we do not protect our ideals." And Senator Russell D. Feingold. Democrat of Wisconsin and the only senator to vote against the Patriot Act four years ago, said the disclosure of domestic spying "should send a chill down the spine of every senator and every American." Only two Democrats, Senators Ben Nelson of Nebraska and Tim Johnson of South Dakota, voted to end debate - that is, in favor of the bill. Several Republican senators voted against ending debate - in other words, against the bill. They were Mr. Craig, John Sununu of New Hampshire, Chuck Hagel of Nebraska and Lisa Murkowski of Alaska. Mr. Frist also voted "no" in the end, but in a purely parliamentary maneuver to allow him to try to bring up the bill again. Thus, the Patriot Act was actually seven votes short of the 60 needed to end debate today. from the Washington Post, 2005-Dec-22, p.A1, by Carol D. Leonnig and Dafna Linzer: Judges on Surveillance Court To Be Briefed on Spy Program The presiding judge of a secret court that oversees government surveillance in espionage and terrorism cases is arranging a classified briefing for her fellow judges to address their concerns about the legality of President Bush's domestic spying program, according to several intelligence and government sources. Several members of the Foreign Intelligence Surveillance Court said in interviews that they want to know why the administration believed secretly listening in on telephone calls and reading e-mails of U.S. citizens without court authorization was legal. Some of the judges said they are particularly concerned that information gleaned from the president's eavesdropping program may have been improperly used to gain authorized wiretaps from their court. "The questions are obvious," said U.S. District Judge Dee Benson of Utah. "What have you been doing, and how might it affect the reliability and credibility of the information we're getting in our court?" Such comments underscored the continuing questions among judges about the program, which most of them learned about when it was disclosed last week by the New York Times. On Monday, one of 10 FISA judges, federal Judge James Robertson, submitted his resignation -- in protest of the president's action, according to two sources familiar with his decision. He will maintain his position on the U.S. District Court here. Other judges contacted yesterday said they do not plan to resign but are seeking more information about the president's initiative. Presiding Judge Colleen Kollar- Kotelly, who also sits on the U.S. District Court for the District of Columbia, told fellow FISA court members by e-mail Monday that she is arranging for them to convene in Washington, preferably early next month, for a secret briefing on the program, several judges confirmed yesterday. Two intelligence sources familiar with the plan said Kollar-Kotelly expects top- ranking officials from the National Security Agency and the Justice Department to outline the classified program to the members. The judges could, depending on their level of satisfaction with the answers, demand that the Justice Department produce proof that previous wiretaps were not tainted, according to government officials knowledgeable about the FISA court. Warrants obtained through secret surveillance could be thrown into question. One judge, speaking on the condition of anonymity, also said members could suggest disbanding the court in light of the president's suggestion that he has the power to bypass the court. The highly classified FISA court was set up in the 1970s to authorize secret surveillance of espionage and terrorism suspects within the United States. Under the law setting up the court, the Justice Department must show probable cause that its targets are foreign governments or their agents. The FISA law does include emergency provisions that allow warrantless eavesdropping for up to 72 hours if the attorney general certifies there is no other way to get the information. Still, Bush and his advisers have said they need to operate outside the FISA system in order to move quickly against suspected terrorists. In explaining the program, Bush has made the distinction between detecting threats and plots and monitoring likely, known targets, as FISA would allow. Bush administration officials believe it is not possible, in a large-scale eavesdropping effort, to provide the kind of evidence the court requires to approve a warrant. Sources knowledgeable about the program said there is no way to secure a FISA warrant when the goal is to listen in on a vast array of communications in the hopes of finding something that sounds suspicious. Attorney General Alberto R. Gonzales said the White House had tried but failed to find a way. One government official, who spoke on the condition of anonymity, said the administration complained bitterly that the FISA process demanded too much: to name a target and give a reason to spy on it. "For FISA, they had to put down a written justification for the wiretap," said the official. "They couldn't dream one up." The NSA program, and the technology on which it is based, makes it impossible to meet that criterion because the program is designed to intercept selected conversations in real time from among an enormous number relayed at any moment through satellites. "There is a difference between detecting, so we can prevent, and monitoring. And it's important to note the distinction between the two," Bush said Monday. But he added: "If there is a need based upon evidence, we will take that evidence to a court in order to be able to monitor calls within the United States." The American Civil Liberties Union formally requested yesterday that Gonzales appoint an outside special counsel to investigate and prosecute any criminal acts and violations of laws as a result of the spying effort. Also yesterday, John D. Negroponte, Bush's director of national intelligence, sent an e-mail to the entire intelligence community defending the program. The politically tinged memo referred to the disclosure as "egregious" and called the program a vital, constitutionally valid tool in the war against al Qaeda. Benson said it is too soon for him to judge whether the surveillance program was legal until he hears directly from the government. "I need to know more about it to decide whether it was so distasteful," Benson said. "But I wonder: If you've got us here, why didn't you go through us? They've said it's faster [to bypass FISA], but they have emergency authority under FISA, so I don't know." As it launched the dramatic change in domestic surveillance policy, the administration chose to secretly brief only the presiding FISA court judges about it. Officials first advised U.S. District Judge Royce C. Lamberth, the head of FISA in the fall of 2001, and then Kollar-Kotelly, who replaced him in that position in May 2002. U.S. District Judge George Kazen of the Southern District of Texas said in an interview yesterday that his information about the program has been largely limited to press accounts over the past several days. "Why didn't it go through FISA," Kazen asked. "I think those are valid questions. The president at first said he didn't want to talk about it. Now he says, 'You're darn right I did it, and it's completely legal.' I gather he's got lawyers telling him this is legal. I want to hear those arguments." Judge Michael J. Davis of Minnesota said he, too, wants to be sure the secret program did not produce unreliable or legally suspect information that was then used to obtain FISA warrants. "I share the other judges' concerns," he said. But Judge Malcolm Howard of eastern North Carolina said he tends to think the terrorist threat to the United States is so grave that the president should use every tool available and every ounce of executive power to combat it. "I am not overly concerned" about the surveillance program, he said, but "I would welcome hearing more specifics." Researcher Julie Tate contributed to this report. from the Washington Post, 2005-Oct-19, p.D1, by Mike Musgrove: Sleuths Crack Tracking Code Discovered in Color Printers It sounds like a conspiracy theory, but it isn't. The pages coming out of your color printer may contain hidden information that could be used to track you down if you ever cross the U.S. government. Last year, an article in PC World magazine pointed out that printouts from many color laser printers contained yellow dots scattered across the page, viewable only with a special kind of flashlight. The article quoted a senior researcher at Xerox Corp. as saying the dots contain information useful to law-enforcement authorities, a secret digital "license tag" for tracking down criminals. The content of the coded information was supposed to be a secret, available only to agencies looking for counterfeiters who use color printers. Now, the secret is out. Yesterday, the Electronic Frontier Foundation, a San Francisco consumer privacy group, said it had cracked the code used in a widely used line of Xerox printers, an invisible bar code of sorts that contains the serial number of the printer as well as the date and time a document was printed. With the Xerox printers, the information appears as a pattern of yellow dots, each only a millimeter wide and visible only with a magnifying glass and a blue light. The EFF said it has identified similar coding on pages printed from nearly every major printer manufacturer, including Hewlett-Packard Co., though its team has so far cracked the codes for only one type of Xerox printer. The U.S. Secret Service acknowledged yesterday that the markings, which are not visible to the human eye, are there, but it played down the use for invading privacy. "It's strictly a countermeasure to prevent illegal activity specific to counterfeiting," agency spokesman Eric Zahren said. "It's to protect our currency and to protect people's hard-earned money." It's unclear whether the yellow-dot codes have ever been used to make an arrest. And no one would say how long the codes have been in use. But Seth Schoen, the EFF technologist who led the organization's research, said he had seen the coding on documents produced by printers that were at least 10 years old. "It seems like someone in the government has managed to have a lot of influence in printing technology," he said. Xerox spokesman Bill McKee confirmed the existence of the hidden codes, but he said the company was simply assisting an agency that asked for help. McKee said the program was part of a cooperation with government agencies, competing manufacturers and a "consortium of banks," but would not provide further details. HP said in a statement that it is involved in anti-counterfeiting measures and supports the cooperation between the printer industry and those who are working to reduce counterfeiting. Schoen said that the existence of the encoded information could be a threat to people who live in repressive governments or those who have a legitimate need for privacy. It reminds him, he said, of a program the Soviet Union once had in place to record sample typewriter printouts in hopes of tracking the origins of underground, self-published literature. "It's disturbing that something on this scale, with so many privacy implications, happened with such a tiny amount of publicity," Schoen said. And it's not as if the information is encrypted in a highly secure fashion, Schoen said. The EFF spent months collecting samples from printers around the world and then handed them off to an intern, who came back with the results in about a week. "We were able to break this code very rapidly," Schoen said. from the New York Times, 2005-Oct-23, by Sam Dillon and Stephen Labaton: Colleges Protest Call to Upgrade Online Systems The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications. The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers. Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues. The order, issued by the Federal Communications Commission in August and first published in the Federal Register last week, extends the provisions of a 1994 wiretap law not only to universities, but also to libraries, airports providing wireless service and commercial Internet access providers. It also applies to municipalities that provide Internet access to residents, be they rural towns or cities like Philadelphia and San Francisco, which have plans to build their own Net access networks. So far, however, universities have been most vocal in their opposition. The 1994 law, the Communications Assistance for Law Enforcement Act, requires telephone carriers to engineer their switching systems at their own cost so that federal agents can obtain easy surveillance access. Recognizing the growth of Internet-based telephone and other communications, the order requires that organizations like universities providing Internet access also comply with the law by spring 2007. The Justice Department requested the order last year, saying that new technologies like telephone service over the Internet were endangering law enforcement's ability to conduct wiretaps "in their fight against criminals, terrorists and spies." Justice Department officials, who declined to comment for this article, said in their written comments filed with the Federal Communications Commission that the new requirements were necessary to keep the 1994 law "viable in the face of the monumental shift of the telecommunications industry" and to enable law enforcement to "accomplish its mission in the face of rapidly advancing technology." The F.C.C. says it is considering whether to exempt educational institutions from some of the law's provisions, but it has not granted an extension for compliance. Lawyers for the American Council on Education, the nation's largest association of universities and colleges, are preparing to appeal the order before the United States Court of Appeals for the District of Columbia Circuit, Terry W. Hartle, a senior vice president of the council, said Friday. The Center for Democracy and Technology, a nonprofit civil liberties group, has enlisted plaintiffs for a separate legal challenge, focusing on objections to government control over how organizations, including hundreds of private technology companies, design Internet systems, James X. Dempsey, the center's executive director, said Friday. The universities do not question the government's right to use wiretaps to monitor terrorism or criminal suspects on college campuses, Mr. Hartle said, only the order's rapid timetable for compliance and extraordinary cost. Technology experts retained by the schools estimated that it could cost universities at least $7 billion just to buy the Internet switches and routers necessary for compliance. That figure does not include installation or the costs of hiring and training staff to oversee the sophisticated circuitry around the clock, as the law requires, the experts said. "This is the mother of all unfunded mandates," Mr. Hartle said. Even the lowest estimates of compliance costs would, on average, increase annual tuition at most American universities by some $450, at a time when rising education costs are already a sore point with parents and members of Congress, Mr. Hartle said. At , for instance, the order would require the installation of thousands of new devices in more than 100 buildings around Manhattan, be they small switches in a wiring closet or large aggregation routers that pull data together from many sites and send it over the Internet, said Doug Carlson, the university's executive director of communications and computing services. "Back of the envelope, this would cost us many millions of dollars," Mr. Carlson said. F.C.C. officials declined to comment publicly, citing their continuing review of possible exemptions to the order. Some government officials said they did not view compliance as overly costly for colleges because the order did not require surveillance of networks that permit students and faculty to communicate only among themselves, like intranet services. They also said the schools would be required to make their networks accessible to law enforcement only at the point where those networks connect to the outside world. Educause, a nonprofit association of universities and other groups that has hired lawyers to prepare its own legal challenge, informed its members of the order in a Sept. 29 letter signed by Mark A. Luker, an Educause vice president. Mr. Luker advised universities to begin planning how to comply with the order, which university officials described as an extraordinary technological challenge. Unlike telephone service, which sends a steady electronic voice stream over a wire, the transmission of e-mail and other information on the Internet sends out data packets that are disassembled on one end of a conversation and reassembled on the other. Universities provide hundreds of potential Internet access sites, including lounges and other areas that offer wireless service and Internet jacks in libraries, dorms, classrooms and laboratories, often dispersed through scores of buildings. If law enforcement officials obtain a court order to monitor the Internet communications of someone at a university, the current approach is to work quietly with campus officials to single out specific sites and install the equipment needed to carry out the surveillance. This low-tech approach has worked well in the past, officials at several campuses said. But the federal law would apply a high-tech approach, enabling law enforcement to monitor communications at campuses from remote locations at the turn of a switch. It would require universities to re-engineer their networks so that every Net access point would send all communications not directly onto the Internet, but first to a network operations center where the data packets could be stitched together into a single package for delivery to law enforcement, university officials said. Albert Gidari Jr., a Seattle lawyer at the firm Perkins Coie who is representing Educause, said he and other representatives of universities had been negotiating with lawyers and technology officials from the Federal Bureau of Investigation, the Department of Homeland Security and other agencies since the spring about issues including what technical requirements universities would need to meet to comply with the law. "This is a fight over whether a Buick is good enough, or do you need a Lexus?" Mr. Gidari said. "The F.B.I. is the lead agency, and they are insisting on the Lexus." Law enforcement has only infrequently requested to monitor Internet communications anywhere, much less on university campuses or libraries, according to the Center for Democracy and Technology. In 2003, only 12 of the 1,442 state and federal wiretap orders were issued for computer communications, and the F.B.I. never argued that it had difficulty executing any of those 12 wiretaps, the center said. "We keep asking the F.B.I., What is the problem you're trying to solve?" Mr. Dempsey said. "And they have never showed any problem with any university or any for-profit Internet access provider. The F.B.I. must demonstrate precisely why it wants to impose such an enormously disruptive and expensive burden." Larry D. Conrad, the chief information officer at Florida State University, where more than 140 buildings are equipped for Internet access, said there were easy ways to set up Internet wiretaps. "But the wild-eyed fear I have," Mr. Conrad said, "is that the government will rule that this all has to be automatic, anytime, which would mean I'd have to re- architect our entire campus network." He continued, "It seems like overkill to make all these institutions spend this huge amount of money for a just-in-case kind of scenario." The University of Illinois says it is worried about the order because it is in the second year of a $20 million upgrade of its campus network. Peter Siegel, the university's chief information officer, estimated that the new rules would require the university to buy 2,100 new devices, at a cost of an additional $13 million, to replace equipment that is brand new. "It's like you buy a new car, and then the E.P.A. says you have to buy a new car again," Mr. Siegel said. "You'd say, 'Gee, could I just buy a new muffler?' " from the Washington Post, 2005-Oct-25, p.A1, by Dan Eggen: FBI Papers Indicate Intelligence Violations Secret Surveillance Lacked Oversight The FBI has conducted clandestine surveillance on some U.S. residents for as long as 18 months at a time without proper paperwork or oversight, according to previously classified documents to be released today. Records turned over as part of a Freedom of Information Act lawsuit also indicate that the FBI has investigated hundreds of potential violations related to its use of secret surveillance operations, which have been stepped up dramatically since the Sept. 11, 2001, attacks but are largely hidden from public view. In one case, FBI agents kept an unidentified target under surveillance for at least five years -- including more than 15 months without notifying Justice Department lawyers after the subject had moved from New York to Detroit. An FBI investigation concluded that the delay was a violation of Justice guidelines and prevented the department "from exercising its responsibility for oversight and approval of an ongoing foreign counterintelligence investigation of a U.S. person." In other cases, agents obtained e-mails after a warrant expired, seized bank records without proper authority and conducted an improper "unconsented physical search," according to the documents. Although heavily censored, the documents provide a rare glimpse into the world of domestic spying, which is governed by a secret court and overseen by a presidential board that does not publicize its deliberations. The records are also emerging as the House and Senate battle over whether to put new restrictions on the controversial USA Patriot Act, which made it easier for the government to conduct secret searches and surveillance but has come under attack from civil liberties groups. The records were provided to The Washington Post by the Electronic Privacy Information Center, an advocacy group that has sued the Justice Department for records relating to the Patriot Act. David Sobel, EPIC's general counsel, said the new documents raise questions about the extent of possible misconduct in counterintelligence investigations and underscore the need for greater congressional oversight of clandestine surveillance within the United States. "We're seeing what might be the tip of the iceberg at the FBI and across the intelligence community," Sobel said. "It indicates that the existing mechanisms do not appear adequate to prevent abuses or to ensure the public that abuses that are identified are treated seriously and remedied." FBI officials disagreed, saying that none of the cases have involved major violations and most amount to administrative errors. The officials also said that any information obtained from improper searches or eavesdropping is quarantined and eventually destroyed. "Every investigator wants to make sure that their investigation is handled appropriately, because they're not going to be allowed to keep information that they didn't have the proper authority to obtain," said one senior FBI official, who declined to be identified by name because of the ongoing litigation. "But that is a relatively uncommon occurrence. The vast majority of the potential [violations] reported have to do with administrative timelines and time frames for renewing orders." The documents provided to EPIC focus on 13 cases from 2002 to 2004 that were referred to the Intelligence Oversight Board, an arm of the President's Foreign Intelligence Advisory Board that is charged with examining violations of the laws and directives governing clandestine surveillance. Case numbers on the documents indicate that a minimum of 287 potential violations were identified by the FBI during those three years, but the actual number is certainly higher because the records are incomplete. FBI officials declined to say how many alleged violations they have identified or how many were found to be serious enough to refer to the oversight board. Catherine Lotrionte, the presidential board's counsel, said most of its work is classified and covered by executive privilege. The board's investigations range from "technical violations to more substantive violations of statutes or executive orders," Lotrionte said. Most such cases involve powers granted under the Foreign Intelligence Surveillance Act, which governs the use of secret warrants, wiretaps and other methods as part of investigations of agents of foreign powers or terrorist groups. The threshold for such surveillance is lower than for traditional criminal warrants. More than 1,700 new cases were opened by the court last year, according to an administration report to Congress. In several of the cases outlined in the documents released to EPIC, FBI agents failed to file annual updates on ongoing surveillance, which are required by Justice Department guidelines and presidential directives, and which allow Justice lawyers to monitor the progress of a case. Others included a violation of bank privacy statutes and an improper physical search, though the details of the transgressions are edited out. At least two others involve e-mails that were improperly collected after the authority to do so had expired. Some of the case details provide a rare peek into the world of FBI counterintelligence. In 2002, for example, the Pittsburgh field office opened a preliminary inquiry on a person to "determine his/her suitability as an asset for foreign counterintelligence matters" -- in other words, to become an informant. The violation occurred when the agent failed to extend the inquiry while maintaining contact with the potential asset, the documents show. The FBI general counsel's office oversees investigations of alleged misconduct in counterintelligence probes, deciding whether the violation is serious enough to be reported to the oversight board and to personnel departments within Justice and the FBI. The senior FBI official said those cases not referred to the oversight board generally involve missed deadlines of 30 days or fewer with no potential infringement of the civil rights of U.S. persons, who are defined as either citizens or legal U.S. resident aliens. "The FBI and the people who work in the FBI are very cognizant of the fact that people are watching us to make sure we're doing the right thing," the senior FBI official said. "We also want to do the right thing. We have set up procedures to do the right thing." But in a letter to be sent today to the Senate Judiciary Committee, Sobel and other EPIC officials argue that the documents show how little Congress and the public know about the use of clandestine surveillance by the FBI and other agencies. The group advocates legislation requiring the attorney general to report violations to the Senate. The documents, EPIC writes, "suggest that there may be at least thirteen instances of unlawful intelligence investigations that were never disclosed to Congress." from TheInquirer.net, 2005-Dec-25, by Wendy M. Grossman: Copyrighting data retention YOU KNOW, a smart person wanting an unpopular policy ? like, oh, say, to pick something at random, data retention -- would wait until the policy had been enacted into law before pressing for even more unpopular amendments. The policy is data retention, and the amendment is to make retained data available to combat copyright infringement. Or, in the precise words of a cover note discussing the directive, "The retention of traffic data can also be important to combat organised crime in the area of intellectual copyright infringements," a point the directive credits to a letter the Creative and Media Business Aliiance sent in July 2005. On Wednesday, CMBA sent a letter to all MEPs making the same request, according to the new , a sort of UK spinoff of the Electronic Frontier Foundation. This is not, of course, what data retention was supposed to be for. Nowhere in any of the years of discussions before has there been a suggestion that EU governments should put in place an infrastructure to serve copyright interests. It is a perfect example of what privacy advocates like to call "function creep": systems put in place for one avowed purpose tend to spread into all sorts of uses for which they were never intended. The typical example is the US Social Security Number, which began life as a way of identifying people for the purpose of receiving state benefits, and is now required for everything from going to school as a five-year-old to getting a driver's licence. Even if you support data retention on the grounds that it will help security services protect us against terorrism, do you really want the data to be handed over to a small group of multinational businesses to help them protect their fading business model? Will you feel better if I tell you that one of the proposed amendments to the draft directive wants to take out the language that would limit the use of the data to "serious" crimes? It's all going to be decided in the next two weeks. The discussions had been meandering along for years, as these things do, when the July 7 London bomb attacks happened. The UK had just assumed the EU presidency, and therefore the UK's Home Secretary, Charles Clarke, made a strong anti-terrorism pitch, with data retention as one of the priorities. The UK will be succeeded in the presidency on December 24 by Austria, and then in June by Finland. Had it been Ireland or Italy, the only two countries that have actually enacted their own data retention rules, the UK might be in less of a hurry. But with things as they are, this directive is being rushed through so hastily that it's only getting one reading, instead of the usual two. The final vote in the plenary of the European Parliament is on December 13. If you want to say anything, write to your MEP now. Note that this is a nice example of what Gus Hosein, a Visiting Fellow at the LSE, likes to call "policy laundering": having failed to gain agreement on data retention in the UK itself, the British government is trying to push it through in Europe, so that then they can come back to the UK and say, "Have to pass it. European law." To review briefly the story so far: the data to be retained is traffic data, not content: telephone calling records, email headers, base Web site addresses (though not complete URLs of inner pages). The retainers of that data will be Internet service providers, telephone companies, mobile network operators, and so on. Traffic data is far more privacy-invasive and revealing than many people realize: who you call or email, how often, and at what times of day can be more revealing than the actual contents of the messages. (What tells you more about a relationship? The fact that two people email each other every night at 2am, or an intercepted message whose content says, "Where are the car keys?") ISPs and telcos hate these proposals. Paying to put systems in place to store the data and comply not only with the data retention rules but also the data protection laws contributes nothing to the bottom line of an ISP ? and it consumes resources which then are not available to put towards other opportunities. Making things more complicated is the process by which legislation is enacted in the EU, which most people don't understand and few national media follow in any detail. Only the European Parliament plenary can make a law. But because no one can be an expert on everything, the actual language and provisions of new laws are hashed out in one or more committees, and the plenary vote usually follows these committees' lead. The vote this week was by the civil liberties committee, which voted yesterday 33 to eight to limit data retention to 12 months. The next vote will be in the EU Council, which is known to want more than that: longer term of storage and more data, including failed call attempts. The twist in the tail, according to the Open Rights Group, is the upcoming IPRED2 legislation (PDF), which turns "all intentional infringements of an IP right on a commercial scale" into a criminal offense. So: there you have it. The perfect framework for the Copyright State. Is that what you voted for? from the Washington Post, 2005-Nov-13, p.B1, by David A. Vise: What Lurks in Its Soul? The soul of the Google machine is a passion for disruptive innovation. Powered by brilliant engineers, mathematicians and technological visionaries, Google ferociously pushes the limits of everything it undertakes. The company's DNA emanates from its youthful founders, Sergey Brin and Larry Page, who operate with "a healthy disregard for the impossible," as Page likes to say. Their goal: to organize all of the world's information and make it universally accessible, whatever the consequences. Google's colorful childlike logo, its whimsical appeal and its lightning-fast search results have made it the darling of information-hungry Internet users. Google has accomplished something rare in the hard-charging, mouse-eat-mouse environment that defines the high-tech world -- it has made itself charming. We like Google. We giggle at the "Google doodles," the playful decorations on its logo that appear on holidays or other special occasions. We eagerly sample the new online toys that Google rolls out every few months. But these friendly features belie Google's disdain for the status quo and its voracious appetite for aggressively pursuing initiatives to bring about radical change. Google is testing the boundaries in so many ways, and so purposefully, it's likely to wind up at the center of a variety of legal battles with landmark significance. Consider the wide-ranging implications of the activities now underway at the Googleplex, the company's campuslike headquarters in California's Silicon Valley. Google is compiling a genetic and biological database using the vast power of its search engines; scanning millions of books without traditional regard for copyright laws; tracing online searches to individual Internet users and storing them indefinitely; demanding cell phone numbers in exchange for free e-mail accounts (known as Gmail) as it begins to build the first global cell phone directory; saving Gmails forever on its own servers, making them a tempting target for law enforcement abuse; inserting ads for the first time in e-mails; making hundreds of thousands of cheap personal computers to serve as cogs in powerful global networks. Google has also created a new kind of work environment. It serves three free meals a day to its employees (known as Googlers) so that they can remain on- site and spend more time working. It provides them with free on-site medical and dental care and haircuts, as well as washers and dryers. It charters buses with wireless Web access between San Francisco and Silicon Valley so that employees can toil en route to the office. To encourage innovation, it gives employees one day a week -- known as 20 percent time -- to work on anything that interests them. To eliminate the distinction between work and play -- and keep the Googlers happily at the Googleplex -- they have volleyball, foosball, puzzles, games, rollerblading, colorful kitchens stocked with free drinks and snacks, bowls of M&Ms, lava lamps, vibrating massage chairs and a culture encouraging Googlers to bring their dogs to work. (No cats allowed.) The perks also include an on-site masseuse, and extravagant touch-pad-controlled toilets with six levels of heat for the seat and automated washing, drying and flushing without the need for toilet paper. Meanwhile, the Googlers spend countless hours tweaking Google's hardware and software to reliably deliver search results in a fraction of a second. Few Google users realize, however, that every search ends up as a part of Google's huge database, where the company collects data on you, based on the searches you conduct and the Web sites you visit through Google. The company maintains that it does this to serve you better, and deliver ads and search results more closely targeted to your interests. But the fact remains: Google knows a lot more about you than you know about Google. If these were the actions of some obscure company, maybe none of this would matter much. But these are the practices of an enterprise whose search engine is so ubiquitous it has become synonymous with the Internet itself for millions of computer users. And if the Google Guys have their way, their presence will only grow. Brin and Page see Google (its motto: "Don't Be Evil") as a populist force for good that empowers individuals to find information fast about anything and everything. Part of Google's success has to do with the network of more than 100,000 cheap personal computers it has built and deployed in its own data centers around the world. Google constantly adds new computers to its network, making it a prolific PC assembler and manufacturer in its own right. "We are like Dell," quipped Peter Norvig, Google's chief of search quality. The highly specialized world of technology breaks down these days into companies that do either hardware or software. Google's tech wizards have figured out how to do both well. "They run the largest computer system in the world," said John Hennessy, a member of Google's board of directors, a computer scientist and president of Stanford University. "I don't think there is even anything close." Google doesn't need all that computer power to help us search for the best Italian restaurant in Northern Virginia. It has grander plans. The company is quietly working with maverick biologist Craig Venter and others on groundbreaking genetic and biological research. Google's immense capacity and turbo-charged search technology, it turns out, appears to be an ideal match for the large amount of data contained in the human genome. Venter and others say that the search engine has the ability to deal with so many variables at once that its use could lead to the discovery of new medicines or cures for diseases. Sergey Brin says searching all of the world's information includes examining the genetic makeup of our own bodies, and he foresees a day when each of us will be able to learn more about our own predisposition for various illnesses, allergies and other important biological predictors by comparing our personal genetic code with the human genome, a process known as "Googling Your Genes." "This is the ultimate intersection of technology and health that will empower millions of individuals," Venter said. "Helping people understand their own genetic code and statistical code is something that should be broadly available through a service like Google within a decade." Brin's partner has nurtured a different ambition. For years, Larry Page dreamed of tearing down the walls of libraries, and eliminating the barriers of geography, by making millions of books searchable by anybody in the world with an Internet connection. After Google began scanning thousands of library books to make them searchable online, book publishers and authors cried foul, filing lawsuits claiming copyright infringement. Many companies would have reached an amicable settlement. Not Google. Undaunted, Google fired back, saying copyright laws were meant to serve the public interest and didn't apply in the digital realm of search. Google's altruistic tone masked its savvy, hard-nosed business strategy -- more books online means more searches, more ads and more profits. Google recently began displaying some of these books online (print.google.com), and resumed scanning the contents of books from the collections of Harvard, Stanford, the University of Michigan, the New York Public Library and Oxford. But legal experts predict that the company's disruptive innovation will undoubtedly show up on the Supreme Court's docket one day. From Madison Avenue to Microsoft, Google's rapid-fire innovation and growing power pose a threat of one kind or another. Its ad-driven financial success has propelled its stock market value to $110 billion, more than the combined value of Disney, Ford, General Motors, Amazon.com and the media companies that own the New York Times, the Wall Street Journal and The Washington Post. Its simplified method of having advertisers sign up online, through a self-service option, threatens ad agencies and media buyers who traditionally have played that role. Its penchant for continuously releasing new products and services in beta, or test form, before they are perfected, has sent Microsoft reeling. Chairman Bill Gates recently warned employees in an internal memo of the challenges posed by such "disruptive" change. Microsoft also worries that Google is raiding the ranks of its best employees. That was threatening enough when Google operated exclusively in Silicon Valley. But it grew worse when Google opened an outpost in the suburbs of Seattle, just down the road from Microsoft headquarters, and aggressively started poaching. Microsoft finally sued Google for its hiring of Kai-Fu Lee, a senior technologist who once headed Microsoft's Chinese operations. Lee is now recruiting in Asia for Google, despite a court order upholding aspects of a non- compete clause that Lee signed while at Microsoft. Google's success is neither accidental nor ephemeral. Brin and Page -- the sons of college professors who introduced them to computing when they were toddlers -- met in 1995 at Stanford, where they were both Ph.D candidates in computer science and technology. They became inseparable and set out to do things their own way. Professors laughed at Page when he said one day that he was going to download the Internet so he could improve upon the primitive early search engines. Seven years ago, Google didn't exist in any form beyond a glimmer in the eyes of Brin and Page. Then in the fall of 1998, they took leaves of absence from Stanford, and moved their hardware into the garage and several rooms of a house in nearby Menlo Park. Armed primarily with the belief that they could build a better search engine, they have created a company unlike any other. With Brin and Page setting the tone, Google's distinctive DNA makes it an employer of choice for the world's smartest technologists because they feel empowered to change the world. And despite its growing head count of more than 4,000 employees worldwide, Google maintains the pace of innovation in ways contrary to other corporations by continuing to work in small teams of three to five, no matter how big the undertaking. Once Google went public and could no longer lure new engineers with the promise of lucrative stock options, Brin invented large multi-million-dollar stock awards for the small teams that come up with the most innovative ideas. A good example is Google's latest deal -- a far-reaching, complex partnership with NASA, unlike any agreement between a private firm and the space agency, to share data and resources and employees and identify ways to create new products and conduct searches together in space. Although NASA is a public entity, many of the details of the partnership remain hidden from public view. Despite all that has been achieved, Google remains in its infancy. Brin likes to compare the firm to a child who has completed first grade. He and Page gaze into a glittering globe in the Googleplex that shows billions of Google searches streaming in from around the world, and notice the areas that are dark. These are the places that have no Internet access. Quietly, they have been buying up the dark fiber necessary to build GoogleNet, and provide wireless Web access for free to millions or billions of computer userspotentially disruptive to phone and cable companies that now dominate the high-speed Internet field. Their reasoning is straightforward: If more people globally have Internet access, then more people will use Google. The more books and other information that they can translate into any language through an automated, math-based process they are developing now, the more compelling the Google experience will be for everyone, and the more wealth the company will have to invest in their vision. Supremely confident, the biggest risk that Brin, Page and Google face is that they will be unable to avoid the arrogance that typically accompanies extraordinary success. Amazon.com founder Jeff Bezos jokes that Brin and Page are so sure of themselves, they wouldn't hesitate to argue with a divine presence. But the fact remains that they are human beings, and inevitably, both they and Google will make mistakes. Unless any of these prove lethal, however, Google -- through its relentless focus on disruptive innovation -- appears likely to wreak havoc on established enterprises and principles for many years to come. David Vise is a Post business reporter and the co-author with Mark Malseed of "The Google Story," published this week by Random House. from the Wall Street Journal via OpinionJournal.com, 2005-May-10, by Brendan Miniter: Soak the Green Oregon mulls a new tax that environmentalists and privacy advocates will hate. As gas prices continue to top $2 a gallon, all those drivers of fuel-efficient cars may not have reason to gloat for much longer. Oregon is worried that too many Honda Insights and Toyota Priuses hitting the roads will rob it of the cash it expects out of its 24-cent-a-gallon tax. So the Beaver State is studying ways to ensure that "hybrid" car owners pay their "fair share" of taxes for the miles they drive. That means allowing the taxman to catch up to hybrid owners just as often as he catches up to gas guzzling SUV drivers. And if Oregon goes ahead, it won't be long before other states follow. Oregon won't complete its study until 2007. But it's already clear the state is looking to influence behavior in addition to raising revenue by implementing a "vehicle mileage tax." Under a VMT a motorist would pay a tax for each mile driven, probably around 1.25 cents. To administer this tax, a global positioning system would be mounted in each car. As a driver fuels up, the device would relay mileage information to the gas pump, which would calculate the VMT. A simple electronic odometer-reading device would do the trick, but Oregon is looking at GPS devices because they would also allow for charging higher VMT rates for miles driven in "congested" areas during rush hour or to exempt miles driven out of state.

This is bad news not just for enviro-friendly motorists but for anyone who cares about privacy and transparence in government. More than 200 years into our experiment of a government founded on liberty and more than 70 years after FDR's New Deal, it might seem that the issues surrounding individual liberty have already been well hashed out. But the digital age offers a fresh set of challenges for anyone interested in pushing back the encroaching hand of government. Those challenges involve much more than what we've seen in the controversy over the Patriot Act or the civil libertarians' privacy battles over the past several years. In terms of security, the public has openly debated the issues and has so far willingly traded a small amount of liberty--mostly at the airport--for the express purpose of catching terrorists. Of course, at some point, the government may overstep its bounds, which is why the public must remain vigilant. But on privacy issues unrelated to the war on terror, the government to fear is the one that has a reason to pry into individuals' lives. What Oregon is showing us is that taxes can provide a government with the rationale to amass and act on all sorts of personal information, including when and where you've driven. After all, it's hard to argue that Oregon doesn't need the money to repair the roads. And it's not just about taxing hybrid car owners or--as Virginia is now planning--charging commuters in certain toll lanes more if they don't carpool to work. Technology is making it easier for governments to have a pricing structure similar to that of airlines--where a passenger paying $300 sits next to and gets the same services as someone paying $1,200. But unlike in the travel industry, there's little competition and it's nearly impossible to decide to get off the plane. To some degree, this is the tax regime we have now. We can't opt out of it; and mortgage deductions, child tax credits and so forth have left middle-class Americans, who make similar amounts of money, paying vastly different amounts in taxes. Deducting taxes from paychecks began under FDR as a way to help finance fighting World War II. And in Europe technology that has allowed for better recordkeeping has also allowed governments to collect value-added taxes- -essentially, steep sales taxes embedded in the price of each item--and other fees that were never possible back in the days when taxes were much more visible. In the virtual world, the taxes are real but increasingly difficult to spot. Now we have to contend with efforts to charge sales taxes on the Internet and impose a value-added tax or a national sales tax in America. One outfit calling itself Americans for Fair Taxation is pushing to replace the income tax with a sales tax (although the group's leaders won't call it that). Their plan would impose a rate that approaches 30%, but would also offer rebates--checks mailed out every month--so that the tax wouldn't hurt those living in poverty. Such taxing schemes were once inconceivable for the practical reason that they could not be enforced. Now technology allows for their collection without many taxpayers ever realizing how much they are actually paying the government. Unlike the unpopular stamp taxes England once imposed on a wide array of documents in America (thus helping foment the Revolution), taxes in the digital age need not visible be at all. They can easily be imbedded in the cost of many of the items we buy. They can even be targeted to hit only a select group of individuals.

This is all something to keep in mind as Congress and President Bush turn to tax reform, perhaps as early as this summer. Whichever reform comes down the pike, one item to insist on is making permanent the Internet tax moratorium. A simple and fair tax code is a worthy goal. It's equally important, however, that the notion of "fairness" isn't allowed to morph into a rationale for using technology to target small groups of taxpayers who happen to have a little extra money lying around. The only way to ensure that taxes remain fair and relatively low is to spread the pain to as wide a cross section of the population as possible. Thanks to Oregon, perhaps this is something even the green community can now come to understand. Mr. Miniter is assistant editor of OpinionJournal.com. His column appears Tuesdays. from the Washington Post, 2005-Jul-23, p.A12, by Michael Powell and Michelle Garcia: New York's Subway Riders Face Bag Checks With Somber Tolerance Transit Authority Begins Random Inspections NEW YORK, July 22 -- Police began the arduous process of randomly searching a few of the thousands of bags that passengers carry onto the subways Friday, after New York became the first U.S. city to require such searches in the aftermath of new terrorist explosions in London. Mayor Michael R. Bloomberg said the baggage searches -- which will be extended to buses and suburban trains -- could continue for weeks, if not months. Seven million people ride the city's buses and subways each day, more than half the nation's daily mass transit riders. "Clearly, we'll do it for a little while. It's partially designed to make people feel comfortable . . . and keep the potential threat away," Bloomberg (R) said in his weekly radio show, as reported by the Associated Press. Washington Metro transit officials said they are keeping a close eye on the New York City experience and have not ruled out conducting such searches on the Metro in the future. But the magnitude of New York's task, the attempt to search even a relative handful of the tens of thousands of bags, backpacks, suitcases and even steamer trunks that New Yorkers carry into 468 subway stations, quickly became apparent. At Times Square and at Atlantic Avenue in Brooklyn (where Long Island commuters pour into the subways), vast rivers of commuters moved through turnstiles manned by a handful of uniformed police officers. Few of the subway passengers objected to the idea that an officer might buttonhole them and ask to peer into their bags. The congenitally contentious New Yorker of legend was a muted presence. Police said few riders refused the searches, and some even voluntarily gave their bags over for scrutiny. "I'd rather be watched and alive than dead with my privacy intact," Frank Majowicz, a businessman from Toms River, N.J., said as he hauled a shoulder bag off the Times Square shuttle. At the multiple-tiered Atlantic Avenue station in Brooklyn, Xavier Rodney toted a small black backpack past four National Guardsmen holding M-16 rifles. He wore an oversize Los Angeles Lakers jersey and long shorts, and he spoke of supporting the searches, in part because as a black man, he does not think he fits the profile of a terrorist. "I don't have anything to hide . . . I guess they stopped looking for gangbangers," he said. "If I was in the position of the people they are profiling, I'd feel differently." Police officials took pains Friday to describe the searches as entirely random, hoping to allay fears of racial profiling. "We are looking at backpack size or containers large enough to house explosives that we know have been used in these mass transit attacks," said Paul J. Browne, chief spokesman for the city police. "The protocol would be to pick the fifth backpack in each group of 10. If a Middle Eastern man is number four, he would not get checked." That failed to convince civil libertarians, who say the searches will be ineffective and play on the fears of New Yorkers who ride along 722 miles of track. The New York Civil Liberties Union has set up a complaint form on its Web site, and its attorneys said they are considering a lawsuit. Last year, the group successfully sued to prevent the police from searching the bags of people on their way to political demonstrations. "Our position is that the police should aggressively investigate anyone whom they suspect of bringing explosives into the system," said Christopher Dunn, associate legal director for the organization. "But police searches of subway riders without any suspicions are presumptively unconstitutional." At a mid-morning news conference, workers with the 38,000-strong Transport Workers Union attacked the system's security readiness, saying they had little training on handling the chaos that would come with a terrorist attack in the subway tunnels. They noted that city firefighters and police officers practice drills in the tunnels, but that motormen, conductors and track workers are not included. "As far as the training we got from the MTA, it's more human instinct," said subway operator Jermaine Johnson, who was stuck inside a tunnel when the East Coast experienced a blackout two years ago. "I had never evacuated. I just knew I wanted to get out of there." Current Metropolitan Transportation Authority policy dictates that transit workers call for help and wait at their posts. MTA officials responded that the union complaints were an attempt to build public support for future contract negotiations. They said in a written statement that all MTA employees are "trained in emergency aspects of their jobs" But many people entered the city's underground tunnels with a sense of unease on Friday. Kawar Mansy, 20, walked with her friend through the Atlantic Avenue station, both women wearing Muslim hijabs . They support the new security measures -- even as they worried about the inquiring eyes from commuters. "When I walk around, I don't feel safe," Mansy said. "You don't know what's going to happen." from UK, 2005-Sep-22, by David Mery: Suspicious behaviour on the tube A London underground station was evacuated and part of a main east-west line closed in a security alert on Thursday, three weeks after suicide bombers killed 52 people on the transport network, police said. (Reuters) This Reuters story was written while the police were detaining me in Southwark tube station and the bomb squad was checking my rucksack. When they were through, the two explosive specialists walked out of the tube station smiling and commenting: "Nice laptop." The officers offered apologies on behalf of the Metropolitan police. Then they arrested me. 7.10 pm: From my workplace in Southwark, south London, I arrange by text message to meet my girlfriend at Hanover Square. To save time - as I suppose - I decide to take the tube to Bond Street instead of my usual bus. I am wearing greenish Merrell shoes, black trousers, T-shirt, black Gap jumper, light rainproof Schott jacket and grey Top Shop cap. I am carrying a black rucksack I use as a workbag. 7.21 pm: I enter Southwark tube station, passing uniformed police by the entrance, and more police beyond the gate. I walk down to the platform, peering down at the steps as, thanks to a small eye infection, I'm wearing specs instead of my usual contact lenses. The next train is scheduled to arrive in a few minutes. As other people drift on to the platform, I sit down against the wall with my rucksack still on my back. I check for messages on my phone, then take out a printout of an article about Wikipedia from inside my jacket and begin to read. The train enters the station. Uniformed police officers appear on the platform and surround me. They must immediately notice my French accent, still strong after living more than 12 years in London. They handcuff me, hands behind my back, and take my rucksack out of my sight. They explain that this is for my safety, and that they are acting under the authority of the Terrorism Act. I am told that I am being stopped and searched because: • they found my behaviour suspicious from direct observation and then from watching me on the CCTV system; • I went into the station without looking at the police officers at the entrance or by the gates; • two other men entered the station at about the same time as me; • I am wearing a jacket "too warm for the season"; • I am carrying a bulky rucksack, and kept my rucksack with me at all times; • I looked at people coming on the platform; • I played with my phone and then took a paper from inside my jacket. They empty the contents of my pockets into two of their helmets, and search me, and loosen my belt. One or two trains arrive and depart, with people getting on and off. Then another train arrives and moves slowly through the station. The driver is told not to stop. After that, no more trains pass through the station. We move away from the platform into the emergency staircase. I sit down on the (dirty) steps. The police say they can't validate my address. I suggest they ask the security guard where I work, two streets away. We go up to the station doors, and I realise that the station is cordoned off. Two bomb squad officers pass by. One turns to me and says in a joking tone: "Nice laptop!" A police officer apologises on behalf of the Metropolitan police, and explains that we are waiting for a more senior officer to express further apologies. They take off the handcuffs and start giving me back my possessions: my purse, keys, some papers. Another police officer says that this is not proper. I am handcuffed again. A police van arrives and I am told that I will wait in the back. After about five minutes, a police officer formally arrests me. 8.53pm Arrested for suspicious behaviour and public nuisance, I am driven to Walworth police station. I am given a form about my rights. I make one correction to the police statement describing my detention: no train passed before I was stopped. I empty my pockets of the few things they had given me back at the tube station, and am searched again. My possessions are put in evidence bags. They take Polaroid photographs of me. A police officer fingerprints me and takes DNA swabs from each side of my mouth. 10:06pm I am allowed a call to my girlfriend. She is crying and keeps repeating: "I thought you were injured or had an accident, where were you, why didn't you call me back?" I explain I'm in a police station, my phone was taken and the police wouldn't allow me to call. She wants to come to the station. I ask her to stay at home as I don't know how long it will take. 10:30pm I am put into an individual police cell. A plainclothes officer tells me my flat will be searched under the Terrorism Act. I request that my girlfriend be called beforehand, so that she won't be too scared. I am asked for her phone number. I don't know it - it is stored in my phone - so I explain it is with the officer at the desk. I later find out that they don't call her. 12:25-1:26 am Three uniformed police officers search my flat and interview my girlfriend. They take away several mobile phones, an old IBM laptop, a BeBox tower computer (an obsolete kind of PC from the mid-1990s), a handheld GPS receiver (positioning device with maps, very useful when walking), a frequency counter (picked it up at a radio amateur junk fair because it looked interesting), a radio scanner (receives short wave radio stations), a blue RS232C breakout box (a tool I used to use when reviewing modems for computer magazines), some cables, a computer security conference leaflet, envelopes with addresses, maps of Prague and London Heathrow, some business cards, and some photographs I took for the 50 years of the Association of Computing Machinery conference. This list is from my girlfriend's memory, or what we have noticed is missing since. 3.20am I am interviewed by a plainclothes officer. The police again read out their version of events. I make two corrections: pointing out that no train passed between my arrival on the platform and when I was detained, and that I didn't take any wire out of my pocket. The officer suggests the computer cables I had in my rucksack could have been confused for wires. I tell him I didn't take my rucksack off until asked by police so this is impossible. Three items I was carrying seem to be of particular interest to the officer: a small promotional booklet I got at the Screen on the Green cinema during the screening of The Assassination of Richard Nixon: a folded A4 page where I did some doodles (the police suspect it could be a map); and the active part of an old work pass where one can see the induction loop and one integrated circuit. Items from the flat the police officer asks about: the RS232C breakout box, the radio scanner and the frequency counter. The officer explains what made them change their mind and arrest me. Apparently, on August 4, 2004, there was a firearms incident at the company where I work. The next day I find out that there had been a hoax call the previous year, apparently from a temp claiming there was an armed intruder. Some staff had also been seen photographing tube stations with a camera phone. On June 2, as part of a team-building exercise, new colleagues were supposed to photograph landmarks and try to get a picture of themselves with a policeman. 4:30am The interviewing officer releases me on bail, without requiring security. He gives me back most of the contents of my pockets, including my Oyster card and iPod, and some things from my rucksack. He says he will keep my phone. I ask if I can have the SIM card? He says no, that's what they need, but lets me keep the whole phone. On August 31 I arrive at the police station at 9 am as required by bail, with my solicitor. A plainclothes police officer tells us they are dropping the charges, and briefly apologises. The officer in charge of the case is away so the process of clearing up my case is suspended until he signs the papers cancelling the bail and authorising the release of my possessions. The meeting lasts about five minutes. I send letters to the data protection registrars of London Underground, Transport for London, the British Transport police and the Metropolitan police. The first three letters ask for any data, including CCTV footage, related to the incident on July 28, while the final one asks for any data they have on me. They all have 40 days to respond. On September 8 I talk to my solicitor about ensuring the police return all my possessions, giving us all the inquiry documents (which they may or may not do) and expunging police records (apparently unlikely to happen). The solicitor sends a letter to the officer in charge of my case conveying to him how upset I am. I write to my MP about my concerns. The police decided that wearing a rain jacket, carrying a rucksack with a laptop inside, looking down at the steps while going into a tube station and checking your phone for messages just ticked too many boxes on their checklist and makes you a terrorist suspect. How many other people are not only wrongly detained but wrongly arrested every week in similar circumstances? And how many of them are also computer and telecoms enthusiasts, fitting the police's terrorist profile so well? While a police officer did state that my rain jacket was "too warm for the season", could it have been instead that the weather was too cold for the season? The day before had been the coldest July day for 25 years. Under current laws the police are not only entitled to keep my fingerprints and DNA samples, but according to my solicitor, they are also entitled to hold on to what they gather during their investigation: notepads of arresting officers, photographs, interviewing tapes and any other documents they entered in the police national computer (PNC). So even though the police consider me innocent there will remain some mention (what exactly?) in the PNC and, if they fully share their information with Interpol, in other police databases around the world as well. Isn't a state that keeps files on innocent persons a police state? This erosion of our fundamental liberties should be of concern to us all. All men are suspect, but some men are more suspect than others (with apologies to George Orwell). from the Washington Times, 2004-Nov-25, by Audrey Hudson: TSA 'pat-downs' cross the line for some fliers Millions of holiday travelers nationwide are experiencing an all-too-intimate form of security screening that some say amounts to sexual groping -- a "pat-down" by government officials. The Transportation Security Administration (TSA) initiated the approach to airline security Sept. 22 in response to the August terrorist bombing of two passenger planes in Russia. "TSA policy is that screeners are to use the back of the hand when screening sensitive body areas, which include the breasts (females only), genitals, and buttocks," the policy says. Female passengers say the experience is humiliating and men also are complaining of unexpected checks of their private regions. When former Rep. Helen Chenoweth, Idaho Republican, was flagged as a high- risk passenger with a one-way ticket from Boise, Idaho, to Reno, Nev., she refused to be patted down and was forced to drive to her destination. "That area is private," Mrs. Chenoweth told KBCI-TV, the Boise NBC affiliate. "We have programs teaching children that these areas are private and yet we have our government patting us down. There's something wrong with that. To be patted down like that was just way over the edge and that's why I chose to drive and I will drive from now on," she said. Jamie Sibulkin told the Boston Globe she requested that her search before a flight from Boston to Dallas be performed by a woman, who joked to the male screener he was "missing out." She said the screener waved a metal-detector wand in front of her chest, and "out of nowhere started touching my breast." She said she was told her metal-wire bra had set off the metal detector, so she didn't wear it on the return trip -- yet was screened again by a female screener who felt her breasts. "They said, 'This is regulation.' I said, 'This is molestation,' " the 27-year-old woman said. Retired Navy Rear Adm. David M. Stone, assistant secretary of homeland security for TSA, reminded the traveling public of the new rule Monday to detect explosive trace elements. He said all passengers have the right to private screening. "A vigilant America may well have discouraged terrorist acts tied to high-profile events like the recent political conventions and the election," Adm. Stone said. "The holidays also are a period when increased vigilance is especially appropriate." In the average week, 2.1 million passengers are patted down and 12 complaints are filed, said Mark Hatfield, spokesman for the TSA. "Every complaint is important and we want to get to the bottom of the complaints and find out what has happened," Mr. Hatfield said. "But this is a very important security measure to address a specific threat, and until we can come up with a technological solution, this is an old-fashioned, low-tech tool in our arsenal to mitigate a threat." An investigation of the Russian crashes found that two women wore the explosives on their torso under clothing. "Our metal detectors won't detect that type of explosive, so we are aggressively testing new technologies to combat this threat," Mr. Hatfield said. In a report on WJLA Channel 7 News last night, unidentified screeners at Ronald Reagan Washington National Airport said women were being selected for private screening based on breast size and strip-searched. The searches were required after screeners kicked equipment to set off alarms. "In a sense, they were being raped," one TSA screener said. Strip searches were being conducted in a stairwell, WJLA reported, but were moved to a supervisor's private office where the activities were recorded on a hidden camera. Mr. Hatfield said the TSA will show "zero tolerance" in its investigation of the matter. "We will root out the individual," he said. Ava Kingsford told the Christian Broadcasting Network that she, her husband and their infant drove 15 hours home to San Diego from Denver because she refused to be patted down. "I thought I was done being patted down, and she says, 'I am going to feel your breasts now.' I said, 'I am uncomfortable with that.' I said, 'That's crossing the line.' "They were yelling the same thing: 'If you don't let her continue the search -- and that entails feeling your breasts -- you will not board your airplane home to San Diego.' " excerpt from The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, by A. Michael Froomkin, Associate Professor, University of Miami School of Law, published in the University of Pennsylvania Law Review 143:709- 897 (1995) (footnotes and page boundaries omitted in excerpt): Most, if not all, of the readers of this Article probably experience life in the United States as one of political freedom. For some of these readers, a desire for communications and electronic records security, particularly security from possible or suspected government surveillance or intrusion, may appear to be an excess of libertarian paranoia. The existence of low-water marks in civil liberties (such as the 1798 Alien and Sedition Act, the 1920s' "Palmer raids," the Japanese internment during World War II, and COINTELPRO) may be seen by some readers as well-documented and anomalous departures from American ideals; other readers may see them as symptoms of A more general tendency of those in authority, approaching the "iron law of oligarchy." Organized government intrusion into personal communications and data privacy is less visible than an order to round up thousands of civilians. It is also far more frequent. When given the duty and authority to identify threats to national security, public servants have shown a tendency to adopt a "vacuum cleaner[]" approach to private information. Indeed, the Senate committee charged with investigating domestic surveillance noted "the tendency of intelligence activities to expand beyond their initial scope" and stated that government officials "have violated or ignored the law over long periods of time and have advocated and defended their right to break the law." It is harder to view fears of government surveillance as aberrational when one learns that in the 1950s the FBI identified 26,000 "potentially dangerous" persons who should be rounded up in the event of a "national emergency," and that it maintained this list for many years. During the 1970s, even sympathizers dismissed as fantastical the claims by Black Panthers and other dissident groups that they were being wiretapped and bugged by the FBI. These allegations proved to be correct. Indeed, the U.S. government has an unfortunate recent history of intrusion into private matters. During the 1970s, the FBI kept information in its files covering the beliefs and activities of more than one in four hundred Americans; during the 1960s, the U.S. Army created files on about 100,000 civilians. Between 1953 and 1973, the CIA opened and photographed almost 250,000 first class letters within the U.S. from which it compiled a database of almost 1.5 million names. Similarly, the FBI opened tens of thousands of domestic letters, while the NSA obtained millions of private telegrams sent from, to, or through the United States. Although the Constitution guarantees a high degree of political freedom and autonomy, "[t]he Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power." Certainly, neither statutory nor constitutional prohibitions have proved consistently effective in preventing civil liberties abuses. For example, U.S. Census data is supposed to be private, and that privacy is guaranteed by law. Nevertheless, during World War II the government used census data to identify and locate 112,000 Americans of Japanese ancestry who were then transported to internment camps. Similarly, the CIA repeatedly violated the prohibition on domestic intelligence contained in its charter. One need not believe that such excesses are routine to sympathize with those who fear that another such excess is foreseeable. Indeed, whether one considers these operations to have been justified, to have resulted from a type of a bureaucratic rationality that rewards results regardless of legal niceties, or to have been a form of security paranoia, this history could cause a reasonable person to fear she might someday be swept up in an investigation. The passage of Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (Title III), designed to define standards for the use of wiretaps, appears to have reduced greatly the amount of illegal wiretapping by police. Nonetheless, illegal wiretapping by police has not been completely eliminated. Not all government intrusion into privacy is centrally organized, but that hardly makes it less intrusive. During the past five years the IRS has caught hundreds of its employees snooping into the tax records "of friends, neighbors, enemies, potential in-laws, stockbrokers, celebrities and former spouses." Authorized users of the FBI's National Crime Information Center have used its databases to check up on friends and neighbors and to check backgrounds for political purposes. It is an article of faith for many Americans that postal workers read the postcards they process and not without reason when postal workers are heard to say that they "pass the really good ones around the office." A reasonable person may also be concerned about surveillance by nongovernmental actors. For instance, political campaigns are notorious for dirty tricks, including the bugging of opponents; the yellow pages in any major city contain numerous advertisements for detective agencies and investigators; and eavesdropping and bugging devices are readily available in stores. In light of this history of public and private intrusion into personal privacy and the growing interconnection of computers and communications envisioned by the National Information Infrastructure, it is impossible to dismiss the desire for personal communications and records security as pure paranoia. It may, in fact, be very sensible. from the Associated Press via the Washington Post, 2005-Aug-10, by Jennifer C. Kerr: Groups Slam FCC on Internet Phone Tap Rule WASHINGTON -- New regulations making it easier for law enforcement to tap Internet phone calls will also make computer systems more vulnerable to hackers, digital privacy and civil liberties groups say. While the groups don't want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls -- or Voice over Internet Protocol (VoIP) -- will create additional points of attack and security holes that hackers can exploit. "Once you enable third-party access to Internet-based communication, you create a vulnerability that didn't previously exist," Marc Rotenberg, executive director at the Electronic Privacy Information Center said in an interview Wednesday. "It will put at risk the stability and security of the Internet." Acting on appeals from the Justice Department and other law enforcement officials, the Federal Communications Commission voted last week to require providers of Internet phone calls and broadband services to ensure their equipment can allow police wiretaps. The decision applies to Voice over Internet Protocol providers such as Vonage that use a central telephone company to complete the Internet calls. It also applies to cable and phone companies that provide broadband services. The companies will have 18 months to comply. "We recognize that people use different methods for communication and certainly most of the time the people are using the method that they can avoid detection most," said FBI spokesman Ed Cogswell. Voice over Internet Protocol technology shifts calls away from wires and switches, instead using computers and broadband connections to convert sounds into data and transmit them via the Internet. Besides the privacy and security concerns, digital rights experts worry that expansion of the wiretapping law, known as CALEA, will stifle innovation. "Creativity and innovation will end up moving offshore where programmers outside the U.S. can develop technologies that are not required to address the onerous CALEA requirements," said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation. "The U.S. companies will face competition from foreign providers who will enjoy an advantage." The groups also argue that the FCC doesn't have the authority to order the companies to make changes to their systems for wiretapping purposes, since CALEA only pertains to telecommunications systems, not information systems like the Internet. An FCC spokesman declined to comment. The 1994 Communications Assistance for Law Enforcement Act (CALEA) required the telecommunications industry to build into its products tools that federal investigators can use -- after getting court approval -- to eavesdrop on conversations. Lawyers for the Justice Department, FBI and Drug Enforcement Administration asked the FCC in March 2004 to affirm that Voice over Internet Protocol falls under CALEA. from the New York Times, 2004-Dec-18, by Stephanie Strom: A.C.L.U.'s Search for Data on Donors Stirs Privacy Fears The American Civil Liberties Union is using sophisticated technology to collect a wide variety of information about its members and donors in a fund-raising effort that has ignited a bitter debate over its leaders' commitment to privacy rights. Some board members say the extensive data collection makes a mockery of the organization's frequent criticism of banks, corporations and government agencies for their practice of accumulating data on people for marketing and other purposes. Daniel S. Lowman, vice president for analytical services at Grenzebach Glier & Associates, the data firm hired by the A.C.L.U., said the software the organization is using, Prospect Explorer, combs a broad range of publicly available data to compile a file with information like an individual's wealth, holdings in public corporations, other assets and philanthropic interests. The issue has attracted the attention of the New York attorney general, who is looking into whether the group violated its promises to protect the privacy of its donors and members. "It is part of the A.C.L.U.'s mandate, part of its mission, to protect consumer privacy," said Wendy Kaminer, a writer and A.C.L.U. board member. "It goes against A.C.L.U. values to engage in data-mining on people without informing them. It's not illegal, but it is a violation of our values. It is hypocrisy." The organization has been shaken by infighting since May, when the board learned that Anthony D. Romero, its executive director, had registered the A.C.L.U. for a federal charity drive that required it to certify that it would not knowingly employ people whose names were on government terrorism watch lists. A day after The New York Times disclosed its participation in late July, the organization withdrew from the charity drive and has since filed a lawsuit with other charities to contest the watch list requirement. The group's new data collection practices were implemented without the board's approval or knowledge, and were in violation of the A.C.L.U.'s privacy policy at the time, said Michael Meyers, vice president of the organization and a frequent and strident internal critic. Mr. Meyers said he learned about the new research by accident Nov. 7 in a meeting of the committee that is organizing the group's Biennial Conference in July. He objected to the practices, and the next day, the privacy policy on the group's Web site was changed. "They took out all the language that would show that they were violating their own policy," he said. "In doing so, they sanctified their procedure while still keeping it secret." Attorney General Eliot Spitzer of New York appears to be asking the same questions. In a Dec. 3 letter, Mr. Spitzer's office informed the A.C.L.U. that it was conducting an inquiry into whether the group had violated its promises to protect the privacy of donors and members. Emily Whitfield, a spokeswoman for the A.C.L.U., said the organization was confident that its efforts to protect donors' and members' privacy would withstand any scrutiny. "The A.C.L.U. certainly feels that data privacy is an extremely important issue, and we will of course work closely with the state attorney general's office to answer any and all questions they may have," she said. Robert B. Remar, a member of the board and its smaller executive committee, said he did not think data collection practices had changed markedly. He recalled that the budget included more money to cultivate donors but said he did not know what specifically was being done. Mr. Remar said he did not know until this week that the organization was using an outside company to collect data or that collection had expanded from major donors to those who contribute as little as $20. "Honestly, I don't know the details of how they do it because that's not something a board member would be involved in," he said. The process is no different than using Google for research, he said, emphasizing that Grenzebach has a contractual obligation to keep information private. The information dispute is just the latest to engulf Mr. Romero. When the organization pulled out of the federal charity drive, it rejected about $500,000 in expected donations. Mr. Romero said that when he signed the enrollment certification, he did not think the A.C.L.U. would have to run potential employees' names through the watch lists to meet requirements. The board's executive committee subsequently learned that Mr. Romero had advised the Ford Foundation, his former employer, to follow the nation's main antiterrorism law, known as the Patriot Act, in composing language for its grant agreements, helping to ensure that none of its money inadvertently underwrites terrorism or other unacceptable activities. The A.C.L.U., which has vigorously contended that the act threatens civil liberties, had accepted $68,000 from Ford under the new terms by then. The board voted in October to return the money and reject further grants from Ford and the Rockefeller Foundation, which uses similar language in its grant agreements. In 2003, Mr. Romero waited several months to inform the board that he had signed an agreement with Mr. Spitzer to settle a complaint related to the security of the A.C.L.U.'s Web site. The settlement, signed in December 2002, required the agreement to be distributed to the board within 30 days, and Mr. Romero did not hand it out until June 2003. He told board members that he had not carefully read the agreement and that he did not believe it required him to distribute it, according to a chronology compiled by Ms. Kaminer. Many nonprofit organizations collect information about their donors to help their fund-raising, using technology to figure out giving patterns, net worth and other details that assist with more targeted pitches. Because of its commitment to privacy rights, however, the A.C.L.U. has avoided the most modern techniques, according to minutes of its executive committee from three years ago. "What we did then wasn't very sophisticated because of our stance on privacy rights," said Ira Glasser, Mr. Romero's predecessor. Mr. Glasser, who resigned in 2001, said the group had collected basic data on major donors and conducted a ZIP code analysis of its membership for an endowment campaign while he was there. He said it had done research on Lexis/Nexis and may have looked at S.E.C. filings. Mr. Meyers said he learned on Nov. 7 that the A.C.L.U.'s data collection practices went far beyond previous efforts. "If I give the A.C.L.U. $20, I have not given them permission to investigate my partners, who I'm married to, what they do, what my real estate holdings are, what my wealth is, and who else I give my money to," he said. On Nov. 8, the privacy statement on the A.C.L.U. Web site was replaced with an "Online Privacy Policy." Until that time, the group had pledged to gather personal information only with the permission of members and donors. It also said it would not sell or transfer information to a third party or use it for marketing. Those explicit guarantees were eliminated from the Web site after Mr. Meyers raised his concerns about the new data-mining program at the Nov. 7 meeting. After learning of Mr. Spitzer's inquiry, the executive committee of the board took up the data-mining issue on Dec. 14. Board members are allowed to listen in on any executive committee meeting, and Mr. Meyers asked the panel to participate in its conference call. The first item on the agenda was whether he could be on the line. The executive committee voted 9 to 1 to bar him and had a staff member inform him that the meeting was of the board of the A.C.L.U. Foundation, not the group's executive committee, and thus he was excluded. Mr. Remar, who has been a board member for 18 years, said board members had been asked to leave executive committee meetings during personnel discussions, but Mr. Meyers said it was a first. Mr. Remar said the data collection efforts were a function of the foundation, and thus the executive committee had met as the foundation board. But Mr. Romero convened a meeting of the executive committee, and Mr. Spitzer's letter was addressed to the A.C.L.U., with no mention of the foundation. Mr. Meyers said his exclusion raises a profound issue for other board members. "Their rationale for excluding me implicitly means that they can't share anything with the board, but the board as a whole has fiduciary responsibilities," he said. "How can board members do their duty if information is withheld from them?" I am obviously a privacy advocate. Somewhat less obviously, I am an ardent proponent of state integration of all the information to which it has lawful access. The alternative is simply silly. The following article tells a tale not often told by privacy advocates, and my sympathies are with the author's position. from the Wall Street Journal's OpinionJournal.com, 2004-Apr-1, by Heather Mac Donald: The 'Privacy' Jihad "Total Information Awareness" falls to total Luddite hysteria. The 9/11 Commission hearings have focused public attention again on the intelligence failures leading up to the September attacks. Yet since 9/11, virtually every proposal to use intelligence more effectively--to connect the dots--has been shot down by left- and right-wing libertarians as an assault on "privacy." The consequence has been devastating: Just when the country should be unleashing its technological ingenuity to defend against future attacks, scientists stand irresolute, cowed into inaction. The privacy advocates--who range from liberal groups focused on electronic privacy, such as the Electronic Privacy Information Center, to traditional conservative libertarians, such as Americans for Tax Reform--are fixated on a technique called "data mining." By now, however, they have killed enough different programs that their operating principle can only be formulated as this: No use of computer data or technology anywhere at any time for national defense, if there's the slightest possibility that a rogue use of that technology will offend someone's sense of privacy. They are pushing intelligence agencies back to a pre-9/11 mentality, when the mere potential for a privacy or civil liberties controversy trumped security concerns.

The privacy advocates' greatest triumph was shutting down the Defense Department's Total Information Awareness (TIA) program. Goaded on by New York Times columnist William Safire, the advocates presented the program as the diabolical plan of John Poindexter, the former Reagan national security adviser and director of Pentagon research, to spy on "every public and private act of every American"--in Mr. Safire's words. The advocates' distortion of TIA was unrelenting. Most egregiously, they concealed TIA's purpose: to prevent another attack on American soil by uncovering the electronic footprints terrorists leave as they plan and rehearse their assaults. Before terrorists strike, they must enter the country, receive funds, case their targets, buy supplies, and send phone and e-mail messages. Many of those activities will leave a trail in electronic databases. TIA researchers hoped that cutting-edge computer analysis could find that trail in government intelligence files and, possibly, in commercial databases as well. TIA would have been the most advanced application yet of "data mining," a young technology which attempts to make sense of the explosion of data in government, scientific and commercial databases. Through complex algorithms, the technique can extract patterns or anomalies in data collections that a human analyst could not possibly discern. Public health authorities have mined medical data to spot the outbreak of infectious disease, and credit-card companies have found fraudulent credit-card purchases with the method, among other applications. But according to the "privacy community," data mining was a dangerous, unconstitutional technology, and the Bush administration had to be stopped from using it for any national-security or law-enforcement purpose. By September 2003, the hysteria against TIA had reached a fevered pitch and Congress ended the research project entirely, before learning the technology's potential and without a single "privacy violation" ever having been committed. The overreaction is stunning. Without question, TIA represented a radical leap ahead in both data-mining technology and intelligence analysis. Had it used commercial data, it would have given intelligence agencies instantaneous access to a volume of information about the public that had previously only been available through slower physical searches. As with any public or private power, TIA's capabilities could have been abused--which is why the Pentagon research team planned to build in powerful safeguards to protect individual privacy. But the most important thing to remember about TIA is this: It would have used only data to which the government was already legally entitled. It differed from existing law- enforcement and intelligence techniques only in degree, not kind. Pattern analysis--the heart of data mining--is conventional crime-solving, whether the suspicious patterns are spotted on a crime pin map, on a city street, or in an electronic database. The computing world watched TIA's demolition and rationally concluded: Let's not go there. "People and companies will no longer enter into technology research [involving national-security computing] because of the privacy debates," says a privacy officer for a major information retrieval firm.

But the national-security carnage was just beginning. Next on the block: a biometric camera to protect embassies and other critical government buildings from terrorist attack; and an artificial intelligence program to help battlefield commanders analyze engagements with the enemy. In the summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire sneered at the programs, portraying them as--once again--the personal toys of the evil Mr. Poindexter to invade the privacy of innocent Americans. The Dowd-Safire depictions of the projects were fantastically inaccurate; but Pentagon researchers, already reeling from the public-relations disaster of TIA, cancelled both projects without a fight. Special forces leaders in Afghanistan and embassies in terror-sponsoring states will just have to make do. The privacy vigilantes now have in their sights an airline-passenger screening system and an interstate network to share law enforcement and intelligence information. Both projects could soon go down in flames. As to whether that would be in the national interest, readers should ask themselves if they would be happy to fly seated next to Mohamed Atta. If yes, they needn't worry about the cancellation of the Computer Assisted Passenger Prescreening System (known as Capps II). And if they don't care whether police can track down a child abductor within minutes of his crime, then they shouldn't care about the crippling of the Multistate Anti-Terrorism Information Exchange, either. Capps II seeks to verify that an airline passenger is who he says he is and has no terrorist ties. To that end, the program would ask passengers to supply their name, address, phone number and date of birth upon purchasing a plane ticket. A commercial databank would cross-check those four identifiers against its own files to see if they match up. Next, Capps II would run the passenger's name through antiterror intelligence files. Depending on the results of both checks, the system would assign a risk score to air travelers--acceptable, unknown or unacceptable. Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA--which it is not, since it has nothing to do with data mining--and as a plot to trample the privacy rights of Americans. They argue that, by asking your name and other minimal identifying information already available on the Internet and in countless commercial and government data bases, aviation officials are conducting a Fourth Amendment "search" of your private effects for which they should obtain a warrant based on probable cause that you have committed a crime. Such a broad reading of the Constitution is groundless, but even were the collecting of publicly available information a "search," it is clearly reasonable as a measure to protect airline safety. Development of Capps II has come to a halt, due to specious privacy crusading. Air passengers can only hope that when the next al Qaeda operative boards a plane, baggage screeners are having a particularly good day, free of the human errors that regularly let weapons on board. Also under a death sentence: a state-run law enforcement program called "Multistate Anti-Terrorism Information Exchange."Known as Matrix, it allows police officers to search multiple law-enforcement databases and public records in the blink of an eye after a crime has been committed. It uses only information that law enforcement can already routinely access: its own records on suspects, convicts and sexual offenders, as well as publicly available data from county courthouses, telephone directories and business filings. Strong protections against abuse are built into the system. Matrix developers had hoped to allow law enforcement agencies nationwide to instantaneously connect the dots about itinerant felons like the D.C. snipers. That won't happen, however, thanks to the lies of the privacy community. Using the familiar tactic of tying the hated program to TIA and data mining, and of invoking Big Brother totalitarianism, the advocates have browbeaten nearly two-thirds of the states that had originally joined the data-sharing pact into withdrawing from it.

The bottom line is clear: The privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This Luddite approach to counterterrorism could not be more ominous. The volume of information in government intelligence files long ago overwhelmed the capacity of humans to understand it. Agents miss connections between people and events every day. Machine analysis is essential in an intelligence tidal wave. Before the privacy onslaught, scientists and intelligence officials were trying to find ways of identifying those fanatics who seek to destroy America before they strike again. Now many avenues are closed to them. This despite the fact that proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to "spy on citizens" but out of a concrete need to protect people from a clear threat. And since 9/11, no one's "privacy rights" have been violated by terror pre-emption research. The "privocrats" will rightly tell you that eternal vigilance is the price of liberty. Trouble is, they're aiming their vigilance at the wrong target. Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from the forthcoming issue of City Journal. from the Wall Street Journal, 2004-Oct-1, p.A14: Patriot Act Misinformation The American Civil Liberties Union has been spinning its victory in a federal court in New York this week as a blow against the USA Patriot Act. One typical headline: "Federal Judge Calls Patriot Act Secret Searches Unconstitutional." An ACLU press release hails the decision as "a landmark victory against the Ashcroft Justice Department." Well, no. If reporters had bothered to read Judge Victor Marrero's decision, they would have learned that the law he actually struck down was a provision of the Electronic Communications Privacy Act of 1986. Section 2709 authorizes the FBI to issue "National Security Letters" to obtain information from wire communications companies about their subscribers. NSLs are issued secretly and the recipient is prohibited from notifying anyone about the request. As Judge Marrero noted in his ruling, "Section 2790 has been available to the FBI since 1986." He concludes that there must have been "hundreds" of NSLs issued since that time. The Patriot Act did amend Section 2790, but that amendment has nothing to do with the part that Judge Marrero says is unconstitutional. One more thing: The Electronics Communications Act was not the invention of John Ashcroft. It was sponsored by that famous and menacing right-winger, Vermont Senator Patrick Leahy, who said at the time that Section 2790 "provides a clear procedure for access to telephone toll records in counterintelligence investigations." from the Washington Post, 2005-Apr-5, p.A21, by Dan Eggen: Patriot Act Changes to Be Proposed Gonzales Will Seek to Respond to Critics, Get Law Renewed Attorney General Alberto R. Gonzales will propose some "technical modifications" to the controversial USA Patriot Act today in an effort to address the concerns of critics and ensure that the anti-terrorism legislation is renewed by Congress later this year, according to a Justice Department official. In an appearance before the Senate Judiciary Committee, Gonzales will support changes in the law concerning secret warrants for financial documents, library data and other business records, according to the Justice official. The changes would clearly limit the use of such warrants to national security investigations and would allow targets to mount legal challenges to the search, the official said. The proposal marks a significant shift for the Justice Department, which under Attorney General John D. Ashcroft had refused to entertain proposed changes to the legislation. It also marks an acknowledgment of the growing clout of critics of the law, who come from both the political left and right, and have persuaded scores of communities around the country to pass resolutions condemning the act. The law, approved overwhelmingly in the wake of the Sept. 11, 2001, attacks, dramatically increased the government's power to conduct clandestine searches and surveillance in a range of criminal cases. But about a dozen of its major provisions -- including the records provision that Gonzales has agreed to change -- are set to expire later this year unless Congress acts to renew them. That has laid the groundwork for a series of hearings in both the House and the Senate in coming weeks over the use of the Patriot Act in the past three years. The Justice Department has argued vigorously in favor of renewing the law, saying that the act gives investigators crucial tools to combat shadowy terrorist organizations and prevent future attacks. Much of the law, including aspects that allow criminal and intelligence investigators to better share information, is not in widespread dispute. But other parts have come under increasing attack from an unusual alliance of civil liberties groups and politicians, including some conservative organizations and Republican lawmakers. For example, even as Gonzales and FBI Director Robert S. Mueller III defend the law in the Senate today, Sens. Larry E. Craig (R-Idaho) and Richard J. Durbin (D-Ill.) have scheduled a news conference to introduce joint legislation aimed at scaling back parts of the law. The event will also be attended by representatives of Patriots to Restore Checks and Balances, an ad hoc alliance that includes groups such as the American Civil Liberties Union and the American Conservative Union. The group was formed last month in an effort to seek changes in the Patriot Act. Critics of the law say they hope that by pulling together representatives of both parties, they will be able to convince Republican majorities in Congress that parts of the law should not be renewed or should be changed. "It's extremely important for people to see that this is not simply a Republican or Democratic or right or left concern, but that it cuts across the political ," said former congressman Bob Barr of Georgia, who chairs the Checks and Balances group. "I hope it gives members and senators more comfort and some cover so it's not simply that they're supporting the ACLU or the far right." In addition to the provision on business records, critics are likely to focus on measures that loosened standards for secret intelligence warrants and on a permanent provision that allows delayed notification of searches -- known by critics as "sneak-and-peek warrants." In the latter case, the Justice Department released statistics yesterday showing that investigators have used such warrants 155 times since October 2001. Justice officials argue that the number is relatively small given the thousands of warrants executed by law enforcement officials. from the Associated Press, 2005-Feb-10, by Lisa Leff: Parents Protest Student Computer ID Tags SUTTER, Calif. - The only grade school in this rural town is requiring students to wear radio frequency identification badges that can track their every move. Some parents are outraged, fearing it will take away their children's privacy. The badges introduced at Brittan Elementary School on Jan. 18 rely on the same radio frequency and scanner technology that companies use to track livestock and product inventory. Similar devices have recently been used to monitor youngsters in some parts of Japan. But few American school districts have embraced such a monitoring system, and civil libertarians hope to keep it that way. "If this school doesn't stand up, then other schools might adopt it," Nicole Ozer, a representative of the American Civil Liberties Union, warned school board members at a meeting Tuesday night. "You might be a small community, but you are one of the first communities to use this technology." The system was imposed, without parental input, by the school as a way to simplify attendance-taking and potentially reduce vandalism and improve student safety. Principal Earnie Graham hopes to eventually add bar codes to the existing ID's so that students can use them to pay for cafeteria meals and check out library books. But some parents see a system that can monitor their children's movements on campus as something straight out of Orwell. "There is a way to make kids safer without making them feel like a piece of inventory," said Michael Cantrall, one of several angry parents who complained. "Are we trying to bring them up with respect and trust, or tell them that you can't trust anyone, you are always going to be monitored, and someone is always going to be watching you?" Cantrall said he told his children, in the 5th and 7th grades, not to wear the badges. He also filed a protest letter with the board and alerted the ACLU. Graham, who also serves as the superintendent of the single-school district, told the parents that their children could be disciplined for boycotting the badges -- and that he doesn't understand what all their angst is about. "Sometimes when you are on the cutting edge, you get caught," Graham said, recounting the angry phone calls and notes he has received from parents. Each student is required to wear identification cards around their necks with their picture, name and grade and a wireless transmitter that beams their ID number to a teacher's handheld computer when the child passes under an antenna posted above a classroom door. Graham also asked to have a chip reader installed in locker room bathrooms to reduce vandalism, although that reader is not functional yet. And while he has ordered everyone on campus to wear the badges, he said only the 7th and 8th grade classrooms are being monitored thus far. In addition to the privacy concerns, parents are worried that the information on and inside the badges could wind up in the wrong hands and endanger their children, and that radio frequency technology might carry health risks. Graham dismisses each objection, arguing that the devices do not emit any cancer-causing radioactivity, and that for now, they merely confirm that each child is in his or her classroom, rather than track them around the school like a global-positioning device. The 15-digit ID number that confirms attendance is encrypted, he said, and not linked to other personal information such as an address or telephone number. What's more, he says that it is within his power to set rules that promote a positive school environment: If he thinks ID badges will improve things, he says, then badges there will be. "You know what it comes down to? I believe junior high students want to be stylish. This is not stylish," he said. This latest adaptation of radio frequency ID technology was developed by InCom Corp., a local company co-founded by the parent of a former Brittan student, and some parents are suspicious about the financial relationship between the school and the company. InCom plans to promote it at a national convention of school administrators next month. InCom has paid the school several thousand dollars for agreeing to the experiment, and has promised a royalty from each sale if the system takes off, said the company's co-founder, Michael Dobson, who works as a technology specialist in the town's high school. Brittan's technology aide also works part-time for InCom. Not everyone in this close-knit farming town northwest of Sacramento is against the system. Some said they welcomed the IDs as a security measure. "This is not Mayberry. This is Sutter, California. Bad things can happen here," said Tim Crabtree, an area parent. from GoDaddy.com, 2005-Mar-30, by Bob Parsons: Federal Agency Nixes Your Right to Privacy Dear Valued Go Daddy Customer, Today I have the unfortunate responsibility of informing you that there has been a decision made by bureaucrats of a Federal agency that takes away your right to privacy as guaranteed by the United States Constitution. This decision was unilaterally made by the National Telecommunications and Information Association ("NTIA") -- http://www.ntia.doc.gov/ -- without hearings that would determine the impact on those affected, and delivered without notice - - in short, the NTIA decision was made without due process of any kind. This is exactly how our government is not supposed to work. The effect of this decision is to disallow new private domain name registrations on .US domain names. In addition, if you already own a private .US domain name registration, you will be forced to forfeit your privacy no later than January 26, 2006. By that time, you will need to choose between either making your personal information available to anyone who wants to see it, or giving up your right to that domain name. I personally find it ironic that our right to .US privacy was stripped away, without due process, by a federal government agency -- an agency that should be looking out for our individual rights. For the NTIA to choose the .US extension is the ultimate slap in your face. .US is the only domain name that is specifically intended for Americans (and also those who have a physical presence in our great country). So think about this for a moment. These bureaucrats stripped away the privacy that you're entitled to as an American, on the only domain name that says that you are an American. I am outraged by this -- you should be also. If, like me, you are outraged at the NTIA's decision to strip away our constitutional right to privacy, the Web site http://www.TheDangerOfNoPrivacy.com will provide you with a petition to sign. (Only your name will be published, your address and email information will be kept private.) This Web site also provides a very easy way for you to send either a fax or an email, expressing your outrage, to your Congressperson and Senators. This is all provided at no cost to you. All that is required is for you to take the time to visit http://www.TheDangerOfNoPrivacy.com sign the petition, and send the fax or email to your legislators. On my personal Blog -- http://www.BobParsons.com -- there are a number of articles where you can learn more about the NTIA's unfortunate decision and what you can do to help get it reversed. I also will be talking about our right to privacy on Radio Go Daddy, our weekly radio show that debuts today, March 30, at 7 PM PST. To find out how to listen in, please visit the Web site dedicated to the show, http://www.RadioGoDaddy.com You can be sure that I, and everyone at GoDaddy.com, will do everything in our power to get the NTIA decision reversed. However, we need your help. Please visit http://www.TheDangerOfNoPrivacy.com to sign the petition and express your feelings to your Congressperson and Senators. Sincerely, Bob Parsons President and Founder GoDaddy.com from the Associated Press, 2005-Feb-16: Company Pulls Out of Contract to Track Students SUTTER, Calif. - The grade school that required students to wear radio frequency identification badges that can track their every move stopped the program when the company that developed the technology pulled out. "I'm disappointed; that's about all I can say at this point," Earnie Graham, the superintendent and principal of Brittan Elementary Sch ool in Sutter, said Tuesday night. "I think I let my staff down. Nobody on this campus knows every student." The badges, developed by Sutter-based technology company InCom Corp., were introduced on Jan. 18. The school board was set to talk abou t the controversial policy Tuesday night but tabled the discussion after InCom announced it was terminating its agreement. "I'm not convinced it's over," parent Dawn Cantrall, who filed a complaint with the American Civil Liberties Union, told the (Marysvill e) Appeal-Democrat. "I'm happy for now that kids are not being tagged, but I'm still fighting to keep it out of our school system. It h as to stop here." The system was imposed, without parental input, by the school as a way to simplify attendance-taking and potentially reduce vandalism a nd improve student safety. While many parents criticized the badges for violating privacy and possibly endangering children's health, some parents supported the p lan. "Technology scares some people it's a fear of the unknown," parent Mary Brower told the Appeal-Democrat before the meeting. "Any kind o f new technology has the potential for misuse, but I feel confident the school is not going to misuse it." Each student was required to wear identification cards around their necks with their picture, name and grade and a wireless transmitter that beams their ID number to a teacher's handheld computer when the child passes under an antenna posted above a classroom door. The school had already disabled the scanners above classroom doors and was not disciplining students who didn't wear the badges. from TPDL 2004-Nov-22, from NewsMax, by Dave Eberhart: Doctors Group Fights Prescription Reporting Bill The Association of American Physicians & Surgeons (AAPS) is warning all who will listen that ``Big Brother will be soon snooping around your medicine cabinet!'' The Arizona-based association has come out strongly against the National All Schedules Prescription Electronic Reporting Act. Already passed by the House, it is working its way through the Senate. ``Do you want the government to have a record of every prescription you get?'' asks the association in its campaign of flyers and e-mails reaching out to physicians and their patients around the country. ``Every painkiller? Every anti-depressant? Every sleeping pill? And then to pass that information along to law enforcement to prosecute you and your doctor if they don't like what they find?'' AAPS is arguing that while masquerading as a law enforcement tool to help control the illegal use of painkillers, the national bill would ``cast a net so wide that tens of millions of suffering patients & doctors will be snared in suspicion.'' Not limited to prescriptions for painkillers, AAPS adds, the bill would create a central database affecting tens of millions who are not even suspected of a crime -- and the information will be shared with state and local law enforcement. ``Prosecutors and law enforcement already second-guess doctors and prosecute them for prescribing `too much' or if they decide the patient doesn't `deserve' treatment,'' a spokesperson for AAPS told NewsMax. ``Overzealous prosecutors have already frightened many doctors out of prescribing pain treatment for the almost 50 million patients who suffer from pain,'' the spokesperson added. ``We can't let them do it to the rest of us as well.'' In its current campaign the organization highlights: The National All Schedules Prescription Reporting Act allows government and law enforcement to monitor your prescriptions; Treats tens of millions of patients as potential criminals; Gives prosecutors & law enforcement power to decide who is ``deserving'' of medicines. AAPS emphasizes that in its opinion the bill as presently worded would potentially target every prescription that involves any type of scheduled drug for anxiety, depression, insomnia, or pain --`making the suspect doctors' scripts readily accessible to the police and potentially to employers, newspapers, and blackmailers.'' Kathryn Serkes, public affairs counsel for AAPS, pointed out that more than 48 million people who suffer chronic pain in the United States are "having difficulty finding doctors to treat them as a result of misguided drug policy, law enforcement, and overzealous prosecutions. ``The `war on drugs' has turned into a war on doctors and the legal drugs they prescribe and the suffering patients who need the drugs to attempt anything approaching a normal life,'' added Serkes. from the Associated Press, 2004-Nov-18: Amtrak Begins 'Ticket Verification Program' Amtrak Begins Random Onboard ID Checks WASHINGTON -- Earlier this month, Amtrak started what they call a "ticket verification program." An Amtrak spokesman said officials want to make sure the person who's traveling is the person whose name is on the ticket. He said the checks are part of a broader program to improve security. Amtrak also requires passengers to show ID at the ticket counter. And all luggage must be tagged with the owner's address. Officials have also started asking people to be alert for suspicious activity on trains and at stations. The security program is the result of a federal order issued in May. Since then, Amtrak has been using canine teams to randomly inspect trains and baggage. Amtrak officials say so far, no arrests have resulted from the random onboard checks. from the Portsmouth Herald, 2004-Aug-30, by Joe Adler: Fighting for their homes PORTSMOUTH - A lawsuit claiming the unconstitutionality of a state law that punishes residents for not allowing tax appraisers into their home has refueled the debate over yearly property valuations by local and state governments. Four New Hampshire residents and the Washington-based Institute for Justice filed suit last week in federal court against the New Hampshire Board of Tax and Land Appeals over a 1994 law that allows officials to obtain a search warrant and deny any property tax appeals if a homeowner refuses entry to an appraiser. In the lawsuit, the four residents - Tony and Alicia Leka of Hudson, and Phillip Smith and Anthony Stanizzi of Hollis - argue that the law violates their rights under the Fourth Amendment, which guarantees the right against unreasonable search and seizure. Bill St. Laurent, president of the Association of Portsmouth Taxpayers, said it was unreasonable to force property owners to let in strangers to appraise the interior of their homes. All the appraisers need to see, he said, is if there is an addition to the house in order to determine square footage. "They should be able to tell that from the street," said St. Laurent, a former city councilor. "You should not have to let someone in your home that you wish not to have come in your home. That's a personal thing. We have got to stop taking rights away from people in this country." The residents suing the state's Board of Tax and Land Appeals say they are willing to discuss their homes with assessors and show them public documents related to the property, and they are also open to inspections of their homes' exteriors. But their decision not to grant assessors entry inside their homes has all but blocked them from pursuing appeals of their property tax assessments. "Government officials in the Live Free or Die State shouldn't be allowed to intrude into my family's home or penalize me for merely exercising my Fourth Amendment rights," said Smith. Over the years, Portsmouth has conducted numerous citywide property valuations to determine how much homeowners should pay in property taxes. In 2002, the city hired the consulting firm Cole-Layer-Trumble for $700,000 to do such appraisals. The property tax rate for 2004 was announced in October as $17.74 per $1,000 of assessed property value. That was a $1.53 decrease from the previous year's rate. St. Laurent said the only rational reason an assessor would need to enter a home to conduct an appraisal is to see whether a homeowner has made livable space out of a basement or attic, which would add square footage to a home. Any such improvement, said St. Laurent, would have to be filed through a municipal planning office before work could done. "I think they're basically calling (residents) liars," St. Laurent said of the law. "Police can't even come into your home if they don't have a search warrant. Why should an assessing company be able to come into your home?" Rosann Maurice, Portsmouth's deputy assessor, declined to comment Friday about the lawsuit. from TheInquirer.net, 2004-Jul-1, by Nick Farrell: US court allows email interception The nose wins A BOSTON US appeals court has decided that it is OK for anyone who has email being stoed on their network to open and examine it. The ruling follows the case of the online bookstore Interloc which made copies of e-mails in 1998 so it could look at messages sent to its subscribers by rival Amazon.com. Interloc executive Branford Councilman was indicted on an illegal wiretapping charge. The charge was thrown out, but the Government appealed. According to Associated Press, the Boston-based appeals court has upheld the dismissal. Councilman made his employees to write computer code to intercept and copy all incoming e-mails from Amazon.com to Interloc's subscribers, who were dealers seeking buyers for rare and out-of-print books. The case against Councilman was that he tried to exploit the Amazon e-mails to develop a list of books, learn about competitors and attain a commercial advantage. His defence was that the e-mails were copied while in "electronic storage" -- and were in the process of being routed through a network of servers to recipients. The law only protects eavesdropping on messages that are not stored - such as an unrecorded phone conversation - but does not afford the same legal protections to stored messages. The ruling has scared the pants off civil rights groups which claim it means that all of our electronic communications are in jeopardy. It means that anyone who owns part of the network that the email happens to be flying around, has the right to stop and open it. The Electronic Frontier Foundation, said in a statement that the court dealt a 'grave blow' to the privacy of Internet communications. The US Justice Department said it was considering its options following the ruling. from the Associated Press, 2004-Jul-1: Appeals court allows intercepting e-mail Privacy advocates rap federal ruling In an online eavesdropping case with potentially profound implications, a federal appeals court in Boston ruled it was acceptable for a company that offered e-mail service to surreptitiously track its subscribers' messages. A now-defunct online literary clearinghouse, Interloc Inc., made copies of the e- mails in 1998 so it could peruse messages sent to its subscribers by rival Amazon.com Inc. An Interloc executive was subsequently indicted on an illegal wiretapping charge. An advocacy group said Tuesday's ruling by the 1st US Circuit Court of Appeals opens the door to further interpretations of the federal Wiretap Act that could erode personal privacy rights. "It puts all of our electronic communications in jeopardy -- voice mail, e-mail, you name it," said Jerry Berman, president of the Center for Democracy and Technology. In a 2-1 decision, the appeals court upheld a federal judge's dismissal last year of a wiretapping charge against a former Interloc vice president, Branford C. Councilman. According to his 2001 indictment, he directed employees to write computer code to intercept and copy all incoming e-mail from Amazon.com to Interloc's subscribers, who were dealers seeking buyers for rare and out-of-print books. Amazon.com did not then offer used books, but helped customers track down rare books. The government alleged Interloc tried to exploit the Amazon e-mails "to develop a list of books, learn about competitors and attain a commercial advantage." Councilman argued no violation of the Wiretap Act had occurred because the e- mails were copied while in "electronic storage" -- the messages were in the process of being routed through a network of servers to recipients. The wiretapping law broadly protects eavesdropping on messages that are not stored -- such as an unrecorded phone conversation -- but does not afford the same legal protections to stored messages. The 1968 law was amended in 1986 to address emerging computer technologies. In a dissenting opinion, Appeals Court Judge Kermit V. Lipez wrote that upholding Councilman's arguments "would undo decades of practice and precedent regarding the scope of the Wiretap Act and would essentially render the act irrelevant to the protection of wire and electronic privacy." The significance of the trend evidenced in the following item is that the TLS transparent mail encryption system (included in most full featured mail handling software now, including the free and ubiquitous sendmail) provides cryptographic (guaranteed) privacy to users only if their computers are able to connect directly to the recipient's mail server, and consumer-oriented ISPs are now using their positions of power to block those direct connections. This means they can read all the email their subscribers send (and receive, in most cases), unless the subscribers use awkward, obscure, attention-grabbing technologies like PGP. from TheInquirer.net, 2004-Jul-2: Bell South set to block Spam Port 25 Goodbye emals. Well some of them BELLSOUTH IS SET to follow 's lead and block port 25 in a bid to reduce the junk emals its customers are getting. The firm said it will upgrade its email service on July 13th and describes it as a spam fighting upgrade. In a letter it sent to its customers yesterday, it advised them on how to fix their email clients so they work properly with the move. There's a web page for its customers, here. from eWeek.com, 2004-Jul-1, by Matt Hicks: Wiretap Ruling Could Signal End of E-Mail Privacy A federal appeals court ruling this week has put a spotlight on the increasingly public nature of e-mail messages and has unraveled expectations that e-mail would gain the same privacy protections as traditional communications. The 1st Circuit Court of Appeals on Tuesday ruled that protections under the federal Wiretap Act do not extend to e-mail messages stored on an e-mail provider's computer systems. "The fact is that there is now an emerging line of precedent in the courts that people should not expect privacy in their e-mail, for the most part," said Mark Plotkin, a partner at law firm Covington & Burling, in Washington, D.C. The decision stemmed from a 2001 indictment on wiretapping charges against an executive of Interloc Inc., a now-shuttered listing company for rare and used books. Bradford Councilman, who was a vice president at the company, was accused of having copied e-mails from Amazon.com Inc. that were being sent to book dealers who subscribed to Interloc's e-mail service. In a 2-1 ruling, the appeals court upheld a lower court's dismissal of the illegal wiretapping charge. Privacy advocates immediately called the ruling a blow to privacy rights, and technology attorneys agreed that the court's decision should put an end to users' expectations that their e-mails are safe from prying eyes. The court's decision hinged on the fact that the Wiretap Act, which dates to 1968, covers eavesdropping on live communications such as a phone conversations but not on stored communications, such as an e-mail message even temporarily stored on an e-mail provider's servers or computers en route to a recipient. "We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than to wire and oral communications," the court's ruling stated. The decision is a blow to more than just the privacy of e-mail. It also could hurt efforts to prevent and prosecute other forms of cyber-crime, said Allonn Levy, an attorney with Hopkins & Carley in San Jose, Calif. "By ruling that copying e-mail messages that had been 'stored' by a computer while in transit is not a crime under the federal Wiretap Act, the First Circuit has removed an important tool for fighting industrial espionage, stalking, identity theft and other information-based crime," she said. The appeals court agreed that "the language may be out of step with the technological realities of computer crimes." But it argued that it is the role of the U.S. Congress, not the courts, to change any language in the law to extend the eavesdropping protections to e-mail and electronic communications. "What the courts are telling us is that unless the Wiretap Act is changed, e-mail should be viewed as public communication that anybody could potentially view," Plotkin said. Plotkin said he expects the ruling to embolden privacy advocates and others to push for changes in the law, but he doubts that the political climate will lead members of Congress to act. In light of terrorism threats, the issue will likely become one of security versus privacy, which could be a hard sell for privacy advocates, he said. While the ruling would appear to allow Internet and e-mail service providers to read and copy users' e-mails, most major ones have their own privacy policies against such practices. A Yahoo Inc. spokeswoman, for example, said the company "does not access or disclose user information and content except in very limited circumstances such as when required to do so by law." Still, the ruling does remove what could have been one barrier to ISPs accessing e-mail for such activities as data-mining it for commercial purposes, said Paul Winick, a partner at law firm Thelen, Reid & Priest LLP, in New York. "As long as your e-mail is in storage, your service provider is not going to violate the Wiretap Act in reading your e-mail," he said. When it comes to government access to e-mail, law enforcement officials still would need a warrant to access e-mail, Winick said. But with wire communications, such as phone calls, the Wiretap Act restricts the types of conversations that could be tapped. Given the appeals court's ruling, similar limitations likely won't apply to stored e-mail messages once law enforcement officials gain access, he said. Beyond a push for updated laws, the court's ruling reinforces the need for businesses and consumers to take e-mail security more seriously, said Sonia Arrison, director of technology studies at the Pacific Research Institute, a San Francisco-based think tank advocating a free-market philosophy. Arrison said that rather than seeking new privacy laws, e-mail users need to embrace encryption methods for securing sensitive e-mails. "E-mail is just inherently insecure, and we have a whole bunch of problems because of it," Arrison said. "There are two things to take from this ruling: Know that your e-mail is not private and it never has been, and figure out what to do about it." from E-Commerce Times, 2004-Aug-24, by Robert Jaques: Virus Writers Create Peeping Tom Webcam Worm According to Sophos, the W32/Rbot-GR worm is evidence of a growing trend of malware spying on innocent home computer owners and poorly protected businesses. "With many home users keeping poorly defended PCs in their bedroom, there is considerable potential for abuse," said Graham Cluley, senior technology consultant for Sophos. Virus writers have developed a "Peeping Tom" worm Relevant Products/Services from AT&T Network Security Solutions that can use webcams to spy on computer users in their home or workplace, Internet security Relevant Products/Services from IBM eServer xSeries Systems watchers have warned. The newly discovered Rbot-GR worm (W32/Rbot-GR) spreads via network shares, exploiting a number of Microsoft (Nasdaq: MSFT) Latest News about Microsoft security vulnerabilities before installing a backdoor Trojan as it travels, security firm Sophos Latest News about Sophos said. The company added that, once the worm infects a computer, remote hackers can easily gain access to the information on the PC's hard drive and steal passwords, as well as spy on innocent users via their webcam and microphone. "More and more hackers are interested in spying on the people they manage to infect with their worms and Trojan horses," said Graham Cluley, senior technology Relevant Products/Services from Intel Enterprise Solutions consultant for Sophos, in a statement. "In the workplace, this worm opens up the possibilities of industrial espionage. At home it is equivalent to a Peeping Tom who invades your privacy Latest News about privacy by peering through your curtains. "If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded." According to Sophos, the W32/Rbot-GR worm is evidence of a growing trend of malware spying on innocent home computer owners and poorly protected businesses. "With many home users keeping poorly defended PCs in their bedroom, there is considerable potential for abuse," added Cluley. "The message is simple: keep your PC protected against the latest threats with antivirus software and firewalls, and if in any doubt unplug your webcam when you're not using it." More information on the worm and instructions on how to remove it are available from Sophos. from The Telegraph, 2004-Sep-12, by Melissa Kite and Daniel Foggo: Cameras in the trees will spy on hunts Police are planning to use spy cameras in the countryside to enforce a ban on fox hunting. Chief constables intend to site CCTV cameras on hedgerows, fences and trees along known hunting routes to enable them to photograph hunt members who break the law after hunting with hounds is outlawed. The controversial measure was agreed at a secret meeting between David Blunkett and the chief constables of England and Wales after the hunting ban was announced last week. Police chiefs warned the Home Secretary that enforcing the ban would cost in excess of £30 million and divert resources from front-line policing. The plan to use cameras was put forward as a way of detecting illegal hunts without deploying hundreds of extra police to roam the countryside. Some senior police have voiced concern that the measure could be easily foiled by riders and foot followers donning balaclavas. Mr Blunkett, however, was said to be enthusiastic about the idea, believing that cameras would be an affordable way of allowing police to identify where illegal hunts are taking place before moving in. An aide said: "This is the sort of imaginative policing solution that we will need to be able to police this ban, without incurring massive extra costs." The strategy was agreed during a meeting at the Home Office last week following the announcement that a Hunting Bill will be forced through, beginning in the Commons this week, but with its implementation delayed for two years. Opponents of the ban said the use of spy cameras would serve only to harden defiance. In another act of opposition, The Sunday Telegraph has learned that hundreds of farmers are to refuse to allow the Armed Forces to carry out military manoeuvres on their land if the Government succeeds in passing its Bill to outlaw hunting. The decision by landowners in Wales and parts of England to implement a permanent ban will place tens of thousand of acres out of bounds to the military and paralyse Ministry of Defence plans for forthcoming exercises. The move is a direct retaliation for the Government's decision to force the anti- hunting Bill through the zHouse of Lords. The Commons will vote on the Bill on Wednesday and, if it is passed as expected, the use of the Parliament Act will ensure that the ban becomes effective within two years, irrespective of opposition from the upper chamber. The MoD has long been reliant on the unpaid co-operation of farmers in allowing the Armed Forces to use their land for large-scale manoeuvres. Ken Jones, the master of the Irfon and Towy Hunt and the chairman of the Federation of Welsh Packs, said that dozens of farmers in mid-Wales would no longer give the MoD permission for troop exercises. Mr Jones, who owns an 800-acre sheep and cattle farm near Llanwrtyd Wells in Powys, said: "All co-operation with the military will be stopped immediately and for good. The Army and the SAS use our land for large exercises two or three times a year, but not any more they won't. "There is a big exercise set for November with units from all different parts of the world taking part but that will probably have to be cancelled now. "We have a very good relationship with the military so we don't relish doing this. "The last thing we want to do is to ruin national security, but when you have people like the Labour Party running the country and the way they are treating country folk, we need to stand up." Tony Blair has ordered the implementation of the ban to be delayed to avoid an angry confrontation with hunt members in the run up to a general election next year. Mr Blunkett was also in favour of the delay because it will allow the police to prepare for the ban. However police in rural areas fear that if they have to arrest hunt members, it will drive a wedge between them and their local community. * A group of field sports supporters are making a complaint to the Commission for Racial Equality claiming that the Government's intention to outlaw fox hunting will discriminate against their "ethnic identity". The Free Church of Country Sports launched itself earlier this year in an effort to establish hunting as a religion. from the Boston Herald, 2004-Jul-23, by Thomas Caywood: Some cheer, some jeer as T begins random bag checks Any bags or parcels you carry on the T this morning are fair game now. MBTA cops began checking baggage for bombs at two suburban commuter rail stations yesterday under a controversial new security policy that outraged some riders and left others unfazed. Checking the bags of every 11th passenger carrying one at Randolph and Salem stations, police screened a total of 95 items during the morning commute using ion trap spectrometers. The machines, which list for $46,000 each and are about the size of a cash register, detected no explosive traces at either station. MBTA Police Chief Joseph Carter said no one refused to have bags swabbed for screening and, in fact, many riders wanted to volunteer. But civil rights advocates and subway riders at the Roxbury Crossing station yesterday afternoon blasted the checks - which also will include bomb-sniffing dogs and physical searches of bags - as heavy-handed and futile. ``It gives people a false sense of security. What's going to stop me from walking half a block to the next station?'' said Gabriel Camacho of the T Riders Union. Carter, the T police chief, acknowledged random checks in selected locations aren't foolproof. ``This isn't the end all and be all, but it is a major step,'' he said. French Wall of the Fenway, who caught the Orange Line at Roxbury Crossing yesterday with a bag in his hand, said he doesn't feel safer. ``It's a distraction from efforts to make me feel safer,'' Wall said. The American Civil Liberties Union of Massachusetts is gathering anecdotal reports from searched riders for a lawsuit, and the local chapter of the National Lawyers Guild plans to file an injunction to stop the checks. ``If we don't file (Friday) we will file on Monday,'' NLG's Urszula Masny-Latos said. While the ACLU and NLG maintain random searches in a public place without probable cause run afoul of the Fourth Amendment, the Anti-Defamation League of New England threw its support behind the policy yesterday. ``We believe the MBTA intends to protect the public while safeguarding civil liberties,'' ADL Regional Director Rob Leikind said. from the Associated Press, 2004-Jul-18: Boston to be blanketed by surveillance cameras during DNC BOSTON State and federal authorities are placing dozens of surveillance cameras at strategic points around Boston for the Democratic National Convention in an effort to deter terrorism, violent demonstrations and ordinary street crime. The new surveillance equipment is in addition to hundreds of cameras already in use by the MBTA, the Massachusetts Port Authority, the Big Dig and the state Highway Department. The burgeoning number of largely unregulated cameras has civil libertarians concerned that the increased surveillance will discourage people from exercising their First Amendment rights. "What this demonstrates is that '1984' is now technologically possible," said Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, referring to George Orwell's book about an all-seeing government. "This really is a situation where we are being asked to blindly trust the government. There is no oversight of this. There are no safeguards." Law enforcement officials say the cameras will only be used to deter and detect crime, not to snoop on law-abiding citizens or demonstrators. The surveillance includes 75 cameras installed by the federal government to monitor the Central Artery, City Hall Plaza, the FleetCenter and other high priority areas. The cameras will be centrally monitored in Boston and Washington. The U.S. Coast Guard is also using a surveillance system in the harbor and Charles River that includes infrared imaging equipment, radar and cameras to watch for unauthorized vessels entering the waters around Boston. And while many of the cameras are being set up in time for the convention, they will stay in use long after the delegates have gone home. "We own them now," Boston Police Superintendent Robert Dunford said. "We're certainly not going to put them in a closet." Dunford, the department's top convention security planner, said the police have a policy in place to prevent abuse. Tapes that do not show criminal activity will be destroyed. The federal equipment will be used simply to identify suspicious and criminal activity and to respond to emergencies, not to snoop on private citizens, said Ronald Libby, regional director of the Federal Protective Service, a branch of the Homeland Security Department. "It doesn't make sense to take all these valuable resources and look at the guy on the corner smoking cigarettes," he said. The new surveillance equipment is part of the $50 million security effort for the July 26-29 convention, the first since the Sept. 11 terrorist attacks, and will augment an estimated 3,000 law enforcement personnel. Security for the convention, where Massachusetts Sen. John Kerry will formally accept the party's nomination for president, also includes the shutdown of portions of Interstate 93 for long stretches and the closure of the North Station commuter rail hub. Although all the cameras will not be part of the same network, law enforcement agencies have agreed to share camera shots if necessary. from TheRegister.co.uk, 2004-Jun-4, by Andrew Orlowski in San Francisco: RIAA wants your fingerprints Not content with asking for an arm and a leg from consumers and artists, the music industry now wants your fingerprints, too. The RIAA is hoping that a new breed of music player which requires biometric authentication will put an end to . Established biometric vendor Veritouch has teamed up with Swedish design company to produce iVue: a wireless media player that allows content producers to lock down media files with biometric security. This week Veritouch announced that it had demonstrated the device to the RIAA and MPAA. "In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan," claims the company. iVue has been developed in partnership with Swedish design house Thinking Materials. Since Veritouch already supplies security authentication systems up to Homeland Defense standards (in partnership with an Israeli defense contractor), we do forsee exciting synergies ahead, should budget cuts force the War on Terror and the War on Piracy to be consolidated into just the one unwinnable "war". Do you think it will catch on? from CNET News.com, 2004-Apr-19, by Declan McCullagh: Shhh! The FBI's listening to your keystrokes The FBI is trying to convince the government to mandate that providers of broadband, Internet telephony, and instant-messaging services build in backdoors for easy wiretapping. That would constitute a sweeping expansion of police surveillance powers. Instead of asking Congress to approve the request, the FBI (along with the Department of Justice and the Drug Enforcement Administration) are pressing the Federal Communications Commission to move forward with minimal public input. The three agencies argue that the 1994 Communications Assistance for Law Enforcement Act (CALEA) permits the FCC to rewire the Internet to suit the eavesdropping establishment. "The importance and the urgency of this task cannot be overstated," their proposal says. "The ability of federal, state and local law enforcement to carry out critical electronic surveillance is being compromised today." Unfortunately for the three agencies, CALEA, as it's written, would not grant the request. When Congress was debating CALEA, then-FBI Director Louis Freeh reassured nervous senators that the law would be limited to telephone calls. (CALEA was intended to let police wiretap conversations flowing through then-novel services like cellular phones and three-way calling.) "So what we are looking for is strictly telephone--what is said over a telephone?" Sen. Larry Pressler, R-S.D., asked. Freeh replied: "That is the way I understand it. Yes, sir." A House of Representatives committee report prepared in October 1994 is emphatic, saying CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers." Freeh, who has a sincere appreciation for wiretaps, had included Internet services in an earlier version of CALEA--but Congress didn't buy it. "Unlike the bills previously proposed by the FBI, this bill is limited to local and long-distance telephone companies, cellular and PCS providers, and other common carriers," Jerry Berman of the Electronic Frontier Foundation told Congress during a September 1994 hearing. But now that more conversations are taking place through audio-based instant- messaging and voice over Internet Protocol (VoIP) services, the FBI and its allies are hoping that official Washington won't remember inconvenient details. "These (wiretapping) problems are real, not hypothetical, and their impact on the ability of federal, state and local law enforcement to protect the public is growing with each passing day," the police agencies say in their proposal to the FCC. It's true that the FBI has a difficult job to do, especially after Sept. 11, 2001, but is this proposal necessary, let alone wise? from Wired Magazine, 2004-Jan-6, by Kim Zetter: Bush Grabs New Power for FBI While the nation was distracted last month by images of Saddam Hussein's spider hole and dental exam, President George W. Bush quietly signed into law a new bill that gives the FBI increased surveillance powers and dramatically expands the reach of the USA Patriot Act. The Intelligence Authorization Act for Fiscal Year 2004 grants the FBI unprecedented power to obtain records from financial institutions without requiring permission from a judge. Under the law, the FBI does not need to seek a court order to access such records, nor does it need to prove just cause. Previously, under the Patriot Act, the FBI had to submit subpoena requests to a federal judge. Intelligence agencies and the Treasury Department, however, could obtain some financial data from banks, credit unions and other financial institutions without a court order or grand jury subpoena if they had the approval of a senior government official. The new law (see Section 374 of the act), however, lets the FBI acquire these records through an administrative procedure whereby an FBI field agent simply drafts a so-called national security letter stating the information is relevant to a national security investigation. And the law broadens the definition of "financial institution" to include such businesses as insurance companies, travel agencies, real estate agents, stockbrokers, the U.S. Postal Service and even jewelry stores, casinos and car dealerships. The law also prohibits subpoenaed businesses from revealing to anyone, including customers who may be under investigation, that the government has requested records of their transactions. Bush signed the bill on Dec. 13, a Saturday, which was the same day the U.S. military captured Saddam Hussein. Some columnists and bloggers have accused the president of signing the legislation on a weekend, when news organizations traditionally operate with a reduced staff, to avoid public scrutiny and criticism. Any attention that might have been given the bill, they say, was supplanted by a White House announcement the next day about Hussein's capture. James Dempsey, executive director of the Center for Democracy & Technology, didn't see any significance to the timing of Bush's signing. The 2004 fiscal year began Oct. 1 and the Senate passed the bill in November. He said there was pressure to pass the legislation to free up intelligence spending. However, Dempsey called the inclusion of the financial provision "an intentional end-run" by the administration to expand the administration's power without proper review. Critics like Dempsey say the government is trying to pass legislation that was shot down prior to the U.S. invasion of Iraq, when the Bush administration drafted a bill to expand the powers of the Patriot Act. The so-called Patriot Act II was discovered by the Center for Public Integrity last year, which exposed the draft legislation and initiated a public outcry that forced the government to back down on its plans. But critics say the government didn't abandon its goals after the uproar; it simply extracted the most controversial provisions from Patriot Act II and slipped them surreptitiously into other bills, such as the Intelligence Authorization Act, to avoid raising alarm. Dempsey said the Intelligence Authorization Act is a favorite vehicle of politicians for expanding government powers without careful scrutiny. The bill, because of its sensitive nature, is generally drafted in relative secrecy and approved without extensive debate because it is viewed as a "must-pass" piece of legislation. The act provides funding for intelligence agencies. "It's hard for the average member to vote against it," said Dempsey, "so it makes the perfect vehicle for getting what you want without too much fuss." The provision granting increased power was little more than a single line of legislation. But Dempsey said it was written in such a cryptic manner that no one noticed its significance until it was too late. "We were the first to notice it outside of Congress," he said, "but we only noticed it in September after it had already passed in the House." Rep. Porter Goss (R-Florida), chairman of the House Intelligence Committee that reviewed the bill, introduced the legislation into the House last year on June 11, where it passed two weeks later by a vote of 410-9. The Senate passed the bill by unanimous consent on July 31. Goss's staff said he was out of the country and unavailable for comment. But Goss told the House last year that he believed the financial institution provision in the bill brought the intelligence community up to date with the reality of the financial industry. "This bill will allow those tracking terrorists and spies to 'follow the money' more effectively and thereby protect the people of the United States more effectively," he said. But Rep. Betty McCollum (D-Minnesota), who opposed the legislation, told the House, "It is clear the Republican leadership and the administration would rather expand on the USA Patriot Act through deception and secrecy than debate such provisions in an open forum." Despite her remarks, however, McCollum voted in favor of the legislation. A number of other representatives expressed concern that the financial provision was slipped into the Intelligence Act at the 11th hour with no time for public debate and against objections from members the Senate Judiciary Committee, which normally has jurisdiction over the FBI. Sen. Patrick Leahy (D-Vermont), the minority leader of the Senate Judiciary Committee, along with five other members of the Judiciary Committee, sent a letter to the Intelligence Committee requesting that their committee be given time to review the bill. But the provision had already passed by the time their letter went out. "In our fight to protect America and our people, to make our world a safer place, we must never turn our backs on our freedoms," said Rep. C.L. "Butch" Otter (R- Idaho) in a November press release. "Expanding the use of administrative subpoenas and threatening our system of checks and balances is a step in the wrong direction." Otter, however, also voted in favor of the bill. Charlie Mitchell, legislative counsel for the American Civil Liberties Union, said many legislators failed to recognize the significance of the legislation until it was too late. But he said the fact that 15 Republicans and over 100 Democrats voted against the Conference Report of the bill indicated that, had there been more time, there probably would have been sufficient opposition to remove the provision. "To have that many people vote against it, based on just that one provision without discussion beforehand, signifies there is strong opposition to new Patriot Act II powers," Mitchell said. He said legislators are now on the lookout for other Patriot Act II provisions being tucked into new legislation. "All things considered, this was a loss for civil liberties," he said. But on a brighter note, "this was the only provision of Patriot II that made it through this year. Members are hearing from their constituents. I really think we have the ability to stop much of this Patriot Act II legislation in the future." from the Austin Chronicle, 2004-Jan-9, by Jordan Smith: Patriot II, Piece by Piece While the so-called Patriot Act II -- a wish list of sweeping powers dreamed up last year by U.S. Attorney General John Ashcroft to augment 2001's USA PATRIOT Act -- disappeared shortly after a draft copy was made public early last year, it did not die. In fact, on Saturday, Dec. 13 -- as news of Saddam Hussein's capture drove the news cycle -- President George W. Bush signed into law a bill that will allow the federal government broad access to individuals' financial records without a court order. This allows the government to sidestep decades- old financial privacy laws, all in the name of preventing terrorism. House Bill 2417, the Intelligence Authorization Act for fiscal year 2004, debuted in Congress last June, and was pushed back and forth between the House and Senate for nearly five months before finally making its way to Bush's desk on Dec. 2. The lengthy perennial bill authorizes appropriations for all intelligence- related activities and, on the whole, is fairly standard. However, the final bill was amended by the Senate to include a section that redefines and broadens the phrase "financial institution" -- an obscure yet sweeping change that, at least until challenged in court, will allow the federal government the ability to snoop into nearly every financial aspect of individuals' lives. Previously, federal law enforcement officials could gain access to individuals' financial records from a bank only if those individuals were suspected of crimes and only after gaining the approval of a federal judge. But the new IAA not only allows the feds to snoop through financial records without a warrant and without demonstrating the person is actually a suspect in a crime, but also broadens the arena for snooping. The legal definition of "financial institution" previously referred only to banks. But now, the feds can examine financial records held by stockbrokers, car dealerships, casinos, credit card companies, insurance agents, jewelers, airlines, pawnbrokers, the U.S. Postal Service, and any other business "whose cash transactions have a high degree of usefulness in criminal, tax, or regulatory matters." Federal law enforcers need only draft a "National Security Letter" requesting the records in order to get them. This change ultimately passed the U.S. House, but not before a handful of legislators -- including Texas Rep. Ron Paul, R-Surfside -- voiced stern opposition. "These expanded internal police powers will enable the FBI to demand transaction records from businesses ... without the approval or knowledge of a judge or grand jury," Paul said during a speech from the House floor on Nov. 20. "This was written into the bill at the 11th hour over the objections of members of the Senate Judiciary Committee, which would normally have jurisdiction over the FBI. The Judiciary Committee was frozen out of the process. It appears we are witnessing a stealth enactment of the enormously unpopular 'Patriot II' legislation that was first leaked several months ago. Perhaps the national outcry when a draft of the Patriot II act was leaked has led its supporters to enact it one piece at a time in secret. Whatever the case, this is outrageous and unacceptable." In the end Paul was one of 163 legislators (including fellow Texans Lloyd Doggett and Sheila Jackson Lee and presidential candidate Dennis Kucinich) to vote against the entire IAA solely because of the draconian amendment. "How this will take effect and what the limits of it are will probably be fought out in the courts," said Paul spokesman Jeff Deist. So far, Deist said, the IAA amendment is the first of the so-called Patriot II measures to make its way into legislation, but he expects it won't be the last. "January is a whole new ballgame," he said. from the New York Times, 2004-Jun-29, by Joe Sharkey: Want to Be Unpopular? Start With a Cellphone Last week, in a column about the proliferation of cellphone louts on Amtrak trains, including on the single, ostensibly cellphone-free Quiet Cars that Amtrak operates, I asked for reader responses. An avalanche of e-mail messages arrived. I have been traveling out of the country and have been unable to respond yet to most of the mail, though I have read it all avidly. Unfortunately, I can share only a few excerpts here. Let us just say that a powerful backlash has formed against the cellphone blabbing that reverberates through trains, planes, buses and in other public spaces. How powerful? Listen to David Patterson's trenchant suggestion: "Give train conductors guns. If a cell-yeller acts up in a Quiet Car (or any car), the conductor is permitted to confiscate his/her cellphone. If the passenger refuses to hand it over, the conductor may shoot him/her, and then redial the last number to inform the person on the other end that the caller will not be getting back to the office anytime soon." Outside the realm of such fantasy, strategies for dealing with phone delinquency range from the decorous to the slightly deranged. "Those who are emboldened enough to confront the offender would say, 'I'll see you in etiquette school!' " suggested Ruth F. Block. Such delicacy is not for William Aguiar Jr. who says his method is to parrot the offender's words - loudly. "At first the cell-intruders don't get it because they are so involved with their rantings," he wrote. "When they become conscious that I am repeating their words they look at me as if I am psychotic. Often, I've heard them say, 'There's some nut repeating my every word. I'll get back to you.' " Remember when public pay phones had doors? They were there to protect Americans' cherished privacy. But the doors are long gone and so, it would seem, is people's skittishness about spilling secrets to strangers. A large number of readers viewed the braying of personal matters by some cellphone users, like the lawyer I overheard on an Acela train discussing intimate details of a client's case, as a symptom of the nation's cultural decline. "I certainly can't believe how people talk on their phone without thinking about the consequences," said Tony J. Williams. Michael Reed wrote, "The sense of decent privacy in public places has been lost. There used to be a decorum and an expected behavior associated with public places. This is/was essential because it permitted us to sanely coexist, by mostly unwritten rules." Carolyn Doyle added, "There is not enough time in the day to relay the daily torment I must endure from these cell-yellers." And airplanes, where cellphones are still banned in flight, don't guarantee a safe haven, she and others pointed out. Ms. Doyle recalled being on a flight from Las Vegas recently that was delayed on the runway by mechanical problems, forcing her to listen to "some loud, overweight blowhard yell on his phone for over an hour" until the plane finally took off. On the subject of Amtrak's Quiet Cars, Kristie Bramwell wrote that she would greatly welcome such an innovation on the Metro-North commuter trains she rides daily between Connecticut and New York City. "There's always some self- important jerk who must holler his business all the way into Manhattan," she said, adding that she would gladly "pay extra" to ride on a car where cellphone use was prohibited. Alan M. Lieberman, who said he always tried to get a seat in a Quiet Car, wrote: "I am a frequent business traveler on the Acela between New York and Washington, D.C. The boorishness of noise polluters on these trains with their cellphones and their beeping musical computers is astonishing," he said, adding that enforcement of the no-cellphone policy isn't consistent. "Some crews are vigilant," while "other Acela crews give no instructions, and when asked to enforce the rules of the car take the attitude that the nonoffender seeking quiet is at fault." Obviously, the problem isn't confined to Amtrak's popular Northeast corridor trains. Bill Witherup of Seattle wrote that when he complained about cellphone bedlam to a Seattle commuter line customer service official, "an officer approached me as if I were a serial killer." In fairness, perhaps his briefcase set off some alarm. Mr. Witherup wrote: "I have a sign on my briefcase. Shows a saber-tooth tiger ready to pounce and the words: 'Beware! This is a cellphone free zone.' " Many readers said that because of cellphone madness, they either had given up on the train as an alternative to the airline shuttles for business travel, or were prepared to. Among them is Arline L. Bronzaft, an environmental psychologist who researches and lectures on the perils of noise. When she started taking Amtrak, she wrote, she "had not envisioned how unpleasant my train trips to Washington would become because of the cellphone." If the problem isn't solved, she said, "I will be forced to fly." Lots of readers shared horror stories. Janet McKee, a regular Amtrak rider, had a beauty. "I am one of those on the Quiet Car who polices the cellphone users," she wrote, recalling an Acela ride on March 11, 2002, when the conductor made an announcement asking passengers to observe a moment of silence to mark the sixth-month anniversary of the Sept. 11, 2001, terrorist attacks. "I was on the Quiet Car and a guy talked through the whole moment of silence on his cellphone." On the Road Appears each Tuesday. E-mail: [email protected] from TheInquirer.net, 2003-Aug-11: China to chip up a billion people Privacy, they've never been threatened by it PAPER ID CARDS in China are to be replaced by cards that use semiconductors and which link in to vast databases controlled by all powerful government ministries, it has emerged. But if such a plan might meet with some mild objections from human rights groups in Europe and North America, it appears the scheme is being introduced without any consultation whatever. By diktat, so to speak. The ID cards will, according to reports, be encrypted so making them hard to forge, it appears. Big Brother in China is likely to start issuing the cards big time during 2005 and 2006, the reports added. Citizens in the world's largest autocracy won't be able to check whether the databases hold accurate information on them. According to a report on Dow Jones, most of the cards and the chip technology will be home produced, but a French firm Thales and an Israeli company, On Track, will help the Chinese government implement the scheme. from SecurityFocus.com via TheRegister.co.uk, 2004-Mar-6, by Kevin Poulsen: Feds: email subpoena ruling hurts law enforcement A federal appeals court has declined to reverse last year's decision that the issuance of an egregiously overbroad subpoena for email can qualify as a computer intrusion in violation of anti-hacking laws. This is despite an argument by the Justice Department that a side-effect of the ruling has already made it harder for law enforcement officials to obtain Americans' private email. The defendant in the case, Alwyn Farey-Jones, was embroiled in commercial litigation with two officers of Integrated Capital Associates (ICA) when he instructed his then-attorney, Iryna Kwasny, to send a subpoena to the company's Internet service provider - California-based NetGate. Under federal civil rules, a litigant can issue such a subpoena without prior approval from the court, but is required to "take reasonable steps to avoid imposing undue burden or expense" on the recipient. "One might have thought, then, that the subpoena would request only email related to the subject matter of the litigation, or maybe messages sent during some relevant time period, or at the very least those sent to or from employees in some way connected to the litigation," reads last August's decision by the 9th Circuit Court of Appeals. Instead, the subpoena demanded every single piece of email ICA's officers and employees had ever sent or received. By the time ICA learned of the subpoena, NetGate had already provided Farey- Jones with a sample of 339 emails from ICA - most of them unrelated to the matter under litigation, and many of them privileged or personal. When ICA found out, it quickly got the subpoena quashed. An outraged district court magistrate termed the subpoena "massively overbroad" and "patently unlawful," and hit Farey-Jones with over $9,000 in sanctions. Criminal Penalties The ICA officers and employees whose email was accessed went on to sue Farey-Jones and his attorney under the civil provisions of three federal privacy and computer protection laws, but a federal judge threw out the lawsuit. The 9th Circuit partially reversed that ruling last August, finding that the subpoena didn't violate federal wiretap law, but could constitute a violation of the Computer Fraud and Abuse Act and the Stored Communications Act (SCA), which outlaw unauthorized access to computers and stored email respectively. Although the ruling addressed a civil suit, both laws include criminal penalties. That means civil attorneys issuing overbroad subpoenas - not an uncommon event - now risk lawsuits, and even potential criminal prosecution as computer intruders, under the decision. "In my view, the 9th Circuit decision... potentially criminalizes a broad swath of conduct," says San Francisco attorney Robert White, who represented Farey- Jones in the appeal. Electronic civil libertarians were split over the decision, seeing it as good for privacy, but a tempting tool for abuse by zealous prosecutors or litigious companies. But when White filed a motion for rehearing at the 9th Circuit, he found himself with an unlikely ally in the case: the US Justice Department, which filed an amicus brief supporting a new hearing. Justice Department lawyers didn't object to an expansion of the Computer Fraud and Abuse Act -- their most common weapon against accused computer intruders and virus writers - but they were deeply troubled by the court's interpretation of the SCA, which they say hobbles their ability to obtain a suspect's email. Federal law protects email under two different standards: messages in "electronic storage" at an ISP can only be obtained by law enforcement officials only with a search warrant issued by a judge based on probable cause to believe that a crime has been committed. But messages that the recipient has read and chosen not to delete can be obtained with a simple administrative subpoena. "Difficulties for Law Enforcement Nationwide" Based on the Justice Department's interpretation of that law, the FBI is long accustomed to being able to obtain messages that the recipient has read by simply handing the ISP an administrative subpoena, only troubling a judge when they need access to unopened email, or, under another requirement of the law, messages older than 180 days. But in ruling against Farey-Jones, the 9th Circuit found that the ICA messages were still in "electronic storage" at NetGate, even though the recipients had read them. It may seem a fine point, but the Justice Department worries that that interpretation places all email less than 180 days old, and stored at an ISP, into the category that requires a search warrant. "The significance of this change for law enforcement cannot be overstated," wrote Justice Department attorney Mark Eckenwiler in the amicus brief. "Substantial quantities of evidence previously available to state and federal prosecutors are no longer available under this heightened standard." Prosecutors in the parts of the country governed by 9th Circuit case law - eight western U.S. states and Hawaii - have already stopped issuing administrative subpoenas for email, according to the brief, filed last September, forcing them to go to a judge and show probable cause when they want a peek into a netizen's inbox. "Moreover, because the Internet spans state and national borders, the panel's decision is likely to create difficulties for law enforcement nationwide," reads the filing, noting that some of the nation's largest email providers, including Yahoo and Hotmail, are located in the 9th circuit. "I was grateful - it's nice to have the government on your side," says White. "It's a question of whether something is considered to be a stored communication or not, and that's really what this case is about, to a very large extent." But despite Farey-Jones' unexpected help from Washington, last month, the appellate court rejected both Farey-Jones' bid for a new hearing, and the Justice Department's narrow argument over electronic storage. "We acknowledge that our interpretation of the Act differs from the government's and do not lightly conclude that the government's reading is erroneous," the court wrote. "Nonetheless... we think that prior access is irrelevant to whether the messages at issue were in electronic storage." On Thursday, the court agreed to temporarily suspend the civil suit against Farey-Jones while he appeals to the US Supreme Court. from the Associated Press, 2004-Jan-13, by Gina Holland: Court OKs Roadblocks to Hunt Criminals WASHINGTON (AP) -- The Supreme Court, in a case watched anxiously by law enforcement agencies across America, held Tuesday that police may set up roadblocks to collect tips about unsolved crimes. In a 6-3 decision, the justices found roadblocks seeking such information do not violate the privacy rights of motorists. The court overturned a decision by the Illinois Supreme Court, which ruled that officers may solicit information from motorists only in an emergency. The case involved a man arrested for drunken driving at a Lombard, Ill., checkpoint set up to get information about an unrelated fatal hit-and-run accident. Justice Stephen Breyer, writing the majority opinion, said that short stops, "a very few minutes at most," are not too intrusive on motorists. Police may hand out a flyer, or ask drivers to volunteer information about crimes, he said. Lombard Police Deputy Chief Dane Cuny said the court's ruling was vindication for the department and "a victory for law enforcement and the public." Three justices expressed concerns the ruling could open up motorists to police interference without yielding useful information about crimes. "There is a valid and important distinction" between seizing a person to determine whether he or she has committed a crime and seizing a person to ask whether that person "has any information about an unknown person who committed a crime a week earlier," wrote Justice John Paul Stevens, joined by Justices David H. Souter and Ruth Bader Ginsburg. The case was a follow-up to a 2000 Supreme Court ruling that roadblocks intended for drug searches are an unreasonable invasion of privacy under the Constitution. Breyer said that in this case, authorities were investigating a specific crime, and one that resulted in a death. He said the ruling likely will not lead to widespread roadblocks in towns around the country because of limited police funding and community hostility to traffic delays. Illinois Attorney General Lisa Madigan said the ruling "will allow law enforcement in Illinois and across the nation to seek voluntary assistance from citizens in their efforts to solve crime." The Illinois checkpoints had been challenged by Robert Lidster, who was arrested for drunken driving. The roadblock had been set up at the same spot and time of day that the hit-and-run took place, in hopes of getting tips. Authorities said that Lidster nearly hit an officer at the scene with his minivan. Justices were told during the November argument in the case that the roadblocks are used in all sorts of investigations, like an effort in Utah to try to produce leads after Elizabeth Smart was kidnapped in 2002. In the partial dissent, Stevens said motorists will be trapped by the checkpoints. "In contrast to pedestrians, who are free to keep walking when they encounter police officers handing out flyers or seeking information, motorists who confront a roadblock are required to stop, and to remain stopped for as long as the officers choose to detain them," he wrote. The delays "may seem relatively innocuous to some, but annoying to others ... still other drivers may find an unpublicized roadblock at midnight on a Saturday somewhat alarming." The three dissenting justices said the case should have been sent back to Illinois courts for more consideration. The case is Illinois v. Lidster, 02-1060. from the New York Times, 2004-Jan-21, by Susan Saulny: Appeals Court Backs Ban on Masks at Public Rallies A federal appeals court panel in Manhattan ruled yesterday that a state law banning the wearing of masks at public gatherings is constitutional, a decision that reverses a lower court's ruling in favor of Ku Klux Klansmen who were barred from wearing masks at a 1999 event. The lower court's ruling, by Judge Harold Baer Jr. of Federal District Court in Manhattan, had found that the city enforced the mask law selectively against the Church of the American Knights of the Ku Klux Klan. The American Knights had argued that anonymous expression was a protected right, and that the hooded masks linked members to Klan history and were expressive of certain beliefs. Advertisement In the decision released yesterday, a three-judge panel ruled that "New York's antimask statute does not, however, bar members of the American Knights from wearing a uniform expressive of their relationship to the Klan. The statute only proscribes mask wearing." The judges, Dennis G. Jacobs, Jose A. Cabranes, and Sonia Sotomayor, continued, in the decision written by Judge Cabranes: "The masks that the American Knights seek to wear in public demonstrations does not convey a message independently of the robe and hood. That is, since the robe and hood alone clearly serve to identify the American Knights with the Klan, we conclude that the mask does not communicate any message that the robe and the hood do not. The expressive force of the mask is, therefore, redundant." The decision ends a case that had been meandering through the court system since 1999, when the American Knights applied for a parade permit from the Police Department and were denied it on the basis of the anti-mask law. In October 1999, the American Knights sought a preliminary injunction to force the Police Department to allow its members to wear masks wile demonstrating. Judge Baer issued an injunction. But the following day, an appeals court panel stayed part of the order. The Klansmen demonstrated on October 23, 1999, as planned, but without masks. After the demonstration, the American Knights went back to court, seeking declaratory relief and a permanent injunction. They were denied a permanent injunction, but were granted a favorable judgment on First Amendment grounds. But in the decision yesterday, Judge Cabranes wrote: "A witness to a rally where demonstrators were wearing the robes and hoods of the traditional Klan would not somehow be more likely to understand that association if the demonstrators were also wearing masks. The American Knights offers no evidence or argument to the contrary." The American Civil Liberties Union represented the Klan from the outset of the case and was disappointed at the outcome yesterday, an official with the group said. "Our societal commitment to free speech is often tested by the claims of unpopular groups and those who convey offensive ideas," said Arthur Eisenberg, the legal director of the A.C.L.U. "This case presented such a test. Judge Baer courageously recognized the group's First Amendment rights in this case and we are surprised that the Court of Appeals did not affirm." The issue, at its core, Judge Cabranes wrote in the decision, did not involve the First Amendment. He wrote that the court rejected the view "that the First Amendment is implicated every time a law makes someone - including a member of a politically unpopular group - less willing to exercise his or her free speech rights." He continued: "While the First Amendment protects the rights of citizens to express their viewpoints, however unpopular, it does not guarantee ideal conditions for doing so, since the individual's right to free speech must always be balanced against the state's interest in safety, and its right to regulate conduct that it legitimately considers potentially dangerous." from Local6.com, 2004-Jan-26: Man Jailed For Days Over Face Mask On Cold Day 21-Year-Old Considers Legal Action Against Police A man visiting Atlanta from Jamaica is considering legal action after being arrested and jailed for three days for wearing a face mask on a cold day, according to a Local 6 News report Sunday. Baruch Walker, 21, was walking down the street on Dec. 9 when officers stopped and arrested him, allegedly for what he was wearing. According to a police report, Baruch Walker, 21, was wearing a coat and a mask that covered half of his face as he walked down a street in December. Officers reportedly stopped him and then arrested him. "About seven other officers came out after him, just from different directions and they told me they were going to arrest me for wearing a face mask," Walker said. A state statute says, "it is a misdemeanor for any person to wear a mask, hood or device by which any portion of the face is so hidden." The law was designed to keep KKK members from hiding their faces with hoods in public. The charges against Walker were eventually dropped, but that was after he spent three days in jail during the holidays. "The judge said that it was, like, one of the most ridiculous laws he ever heard of," Walker said. Authorities said there had been a lot of burglaries recently in the area where Walker was arrested. Watch Local 6 News for more on this story. from the New York Times, 2004-Jan-22, by Stephen Labaton: Easing of Internet Regulations Challenges Surveillance Efforts WASHINGTON, Jan. 21 -- The Federal Communications Commission's efforts to reduce regulations over some Internet services have come under intense criticism from officials at law enforcement agencies who say that their ability to monitor terrorists and other criminal suspects electronically is threatened. In a series of unpublicized meetings and heated correspondence in recent weeks, officials from the Justice Department, the Federal Bureau of Investigation and the Drug Enforcement Administration have repeatedly complained about the commission's decision in 2002 to classify high-speed Internet cable services under a looser regulatory regime than the phone system. The Justice Department recently tried to block the commission from appealing a decision by a federal appeals court two months ago that struck down major parts of its 2002 deregulatory order. Justice Department officials fear that the deregulatory order impedes its ability to enforce wiretapping orders. The department ultimately decided to permit the F.C.C. to appeal, but took the highly unusual step of withdrawing from the lawsuit, officials involved in the case said. As a result of the commission's actions, said John G. Malcolm, a deputy assistant attorney general who has played a lead role for the Justice Department, some telecommunications carriers have taken the position in court proceedings that they do not need to make their networks available to federal agents for court- approved wiretapping. "I am aware of instances in which law enforcement authorities have not been able to execute intercept orders because of this uncertainty," Mr. Malcolm said in an interview last Friday. He declined to provide further details. The clash between the commission and officials from the Justice Department and other law enforcement agencies pits two cherished policies of the Bush administration against each other. On one side stand those who support deregulation of major industries and the nurturing of emerging technologies; on the other are those who favor more aggressive law enforcement after the Sept. 11 terrorist attacks. The outcome of the debate has far- reaching consequences. Law enforcement officials say it will determine whether they can effectively monitor communications between suspects over new kinds of phone services that otherwise might allow them to escape detection. Also at stake is whether the government or industry will bear the considerable costs of developing the technology for such surveillance. By contrast, some F.C.C. officials and telephone industry executives say that if the commission buckles to the other agencies and forces the industry to take on a host of expensive obligations the development of promising new communications services may be stalled or squelched for years to come. The law enforcement officials have also raised concerns about recent statements by the commission's chairman, Michael K. Powell, that suggest he intends to propose rules soon that would place nascent Internet-based telephone services under a looser regulatory regime than the traditional phone system. Through a spokesman, Mr. Powell declined to discuss the subject. David Fiske, the commission's chief spokesman, said that he could not respond to Mr. Malcolm's statement that the F.C.C.'s interpretation of the rules was making it more difficult to execute surveillance orders. A senior official at the F.C.C. said the commission was not unsympathetic to the concerns of the law enforcement agencies. "We're an economic regulatory agency as well as a law enforcement agency and we have to look at the interests of everyone," the official said. Some industry experts say that their biggest worry is that law enforcement demands may reshape the technical specifications of the new Internet voice services, an accusation that officials at the Justice Department and the F.B.I. deny. "What's most scary for industry and perhaps some people at the F.C.C. is the notion that the architecture of the Internet will depend on the permission of the F.B.I.," said Stewart A. Baker, a former general counsel of the National Security Agency, which monitors foreign communications. Mr. Baker now represents a number of telecommunications companies as a partner at the law firm of Steptoe & Johnson. But law enforcement officials say they are not seeking uniform technical standards but requirements that the new companies offering so-called "voice over Internet" services build into their systems easy ways for agents to tap into conversations between suspects. In a strange-bedfellows twist, officials from the F.B.I. and other agencies have found themselves the unlikely allies of groups like the American Civil Liberties Union, which have also argued that the new Internet services offered by cable companies should be under a regulatory regime like the phone system -- but for different reasons. The A.C.L.U. prefers that approach because it would prohibit cable companies from discriminating against Internet service providers, and as such would assure a greater diversity of voices. The law enforcement officials have repeatedly complained about the direction the agency has been taking on the issues. Last month, officials from the Justice Department, the F.B.I. and the drug agency warned officials of the F.C.C. that the commission's regulatory rulings on high- speed Internet access through cable systems "suffers from statutory interpretation problems" and "directly threatens" the ability to apply the law permitting them to monitor suspects, according to a letter on file at the F.C.C. describing a meeting on the issue. The meeting at the F.C.C. included lawyers from the Justice Department's criminal division, civil appellate division, narcotics and dangerous drugs section and solicitor general's office, as well as officials from the F.B.I., and D.E.A. Shortly before that meeting, the Justice Department tried to block the F.C.C. from appealing a decision by a three-judge panel of the United States Court of Appeals for the Ninth Circuit, sitting in Seattle, because of the problems it could pose for law enforcement, officials said. The commission lost the case last October, when the panel issued a ruling that may force the cable companies to share their broadband networks with competing Internet service providers. The F.C.C. order, which was partly struck down, had classified cable broadband as an "information service" under the 1996 Telecommunications Act. In so doing, it threatened to undermine the ability of law enforcement agencies to use the Communications Assistance for Law Enforcement Act of 1994, a wiretapping law that applies to phone services but exempts information services. The Justice Department ultimately reached a compromise that permitted the commission to go forward and petition the entire Ninth Circuit to review the case, Brand X Internet Services v. Federal Communications Commission. But government lawyers removed the department from the case, rejecting the Justice Department's traditional role as the main legal advocate for the United States in nearly all cases before federal appeals courts. Law enforcement officials have also warned the F.C.C. that the approach that Mr. Powell has begun to articulate to have few regulations over the emerging technology that will permit consumers to use the Internet to send and receive phone calls could make it significantly more difficult for prosecutors and federal agents to monitor those calls. The F.B.I. and the Justice Department have told the commission that greater use of high speed Internet phone services "offers increasing opportunities for terrorists, spies, and criminals to evade lawful electronic surveillance," according to a document on file at the F.C.C. Classifying Internet-based phone services as "telecommunications" would allow law enforcement officials to require companies to provide them with access to contemporaneous conversations on their networks under the 1994 wiretapping law. But such a classification also imposes on the companies a host of onerous requirements under the 1996 act, including those intended to assure that telephones are universally available and that everyone has access to 911 emergency services. These obligations, purveyors of the new Internet telephone services say, are so expensive that they will deter their development. Government and industry lawyers say that the commission could try to define the new services as "telecommunications" under the 1994 surveillance law and "information" under the 1996 act. But taking that potentially conflicting approach could undermine the F.C.C. in court in the inevitable legal challenges that would follow its rulings. Mr. Powell, in a series of recent speeches and interviews, has suggested that the new technologies need to be classified as "information services" and thus be subjected to fewer regulations. "Don't shove the round Internet into a square regulatory hole," Mr. Powell said at a luncheon appearance last week before the National Press Club. "We cannot contort the character of the Internet to suit our familiar notions of regulation. Do not dumb down the genius of the Net to match the limited visions of the regulator. "To regulate the Internet in the image of a familiar phone service is to destroy its inherent character and potential," Mr. Powell said. Such new technologies empower people, "giving them more choice and control." "And I think as consumers do more, governments do less, because we don't regulate our citizens." In the same speech, Mr. Powell added, "We will need to ensure the legitimate concerns of public safety and law enforcement are addressed." from TheRegister.co.uk, 2004-Feb-18, by Andrew Orlowski in San Francisco: Google touts stalking service The war between Yahoo! and Google has intensified, as Yahoo! introduced more of its own search engine technology for its US site yesterday. The portal has used Google's search for the past four years, but began to blend- in its own listings eighteen months ago. Google responded by sending co- founder Sergey Brin on a rare press tour, which is as uncommon a sight as Dick Cheney leaving his bunker. The two web giants have a commercial relationship as complex as their technical relationship: but to oversimplify the situation somewhat, Yahoo! decided that it could do as good a job without paying Google. With its revamped search tool, Yahoo! has followed Google's winning formula closely, but indexes more of each web page than Google and returns, by default, twenty entries. Google has responded by touting an increased image database, and boasting of five new tweaks to its algorithm. It's too early to say how good the Yahoo! search really is, but for Yahoo! it may be good enough. It's as clean and fast as Google, and the results look remarkably similar. Both are wrestling with a formula that was appropriate for the Web in 1998 but is now prone to manipulation and pollution. Trackback For example, running the query "Mac OS X discussion" that so severely tripped up Google last year, Yahoo! returns just three "trackbacks" in the first 20 results, while Google returns six in the first ten. (The software authors responsible for trackbacks have corrected the problem in TypePad, and bloggers are advised to keep trackbacks inline.) So Yahoo! appears to take such problems more seriously than Google, although it's wise to wait several weeks before drawing any firm conclusions. The much-cited "search engine business" is trivial in comparison to the much more significant war between the two over classified text advertisements, which sees Yahoo!'s Overture pitted against Google's Adwords and Adsense programs. As Search Engine Watch editor Danny Sullivan noted here, Yahoo! paid Google a mere $7.1m in 2001. But as advertising brokers, the pair are bringing in hundreds of millions of dollars, which has enabled Google's rapid and apparently chaotic growth over the twelve months. We know where you live But Google is fighting back to preserve its reputation as the world's favorite search engine. Google already performs a reverse lookup of US telephone numbers, and with one click, can take you to a map of the subscriber's house. Describing the enhanced features, Google co-founder Sergey Brin explained, "It helps, for example, if you're searching for a person like your next-door neighbor, you may get no result," said Brin this week. "Now you'll get one." We've always found knocking on your next-door neighbor's door with a bowl of sugar is a terrific way to make friends. However, for the sad, the lonely and for potential stalkers everywhere, this could be a boon. Remember: it's a feature, not a bug. from TheRegister.co.uk, 2004-Jan-10, by Andrew Orlowski in San Francisco: Avoid Friendster and its clones, warns security expert Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, and Orkut - make a mockery of existing data protection legislation. "In general, people would be well-advised firstly to stay well clear of all address- book and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University. Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either. Clarke describes the opt-in data harvesting as "disturbing" - a self-evident observation to anyone outside the self-referential Silicon Valley bubble from which many of these services have arisen - but not a concern to the creators. The 'social network' sites present opportunities for ruthless marketroids and stalkers. Plaxo, the most notorious example Clarke cites, encouraged users to upload their entire address books to the servers. "Every IP-address, every email, and every social-network relationship that arises appears to be entirely free of any express contractual constraints." But Plaxo goes further by offering a weasel-worded privacy'guarantee'. Plaxo states: 'We respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information.' But Clarke notes, "the emphasised words appear to exclude the data that is provided by the user when they upload their address-book, and hence the undertaking does not apply to the data about other people that users gift to the company. This assurance falls desperately far short of real privacy protection." The faddish websites also offer opportunities to be wrongly accused of nefarious activity. "Social networks are a primary way in which suspicion is generated about individuals. Acquaintances of terrorists, terrorism suspects, terrorism financiers, terrorist supporters and terrorist sympathisers are at risk of being allocated into a grey zone of terrorist associates. A tag of that kind is potentially as harmful to a person as have been negative categorisations made in previous contexts, such as 'etranger', 'subversive' and 'unamerican'," Clarke notes. Google's own social networking site Orkut has an innocuous looking privacy page, but as we reported last week, its 'Terms of Service' allow the company to take ideas users express there such as neat algorithms or business plans and use them for its own purposes, royalty free. (Microsoft implemented similar conditions but was forced to drop them after public protest). But there's another factor just as important as data flows, that almost everyone has over-looked. Social networking profiles flatten the rich diversity of human characteristics into a depressingly flat taxonomy. For example Orkut invites you to express a political inclination from ten choices Since when was political orientation a two-dimensional scale? Aren't values multi-dimensional? And are there only seven^2 varieties of humor? You can tick as many, but no more options, from a list containing: "campy/cheesy", "goofy/slapstick", "dry/sarcastic", "clever/quick-witted", "friendly", "obscure" (the vast steppes of the surreal are apparently unmappable in this taxonomy), or "raunchy". What would Borges' say? from the New York Times, 2003-Jun-5, by William Safire: Dear Darpa Diary WASHINGTON Unless you work for the government or the Mafia, it's a great idea to keep a diary. I don't mean the minute-by-minute log that Florida Senator Bob Graham keeps in tidy, color-coded notebooks describing his clothes, meals and haircuts. That echoes the mythical Greek Narcissus. Rather, I have in mind the brief notation of the day's highlight, the amusing encounter or useful insight that will someday evoke a memory of yourself when young. Such a journal entry - perhaps an e-mail to your encoded personal file - can now be supplemented by scanned-in articles, poems or pictures to create a "commonplace book." You will then have a private memory-jogger and resource for reminiscence at family gatherings. But beware too much of a good thing. The Defense Advanced Research Projects Agency, or Darpa, stimulates outside- the-box thinking that has given us the Internet and the stealth bomber. On occasion, however, Darpa goes off half-cocked. Its Total (now Terrorist) Information Awareness plan - to combine all commercial credit data and individual bank and academic records with F.B.I. and C.I.A. dossiers, which would have made every American's life an open book - has been reined in somewhat by Congress after we privacy nuts hollered to high heaven. Comes now LifeLog, the all-remembering cyberdiary. Do you know those hand- held personal digital assistants that remind you of appointments, store phone numbers and birthdays, tip you off to foibles of friends and vulnerabilities of enemies, and keep desperate global executives in unremitting touch day and night? Forget about 'em - those wireless whiz-bangs are already yestertech. Darpa's LifeLog initiative is part of its "cognitive computing" research. The goal is to teach your computer to learn by your experience, so that what has been your digital assistant will morph into your lifelong partner in memory. Darpa is sprinkling around $7.3 million in research contracts (a drop in its $2.7 billion budget) to develop PAL, the Perceptive Assistant that Learns. For those who suspect that I am dreaming this up, get that lumbering old machine in your back pocket to access www..mil/ipto, and then click on "research areas" and then "LifeLog." You are then in a world light-years beyond the Matrix into virtual Graham-land. "To build a cognitive computing system," says proto-PAL, "a user must store, retrieve and understand data about his or her past experiences. This entails collecting diverse data. . . . The research will determine the types of data to collect and when to collect it." This diverse data can include everything you ("the user") see, smell, taste, touch and hear every day of your life. But wouldn't the ubiquitous partner be embarrassing at times? Relax, says the program description, presumably written by Dr. Doug Gage, who didn't answer my calls, e-mails or frantic telepathy. "The goal of the data collection is to `see what I see' rather than to `see me.' Users are in complete control of their own data-collection efforts, decide when to turn the sensors on or off and decide who will share the data." That's just dandy for the personal privacy of the "user," who would be led to believe he controlled the only copy of his infinitely detailed profile. But what about the "use-ee" - the person that PAL's user is looking at, listening to, sniffing or conspiring with to blow up the world? The human user may have opt-in control of the wireless wire he is secretly wearing, but all the people who come in contact with PAL and its willing user-spy would be ill-used without their knowledge. Result: Everybody would be snooping on everybody else, taping and sharing that data with the government and the last media conglomerate left standing. And in the basement of the Pentagon, LifeLog's Dr. Gage and his PAL, the totally aware Admiral Poindexter, would be dumping all this "voluntary" data into a national memory bank, which would have undeniable recall of everything you would just as soon forget. Followers of Ned Ludd, who in 1799 famously destroyed two nefarious machines knitting hosiery, hope that Congress will ask: is the computer our servant or our partner? Are diaries personal, or does the Pentagon have a right to LifeLog? And so, as the diarist Samuel Pepys liked to conclude, to bed. from TPDL 2002-Jun-3, from the Washington Times, by Nat Hentoff: The end of privacy Schoolboys used to learn what William Pitt said in the English Parliament, in the 18th century, when the king was ordering more searches of private homes and businesses: "The poorest man may in his cottage bid defiance to all the force of the Crown." Pitt said the roof of his cottage "may shake; the wind may blow through it; the storm may enter; the rain may enter; but the King of England may not enter — all his forces dare not cross the threshold of the ruined tenement." But that was before J. Edgar Hoover and the FBI and cyberspace. In Attorney General John Ashcroft's USA Patriot Act, there is a sneak-and-peek provision, which resembles what in Hoover's time was called "black bag jobs." Last October, Congress overwhelmingly passed the bill. Most members didn't have time to read the lengthy document. With a warrant, FBI agents may now enter homes and offices of citizens and non-citizens when they're not there. The agents may look around, examine what's on a computer's hard drive and take other records of interest to them. These surreptitious visits are not limited to investigations of terrorism, but can also be used in regular criminal investigations. Unlike many parts of the USA Patriot Act, these searches are not subject to the "sunset clause," which requires Congress to examine in four years whether the new law's incursions on American liberties have gone too far. This section of the USA Patriot Act is now a permanent part of American criminal law. While in the office or home, the FBI can plant a "Magic Lantern" in your computer. It's also called the "sniffer keystroke logger." The device creates a record of every time you press a key on the computer. Unless you are very technically savvy, it's hard to know where the Magic Lantern resides. "What the 'Magic Lantern' records is saved in plain text," says Jim Dempsey of the Washington-based Center for Democracy and Technology — someone I've consulted repeatedly on advanced technological invasions of privacy. "During the next FBI secret visit to a home or office, that information is downloaded while the agents look for other papers and records they might want to take along." It is worth noting that a precursor to the Magic Lantern was being used during the Clinton administration. I have a copy of a May 9, 1999 application to a U.S. District Court in New Jersey from a U.S. attorney that authorizes a "surreptitious entry" to search and seize "encryption key-related pass phrases from a computer by installing a specialized computer program . . . which will allow the government to read and interpret data that was previously seized pursuant to a search warrant." Under previous criminal law, when the FBI made a furtive search of homes and offices, the agents had to leave notice that they'd been there, and list what they'd taken. That way the person whose records were taken could immediately challenge the search. The agents may have had a bad lead or gone to the wrong address or may have exceeded their legal authority. Now, the FBI is entitled to give what is called "delayed notice." For up to 90 days, the agents don't have to inform the occupant of their break-ins, and the FBI can delay notice even further by going to a judge and getting extensions of that 90- day provision. Also, if they don't find anything the first and second times, they can keep coming back, hoping they may yet hit pay dirt. Eventually, they will have to give notice. Meanwhile, according to a Reuters dispatch, the FBI is developing a way that will allow it to plant the Magic Lantern without having to break into a home or office. " 'Magic Lantern,' " says Reuters, "would allow the agency to plant a Trojan horse keystroke logger on a target's PC by sending a computer virus over the Internet, rather than require physical access to the computer, as is now the case." In 1928, Supreme Court Justice Louis Brandeis predicted that "ways may be developed, some day, by which the government, without removing secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home." Or of the office. Who knew how chillingly prophetic Justice Brandeis would be? EPC is the follow-on to the ubiquitous UPC (Universal Product Code) barcode symbol. Both are coordinated by the Uniform Code Council (UCC). EPC RFID (Radio Frequency Identifier) tags are privacy-invasive because they contain unique serial numbers, so that an RFID tag can be reliably associated with an individual, and the movements and purchases of that individual can - to one degree or another - be tracked whenever he comes within a few feet of an RFID interrogator. from RFID Journal, 2004-Jan-13: VeriSign to Run EPC Directory EPCglobal has awarded the company a contract to manage the system for looking up information related to Electronic Product Codes. Jan. 13, 2004--EPCglobal, the organization that is commercializing Electronic Product Code technology, has awarded Internet and telecommunications infrastructure services provider VeriSign a contract to manage the directory for looking up EPC numbers on the Internet. VeriSign manages the core Domain Name Service (DNS) directory that allows Internet users to look up the Internet Protocol address for Web sites that end with .com. It was chosen because it has the infrastructure needed to handle the vast number of EPC look-ups. Today, VeriSign handles 10 billion DNS look-ups per day. Jon Brendsel, director of products for the Naming and Directory Services division at Mountain View, Calif.-based VeriSign, says the company's infrastructure can handle 100 billion look-ups today. "A lot of people have talked about the EPC Network as if it were a fanciful concept that was developed by MIT and the Auto-ID Center," says Brendsel. "We're starting to drive home the fact that it isn't that fanciful. It's based on technology that's here today, and it will be available as of today." Under the EPC Network system, each company will have a server running its own Object Name Service (ONS). Like DNS, which points Web browsers to the server where they can download the Web site for any particular Web address, ONS will point computers looking up EPC numbers to information stored on something called EPC Information Services--servers that store information about products. Companies may maintain their own EPC Information Services or subcontract it out, but it will use a distributed architecture, with information about products in more than one secure database on the Web. Under the deal with EPCglobal, VeriSign will manage the EPC Network's root directory: The system that points computers to each company's ONS. VeriSign has already set up the infrastructure at six sites around the world. These are servers that maintain a registry of ONS servers. Computers will access the registry via the Internet, and if one registry goes down temporarily, a computer requesting information about an EPC number will automatically be directed to another registry site, guaranteeing 100 percent up time. "This is a major step forward that gives momentum to the development of the EPC Network," says Jack Grasso, a spokesperson for EPCglobal. "There was a rigorous process for choosing the company to provide the service. We think this will give subscribers more reason to get actively involved in the development of the network." One question some observers have had is whether the EPC Network will be adopted or whether existing data synchronization services--such as UCCnet and Transor--might provide the look-up services for EPC numbers. Wal-Mart has said that, for now, it will use UCCnet's product registry and share data with suppliers via Wal-Mart's own extranet, called Retail Link. EPCglobal's Grasso and VeriSign's Brendsel sees the EPC Network and UCCnet as complementary. "I think it's important to look at them separately," says Grasso. "As we learn more about the deployment of EPC technology, needs are going to vary, the amount of data will be orders of magnitude different than we're used to, so I think to allow the EPC Network to evolve as it needs to." Brendsel says the two serve different functions. UCCnet is primarily a product catalog that provides product information to ensure that suppliers and retailers are sharing the same information related to a single class of product. It is accessed via the Internet and could be one source of data that the ONS points to on the EPC Network. But he says that the UCCnet's centralized system would be overwhelmed if you had to refer to it every time you scanned an EPC tag. VeriSign also announced the availability of managed services. It will host ONS servers for customers and guarantee 100 percent availability. It will also host EPC Information Services. Companies will be able to establish rules for allowing partners to access information on the service, and then VeriSign will control access and deliver information to authorized parties. VeriSign will provide these services, which were announced back in September, to customers for a fee. For more information, see /article/view/557/1/1/ The EPC Network Gets Real>. from RFID Journal, 2003-Sep-5: The EPC Network Gets Real VeriSign, a company best known for handling secure transactions on the Web, is offering businesses a way to leverage the Auto-ID Center's EPC Network. Sept. 5, 2003 - Most of the focus on Electronic Product Code technology has been related to low-cost tags and readers. But the hardware and the numbering system aren't worth much if there's no way to look up what the serial number on the tag means. The Auto-ID Center developed the EPC Network to link serial numbers to product information stored in a database, but no companies had stepped up to build out the network. Until now. VeriSign, a Mountain View, Calif.-based company that provides digital security and network infrastructure services, is introducing three new services aimed at enabling companies to use the EPC Network to share data with their trading partners. The company will demonstrate how the system works at the Auto-ID Center's EPC Symposium, which is being held in Chicago from September 15 to September 17. "We want people to know the EPC Network is here because it's built on the existing Internet infrastructure," says Brian Matthews, VeriSign's VP of naming and directory service. "We don't have to build a whole new infrastructure. This is something we can have deployed in a month or two." The EPC Network is essentially a layer on top of the Internet. When you type in a URL in your Web browser, your computer goes to a Domain Name Service registry and looks up the IP address for that Web site. Similarly, the Auto-ID Center has developed an Object Name Service (ONS). When you scan an EPC tag, the serial number is sent to a computer that goes out to the ONS and finds where information associated with that serial number is stored on the Web. The Auto-ID Center has been testing its network infrastructure during its field trials. But up to now, there has been no way for companies to leverage it. Now companies that have been assigned EPCs for their products by AutoID Inc., a joint venture set up by the Uniform Code Council and EAN International to commercialize the technology, can register their company code and product identifiers (numbers associated with particular SKUs) with VeriSign. VeriSign turns the company code and SKU number into an IP address that is replicated through the ONS. That way, when a tag is scanned, ONS can point computers to where the information is stored. VeriSign will also host product information for companies. Under the Auto-ID Center's scheme, product information will be stored in Product Markup Language, a variant of the Web's Extensible Markup Language (XML). PML files will be stored on servers, which the Auto-ID Center now calls EPC Information Services (they were called PML servers). VeriSign will host PML files on secure servers, authenticate users and provide access to information based on classes defined by customers. A large manufacturer, for instance, might want to make some product information available to logistics partners but not to suppliers. The company will also offer an EPC Service Registry, which is a directory of EPC Information Services on the Web. Say, for instance, a manufacturer has PML files hosted on servers around the world. The EPC Service Registry will allow the manufacturer to give its partners one place to look up where particular product information is stored. "Data sharing can be done at a fraction of the cost of what is required with point- to-point solutions today," says Jon Brendsel, VeriSign's director of product management. "And [the EPC Network] is broadly applicable to a variety of supply chains, not just consumer packaged goods." VeriSign will charge fees for these services. The fees have not yet been set, but Matthews says they will be cost-effective for companies. "We would expect that you'd be paying value-based pricing," he says. "Certainly it would be less than it would cost for a company to set up these services individually. And you'll be tapping into a scalable infrastructure that would cost you significantly more to create on your own." from TheInquirer.net, 2004-Mar-19, by Mike Magee at CeBIT: Hitachi shows off RFID dust CeBIT 2004 All that glitters is not geld JAPANESE GIANT HITACHI was showing off a mysterious bottle full of tiny blue metallic things. We asked at the stand what these were, and a representative declined to comment what this blue dust was. However, it has transpired, according to sources close to the company, that this blue dust is tracking material, capable of being built into any number of devices from soaps to CDs. The stuff is so light that if you were a Scot, you could probably draw a cross of St Andrew on your face with them. Unfortunately, Hitachi would be able to find you with your favourite single malt. from LexisNexis, from http://www.lexisnexis.com/batch/batchtrace/features.shtml: BatchTrace puts advanced skip trace technology at your fingertips BatchTrace is a large-volume, multi-source skip trace and locator service. It scrubs your accounts against our proprietary database, one of the industry?s largest and most current collections of locator information. BatchTrace helps you set new standards for locating debtors, increasing contacts, and improving turnover. BatchTrace uses a dynamic location process to identify the most current address and phone number for the individual you?re trying to contact. In addition to current address/phone number, we offer:

• Historical residency and ?nearbys?

• Alias names • Household occupants

• Birth month and year

• Change of address processing/EDA BatchTrace currently includes more than 3.5 billion name/address records compiled from hundreds of independent sources, including: • Real estate

• White pages

• Census

• Subscriptions

• Voter

• National Change of Address (NCOA

• Proprietary change of address database

• Electronic directory assistance (via RBOCs)

• Driver?s licenses

• Motor vehicle registrations

• Watercraft registrations

• Professional licenses

• Credit bureau header files

• Military directories

• Aircraft registrations

• Call center indexes

• Pizza delivery To experience the power and efficiency LexisNexis batch solutions can offer, test jobs can be ran for up to 500 records. Contact a LexisNexis representative at 1-866-747-5947. from the Las Vegas Review-Journal, 2003-Nov-5, by J. M. Kalil and Steve Tetreault: PATRIOT ACT: Law's use causing concerns Use of statute in corruption case unprecedented, attorneys contend The investigation of strip club owner Michael Galardi and numerous politicians appears to be the first time federal authorities have used the Patriot Act in a public corruption probe. Government officials said Tuesday they knew of no other instances in which federal agents investigating allegations such as racketeering and bribery of politicians have employed the act. "I don't know that it's been used in a public corruption case before this," said Mark Corallo, a spokesman for the Justice Department. An attorney for one of the defendants in the Galardi case said he researched the matter for hours Tuesday and came to the same conclusion. "I have discussed this with lawyers all over the country, and if the government has done this before, then this is definitely the first time it has come to light," said Las Vegas attorney Dominic Gentile, who represents former Clark County Commissioner Lance Malone, Galardi's lobbyist. Two of Nevada's lawmakers blasted the FBI for employing the act in the Galardi probe, saying the agency overstepped its bounds. Sen. Harry Reid, D-Nev., said Congress intended the Patriot Act to help federal authorities root out threats from terrorists and spies after the Sept. 11, 2001, attacks. "The law was intended for activities related to terrorism and not to naked women," said Reid, who as minority whip is the second most powerful Democrat in the Senate. "Let me say, with Galardi and his whole gang, I don't condone, appreciate or support all their nakedness. But having said that, I haven't heard anyone say at any time he was involved with terrorism." Rep. Shelley Berkley, D-Nev., said she was preparing an inquiry to the FBI about its guidelines for using the Patriot Act in cases that don't involve terrorism. The law makes it easy for citizens' rights to be abused, she said. "It was never my intention that the Patriot Act be used for garden-variety crimes and investigations," Berkley said. But Corallo insisted lawmakers were fully aware the Patriot Act had far-reaching implications beyond fighting terrorism when the legislation was adopted in October 2001. "I think probably a lot of members (of Congress) were only interested in the anti- terrorism measures," Corallo said. "But when the Judiciary Committee sat down, both Republicans and Democrats, they obviously discussed the applications, that certain provisions could be used in regular criminal investigations." Federal authorities confirmed Monday the FBI used the Patriot Act to get financial information in its probe of Galardi and his dealings with current and former politicians in Southern Nevada. "It was used appropriately by the FBI and was clearly within the legal parameters of the statute," said Special Agent Jim Stern of the Las Vegas field office of the FBI. One source said two Las Vegas stockbrokers were faxed subpoenas Oct. 28 asking for records for many of those identified as either a target or subject of the investigation. That list includes Galardi, owner of Jaguars and Cheetah's topless clubs; Malone; former Commissioner Erin Kenny; County Commission Chairwoman Mary Kincaid-Chauncey; former County Commission Chairman Dario Herrera; and former Las Vegas City Councilman Michael McDonald, defeated for re- election in June. A second source confirmed that stockbrokers had been faxed subpoenas asking for information on Galardi, Malone, Kenny, Kincaid-Chauncey, Herrera, McDonald and at least one of the former politicians' spouses. That source said the subpoena appeared to be a search for hidden proceeds that could be used as evidence of bribery. A source also indicated that records on Las Vegas City Councilman Michael Mack were sought. Sources said the FBI sought the records under Section 314 of the act. That section allows federal investigators to obtain information from any financial institution regarding the accounts of people "engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities." Gentile, Malone's attorney, said he plans to mount a legal challenge once he confirms the Patriot Act was used to investigate his client. "My research today indicates that this is the first time the government has used Section 314 in a purely white-collar criminal investigation." Attorney General John Ashcroft has touted the law as an effective homeland security tool, but coalitions of civil libertarians and conservatives concerned about a too-powerful federal government have led criticism against it. Corallo said federal law enforcement officials have no qualms about using the act to pursue an array of criminal investigations that have nothing to do with terrorism, such as child pornography, drug trafficking and money laundering. "I think most of the American people think the Patriot Act is a good thing and it's not affecting their civil liberties at all, and that the government should use any constitutional and legal tools it can, whether it's going after garden-variety criminals or terrorists." But Gary Peck, executive director of the American Civil Liberties Union of Nevada, expressed outrage at Corallo's suggestion that lawmakers were largely aware the Patriot Act's provisions would equip the FBI with new investigative tools beyond the scope of terrorism investigations. "Those comments are disingenuous at best and do little to inspire confidence that the act won't be systematically abused," Peck said. Rep. Jim Gibbons, R-Nev., said it may be too soon to weigh its application to a Nevada investigation that still is largely under wraps. Prosecutors have announced no indictments. Citing the ongoing investigation, Sen. John Ensign and Rep. Jon Porter, both R- Nev., declined to be interviewed. Porter was not in Congress when lawmakers approved the Patriot Act, but the other four Nevada lawmakers voted as part of large majorities in favor of the measure. The Patriot Act will expire in 2005 unless Congress renews it. "More activity like this is going to cause us to take a close look at what was passed," Reid said of the law being invoked in the Galardi probe. Review-Journal writer Carri Geer Thevenot contributed to this report. Stephens Washington Bureau chief Steve Tetreault reported from Washington, D.C. from the Washington Times, 2002-Aug-17, by Frank J. Murray: NASA plans to read terrorist's minds at airports Airport security screeners may soon try to read the minds of travelers to identify terrorists. Officials of the National Aeronautics and Space Administration have told Northwest Airlines security specialists that the agency is developing brain- monitoring devices in cooperation with a commercial firm, which it did not identify. Space technology would be adapted to receive and analyze brain-wave and heartbeat patterns, then feed that data into computerized programs "to detect passengers who potentially might pose a threat," according to briefing documents obtained by The Washington Times. NASA wants to use "noninvasive neuro-electric sensors," imbedded in gates, to collect tiny electric signals that all brains and hearts transmit. Computers would apply statistical algorithms to correlate physiologic patterns with computerized data on travel routines, criminal background and credit information from "hundreds to thousands of data sources," NASA documents say. The notion has raised privacy concerns. Mihir Kshirsagar of the Electronic Privacy Information Center says such technology would only add to airport- security chaos. "A lot of people's fear of flying would send those meters off the chart. Are they going to pull all those people aside?" The organization obtained documents July 31, the product of a Freedom of Information Act lawsuit against the Transportation Security Administration, and offered the documents to this newspaper. Mr. Kshirsagar's organization is concerned about enhancements already being added to the Computer-Aided Passenger Pre-Screening (CAPPS) system. Data from sensing machines are intended to be added to that mix. NASA aerospace research manager Herb Schlickenmaier told The Times the test proposal to Northwest Airlines is one of four airline-security projects the agency is developing. It's too soon to know whether any of it is working, he says. "There are baby steps for us to walk through before we can make any pronouncements," says Mr. Schlickenmaier, the Washington official overseeing scientists who briefed Northwest Airlines on the plan. He likened the proposal to a super lie detector that would also measure pulse rate, body temperature, eye- flicker rate and other biometric aspects sensed remotely. Though adding mind reading to screening remains theoretical, Mr. Schlickenmaier says, he confirms that NASA has a goal of measuring brain waves and heartbeat rates of airline passengers as they pass screening machines. This has raised concerns that using noninvasive procedures is merely a first step. Private researchers say reliable EEG brain waves are usually measurable only by machines whose sensors touch the head, sometimes in a "thinking cap" device. "To say I can take that cap off and put sensors in a doorjamb, and as the passenger starts walking through [to allow me to say] that they are a threat or not, is at this point a future application," Mr. Schlickenmaier said in an interview. "Can I build a sensor that can move off of the head and still detect the EEG?" asks Mr. Schlickenmaier, who led NASA's development of airborne wind-shear detectors 20 years ago. "If I can do that, and I don't know that right now, can I package it and [then] say we can do this, or no we can't? We are going to look at this question. Can this be done? Is the physics possible?" Two physics professors familiar with brain-wave research, but not associated with NASA, questioned how such testing could be feasible or reliable for mass screening. "What they're saying they would do has not been done, even wired in," says a national authority on neuro-electric sensing, who asked not to be identified. He called NASA's goal "pretty far out." Both professors also raised privacy concerns. "Screening systems must address privacy and 'Big Brother' issues to the extent possible," a NASA briefing paper, presented at a two-day meeting at Northwest Airlines headquarters in St. Paul, Minn., acknowledges. Last year, the Supreme Court ruled unconstitutional police efforts to use noninvasive "sense-enhancing technology" that is not in general public use in order to collect data otherwise unobtainable without a warrant. However, the high court consistently exempts airports and border posts from most Fourth Amendment restrictions on searches. "We're getting closer to reading minds than you might suppose," says Robert Park, a physics professor at the University of Maryland and spokesman for the American Physical Society. "It does make me uncomfortable. That's the limit of privacy invasion. You can't go further than that." "We're close to the point where they can tell to an extent what you're thinking about by which part of the brain is activated, which is close to reading your mind. It would be terribly complicated to try to build a device that would read your mind as you walk by." The idea is plausible, he says, but frightening. At the Northwest Airlines session conducted Dec. 10-11, nine scientists and managers from NASA Ames Research Center at Moffett Field, Calif., proposed a "pilot test" of the Aviation Security Reporting System. NASA also requested that the airline turn over all of its computerized passenger data for July, August and September 2001 to incorporate in NASA's "passenger- screening testbed" that uses "threat-assessment software" to analyze such data, biometric facial recognition and "neuro-electric sensing." Northwest officials would not comment. Published scientific reports show NASA researcher Alan Pope, at NASA Langley Research Center in Hampton, Va., produced a system to alert pilots or astronauts who daydream or "zone out" for as few as five seconds. The September 11 hijackers helped highlight one weakness of the CAPPS system. They did dry runs that show whether a specific terrorist is likely to be identified as a threat. Those pulled out for special checking could be replaced by others who do not raise suspicions. The September 11 hijackers cleared security under their own names, even though nine of them were pulled aside for extra attention. from the San Francisco Chronicle, 2002-Sep-9, by Benny Evangelista: Surveillance Society Don't look now, but you may find you're being watched These days, if you feel like somebody's watching you, you might be right. One year after the Sept. 11 attacks, security experts and privacy advocates say there has been a surge in the number of video cameras installed around the country. The electronic eyes keep an unwavering gaze on everything from the Golden Gate Bridge to the Washington Monument. And biometric facial recognition technology is being tested with video surveillance systems in a handful of places such as the Fresno airport and the resort area of Virginia Beach, Va. "Our business is booming," said Ron Cadle, an executive with Pelco, the Fresno- area firm that is the biggest supplier of video security equipment. "Since the terrorist attacks, people are not only using video surveillance to protect their property and inventory," Cadle said. For example, "a lot of people are now using video to make sure someone who walks into a department store isn't a known terrorist or felon." Privacy rights advocates say that the increase in video surveillance has not turned the United States into a "Big Brother state" yet, but they fear Sept. 11 has opened the door to creating a "surveillance society." "It definitely could become widespread," said Jay Stanley of the American Civil Liberties Union. "Everybody's using the threat of terrorism to justify a lot of things that don't have a lot to do with terrorism." Video surveillance cameras began appearing in banks and other commercial buildings in the 1960s, but began to proliferate in the last decade as digital technology produced cameras with higher resolution at cheaper prices. Even before Sept. 11, the security industry conservatively estimated that there were more than 2 million surveillance cameras in the United States, and video equipment purchases made up the biggest slice of a $40 billion-a-year industry. Although there are no current estimates, a group of anti-surveillance activists who have mapped the location of cameras in Manhattan since 1998 say they've seen a 40 percent increase in new cameras in New York's financial district since last September. The terrorist attacks have led to a "rapidly expanding use" of closed- circuit video cameras and related technology, according to a March 2002 report by the research bureau of the California State Library. And studies show that a majority of people support the expanded use of video surveillance of public areas and of facial recognition technology to pick out suspected terrorists, said Marcus Nieto, the report's co-author. Nieto has been monitoring video surveillance since 1997, the year public opposition forced the Oakland City Council to withdraw its plans to set up a video surveillance system. "Before 9/11, cameras were something people didn't give much thought about, " he said. "Post 9/11, people are more accepting of cameras. There used to be vocal opposition. It's now passive." Potential terrorist targets such as bridges and airports are beefing up video security. Oakland International Airport, for example, has already begun replacing 60 older surveillance cameras with higher-resolution digital color cameras, new color monitors and digital video recorders. Earlier this year, Washington officials activated a state-of-the art command center that can monitor 12 cameras throughout the Capitol Mall area and has the capability to tap a network of other video surveillance cameras throughout the city. The ACLU and EPIC, the Electronic Privacy Information Center, argue that the system can be used to infringe on citizens' rights and are pushing for regulations and public oversight of its use. "It's open-ended surveillance," said EPIC President Marc Rotenberg. "It's the digital electronic equivalent of allowing police to go through your home without a warrant." Stanley, public education coordinator of the ACLU's newly-created Technology and Liberty program, said numerous studies have documented the misuse of surveillance video. The studies found that minorities were more likely to be targets of video surveillance and that one in 10 women were targeted by the predominantly male security monitors for "voyeuristic reasons," he said. Technology now being developed will make video surveillance equipment even more powerful. High-definition television, or HDTV, equipment makes it possible for surveillance cameras to capture an image of a person 3,000 feet away with as much detail as one taken by an older analog camera at 30 feet, said John Burwell, an executive with SGI. The Mountain View firm known for high-tech computer graphics developed an HDTV surveillance system with the Naval Research Laboratory that gives equally high resolution. "If you watch 'America's Most Wanted,' you get clips of (surveillance) video that are fuzzy," said Burwell, SGI's senior director for government and industry. With HDTV, "you can get crystal clear data," he said And a small Reston, Va., firm called ObjectVideo has created "video content analysis" technology that can, for example, automatically alert security officials whenever a surveillance camera detects a truck that has moved into an unauthorized area. "There are increasingly more cameras being installed and fewer people to watch them," said John Clark, an ObjectVideo vice president. "The ratio of security video feeds to eyeballs is going the wrong way." But the most controversial video surveillance technology has been biometric facial recognition, which can identify individuals using the unique distances between specific points on a person's face. Critics maintain the technology is inaccurate and intrusive. So far, facial recognition systems from makers such as Identix Inc. and Imagis Technologies Inc. have only been installed in a handful of systems, mainly for test purposes. For example, passengers moving through the security checkpoint at Fresno Yosemite International Airport are scanned by a system called PelcoMatch, which uses Pelco's cameras and Identix's Visionics facial identification technology. Facial scanning is voluntary for the passengers, who still pass through metal detectors and undergo other security checks. "We're trying to get testing done and get the Transportation Security Administration to buy into it," said Cadle, the PelcoMatch project leader. "Then every airport in the U.S. will have it." And this past weekend, police in Virginia Beach, Va., began formally using a Visionics system that's plugged into a 10-camera surveillance network that has been used since 1993. Police use the cameras to control traffic and crime in a 42-block area filled with hotels, restaurants and bars. Police added three of Pelco's most advanced digital cameras to help scan a database of 2,500 people wanted on various warrants, said Deputy Chief Greg Mullen. In preliminary tests, the system correctly identified nearly nine of 10 people, Mullen said. Mullen said citizen groups like the NAACP and local Hispanic and Filipino organizations are part of the design and oversight of the system. "We know it's not going to be perfect," Mullen said. "But from my perspective, if I'm looking for a criminal or looking for a runaway or missing child, I'd rather have a seven- or eight-out-of-ten chance of finding that person than a zero-out-of-ten chance." from the Washington Post, 2002-Nov-14, by Brian Krebs: Tech Provisions Added to Homeland Security Bill The homeland security legislation heading for likely approval in Congress this week includes last-minute changes that could have far-reaching implications for computer security and Internet privacy. The latest version of the bill includes a provision that would shield Internet service providers (ISPs) from customer lawsuits if providers share private subscriber information with law enforcement authorities. Another addition would make it easier for law enforcement to trace the location and identity of an Internet user suspected of posing an "imminent threat to national security interests" or perpetrating attacks on "protected computers" -- a term that encompasses both government computers and any system used in "interstate commerce or communication." Proponents of the changes -- including Senate Judiciary Committee top Republican (Utah) -- say the provisions will provide greater flexibility for law enforcement and help protect key systems against cyberattacks. Privacy advocates, however, say the new language is a back-door attempt to give the Bush administration the enhanced surveillance powers it failed to win in the USA Patriot Act, a law enacted in the wake of the 2001 terrorist attacks that significantly increased the capability of intelligence agencies to eavesdrop on personal conversations. "One of the best protections [under current law] is that communications providers can't simply become agents of the federal government and hand over customer information," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. "These provisions weaken those protections." Another controversial provision added to the homeland security bill would allow companies to share information with the government about electronic vulnerabilities -- without having to worry that such disclosures would be publicized. The measure specifically would exempt cybersecurity disclosures from the Freedom of Information Act (FOIA), the law that allows citizens to obtain non- classified information from the government. It also would make it a criminal offense for any government employee to publicize vulnerabilities revealed by companies to government agencies. American Civil Liberties Union Legislative Counsel Tim Edgar suggested that the FOIA exemption could prevent the public from learning about online threats. "The problem with the bill is that it creates an unnecessary preemption to FOIA for businesses that could undermine national security rather than enhancing it," Edgar said. Harris Miller, president of the Information Technology Association of America, said the technology industry supports the exemption. "This is going to remove one of the huge impediments to companies being willing to share extremely sensitive information with the government, and will be an important step forward in government and industry efforts to fight cyberterrorism," he said. Miller also said that a FOIA exemption without enforcement measures would be ineffective. "Without meaningful disincentives against government employees overriding the law, there is nothing to keep employees from just ignoring the restrictions," he said. Other new language in the homeland security bill would increase penalties for a range of computer crimes, including the possibility of life in prison for hackers whose actions result in "serious bodily injury" or death. The bill also would establish law enforcement and corrections technology centers to develop investigative technologies to fight cybercrime. These cybersecurity components were added the same week that Congress approved legislation that would triple federal funding for computer security research. In addition, the legislation now includes a proposal passed by the Senate this year to establish an information technology equivalent of the National Guard. The "NET Guard" measure -- introduced by Sen. Ron Wyden (D-Ore.) -- would organize a volunteer force of federal, state, local and private programmers and engineers which could be called upon in an emergency to help restore communications networks and other vital systems. In other computer security news, the Senate approved legislation this week to extend by one year a law that requires federal agencies to test their computers and networks for common security vulnerabilities. washingtonpost.com Staff Writer David McGuire contributed to this report. from the New York Times, 2002-Jul-25, by Jennifer 8. Lee: Net Users Try to Elude the Google Grasp The Internet has reminded Camberley Crick that there are disadvantages to having a distinctive name. In June, Ms. Crick, 24, who works part time as a computer tutor, went to a Manhattan apartment to help a 40-something man learn Windows XP. After their session, the man pulled out a half-inch stack of printouts of Web pages he said he had found by typing Ms. Crick's name into Google, the popular search engine. "You've been a busy bee," she says he joked. Among the things he had found were her family Web site, a computer game she had designed for a freshman college class, a program from a concert she had performed in and a short story she wrote in elementary school called "Timmy the Turtle." "He seemed to know an awful lot about me," Ms. Crick said, including the names of her siblings. "In the back of my mind, I was thinking I should leave soon." When she got home, she immediately removed some information from the family Web site, including the turtle story, which her father had posted in 1995, "when the Web was more innocent," she said. But then she discovered that a copy of the story remains available through Google's database of archived Web pages. "You can't remove pieces of yourself from the Web," Ms. Crick said. The gradual erosion of personal privacy is hardly a new trend. For years, privacy advocates have been spinning cautionary tales about the perils of living in the electronic age. But it used to be that only government agencies and businesses had the resources and manpower to track personal information. Today, the combined power of the Internet, search engines and archival databases can enable almost anyone to find information about almost anyone else, possibly to satiate a passing curiosity. As a result, people like Ms. Crick are trying to reduce their electronic presence -- and discovering that it is not as simple as it would seem. The Internet, which was supposed to usher in an era of limitless information, is leading some people to restrict the information that they make available about themselves. "Now it's much more common to look up people's personal information on the Web," Ms. Crick said. "You have to think what you want people to know about you and not know about you." These days, people are seeing their privacy punctured in intimate ways as their personal, professional and online identities become transparent to one another. Twenty-somethings are going to search engines to check out people they meet at parties. Neighbors are profiling neighbors. Amateur genealogists are researching distant family members. Workers are screening co-workers. In other words, it is becoming more difficult to keep one's past hidden, or even to reinvent oneself in the American tradition. "The net result is going to be a return to the village, where everyone knew everyone else," said David Brin, author of a book called "The Transparent Society" (Perseus, 1998). "The anonymity of urban life will be seen as a temporary and rather weird thing." Some believe that this loss of anonymity could be dangerous for those who prefer to remain hidden, like victims of domestic violence. "If you are living in a new town trying to be hidden, it's pretty easy to find you now between Google and online government records," said Cindy Southworth, who develops technology education programs for victims of domestic violence. "Many public entities are putting everything on the Web without thinking through the ramifications of those actions." Of course, a lot of personal information that can be found on the Internet is already in the open, having been printed in newspapers, school newsletters, yearbooks and the like. In addition, the government records that are moving online -- tax assessments, court documents, voter registration -- are already public. But much of that kind of information used to be protected by "practical obscurity": barriers arising from the time and inconvenience involved in collecting the information. Now those barriers are falling as old online-discussion postings, wedding registries and photos from school performances are becoming centralized in a searchable form on the Internet. "Google and its siblings are creating a whole that is much greater than the sum of the parts," said Jonathan Zittrain, director of the Berkman Center for Internet and Society at Harvard Law School. "Many people assume they are a needle in a haystack, simply a face in the crowd. But the minute someone takes an interest in you, the search tool is what allows the rest of the crowd to dissolve." As a result, people are considering how to live their lives knowing that the details might be captured by a big magnifying glass in the sky. "Anonymity used to give us a cushion against small mistakes," Mr. Brin said. "Now we'll have to live our lives as if any one thing might appear on page 27 in two years' time." Waqaas Fahmawi, 25, used to sign petitions freely when he was in college. "In the past you would physically sign a petition and could confidently know that it would disappear into oblivion," said Mr. Fahmawi, a Palestinian-American who works as an economist for the Commerce Department. But after he discovered that his signatures from his college years had been archived on the Internet, he became reluctant to sign petitions for fear that potential employers would hold his political views again him. He feels stifled in his political expression. "The fact I have to think about this," he said, "really does show we live in a system of thought control." David Holtzman, editor in chief of GlobalPOV, a privacy Web site, said that the notion of privacy was "undergoing a generational shift." Those in their late 20's and 30's are going to feel the brunt of the transition, he said, because they grew up with more traditional concepts of privacy even as the details of their lives were being captured electronically. "It almost gives you a good reason to name your kid something bland," Mr. Holtzman said. "You are doing them a good favor by doing that." Indeed, a generic name is what Beth Roberts, 29, was seeking when she changed back from her married name, Werbick, after a divorce. A Google search on "Beth Werbick" returns results only about her. But a search for "Beth Roberts" returns thousands upon thousands of Web pages. "I would have plausible deniability if someone wanted to attribute something to me," said Ms. Roberts, who lives in Austin, Tex. Mr. Fahmawi, the economist, said he envied the ability to be a name in the crowd. "If I had a more generic name, I'd sign petitions with impunity," he said. But those who have become more conscious of their Internet presence can find that it is almost impossible to assert control over the medium -- something that copyright holders discovered long ago. The debate over privacy is particularly fervent in the field of online genealogy, where databases and family trees are copied freely, with or without the consent of the living individuals. Jerome Smith, who runs a genealogical Web site, recently removed some names at the request of a man who did not want his children's information on the Web. But Mr. Smith noted the information itself had been copied from a larger public database. "Once you put it out there, it's out there," said Mr. Smith, who lives in Lake Junaluska, N.C. Google says its search engine reflects whatever is on the Internet. To remove information about themselves, people have to contact Web site administrators. A disadvantage of instant Internet profiling is that there is no quality control -- and little protection against misinterpretation. The fragments of people's lives that emerge on the Internet are somewhat haphazard. They can be incomplete, out of context, misleading or simply wrong. John Doffing, the chief executive of an Internet talent agency called StartUpAgent, is surprised by how many job applicants ask him what it is like to be a gay chief executive in Silicon Valley. He says that even though he is heterosexual, some people assume he is gay because his name turns up on the Internet in association with his philanthropic work relating to AIDS and an online gallery devoted to gay and lesbian art. While this has been more amusing than troubling, he says, such information could be misused. "What happens if I were a job seeker and someone decides not to give me a job because of the same assumption?" he asked. There are also cases of mistaken Google-identity. Sam Waltz Jr., a business consultant in Wilmington, Del., met a woman through an online dating service. Before they met in person, she sent him an e-mail message saying that she did not think they were compatible. She had found his name on a Web site called SincereLust.com, which appeared to her to be run by a Delaware-based transvestite group. "I'm sitting here, reading her e-mail and thinking, `What is this?' " Mr. Waltz said. He discovered that the site was a drama group dedicated to "The Rocky Horror Picture Show." His son, Sam Waltz III, had been a member while he was at the University of Delaware. Mr. Waltz quickly explained the situation to the woman, and they have been dating for 18 months. "Now I periodically do a self-Google to make sure there is nothing else that needs to be challenged or checked," Mr. Waltz said. Some say that the phenomenon of instant unchecked background searches could be manipulated to sabotage others' reputations. Jeanne Achille, the chief executive of a public relations firm called the Devon Group, was horrified that someone had used her name and e-mail address to post racist slurs in a French online discussion group. She has repeatedly had to explain the situation to potential clients who have asked her about the posting. "Whoever did this had to put some thought into it," Ms. Achille said. "Is it perhaps one of our competitors? Is it someone who felt we did something to them and wanted to get back at us? Is it a personal thing? Is it a disgruntled former employee?" The posting has been impossible to remove. "There is no cyberpatrol that you can go to and make all of this go away," Ms. Achille said. "You just have to live with it." from the Tampa Tribune, 2002-Jul-22, by Jim Sloan: `But Officer, I Didn't Do Anything!' LAKELAND - They call it a ``Voluntary Roadside Interview.'' But for hundreds of motorists flagged down by state troopers Monday on Interstate 4, there was nothing voluntary about it. Off-duty troopers, hired at $30 an hour, picked motorists at random and directed them to pull off the interstate into a rest stop, where Palm Pilot- toting interviewers waited. No, this roadside checkpoint wasn't looking for drunken drivers. The survey, which will cost about $150,000, was commissioned by the Florida High Speed Rail Authority to gauge public interest in riding a proposed 120 mph bullet train. The experience left some motorists wondering what's next: Publix hiring troopers to corral interstate travelers for a marketing survey? ``They freaked me out,'' said Alan Kent, pulled over Monday on his way home to Clearwater after a concert. ``I thought they had pulled me over to search me.'' A woman traveling with Kent, who declined to give her name, was even more blunt: ``It's illegal,'' she said. Not true, survey officials say. They said they checked with a lawyer for the Florida Department of Transportation. ``The bottom line is, we can do it. It's well within the law,'' said Adrian Share of HNTB Corp., general consultants for the rail authority. ``With the cooperation of state troopers, the state is allowed to pull people over just to seek information.'' Florida voters passed a constitutional amendment two years ago that requires the state to begin building a high- speed rail network by November 2003. The train could run down the median of I-4. Last week, the rail authority, which is responsible for building the rail system, conducted traffic interviews at I-4 entrance ramps in the Lakeland area. Sunday and Monday, the authority set up shop at an I-4 rest stop east of Lakeland. Bruce Williams, who helped design the survey, said interrogations are the only way to accurately target the people most likely to use a bullet train: I-4 commuters and tourists. The authority could take down license plate numbers and mail surveys to registered owners, but that also could backfire, Williams said. ``You don't have to stop traffic, but you get a very large negative reaction of `How did you find me? Big Brother is watching me through cameras.' '' Each interview took about 90 seconds. Questioners asked drivers about their travel habits, their daily commute and - a question some didn't feel was particularly relevant - how much money they make. `Income can be a very important determinant of people's willingness to choose a certain mode of travel,'' Williams said. Respondents were asked for a general income range and were asked to pick one, not a specific figure, he said. ``If people refuse to answer it, that's fine. We're not insisting that everybody answer every question,'' Williams said. David Vogel, directing the interviews on I-4, said most motorists were ``understanding and patient.'' But Farouk Kahn of Orlando said the authority's methods were sneaky. Instead of signs saying ``Traffic Survey Ahead,'' westbound traffic was greeted with red cones, ``Reduced Speed Ahead'' signs and drawings of men digging. ``I thought there was construction going on or something,'' Kahn said. ``It's like a tricky thing. You should tell the people instead of saying one thing and then doing something else.'' The traffic survey will be repeated at the rest stop Wednesday and then wrap up, officials said. Reporter Jim Sloan can be reached at (813) 259-7691. from The News Journal of New Castle, Delaware, 2002-Aug-25, by Adam Taylor: Wilmington police photo policy under fire Two Wilmington police squads created in June to arrest street-level drug dealers have taken pictures of at least 200 people who were not arrested for any crimes. The pictures, names and addresses of the people - mostly minority men - are being used to create a database of potential suspects to investigate future crimes, Police Chief Michael Szczerba said. Legal experts and state and federal prosecutors say the tactic is legal. Criminal defense attorneys, the American Civil Liberties Union and minority groups say it is not. City Councilman Theo K. Gregory, who is a public defender, said he thinks the photographing is unconstitutional and morally wrong. "We should enforce the existing laws, but not violate them, to catch the bad guys," he said. "We've become the bad guys, and that's not right." Mayor James M. Baker said criticism of the photographing is "asinine and intellectually bankrupt," and he will not stop the practice. "I don't care what anyone but a court of law thinks," he said. "Until a court says otherwise, if I say it's constitutional, it's constitutional." No one has challenged the photographs in court here, Baker said. The police units taking the photographs are known in some Wilmington neighborhoods as "jump-out squads" because they descend on corners, burst out of marked and unmarked vehicles and make arrests in seconds. Up to 20 officers make up each squad. Police routinely line the people on the corners against a wall and pat them down for weapons. This is known as a "Terry stop," named for a 1968 Supreme Court decision, Terry vs. Ohio, that allows officers to stop, question and frisk people they think are suspicious or people in high-crime areas. On one shift this month, the officers told a group of men after a Terry stop that they were breaking the city's loitering laws, which bar anyone from blocking passage in a public place if asked to move, and could be arrested on the spot. During that stop, the police took the men's names and addresses, snapped their pictures and let them go. Carl Klockars, a professor in the University of Delaware's Criminal Justice Department, said officers "have the right to take a picture'' unless there is a local ordinance to the contrary. Defense attorney Joseph A. Hurley disagrees. He said police have a right to photograph a citizen walking home from a grocery store or a library, but they cannot take a picture of someone they are temporarily detaining. "The second they say, 'We're the police, put your hands against the wall,' the photos become wrong," he said. "They're unconstitutional. Bad idea." Widener University School of Law school professor Thomas Reed said police in Delaware can detain anyone for up to two hours with no probable cause, so he thinks Hurley's analysis is wrong. "The questions here surround invasion of privacy and the rules for the Terry stop," he said. "I don't think loiterers on known drug corners have much of a privacy interest. And if the stop and frisk was legal, any kind of evidence [such as a photograph] you gather to identify the perpetrator for other purposes is going to be legal." State prosecutor Peter N. Letang and U.S. Attorney Colm F. Connolly said they think the practice is legal. Connolly would not say whether federal agents in Delaware photograph people who are not arrested. Szczerba said the police intend to use the pictures for photographic lineups in the future. Defense attorney Eugene J. Maurer Jr. said he thinks he could get a client acquitted in such a case by getting the use of the photo suppressed. "If they're not arresting these people and using the loitering laws as a subterfuge just to get these pictures, I think there are some serious constitutional problems," he said. "Absent individualized suspicion, you're not supposed to be able to detain somebody." Victor Valdez, 26, a resident of Connell Street, said he feels fortunate not to have been stopped by the jump-out squads. "But I've seen them - they jump out on whoever they want, whenever and wherever," he said. "If they stop someone and it turns out they don't have drugs or a gun, what's the point of taking their picture?" Edgar White, 33, of Wilmington, said he was photographed by police earlier this month at Ninth Street and Clifford Brown Walk. White said he was at the corner with a friend who has a criminal record. "I felt violated, but this is the only way I can think of for police to know which criminals hang out in certain spots," he said. But although White said he supports the practice, he said he thinks background checks should be conducted on the spot before photographs are taken. "If you're as clean as the Board of Health, there's no reason to have your picture taken," he said. Craig Robinson, 41, a sanitation worker of the 700 block of N. Harrison St., said he is happy about the police assistance. He said he often chases drug dealers off his block. "I tell them to go sell their drugs in front of their mother's house, and that usually makes them leave," he said. "Maybe if they know something's on file about them, they won't come back." Drewry Nash Fennell, executive director of the American Civil Liberties Union of Delaware, said she finds the new police practice disturbing. "I don't want the police intimidating people who are lawfully assembled and intimidating them on the basis of loitering laws," she said. "And the retention of photographs is intimidating." Baker said that he would not permit the police to conduct wholesale sweeps, "where everyone on the corner gets rounded up and put into the van." "These are targeted, directed sweeps in high-crime areas where police have been turned loose to attack bad people," he said. "Good little kiddies in the wrong place at the wrong time are not getting their picture taken," he said. Cpl. Kevin Connor, a member of one of the jump-out squads, said his unit practices restraint. "We're careful," he said. "There are a lot of kids socializing on the corners who aren't necessarily doing anything wrong." Charles E. Brittingham, state president for the National Association for the Advancement of Colored People, said the photographs are troubling because the squads target low-income communities. "It does have some racial overtones to it," he said. "I disagree with what they're doing and would like to sit down and talk with city officials about it." Szczerba, the police chief, said his department has received no complaints about the squad's behavior. He said the areas the squads frequent - the East Side, Northeast Wilmington, Hilltop, Southbridge and the Riverside housing project - were picked because that is where the drugs are. "In reality, they're absolutely right," said Tony Allen, president of the Metropolitan Wilmington Urban League. "We recently studied handgun violence in the city of Wilmington and most of the victims and suspects were African Americans in high-drug areas." Still, Allen said he would like to know more about the squads' practices to make sure they are being implemented correctly. Baker said the 289-officer department needs to be creative and aggressive. Otherwise, he said the city would need 100 more officers to reach his goal of cutting crime by 80 percent in eight years. Szczerba said he hears the mayor loud and clear, and has a message of his own for the city's criminal element: "Say cheese and tell the judge how you plead." Reach Adam Taylor at 324-2787 or [email protected]. from the Associated Press via the San Francisco Chronicle, 2002-Aug-13, by Jill Barton: Critics target Florida adoption law requiring mothers to detail sexual pasts (08-13) 22:04 PDT WEST PALM BEACH, Fla. (AP) -- Since Rodger and Dawn Schneider took in baby Neena a year ago, they have taught her to call them mommy and daddy and helped her get over a fear of Mickey Mouse with four trips to Disney World. The Schneiders would love to adopt the little 2-year-old girl given up by a 16- year-old family friend. But they can't do that without potentially destroying the young mother's reputation. Under Florida law, any mother who doesn't know who fathered her child must bare her sexual history in a newspaper advertisement before an adoption becomes final. The goal is to find the father and stave off custody battles that can break up adoptive families. The law makes no exception for rape and incest victims or minors, like the girl who gave up legal custody of Neena. Adoption advocates have condemned the law as a draconian invasion of privacy and say it encourages abortions. "There's no comparable law in any other state and it's really hard to imagine how a legislature could pass such a law if they thought about it," said Bob Tuke, president of the American Academy of Adoption Attorneys. "It treats women like chattel." The law requires a mother to list her name, age and description, along with descriptions of any men who could have fathered the child. The ads must runs once a week for four weeks in a newspaper in the city where the child was believed to be conceived. For example, Neena's mother lives in Florida but she would have to run the ad in Newsday on New York's Long Island, where her friends, classmates and grandmother could see it. "It's pathetic what we have to go through," Rodger Schneider said. "I feel that all these legislators didn't take into account how these laws are going to affect not just the girls who want the adoptions but also the families who want to adopt." Ads have appeared in at least two Florida newspapers so far. Florida has 5,000 to 7,000 adoptions a year and 80 percent of them are private. The law, which applies only to private adoptions, took effect last October. Only now are adoptions beginning to be held up in court. When lawmakers overwhelmingly signed off on the bill last year, they cited the three-year fight over Baby Emily, whose father, a convicted rapist, contested her adoption. The Florida Supreme Court ruled in 1995 that Emily's adoptive parents should keep her, but told lawmakers to set a deadline for challenging adoptions. The law prohibits anyone from opposing an adoption after two years. A judge has already ruled that the law should exempt rape victims in Palm Beach County. Later this month, an attorney representing six women plans to ask a judge in West Palm Beach to declare the entire law unconstitutional. Democratic State Sen. Walter Campbell, the law's prime sponsor, stopped short of saying the law violates privacy rights. But he said it needs to be changed so it does not embarrass mothers and their children. "The fairest system would be to let the birth mother make the final decisions," he said. Gov. Jeb Bush, who allowed the legislation to become law without his signature, supports a system that allows men who believe they might have fathered a child to put their name in a confidential registry that must be checked during adoption proceedings. "We should be making adoption easier, not more difficult and not stigmatizing women who are trying to do the right thing," Bush spokeswoman Elizabeth Hirst said. Adoption proponents say the registry provides the best balance of a father's rights and a mother's privacy. "How many potential birth fathers comb the newspapers every day to see if they might possibly have a child somewhere? It's a silly statute," Tuke said. "But for someone who's really interested, this gives them something to do, and that's what other states that are sensible have done." The Schneiders, who cannot have a child of their own, are putting off Neena's adoption in hopes that the law will be tossed out. They don't want to force her mother to detail her past in the newspaper. For now, they will keep custody of the child. "The birth father has a right but where has he been? This child is 2 years old," Rodger Schneider said. "We want her to be ours, to have our name, but this is nobody's business except the family's." from Wired News, 2002-May-23, by Declan McCullagh: Act Would OK Snail Mail Searches WASHINGTON -- Just a few years ago, the U.S. Postal Service got savaged by privacy advocates after suggesting that private mailbox services were somehow objectionable. Since services like Mailboxes Etc. could encourage fraud, the post office declared, businesses must limit anonymity by demanding photo ID from all customers. Three years later, the Postal Service's lobbyists are fighting for Americans' privacy rights -- and opposing a bill in Congress that would allow U.S. Customs agents to open any internationally-mailed letter or parcel for almost any reason. So far, the Postal Service has had little luck: On Wednesday, the U.S. House of Representatives approved the new surveillance powers by a 327 to 101 vote. The bill, titled the Customs Border Security Act, says that incoming or outgoing mail can be searched at the border "without a search warrant." The vote on the larger bill -- which deals mostly with the budget for the U.S. Customs Service -- came after a surprisingly heated debate on the House floor over an amendment that would have deleted the mail-snooping sections. "Exercise of these new powers could infringe on the right of innocent Americans to travel and communicate internationally free of unnecessary federal control," says Rep. Ron Paul (R-Texas), Congress' most ardent libertarian. "Please say no to unconstitutional searches and unaccountable government, and say yes to liberty and constitutional government " Under current law, it is already legal for Customs agents to open packages they deem to be suspicious. Rep. Maxine Waters (D-California) sponsored the amendment, which also would have preserved the current legal status of Customs officers, who can be sued civilly for wrongful searches. It failed. On a largely party-line vote of 197-231, with only five Republicans voting in the affirmative, the House rejected Waters' proposal and voted to keep the bill intact. In other words, that retains the Customs Border Security Act's original language, which says a customs agent cannot be held liable for any type of search, including racial profiling, as long as the "officer or employee performed the search in good faith." Last December, the House's previous attempt to pass the bill failed by a 256 to 168 vote. It was considered under a procedure reserved for ostensibly noncontroversial bills that requires a two-thirds majority. Even critics of the Postal Service say the agency has -- at least in this particular legislative tussle -- been sticking up for privacy rights. "While I have been publicly critical of the U.S. Postal Service for their poor overall record on privacy, I will admit that they have been consistent and resolute in their adherence to our Fourth Amendment protections against warrantless searches," says Brad Jansen, deputy director of the Center for Technology Policy at the Free Congress Foundation. But, Jansen says, the politicking may be mostly "a bureaucratic turf battle with Customs trying to poach authority from the Post Office." Customs boasts that it "is considered one of the most effective agencies at congressional" lobbying and says that the Customs Border Security Act "carries a great number of important legislative requirements for the agency." Katie Corrigan, legislative counsel for the American Civil Liberties Union, says she was heartened by Wednesday's floor debate. "They expressed concern that the bill would undermine individual privacy," Corrigan says. "With each step in the process, people become a little more educated. We hope that when it heads into (a future Senate-House conference committee), we can strip that section out." Last December, the ACLU sent a letter to Congress saying that: "People in the United States have an expectation of privacy in the mail they send to friends, family or business associates abroad. The Customs Service's interest in confiscating illegal weapons' shipments, drugs or other contraband is adequately protected by its ability to secure a search warrant when it has probable cause." In the Senate, a similar bill with identical mail-opening language is waiting for a floor vote, which is likely to happen as early as this week. Democratic senators Jon Corzine (New Jersey) and Dianne Feinstein (California) are expected to introduce amendments to delete the mail-surveillance sections. Other opposition to the mail-surveillance proposals comes from industry groups. The Direct Marketing Association says "this would be the first time since Ben Franklin created the Postal Service that seizure and searches, without warrants, of outbound international mail would be allowed." from TheInquirer.net, 2002-Jun-11, by Paul Hales: UK government seeks to extend snooping laws All your email are belong to us DO WE HAVE A RIGHT TO PRIVACY? The answer to that question is increasingly 'no'. The Guardian today reveals that UK ministers are seeking to have all our communications records opened up to anyone in a vague position of power. Whitehall wants local authorities, NHS bodies in Scotland and Northern Ireland and 11 other public bodies ranging from the postal services commission to UK atomic energy authority constabulary (gulp!) to be allowed access to our data. Under the Regulation of Investigatory Powers (RIP) Act, police forces, the intelligence services, customs and excise and the inland revenue were handed the right to sniff through our communications. Now any Tom Dick or virtual Harry can check on what websites we visit, who we speak to on the phone and track our mobile phone signal to see where we are. The Home Office says the move is a necessary one in order to fight terrorism and crime in the communications age. But civil liberties groups are up in arms, aware that a Big Brother style poilce state is just around the corner. Simon Davies, director of Privacy International, told the Guardian: "The Home Office has absolutely breached its commitment that this law would not become a general surveillance power for the government. The exhaustive list of organisations who will be able to access data without a court order proves that this amounts to a systematic attack on the right to privacy." Also under threat are journalists who fill find it increasinly difficult to protect their sources. Removing the necessity of a court order to investigate an individual's communications will mean that any jumped-up official with an axe to grind could find out what you're up to. The ability of local authoirities to track our communications is quite a scary one. I dunno about you but where I live, local government is a virtual mason's monopoly. Can we trust all these new bodies with our data? The Home Office says, "all the bodies on the draft order have powers related to preventing crime. The is to bring them under the tighter regulatory framework of the RIP act." The legislation is likely to come into effect in August. From then on it'll just take a phone call from a local authority or, er, food standards official to your ISP and all your data will be theirs. from The Inquirer, 2002-Jun-18: UK gov backs off from snoop extension For a week or two THE HOME OFFICE has decided to put plans to extend snooping on emails and mobile phone calls on ice after a storm of protest from peers, hacks and even members of parliament. A vote was to have been conducted today but now the government has backed off. Peers of the House of Lords had threatened to vote against the move. The UK Labour Party has a huge majority in the lower House of Commons, but the House of Lords has the ability to block or delay legislation. Bob Ainsworth, a junior minister at the Home Office, told BBC Radio 4 yesterday that the plans weren't a "snooper's charter". But the government has not completely thrown the snooper's charter out of the window -- MPs will debate the move towards the end of this month. The cops and our two tax departments here already have rights to request details of emails and mobile phone calls from ISPs and telecomm firms. The Home Office will announce "safeguards" to its plans today - so it obviously still wants to give these powers to government and local government snoopers. What piffle! Would they know what to do with all this data once it landed on their desks? We doubt it... from International Data Group/PCWorld.com via CNN.com, 2002-May-10, by Tom Spring: Consumer groups protest forced spying (IDG) -- Privacy rights groups and consumer electronics firms are banding together to oppose a California federal court order that mandates tracking ReplayTV users' TV viewing habits to determine whether they violate copyright laws. The Electronic Privacy Information Center calls the request "mind-boggling" and is drafting the amicus brief in support of SonicBlue's appeal. "It is unprecedented that a judge would force a company to spy on its customers and hand over results to plaintiffs," says Megan Gray, senior counsel at EPIC. The organization expects to submit its position to the court early next week. "George Orwell must be spinning in his grave," the Consumer Electronics Association says in a statement condemning the Central District Court of California for its decision. Who's Watching What? The court action came during the pretrial discovery process in four separate lawsuits filed against SonicBlue by entertainment studios and networks. Their target: the $699 TV recording device ReplayTV 4000, introduced last September. The newest model in the ReplayTV line lets viewers record shows without commercials and transmit copies of recordings over a home network or the Internet. About 10,000 SonicBlue customers have the device. The federal judge ordered SonicBlue to monitor its customers' ReplayTV usage to see whether it meets the criteria of fair use permitted in the 1984 "Betamax" defense. In that instance, the U.S. Supreme Court ruled against banning VCRs, arguing that the devices were used primarily in ways that did not infringe on copyright. But constitutional law experts say SonicBlue may have damaged its own case in regard to tracking its customers. SonicBlue's privacy policy allows it to track ReplayTV customers' viewing habits, and its users agree to the policy whether they realize it or not. In fact, SonicBlue did monitor its customers' usage anonymously in the past, but it ceased doing so about a year ago. SonicBlue representatives acknowledge that the company changed its practice after competitor TiVo came under fire for noting its customers' usage. Ironically, the company also modified its software so that similar monitoring is not possible with the ReplayTV 4000 model. Consequently, it must revise and update the software in each unit to comply with the judge's order, says Andy Wolfe, SonicBlue's senior vice president and chief technology officer. The company calls the court's demand "draconian." Notorious Past Still, the monitoring clause in SonicBlue's current privacy policy may give courts leverage to insist upon its use, despite the company's legal appeal and its support from other organizations, say legal experts. "You can't complain about something that you yourself are doing," says Edward Steinman, a professor of law at Santa Clara University. Whether SonicBlue has halted its viewer tracking practices is a moot point, he says. Privacy groups say the primary issue is not a matter of the number of people affected, or even of past practices, but of the precedent such an order would set. SonicBlue's data about viewing habits cannot even be aggregated, but must identify customers by unique numbers, says Magistrate Judge Charles Eick of the Central District Court of California. He ordered SonicBlue to impose a tracking system by no later than June 24. Plaintiffs in the suit include Viacom, the NBC television network, ABC/Walt Disney, and AOL Time Warner. (AOL Time Warner is the parent company of CNN.com.) They contend that they need the data to determine the extent of theft of copyrighted content enabled by ReplayTV. A central bone of contention is the device's SendShow feature, which enables a user to transmit a stored program between two ReplayTV 4000 units -- even over the Internet. At the moment, however, such an endeavor would require extremely patient pirates. A PC World evaluation found that transmitting a 30-minute broadcast show recorded by ReplayTV 4000 took more than 36 hours on a DSL line. Another Battle SonicBlue's case is just the latest in the ongoing battle between the principle of consumer fair use and copyright. Entertainment industry copyright-holders claim they'll be devastated by piracy as copying and electronic transmission of digital material becomes simpler and faster. They're waging war on several fronts, from the courthouse to legislative chambers. Congress has ordered the technology and entertainment industries to try to find a solution. Why should SonicBlue risk alienating its customers by reverting to user- monitoring tactics, argues Fred von Lohmann, senior intellectual property attorney with the Electronic Frontier Foundation. The EFF, an online civil rights organization, opposes the order and speaks out against related legislation. "The fact that plaintiffs are using a court order to go into people's homes and collect data for them is unheard of," von Lohmann says. "This is a company that has not been found guilty of doing anything wrong." SonicBlue's Wolfe says the company simply neglected to update its privacy policy to remove the clause permitting monitoring of subscriber usage. "Tracking users is not something we are interested in doing anymore," he said. Nevertheless, that past practice may put its supporters in an awkward spot. For example, the Consumer Electronics Association, a strident supporter of consumer privacy, was unaware of SonicBlue's past practices and its existing policy, says Jenny Miller, a CEA spokesperson. "I'm wondering whether SonicBlue is really the best one to question this ruling," notes law professor Steinman. from The Economist, 1999-Apr-29: The surveillance society New information technology offers huge benefits-higher productivity, better crime prevention, improved medical care, dazzling entertainment, more convenience. But it comes at a price: less and less privacy "THE right to be left alone." For many this phrase, made famous by Louis Brandeis, an American Supreme Court justice, captures the essence of a notoriously slippery, but crucial concept. Drawing the boundaries of privacy has always been tricky. Most people have long accepted the need to provide some information about themselves in order to vote, work, shop, pursue a business, socialise or even borrow a library book. But exercising control over who knows what about you has also come to be seen as an essential feature of a civilised society. Totalitarian excesses have made "Big Brother" one of the 20th century's most frightening bogeymen. Some right of privacy, however qualified, has been a major difference between democracies and dictatorships. An explicit right to privacy is now enshrined in scores of national constitutions as well as in international human-rights treaties. Without the "right to be left alone", to shut out on occasion the prying eyes and importunities of both government and society, other political and civil liberties seem fragile. Today most people in rich societies assume that, provided they obey the law, they have a right to enjoy privacy whenever it suits them. They are wrong. Despite a raft of laws, treaties and constitutional provisions, privacy has been eroded for decades. This trend is now likely to accelerate sharply. The cause is the same as that which alarmed Brandeis when he first popularised his phrase in an article in 1890: technological change. In his day it was the spread of photography and cheap printing that posed the most immediate threat to privacy. In our day it is the computer. The quantity of information that is now available to governments and companies about individuals would have horrified Brandeis. But the power to gather and disseminate data electronically is growing so fast that it raises an even more unsettling question: in 20 years' time, will there be any privacy left to protect? Most privacy debates concern media intrusion, which is also what bothered Brandeis. And yet the greatest threat to privacy today comes not from the media, whose antics affect few people, but from the mundane business of recording and collecting an ever-expanding number of everyday transactions. Most people know that information is collected about them, but are not certain how much. Many are puzzled or annoyed by unsolicited junk mail coming through their letter boxes. And yet junk mail is just the visible tip of an information iceberg. The volume of personal data in both commercial and government databases has grown by leaps and bounds in recent years along with advances in computer technology. The United States, perhaps the most computerised society in the world, is leading the way, but other countries are not far behind. Advances in computing are having a twin effect. They are not only making it possible to collect information that once went largely unrecorded, but are also making it relatively easy to store, analyse and retrieve this information in ways which, until quite recently, were impossible. Just consider the amount of information already being collected as a matter of routine-any spending that involves a credit or bank debit card, most financial transactions, telephone calls, all dealings with national or local government. Supermarkets record every item being bought by customers who use discount cards. Mobile-phone companies are busy installing equipment that allows them to track the location of anyone who has a phone switched on. Electronic toll- booths and traffic-monitoring systems can record the movement of individual vehicles. Pioneered in Britain, closed-circuit TV cameras now scan increasingly large swathes of urban landscapes in other countries too. The trade in consumer information has hugely expanded in the past ten years. One single company, Acxiom Corporation in Conway, Arkansas, has a database combining public and consumer information that covers 95% of American households. Is there anyone left on the planet who does not know that their use of the Internet is being recorded by somebody, somewhere? Firms are as interested in their employees as in their customers. A 1997 survey by the American Management Association of 900 large companies found that nearly two-thirds admitted to some form of electronic surveillance of their own workers. Powerful new software makes it easy for bosses to monitor and record not only all telephone conversations, but every keystroke and e-mail message as well. Information is power, so it is hardly surprising that governments are as keen as companies to use data-processing technology. They do this for many entirely legitimate reasons-tracking benefit claimants, delivering better health care, fighting crime, pursuing terrorists. But it inevitably means more government surveillance. A controversial law passed in 1994 to aid law enforcement requires telecoms firms operating in America to install equipment that allows the government to intercept and monitor all telephone and data communications, although disputes between the firms and the FBI have delayed its implementation. Intelligence agencies from America, Britain, Canada, Australia and New Zealand jointly monitor all international satellite-telecommunications traffic via a system called "Echelon" that can pick specific words or phrases from hundreds of thousands of messages. America, Britain, Canada and Australia are also compiling national DNA databases of convicted criminals. Many other countries are considering following suit. The idea of DNA databases that cover entire populations is still highly controversial, but those databases would be such a powerful tool for fighting crime and disease that pressure for their creation seems inevitable. Iceland's parliament has agreed a plan to sell the DNA database of its population to a medical-research firm, a move bitterly opposed by some on privacy grounds. To each a number The general public may be only vaguely aware of the mushrooming growth of information-gathering, but when they are offered a glimpse, most people do not like what they see. A survey by America's Federal Trade Commission found that 80% of Americans are worried about what happens to information collected about them. Skirmishes between privacy advocates and those collecting information are occurring with increasing frequency. This year both Intel and Microsoft have run into a storm of criticism when it was revealed that their products-the chips and software at the heart of most personal computers-transmitted unique identification numbers whenever a personal- computer user logged on to the Internet. Both companies hastily offered software to allow users to turn the identifying numbers off, but their critics maintain that any software fix can be breached. In fact, a growing number of electronic devices and software packages contain identifying numbers to help them interact with each other. In February an outcry greeted news that Image Data, a small New Hampshire firm, had received finance and technical assistance from the American Secret Service to build a national database of photographs used on drivers' licences. As a first step, the company had already bought the photographs of more than 22m drivers from state governments in South Carolina, Florida and Colorado. Image Data insists that the database, which would allow retailers or police across the country instantly to match a name and photograph, is primarily designed to fight cheque and credit-card fraud. But in response to more than 14,000 e-mail complaints, all three states moved quickly to cancel the sale. It is always hard to predict the impact of new technology, but there are several developments already on the horizon which, if the recent past is anything to go by, are bound to be used for monitoring of one sort or another. The paraphernalia of snooping, whether legal or not, is becoming both frighteningly sophisticated and easily affordable. Already, tiny microphones are capable of recording whispered conversations from across the street. Conversations can even be monitored from the normally imperceptible vibrations of window glass. Some technologists think that the tiny battlefield reconnaissance drones being developed by the American armed forces will be easy to commercialise. Small video cameras the size of a large wasp may some day be able to fly into a room, attach themselves to a wall or ceiling and record everything that goes on there. Overt monitoring is likely to grow as well. Intelligent software systems are already able to scan and identify individuals from video images. Combined with the plummeting price and size of cameras, such software should eventually make video surveillance possible almost anywhere, at any time. Street criminals might then be observed and traced with ease. The burgeoning field of "biometrics" will make possible cheap and fool-proof systems that can identify people from their voices, eyeballs, thumbprints or any other measurable part of their anatomy. That could mean doing away with today's cumbersome array of security passes, tickets and even credit cards. Alternatively, pocket-sized "smart" cards might soon be able to store all of a person's medical or credit history, among other things, together with physical data needed to verify his or her identity. In a few years' time utilities might be able to monitor the performance of home appliances, sending repairmen or replacements even before they break down. Local supermarkets could check the contents of customers' refrigerators, compiling a shopping list as they run out of supplies of butter, cheese or milk. Or office workers might check up on the children at home from their desktop computers. But all of these benefits, from better medical care and crime prevention to the more banal delights of the "intelligent" home, come with one obvious drawback- an ever-widening trail of electronic data. Because the cost of storing and analysing the data is also plummeting, almost any action will leave a near- permanent record. However ingeniously information-processing technology is used, what seems certain is that threats to traditional notions of privacy will proliferate. This prospect provokes a range of responses, none of them entirely adequate: * More laws. Brandeis's article was a plea for a right to sue for damages against intrusions of privacy. It spawned a burst of privacy statutes in America and elsewhere. And yet privacy lawsuits hardly ever succeed, except in France, and even there they are rare. Courts find it almost impossible to pin down a precise enough legal definition of privacy. America's consumer-credit laws, passed in the 1970s, give individuals the right to examine their credit records and to demand corrections. The European Union has recently gone a lot further. The EU Data Protection directive, which came into force last October, aims to give people control over their data, requiring "unambiguous" consent before a company or agency can process it, and barring the use of the data for any purpose other than that for which it was originally collected. Each EU country is pledged to appoint a privacy commissioner to act on behalf of citizens whose rights have been violated. The directive also bars the export of data to countries that do not have comparably stringent protections. Most EU countries have yet to pass the domestic laws needed to implement the directive, so it is difficult to say how it will work in practice. But the Americans view it as Draconian, and a trade row has blown up about the EU's threat to stop data exports to the United States. A compromise may be reached that enables American firms to follow voluntary guidelines; but that merely could create a big loophole. If, on the other hand, the EU insists on barring data exports, not only might a trade war be started but also the development of electronic commerce in Europe could come screeching to a complete halt, inflicting a huge cost on the EU's economy. In any case, it is far from clear what effect the new law will have even in Europe. More products or services may have to be offered with the kind of legalistic bumf that is now attached to computer software. But, as with software, most consumers are likely to sign without reading it. The new law may give individuals a valuable tool to fight against some of the worst abuses, rather on the pattern of consumer-credit laws. But, also as with those laws-and indeed, with government freedom of information laws in general-individuals will have to be determined and persistent to exercise their rights. Corporate and government officials can often find ways to delay or evade individual requests for information. Policing the rising tide of data collection and trading is probably beyond the capability of any government without a crackdown so massive that it could stop the new information economy in its tracks. * Market solutions. The Americans generally prefer to rely on self-regulation and market pressures. Yet so far, self-regulation has failed abysmally. A Federal Trade Commission survey of 1,400 American Internet sites last year found that only 2% had posted a privacy policy in line with that advocated by the commission, although more have probably done so since, not least in response to increased concern over privacy. Studies of members of America's Direct Marketing Association by independent researchers have found that more than half did not abide even by the association's modest guidelines. If consumers were to become more alarmed about privacy, however, market solutions could offer some protection. The Internet, the frontline of the privacy battlefield, has already spawned anonymous remailers, firms that forward e-mail stripped of any identifying information. One website (www.anonymizer.com) offers anonymous Internet browsing. Electronic digital cash, for use on or off the Internet, may eventually provide some anonymity but, like today's physical cash, it will probably be used only for smaller purchases. Enter the infomediary John Hagel and Marc Singer of McKinsey, a management consulting firm, believe that from such services will emerge "infomediaries", firms that become brokers of information between consumers and other companies, giving consumers privacy protection and also earning them some revenue for the information they are willing to release about themselves. If consumers were willing to pay for such brokerage, infomediaries might succeed on the Internet. Such firms would have the strongest possible stake in maintaining their reputation for privacy protection. But it is hard to imagine them thriving unless consumers are willing to funnel every transaction they make through a single infomediary. Even if this is possible-which is unclear-many consumers may not want to rely so much on a single firm. Most, for example, already have more than one credit card. In the meantime, many companies already declare that they will not sell information they collect about customers. But many others find it more profitable not to make-or keep-this pledge. Consumers who want privacy must be ever vigilant, which is more than most can manage. Even those companies which advertise that they will not sell information do not promise not to buy it. They almost certainly know more about their customers than their customers realise. And in any case, market solutions, including infomediaries, are unlikely to be able to deal with growing government databases or increased surveillance in public areas. * Technology. The Internet has spawned a fierce war between fans of encryption and governments, especially America's, which argue that they must have access to the keys to software codes used on the web in the interests of law enforcement. This quarrel has been rumbling on for years. But given the easy availability of increasingly complex codes, governments may just have to accept defeat, which would provide more privacy not just for innocent web users, but for criminals as well. Yet even encryption will only serve to restore to Internet users the level of privacy that most people have assumed they now enjoy in traditional (ie, paper) mail. Away from the web, the technological race between snoopers and anti-snoopers will also undoubtedly continue. But technology can only ever be a partial answer. Privacy will be reduced not only by government or private snooping, but by the constant recording of all sorts of information that individuals must provide to receive products or benefits-which is as true on as off the Internet. * Transparency. Despairing of efforts to protect privacy in the face of the approaching technological deluge, David Brin, an American physicist and science-fiction writer, proposes a radical alternative-its complete abolition. In his book "The Transparent Society" (Addison-Wesley, $25) he argues that in future the rich and powerful-and most ominously of all, governments-will derive the greatest benefit from privacy protection, rather than ordinary people. Instead, says Mr Brin, a clear, simple rule should be adopted: everyone should have access to all information. Every citizen should be able to tap into any database, corporate or governmental, containing personal information. Images from the video-surveillance cameras on city streets should be accessible to everyone, not just the police. The idea sounds disconcerting, he admits. But he argues that privacy is doomed in any case. Transparency would enable people to know who knows what about them, and for the ruled to keep an eye on their rulers. Video cameras would record not only criminals, but also abusive policemen. Corporate chiefs would know that information about themselves is as freely available as it is about their customers or workers. Simple deterrence would then encourage restraint in information gathering-and maybe even more courtesy. Yet Mr Brin does not explain what would happen to transparency violators or whether there would be any limits. What about national-security data or trade secrets? Police or medical files? Criminals might find these of great interest. What is more, transparency would be just as difficult to enforce legally as privacy protection is now. Indeed, the very idea of making privacy into a crime seems outlandish. There is unlikely to be a single answer to the dilemma posed by the conflict between privacy and the growing power of information technology. But unless society collectively turns away from the benefits that technology can offer-surely the most unlikely outcome of all-privacy debates are likely to become ever more intense. In the brave new world of the information age, the right to be left alone is certain to come under siege as never before. from Wired News Report, 2002-Jun-3: Widespread wiretapping: VeriSign (VRSN) said it will provide a new service, NetDiscovery, to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11. Under the Communications Assistance for Law Enforcement Act of 1994, telecommunications companies must have systems that allow law enforcement officials acting with a court order or other legal authorization to intercept targeted telephone calls and access caller ID data quickly. The law also requires carriers to provide the resulting wiretap data to the police or the FBI in a way that allows it to delivered or transmitted offsite to government offices. from CNET News.com, 2002-May-28, by Stefanie Olsen: Documents reveal Carnivore failures A privacy watchdog group on Tuesday made public internal FBI documents that discuss failures of the agency's Carnivore online surveillance technology. The documents, obtained under the Freedom of Information Act (FOIA), detail at least one incident in which Carnivore inadvertently captured e-mail from people who were not under investigation, in apparent violation of federal wiretap laws. The FBI did not immediately return calls for comment. Carnivore, the FBI's Internet monitoring system that came into the public spotlight in July 2000, is used to monitor Internet traffic and communications through Internet service providers, once the technology's been installed on the ISP's system. Though much of how Carnivore works has remained a mystery as well as a perceived threat to consumer privacy, the FBI has said that the technology filters data to obtain only lawfully authorized information on suspects. Records on the technology were obtained by the Electronic Privacy Information Center (EPIC) after years of requests for disclosure. In 2000, EPIC filed a request to view all FBI records related to Carnivore, but following delays for response from the Department of Justice, the organization filed suit in U.S. District Court demanding the release of the data. Documents retrieved last week were part of a court summons issued by U.S. District Judge James Robertson that directed the FBI to complete a comprehensive search for documents. The search was to be conducted in the offices of General Counsel and Congressional & Public Affairs. As part of the documents published by EPIC, one internal FBI e-mail, dated April 5, 2000, discusses how the "software was turned on and did not work correctly," according to the e-mail. Carnivore not only gathered electronic communications on suspects that the FBI obtained a warrant to search, but it also retained e-mail from other individuals, according to the documents. The malfunction resulted in an FBI technician to destroy information on all parties. As a result, the act could have thwarted an investigation into terrorist threats involving Osama bin Laden, according to EPIC. The surveillance was performed by the FBI's International Terrorism Operations Section (ITOS) and its "UBL Unit," which refers to the government's official designation for bin Laden. "These documents confirm what many of us have believed for two years-- Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens," EPIC's General Counsel David Sobel said in a statement. "Our FOIA lawsuit shows that there's a great deal about Carnivore that we still don't know." from NewsMax, 2001-Dec-19, by Charles R. Smith: U.S. Police and Intelligence Hit by Spy Network Spies Tap Police and Government Phones In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services. The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement. The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad. Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted." The spy ring enabled criminals to use reverse wiretaps against U.S. intelligence and law enforcement operations. The illegal monitoring may have resulted in the deaths of several informants and reportedly spoiled planned anti-drug raids on crime syndicates. Global Spy and Crime Network The penetration of the U.S. wiretap system has led to a giant spy hunt across the globe by American intelligence agencies. U.S. intelligence officials now suspect the spy ring shared and sold information to other nations. "Why do you think Putin so nonchalantly and with such great fanfare announced the shutdown of the Lourdes listening post in Cuba?" noted Douglas Brown, president of Multilingual Data Solutions Inc. and program director at the Nathan Hale Institute. "Besides the PR benefit right before his visit here, the Russians don't need it anymore. They've scraped together a cheaper, more effective monitoring system. Is the Israeli company an element of that system? I don't know," stated Brown. "With all the whining and crying about Echelon and Carnivore, critics, domestic and foreign, of U.S. electronic eavesdropping vastly overestimate our abilities to process and disseminate the stuff," noted Brown. "The critics also underestimated the incompetence and total ineptness of the people running our intelligence and law enforcement services during the Clinton- Gore years. One guy uses his home computer for storing top secret documents; another high-tech guru guy can't figure out how to save and retrieve his e-mail, and the guy in charge of everything is having phone sex over an open line with one of his employees," said Brown. "On the other hand, the Europeans, including the Russians, have been much more focused on the nuts and bolts of practical systems to process the information they scoop up. The stories linking German intelligence and the L&H scandal got very little play here but were widely noted in the European software community," said Brown. "Except for a few Germans and an occasional Pole, nobody can match the Russians in designing and developing algorithms. We may have some of the world's greatest programmers, but the Russians and Europeans do a better job of matching up linguists and area experts with their programmers," noted Brown. The discovery of a major spy ring inside the United States is straining the already tense relations with Israel. Although, Israel denied any involvement with the penetration of the U.S. wiretap system, the CIA and FBI are investigating the direct government ties to the former Israeli military and intelligence officials now being held by the Justice Department. Israeli Company Provides U.S. Wiretaps One company reported to be under investigation is Comverse Infosys, a subsidiary of an Israeli-run private telecommunications firm. Comverse provides almost all the wiretapping equipment and software for U.S. law enforcement. Custom computers and software made by Comverse are tied into the U.S. phone network in order to intercept, record and store wiretapped calls, and at the same time transmit them to investigators. The penetration of Comverse reportedly allowed criminals to wiretap law enforcement communications in reverse and foil authorized wiretaps with advance warning. One major drug bust operation planned by the Los Angeles police was foiled by what now appear to be reverse wiretaps placed on law enforcement phones by the criminal spy ring. Flawed laws Led to Compromise Several U.S. privacy and security advocates contend the fault actually lies in the CALEA legislation passed by Congress that allowed the spy ring to operate so effectively. Lisa Dean, vice president for technology policy at Free Congress Foundation, delivered a scathing critique of the breach of the U.S. law enforcement wiretap system. "We are exercising our 'I told you so' rights on this," said Dean. "From the beginning, both the political right and left warned Congress and the FBI that they were making a huge mistake by implementing CALEA. That it would jeopardize the security of private communications, whether it's between a mother and her son or between government officials. The statement just issued by law enforcement agencies has confirmed our worst fears," concluded Dean. "How many more 9/11s do we have to suffer?" asked Brad Jansen, deputy director for technology policy at the Free Congress Foundation. "The CALEA form of massive surveillance is a poor substitute for real law enforcement and intelligence work. It is an after-the-fact method of crime fighting. It is not designed to prevent crime. Massive wiretapping does not equal security. Instead, we have elected to jeopardize our national security in exchange for poor law enforcement," said Jansen. "For example, FINCEN monitoring of all money transactions did not detect al- Qaeda, nor did it find Mohamed Atta before he boarded his last flight. It was an ATM receipt left in his rental car that led the FBI to the bin Laden bank accounts," noted Jansen. U.S. National Security Compromised "The CALEA approach is the same approach law enforcement has been pushing for a number of years. It's the same approach that was used to push Carnivore, Magic Lantern, FINCEN and even the failed Clipper project. This approach leads to a compromise in national security and in personal security for the American public," said Jansen. "In addition, there is always government abuse of these kinds of systems," stated Jansen. "Law enforcement on all levels does a very poor job in policing itself. We need to hold our police and government officials to the highest standards." "This also hurts the U.S. economy when the whole world knows that our communication systems are not secure. We cannot compete with inferior products when other countries are exporting secure software and hardware. New Zealand, India and Chile already offer security products that actually provide real security," stated Jansen. "The current mentality of law enforcement is what failed to protect us from 9/11. CALEA wiretaps will not protect us from terror attacks in the future. The system does not provide better intelligence information. It actually leads to less security and more crime. We get the worst of both worlds," concluded Jansen. from BBC News, 2002-Mar-4: Black editor backs stop and search A dramatic rise in gun crime can only be contained by the police increasing their use of stop and search, the editor of Britain's leading black newspaper has claimed. Mike Best, editor of The Voice, said the concerns felt by many black people about the practice were outweighed by figures showing that shootings are at an all time high in London and other British cities. He told the BBC: "I think most people would prefer not to be stopped and searched, but I think the increasing crime is warranting that and the majority of people who have nothing to hide won't mind very much." Stop and search was scaled back when the Macpherson Report into the murder of teenager Stephen Lawrence found that police were institutionally racist. 'Frustration' Mr Best said he supported stop and search despite the finding it was five time more likely to be used against black people than white people. He said police had moved away from the "unprofessional" standards of the past and the tactic could now be used more sensitively. "Stop and search really, we thought, mainly referred to stopping of black people. It has to be across the board, whether they are Asians, white, whatever," Mr Best added. "It must not be seen as just black people - this whole myth that black people commit the major crimes - that's not true." Mr Best said the parents of many of those killed held the view that if their sons had been stopped and searched they would still be alive, even if they were in prison. 'Frustration' Mr Best's comments may cause concern among some in the black community and were not supported by Lee Jasper, London Mayor Ken Livingstone's adviser on police matters. Mr Jasper said: "I understand the frustration that some people have in relation to tackling this crime but again, it needs to be intelligence led in order to be effective." Metropolitan Police Commander Bob Quick also questioned the value of increasing the number of stop and searches carried out by officers. He said: "I don't think it would make a difference to bring in indiscriminate stop and search. "In the Met' and the service more generally we are in favour of targeted stop and search which is intelligence based - which is very much aimed at stopping the right people that we suspect carry weapons or firearms." 'Lawless' Last week Hackney MP Diane Abbott told the House of Commons prison sentences must be increased for people convicted of gun crime. Ms Abbott said London is suffering from a "lawless gun culture" and people living in the city are becoming increasingly frightened they will become a victim. Last year in London alone there were 21 "black on black" gun murders, 67 attempted murders and a further 80 shootings resulting in minor injury or criminal damage. The number of armed robberies rose to 776 from 500 the previous year and reports suggest guns are now available in the capital for as little as £200. from the Assocviated Press, 2002-Feb-15, by Jennifer Loven: FCC Approves Some Ultrawideband Use WASHINGTON - The nation's communications regulators approved limited use of a new technology Thursday that is capable of seeing through walls, finding earthquake victims and even preventing car crashes. The technology, known as ultrawideband, is a new method of wireless transmission promoted as a potential solution to the squeeze on the nation's airwaves created by the explosion of mobile phone, pager and other wireless device usage. That's because ultrawideband devices operate over a wide swath of the airwaves, within frequencies already allocated to other uses, but by using millions of pulses each second that emit so little energy they do not interfere. The Federal Communications Commission voted unanimously to allow the technology to be used on an unlicensed basis. The commission, however, opted to ``err on the side of conservatism,'' at least for now, by requiring that ultrawideband be used only at certain frequencies and, in some cases, only by certain users. All real-life implications of the limits, described in a 100-page document few were able to digest immediately, were unclear. Still, companies involved in developing ultrawideband applications were happy to see the FCC take a step forward. ``We've gone from basically being illegal to being legal,'' said Jeffrey Ross, a vice president of Time Domain Corp. Based in Huntsville, Ala., Time Domain is one of a handful of companies that have received waivers to begin marketing the technology and were pursuing FCC approval. Mostly used now by the U.S. military, ultrawideband allows for wireless communications and accurate readings of location and distance that have a wide range of applications. Potential new commercial uses that could be allowed under the standards set by the FCC include: -Wireless, high-speed transmissions over short distances, such as sending video on a camera to a television set or data from a personal digital assistant to a laptop. -Sensors in cars that can alert a driver to movement near the vehicle, prevent collisions and promote ``smart'' air bag deployment. Otherwise, the FCC primarily limited ultrawideband technology to public safety uses. For instance, only police and fire officials, scientific researchers and mining or construction companies could use so-called ground-penetrating radar devices, which could help rescuers find victims in rubble or locate ruptured gas lines underground. The FCC also limited devices that can see through walls and detect motion within certain areas to law enforcement and firefighters, which could use them to see into a building during a hostage situation or evaluate a fire from the outside. It was unclear whether those applications will be possible at the low power levels set by the FCC. The FCC proceeded cautiously out of uncertainty whether ultrawideband could coexist safely with other services, such as military airwaves use, cell phones and the Global Positioning System, the U.S.-built network of navigation satellites. Commissioners acknowledged the standards might be overprotective but pledged to consider the question again in six months to a year. Commerce Secretary Don Evans and Steven Price, a deputy assistant secretary at the Pentagon, praised the FCC's approach. ``To remain the world leader, we must continue to encourage deployment of important new technologies while protecting those that already exist,'' Evans said. --- On the Net: Federal Communications Commission: http://www.fcc.gov from CNET News.com, 2002-May-14, by Robert Lemos: Latest privacy threat: Monitor glow BERKELEY, Calif.--Law enforcement and intelligence agents may have a new tool to read the data displayed on a suspect's computer monitor, even when they can't see the screen. Marcus Kuhn, an associate professor at Cambridge University in England, presented research on Monday showing how anybody with a brawny PC, a special light detector and some lab hardware could reconstruct what a user sees on the screen by catching the reflected glow from the monitor. The results surprised many security researchers gathered here at the Institute of Electrical and Electronics Engineers' (IEEE) Symposium on Security and Privacy because they had assumed that discerning such detail was impossible. "No one even thought about the optical issues" of computer information "leakage," said Fred Cohen, security practitioner in residence for the University of New Haven. "This guy didn't just publish, he blew (the assumptions) apart." Many intelligence agencies have worried about data leaking from classified computers through telltale radio waves produced by internal devices, and a recent research paper outlined the threat of an adversary reading data from the blinking LED lights on a modem. Kuhn's research adds the glow of a monitor to the list of dangers. Eavesdropping on a monitor's glow takes advantage of the way that cathode-ray tubes, the technology behind the screen, work. In most computer monitors, a beam of electrons is shot at the inside of the screen, which is covered in various phosphors, causing each pixel to glow red, green or blue, and thereby producing an image. The beam scans from side to side, hitting every pixel--more than 786,000 of them at--in sequence; the screen is completely scanned anywhere from 60 to 100 times every second. The light emitted from each pixel of phosphor will peak as the pixel is hit with electrons, creating a pulsating signal that bathes a room. By averaging the signal that reflects from a particular wall over nearly a second and doing some fancy mathematical footwork, Kuhn is able to reconstruct the screen image. Not so fast Yet Kuhn, who is still completing his PhD thesis, is quick to underscore the problems with the system. "At this point, this is a curiosity," he said. "It's not a revolution." First off, Kuhn performed the experiments in a lab at a short distance--the screen faced a white wall 1 meter away, and the detector was a half meter behind the monitor. There have been no real-world tests where, for example, other light sources are present and the detector is 30 feet across a street. Other light sources, including the sun, make things much more difficult if not impossible. Normal incandescent lighting, for example, has a lot of red and yellow components and tends to wipe out any reflections of red from the image on a screen. And several countermeasures are effective, including having a room with black walls and using a flat-panel liquid crystal display. LCD monitors activate a whole horizontal line of pixels at once, making it immune to this type of attack. Still, other researchers believe that Kuhn may be on to something. "Anyone who has gone for a walk around their neighborhood knows that a lot of people have a flickering blue glow emanating from (their) living rooms and dens," said Joe Loughry, senior software engineer for Lockheed Martin. While Kuhn calculated that the technique could be used at a range of 50 meters at twilight using a small telescope, a satellite with the appropriate sensors could, theoretically, detect the patterns from orbit, said several security experts. That could open a whole new can of worms for privacy. If Kuhn's technique proves to be practical, the result of the research could be a new round of battles between law enforcement agencies and privacy advocates in the courts over whether capturing the faint blue glow from a home office is a breach of privacy. Until that's resolved, the safest solution is to compute with the lights on. from TPDL 2001-Mar-21, from the SF Chronicle, by Debra J. Saunders: Drug war vs. U.S. Constitution BE VERY AFRAID of what was said during Tuesday's U.S. Supreme Court hearing on a case in which three Tecumseh, Okla., students challenged a mandatory drug testing program for high school students participating in extracurricular activities. Be afraid because statements made by some of the justices suggest that they are prepared to make the sort of results-oriented ruling -- based on ideology, not case law -- that conservatives used to lambaste when liberals made them. Enter the war on drugs. Exit the U.S. Constitution. Here's one example quoted in the New York Times: Justice Antonin Scalia asked ACLU attorney Graham Boyd, who opposed the testing program, "So long as you have a bunch of druggies, who are orderly in class, the school can take no action. That's what you want us to rule?" Yes, that's right, justice. In America, there's this little thing called probable cause. Right now, teachers can ask for drug tests when they suspect a student of drug use, but for the moment, the law has not allowed schools to test all students for no cause. Be afraid because precedent doesn't matter. In 1995, the Big Bench ruled that it was legal for an Oregon school to require athletes to submit to urine tests because the school had a big drug problem. The reasoning: Athletes were the main offenders, football players were role models and there were safety issues with football players in heavy gear charging other players while high on drugs. That was a narrow ruling. Now, some justices want to make members of Future Farmers of America and the band tuba player into role models. And they don't care if a school district doesn't have much of a drug problem. (Of 505 Tecumseh students tested, three tested positive.) Worse, as the Washington Times reported, Deputy Solicitor General Paul D. Clement suggested that public schools could test entire student bodies. Forget the Fourth Amendment protections against unreasonable searches. Be afraid because most justices apparently support drug testing for students who are less likely to be drug users than, as Justice Ruth Bader Ginsburg said, "students who don't do anything after school." Students who refuse to take the test or flunk it twice would be banned from interscholastic clubs. Be afraid because the Bush administration and some justices want the government to be Big Father, and pre-empt parental choice. Parents can give their kids drug tests if they suspect their kids are using drugs. There are parents who have argued that they want the school to test their kids. They shouldn't expect schools to do their dirty work for them. And they should want to keep the government out of the bathroom. Justice Anthony M. Kennedy suggested that he was helping parents when he gave an analogy of two schools, one with drug testing and one without. He then told the ACLU's Boyd that no parents would send their children to "the druggie school" -- "except perhaps your client." I've received letters from readers who support 20-year sentences for low- level, first-time nonviolent drug offenders because they think those sentences will protect their kids. It doesn't occur to these folks that their kids could be drug offenders. According to the Bush administration's own brief, 54 percent of high school seniors have used illegal drugs. Be afraid because when schools give students a choice between clubs or drugs, marginal kids will choose drugs. "It's those kids who need those activities the most (who) are going to be the easiest to deter," said Daniel Abrahamson of the Drug Policy Alliance, who wrote a brief against the Tecumseh School Board for the American Academy of Pediatrics. The brief noted, "a strong record of extracurricular involvement is all but essential to securing admission to a competitive undergraduate college." Because the justices weren't focusing overly on precedent, let me pose a moral question: Would the justices support a policy labeled: Smoke a joint in high school, work at McDonald's for the rest of your life? from the Boston Globe, 2001-Nov-18, by Scott Bernard Nelson: New Federal Patriot Act Turns Retailers into Spies against Customers Nov. 18--Ordinary businesses, from bicycle shops to bookstores to bowling alleys, are being pressed into service on the home front in the war on terrorism. Under the USA Patriot Act, signed into law by President Bush late last month, they soon will be required to monitor their customers and report "suspicious transactions" to the Treasury Department -- though most businesses may not be aware of this. Buried in the more than 300 pages of the new law is a provision that "any person engaged in a trade or business" has to file a government report if a customer spends $10,000 or more in cash. The threshold is cumulative and applies to multiple purchases if they're somehow related -- three $4,000 pieces of furniture, for example, might trigger a filing. Until now, only banks, thrifts, and credit unions have been required to report cash transactions to the Treasury Department's Financial Crimes Enforcement Network, under the Bank Secrecy Act of 1970. A handful of other businesses, including car dealers and pawnbrokers, have to file similar reports with the Internal Revenue Service. "This is a big deal, and a big change, for the vast majority of American businesses," said Joe Rubin, chief lobbyist for the US Chamber of Commerce. "But I don't think anybody realizes it's happened." The impact is less clear for consumers, although privacy advocates are uncomfortable with the thought of a massive database that could bring government scrutiny on innocent people. Immigrants and the working poor are the most likely to find themselves in the database, since they tend to use the traditional banking system the least. "The scope of this thing is huge," said Bert Ely, a financial services consultant in Alexandria, Va. "It's going to affect literally millions of people." The filing of so-called suspicious activity reports, though, is only the latest in a series of law enforcement moves the government has made in response to the Sept. 11 terrorist attacks on New York and Washington. And so far, the filing requirement has been overshadowed by debate over the other changes. The Patriot Act signed into law Oct. 26, for example, gives the government a vast arsenal of surveillance tools, easier access to personal information, and increased authority to detain and deport noncitizens. House and Senate negotiators came to terms Thursday on a bill that would add 28,000 employees to the federal payroll in an effort to bolster airport security, and Attorney General John Ashcroft has said he is reorganizing the Justice Department and the FBI to focus on counterterrorism efforts. As for the business-filing requirement, specifics about what companies have to do and when they have to do it still need to be worked out. The Treasury Department has until March 25 -- the date the Patriot Act becomes law -- to issue regulations about how to put the new rules into practice. "The law itself doesn't go into any detail, because you'd presume that's what the Treasury regulations are for," said Victoria Fimea, senior counsel at the American Council of Life Insurers. "And the devil, of course, is in the details." When he signed the legislation, President Bush said the new rules were designed to "put an end to financial counterfeiting, smuggling, and money laundering." The problem, he and others have said, was keeping tabs on the billions of dollars that flow outside the traditional banking system and across national borders each year. Money launderers often disguise the source of their money by using cash to buy pricey things. Later, they can resell the products and move the money into a bank account -- at which point it has been laundered, or made to look legitimate, by the aboveboard sale. Making a series of transactions just below the $10,000 filing threshold is also illegal under the new law if it's done to keep a business from contacting the government. Financial services companies such as banks, insurers, and stock brokerages face a higher standard under the new law than other businesses. In addition to the filing requirements, they have to take steps such as naming a compliance officer and implementing a comprehensive program to train employees about how to spot money laundering. Unlike other businesses, though, most financial services companies already have a process in place to deal with government regulation. "Certainly for the bigger [insurance] companies, they most likely are already tooled up for this," said Fimea. "For other companies, this creates a whole new landscape." James Rockett, a San Francisco lawyer who represents banks and insurance companies in disputes with regulators, said he's skeptical the authorities will get any useful information from reports filed by nonfinancial companies. "You're trying to turn an untrained populace into the monitors of money laundering activity," Rockett said. "If you want to stop this, it's got to be done with police work, not tracking consumers' buying habits." Voices opposing any of the new law-enforcement measures appear to be in the minority, however. For now, at least, few people and few companies want to be perceived as being terrorist sympathizers. "In a political sense, it would have been very hard for us to go to Congress in this case and loudly argue that the legislation shouldn't include nonfinancial-services guys," said Rubin, of the US Chamber of Commerce. "Everybody wants to help and to stop money laundering right now." from TPDL 2001-Oct-27, from Fox News 2001-Oct-26, by Kelley Beaucar Vlahos: FBI Seeking to Wiretap Internet WASHINGTON — The Federal Bureau of Investigation is seeking to broaden considerably its ability to tap into Internet traffic in its quest to root out terrorists, going beyond even the new measures afforded in anti-terror legislation signed by President Bush Friday, according to lawyers familiar with the FBI’s plans. Stewart Baker, an attorney at the Washington D.C.-based Steptoe & Johnson and a former general consul to National Security Agency, said the FBI has plans to change the architecture of the Internet and route traffic through central servers that it would be able to monitor e-mail more easily. The plans goes well beyond the Carnivore e-mail-sniffing system which allows the FBI to search for and extract specific e-mails off the Internet and generated so much controversy among privacy advocates and civil libertarians before the Sept. 11 terrorist attacks. “From the work I’ve been doing, I’ve seen the efforts the FBI has been making and it suggests that they are going to unveil this in the next few months,” Baker said of the plan. FBI Spokesman Paul Bresson said he was unaware of any development in the e- mail surveillance arena that would require major architectural changes in the Internet, but acknowledged that such a plan is possible. Any new efforts would “would be in compliance with wiretapping statutes,” Bresson said. “We would be remiss if we didn’t.” Such a move might have been unthinkable before Sept. 11. Last year, privacy groups and civil libertarians howled in protest when the FBI trotted out plans to start using the Carnivore system. The Electronic Privacy Information Center (EPIC) in Washington was ready to go full rounds with the government in court over Carnivore, and House Majority Leader Dick Armey, R- Texas, asked Attorney General John Ashcroft to take another look at its constitutionality. Now, though, the country is asking for more, not less, law enforcement on the Internet, and even those who once complained are coming around. “I have two minds on this,” says Fred Peterson, vice president of government affairs for the Xybernaut Corporation, which manufactures computer technology for military and law enforcement. The past six weeks have left little doubt in most peoples’ mind, he said, that new measures must be taken. “I think that the threat has increased and while (FBI) demands were unreasonable at a time when the threat was less immediate and less fatal — it’s just not the same story anymore,” he said. Others are still skeptical, though not as much. “I don’t think (FBI) motives are bad, but I do think they’re using people’s current state of mind — they’re using it to their advantage,” said Mikal Condon, staff attorney for EPIC. The new FBI plans would give the agency a technical backdoor to the networks of Internet service providers’ like AOL and Earthlink and Web hosting companies, Baker said. It would concentrate Internet traffic in several central locations where e-mail and other web activity could be wiretapped. Baker said he expects the agency will approach the Internet companies on an individual basis to ask for their help in the endeavor. But Jim Harper, staff counsel for privacy advocate Privacilla.org said the FBI may have a hard time convincing some companies to redesign the Internet on its behalf. “It’s not really surprising, but I would be shocked to see if it gets done,” he said. “Restructuring the Internet? I don’t think so.” Others say the Internet companies will not put up much of a fight. Sue Ashdown, executive director of the Washington-based American ISP Association, an Internet company trade group, said most Internet companies aren’t healthy enough financially to take on the government in court to protect their subscribers’ privacy rights. And no one, she says, wants to appear hostile to law enforcement right now. “I know there are a lot of members in the association with feelings on both sides,” said Ashdown. “In the current patriotic climate, enterprises of all types will likely play along with the FBI in order to avoid a public relations disaster,” said Gene Riccoboni, an Internet attorney with the Stamford, Connecticut-based Grimes & Battersby. from TPDL 2001-Oct-2, from ZDNet, by Stefanie Olsen: Attacks put privacy into focus Companies are scrambling to ensure their online privacy policies do not run afoul of the sprawling investigation into last month's terrorist attacks, a move that could prompt some to rewrite their published statements, privacy experts said. Most online privacy policies contain provisions for sharing customer information with law enforcement agencies in the event of a criminal investigation or suspected illegal activity. Nevertheless, some companies that have been cooperating with authorities investigating the Sept. 11 suicide hijackings that destroyed the World Trade Center and damaged the Pentagon are now reviewing their actions for possible privacy violations, according to people familiar with their concerns. A key issue, privacy advocates say, has come from companies that worry they may have gone too far in handing over complete databases to law enforcement in the immediate aftershocks of the attacks without requiring a court order or a subpoena. "I've never seen a privacy policy that says that we will make all of our records available to authorities in a case of national emergency, and I think as a result of this, you're probably going to see companies adjust their privacy policies to take this into consideration," said Ray Everett-Church, senior privacy strategist at the Los Angeles-based ePrivacy Group. While companies typically require a warrant or a court order before relinquishing the contents of e-mail or electronic files to federal authorities or in civil cases-- procedures mandated under the Electronic Communications Privacy Act--Internet companies can provide information about consumer identities without a court order. Many major companies have legal departments to handle such requests. But in the aftermath of the terrorist attacks, some companies may have ignored normal procedures for working with law enforcement, privacy experts said. Some experts see an imminent and worrisome shift in the debate over online privacy toward greater surveillance. Larry Ponemon, CEO of the Dallas-based Privacy Council and former head of PricewaterhouseCoopers' privacy practice, said he's spoken with some companies that admitted giving over their databases to authorities wholesale, without a valid court order or subpoena. He declined to disclose the names of the companies but said consumers may soon begin receiving notifications and apologies informing them of possible privacy violations. "In some cases, trying to participate and cooperate with authorities led to the other extreme of actually violating all the privacy rights of customers and employees," said Ponemon. "It's scary. We have no assurances they are going to delete (this information). Are they going to return it? Are they going to make any warranty that they won't use it again?" Legal experts said that the risks of liability in such cases are small. "Suppression of evidence would be the most serious consequence of the government obtaining information in violation of privacy rights," said Dave Kramer, a partner in the Internet counseling group at Wilson Sonsini. "The likelihood of there being financial consequences...is limited." In the event that the FBI obtained information from a company without probable cause and a search warrant, the evidence would most likely be inadmissible in court under Fourth Amendment rights, lawyers say. But if the company volunteered the data, particularly in the event the act did not contradict its privacy policy, the evidence would be acceptable. Nevertheless, some companies seem to be taking precautions in their cooperation with authorities. Dave Steer of Truste, a company that vouches for Internet privacy policies, said his company is getting calls from members inquiring about the need to revise their policies after the attacks. "Members are asking, 'Does what happened impact our privacy policy, and does that change the way we should communicate to customers?' (Also), 'How do we insert a clause into the privacy statement that allows for such national incidents?'" from the San Francisco Chronicle, 2001-Oct-6, p.A1, by William Carlsen: Secretive U.S. court may add to power Bush wants to use terrorism panel in criminal probes Cloaked in secrecy and unknown to most Americans, a seven-judge court has been busy in a sealed room at the U.S. Justice Department approving "black bag" searches, wiretaps and the bugging of homes in the interests of national security. The court, which has been operating for more than 20 years, has approved more than 10,000 government applications for clandestine searches and surveillance of foreigners, immigrants and U.S. citizens -- and only one request has ever been denied. In its anti-terrorism proposals, the Bush administration is asking Congress for a broad expansion of the enormous powers already granted to the executive branch under the 1978 Foreign Intelligence Surveillance Act, or FISA, which would allow it to bring a wider array of cases before the special court. Currently, the government is limited to using the act for the narrow purpose of gathering foreign or terrorist intelligence. The proposed change, according to experts, would permit the government to use FISA for criminal investigations as well. That request has raised serious privacy and civil liberty concerns. "There was already concern about the drift toward using the law beyond foreign intelligence gathering," said Jonathan Turley, a law professor at George Washington University who appeared before the FISA court in the 1980s as an attorney for the National Security Agency. "It is so much easier for the government to use the FISA court than go through regular criminal warrant procedures." For years, the FBI and other U.S. intelligence agencies have used FISA to gather information through phone taps and electronic bugs, all approved by a special panel of federal judges picked by Chief Justice William Rehnquist. President Bill Clinton expanded the law in 1995 to include what is known as "black bag" searches of homes, which are executed while residents are away and without their knowledge. Because FISA is intended to permit interceptions of foreign or terrorist intelligence and not criminal evidence, the government needs only to show the special court that "probable cause" exists that the target of the requested surveillance is a foreign power or agent, a definition that includes being a member of an international terrorist group. That is a lower standard than what is required in criminal law, where investigators must show probable cause to believe that a crime is being planned or committed in order to get wiretap or search warrants from a court. And unlike regular search warrants in criminal cases, which require a target to be notified at some point and given an inventory of any evidence seized, a target of a FISA "order" may never find out that eavesdropping or a search has taken place. CONCERNS ABOUT MISUSE Civil liberty advocates say they fear the government will take advantage of the administration's proposed change and use the pretext of intelligence gathering under FISA to go after other criminal activity, making an end run around the stricter Fourth Amendment protections in criminal law. But supporters of the change say that the problem now is that any evidence of a crime -- say, the planning of a terrorist attack -- turned up under FISA surveillance might later be ruled inadmissible in a trial, ending the criminal prosecution. "Back when FISA was first enacted and you caught a spy, you threw him out of the country," said Stewart Baker, who served as NSA general counsel from 1992 to 1994 and is now in private practice in Washington, D.C. "But more and more now," he said, "criminal activity overlaps with intelligence activity. And if you find evidence of crime during an intelligence surveillance, you want to keep renewing those interception requests to gather more evidence." Baker said the anti-terrorism bill being debated in the House of Representatives, which contains an amended version of the administration's request, might be a good compromise because it would require that intelligence gathering be the "significant" purpose of FISA investigations. That language, he said, should clear the way for evidence gathered in most surveillance to be used in later criminal prosecutions, without leading to major abuses. INCREASE IN APPLICATIONS Privacy and civil liberty groups, however, have expressed increasing alarm in recent years about the rising number of government applications to the court. They argue that the total secrecy of the process has eliminated any public accountability to ensure that the process is not being misused. The number of eavesdropping orders granted by the special court has doubled from 509 in 1993 to more than 1,000 last year. That number is nearly equal to all such warrants granted by the rest of the federal judiciary annually for criminal investigations. When it was drafted, the 1978 law was intended primarily to uncover espionage activity during the lingering Cold War. But the act also includes as targets any "group engaged in international terrorism or preparation therefor, " a definition that certainly would have encompassed the group involved in the Sept. 11 attacks. How much of the recent surveillance has been directed at terrorist groups is not known, because all the information surrounding the searches and bugging is sealed -- and the government will not comment on any activities of the court. But experts such as Baker and Turley, and others familiar with FISA, guess that the government and the court have been working overtime since Sept. 11. Despite the concerns raised by civil liberty groups, FISA was actually considered something of a victory by these same organizations when it was signed into law by President Jimmy Carter. At the time, it was viewed as a restraint on the highly publicized abuses in the 1960s and '70s by the FBI, the CIA and the Nixon White House, which had claimed executive branch authority to spy on U.S. citizens without any judicial oversight. SEVEN JUDGES ON FISA COURT The FISA court is composed of seven federal district judges from different sections of the country selected by the chief justice to serve staggered seven- year terms. The individual judges rotate to Washington every two weeks to sit in a specially secured, windowless conference room on the sixth floor of the Justice Department headquarters to hear the surveillance applications. Opponents say that with only a single denial in more than 10,000 requests, the judges -- the only curb on any government excesses -- are, in effect, nothing more than a rubber stamp for expanding government power. But government officials, including the only judge on the court who has commented publicly, say that judicial review has been scrupulous. Speaking to the American Bar Association in 1997, U.S. District Judge Royce Lambreth of Washington, D.C., the presiding judge of the FISA court, said he "bristles" at the "rubber stamp" characterization. He said that surveillance applications are "well scrubbed" by the U.S. attorney general and top staff before they are submitted, that the judges often ask for modifications and that some requests are withdrawn and revised before being resubmitted. "I ask questions," he said. "I get to the nitty-gritty. I know exactly what's going to be done and why." EVIDENCE USED IN CRIMINAL TRIALS FISA evidence has already found its way into more than 90 criminal proceedings, including the 1993 World Trade Center bombing case. Opponents say that when it does, defendants are not able to challenge the evidence because they are never allowed to see the information relied on by agents making the surveillance requests. Despite the secrecy, some details of the sweeping scope of FISA eavesdropping emerged recently in an 1998 espionage case in which a Washington, D.C., couple was convicted on charges of passing four Defense Department documents to an FBI agent posing as a South African intelligence officer. In a brief filed last year with the U.S. Supreme Court, it was revealed that the government conducted 550 consecutive days of surveillance, which included phone taps, an electronic bug in their bedroom, two clandestine searches of their home, downloads from their computer, and listening in on conversations that the woman, Theresa Squillacote, and her husband, Kurt Strand, had with her psychotherapists. A request to examine the secret affidavits to the FISA court that had prompted the eavesdropping was denied by the judge in their trial. The couple appealed, saying their constitutional rights had been violated because they were denied necessary information to challenge the legality of the surveillance. The Supreme Court denied their petition for a hearing in April. Surveillance Court The federal judges who sit on the Foreign Intelligence Surveillance Court: Royce Lamberth, the court's presiding judge, U.S. District Court in Washington, D.C. Harold Baker, U.S. District Court in Illinois. Stanley S. Brotman, U.S. District Court in New Jersey. Michael J. Davis, U.S. District Court in Minnesota. Nathaniel Gorton, U.S. District Court in Maine. Claude M. Hilton, U.S. District Court in Virginia. William H. Stafford Jr., U.S. District Court in Florida. from Nature, 2001-Oct-25, by David Adam: Cryptography on the front line As the `war on terrorism' unfolds, some politicians are calling for controls on the availability of encryption software. But many computer scientists claim such moves would play into the terrorists' hands. David Adam reports. Bankers, shoppers and other Internet users now have access to standards of privacy previously only available to the military. Off-the-shelf encryption software is effectively unbreakable - even by the massed computing power of organizations such as the US National Security Agency and the Federal Bureau of Investigation (FBI). Put that power in the hands of a terrorist network, and the potential for harm is all too obvious. No surprise, then, that in the wake of the terrorist atrocities in New York and Washington, attention has focused on the ability of individuals to communicate securely over the Internet through encrypted e-mails. Although there is little evidence that those behind the attacks used such coded messages,some politicians are already calling for stronger controls on encryption software. In a speech just days after the attacks, Republican Senator Judd Gregg of New Hampshire called for the US government to be given back-door access into all encryption software. Britain's Foreign Secretary, Jack Straw, has also entered the fray, dismissing those who have fought against such moves in the past as "naive". And on 6 October, the Dutch government announced that, as part of its counter-terrorism action plan, it intends to regulate the use of cryptography. Coded warning The events of 11 September had an immediate impact on public opinion - a poll conducted two days later indicated that 72% of Americans believed that anti- encryption laws would help to prevent repeat attacks. But most experts on computer security argue that restrictions on encryption software would be expensive and impractical. Worse, they say that the net result would be to undermine the security of legitimate Internet users - rendering government and business more vulnerable to cyber-attack. But given the public statements of politicians such as Gregg and Straw, computer scientists are preparing for a reprise of the debate over privacy and security that they thought they had won in the 1990s. "We've been through these arguments before, but legislators seem to have short memories, "says Bruce Schneier, chief technical officer at Counterpane Internet Security, a company based in Cupertino, California, that provides computer security services." Limits on encryption and systems that ensure governments have access to encrypted messages will do little to thwart terrorist activities," he argues. "At the same time they will significantly reduce the security of our own critical infrastructure." (see Commentary,page 773.) [item right below -AMPP Ed.] Encryption software uses mathematical algorithms both to scramble the contents of e-mails, by reordering the underlying data, and to decipher the encoded version. The algorithms are activated - and so protected - by numerical `keys' typically containing 10 or more digits. One set of keys is widely circulated, and these are used to encrypt messages. But individual users also have private keys, which are used to decode messages. The algorithms and their mathematical relationships with the keys are too complex for security agencies to crack, so access to the private key is in practice the only way to read an encoded message. Intelligence and law-enforcement chiefs have long been concerned about the potential misuse of such programs. Indeed, former FBI director Louis Freeh in the late 1990s warned repeatedly that terrorists could be using encryption software to plan their actions, and he urged the US Congress to approve restrictions on its use and distribution. Added restrictions But Schneier claims it is impossible to limit the spread of cryptography." Cryptography is mathematics and you can't ban mathematics," he says. There are almost 1,000 software products that use cryptography, available in more than 100 countries." You would have to ban them in every country and even then it won't be enough, as any terrorist organization with a modicum of skill can write its own cryptography software," he says. Blanket restrictions on the use of encryption might also impede the use of computers and the Internet in activities such as online banking and shopping - which rely on encryption for security. A degree of disruption to e-commerce may seem a small price to pay for greater security, but cryptography systems also protect vital safety systems, such as the computers used in air-traffic control. "Restrictions are not possible from a practical point of view," argues Matt Blaze, a principal research scientist with AT&T Laboratories in Florham Park, New Jersey. If governments cannot crack encrypted e-mails and they are unable to stop people using them, what options do they have? One is to force manufacturers to introduce `back doors' into their encryption software, allowing the content of encrypted messages to be monitored routinely. This can be achieved by a system known as key escrow, in which copies of all private keys are handed over to a third party and can be accessed by government security agencies. The arguments for and against key escrow raged through the 1990s. Agencies such as the FBI argued that it would allow secure monitoring of communications with little disruption to normal Internet use. Civil-liberties groups campaigned against key escrow on privacy grounds, whereas computer scientists concentrated on practical flaws. Researchers in the field say that it is currently impossible to build a system that is secure enough to hold all of the private keys and guarantee that they could not be accessed by those intent on committing fraud or wreaking cyber-havoc. Particularly daunting are the human factors - ensuring that individuals working for the key-holding organizations cannot be bribed or otherwise manipulated into releasing keys. "It's all very well protecting bars of gold because at least you can see if they're gone in the morning," says Richard Clayton, who works in the computer security group at the . "But when you're talking about lots of numbers hidden on behalf of people and you can't even tell if they've been stolen, then you're talking about needing a very secure system indeed. We're just not capable of building such systems." Schneier agrees: "Stockpiling keys in one place over an extended time period is a huge risk just waiting for attack or abuse." Another problem with key escrow is that there is little commercial demand for encryption software that can be accessed at will by a third party - even in the name of national security. "It's not easy to demand that individuals use designated software," says Wenbo Mao, a researcher in the mathematics, cryptography and security group at Hewlett Packard's UK laboratories in Bristol. "There is no market demand for it." Computer security experts are concerned that legislation enforcing key escrow would make legitimate computer users wary of using encryption technology - rendering their systems more vulnerable to attack. With little incentive for software manufacturers to develop reliable key-escrow technology, the task falls to government agencies, which traditionally have kept this kind of research classified. But this approach is a problem, argues Mao - users have low confidence in a product that has not been subjected to widespread attempts to crack its codes. Indeed, the US government in the mid- 1990s abandoned attempts to introduce its own key-escrow scheme, based on a system known as `Clipper', after Blaze at AT&T exposed flaws soon after it was released." Government-certified systems developed behind closed doors would be a potential disaster," agrees Brian Gladman, a computer security consultant who formerly served as secure systems director with Britain's Ministry of Defence. Computer scientists thought that they had won these arguments - but now the world has been thrown into conflict, they are not so sure. "If encryption is used in issues such as terrorism, and there is no legal way that law enforcement has access, then that has to be an issue," says a spokeswoman for the British government's National Criminal Intelligence Service. Britain, in fact, last year passed a law that computer security experts point to as an example of the sort of legislation that might be proposed elsewhere in the current climate. The Regulation of Investigatory Powers Act, championed by Straw when he was home secretary, gives police wide-ranging powers to intercept e-mail traffic, and also allows them to force individuals to surrender their private decryption keys. Refusing to comply, or revealing that you have been asked to surrender your keys, can be punished with up to two years'imprisonment. Key questions These powers have not yet been invoked, so the impact of the law cannot be assessed. One problem is that the police must first show that seized private keys can be held securely. The scale of security needed for this more limited number of keys - which would not make such a tempting target - is not the same as that required for a full key- escrow system. But developing an appropriate system is still not easy. The British government admits that practicalities remain to be worked out, but says that it hopes to implement the law by the end of the year. Given this, many computer scientists argue that the focus should not be on restricting the use of encryption, but on encouraging the development of stronger security systems to protect computer infrastructure vital for national and economic security. To this end, President George W. Bush on 9 October appointed Richard Clarke, a former member of the National Security Council, to the post of special White House adviser for cyberspace security. "America built cyberspace and now it must defend cyberspace," Clarke said, in accepting the position. Clarke's position on cryptography remains unclear. But even if he doesn't reopen the debate on encryption, other politicians and officials are determined to do so. Computer scientists who oppose such moves, it seems, will be forced to do battle once again. from Nature, 2001-Oct-25, by Bruce Schneier: Protecting privacy and liberty The events of 11 September offer a rare chance to rethink public security. Appalled by the events of 11 September, many Americans have declared so loudly that they are willing to give up civil liberties in the name of security that this trade-off seems to be a fait accompli. Article after article in the popular media debates the `balance' of privacy and security - are various types of increase in security worth the consequent losses to privacy and civil liberty? Rarely do I see discussion about whether this linkage is valid. Security and privacy are not two sides of an equation. This association is simplistic and largely fallacious. The best ways to increase security are not at the expense of privacy and liberty. Giving airline pilots firearms, reinforcing cockpit doors, better authentication of airport maintenance workers, armed air marshals travelling on flights and teaching flight attendants karate are all examples of suggested security measures that have no effect on individual privacy or liberties. Security measures that reduce liberty are most often found when system designers fail to take security into account from the beginning. They're Band- Aids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedom. Take, as an example, securing a room. Option one: convert the room into an impregnable vault. Option two: put locks on the door, bars on the windows and alarms on everything. Option three: don't secure the room; instead, post a guard to record and check the identity of everyone entering. Option one is the best, but is unrealistic. No vault is impregnable, getting close would be extremely expensive, and turning a room into a vault greatly reduces its usefulness as a room. Option two is the realistic best, combining the strengths of prevention, detection and response to achieve resilient security. Option three is the worst, as it is far more expensive than option two, and the most invasive and easiest to defeat of all three options. It's also a sign of bad planning: designers built the room, and only then realized that they needed security. Rather than installing door locks and alarms, they take the quick way out and invade people's privacy. A more complex example is Internet security. Preventive countermeasures help significantly to protect sites against `script kiddies' but fail against smart attackers. Detection and response are key to providing security on the Internet. My company catches hackers all the time, by monitoring the audit logs of network products: firewalls, IDSs, routers, servers and applications. We don't eavesdrop on legitimate users, read mail or otherwise invade privacy. We monitor data about data, and find abuse that way. We detect yesterday's attacks by watching for their signatures, and tomorrow's by noticing and investigating anomalies. We can respond in time to thwart these attacks. This monitoring doesn't work automatically; it requires people to separate real attacks from false alarms, to investigate anomalies and to pursue attackers relentlessly. It's not perfect, but combined with preventive security products it is more effective, and more cost-effective, than anything else. There are strong parallels between Internet security and the real world. All criminal investigations look at surveillance records. The lowest-tech version of this is questioning witnesses. In the current investigation, the FBI is looking at airport videotapes, airline passenger records, flight-school class records and financial records. The effectiveness of the investigation is directly related to the quality of the examination. Some criminals and terrorists are copycats, who do what they've seen done before. To a large extent, this is what hastily implemented security measures try to prevent. But others invent new methods, as we saw on 11 September. We can build security to protect against yesterday's attacks, but we can't guarantee protection against tomorrow's: the hacker attack that hasn't been invented, or the terrorist attack still to be conceived. Demands for even more surveillance miss the point. The problem is not obtaining data, it's deciding which are worth analysing and interpreting. Everyone leaves an audit trail through life; the FBI quickly pieced together the terrorists' identities once it knew where to look. More data can even be counterproductive. The National Security Agency and the CIA have been criticized for relying too much on signals intelligence, and not enough on human intelligence. The East German police collected data on four million people, yet they did not foresee the overthrow of the government because they invested heavily in data collection instead of interpretation. We need more intelligence agents on the ground in the Middle East debating the Koran, not sitting in Washington arguing about wiretapping laws. People are willing to give up liberties for vague promises of security because they think they have no choice. What they're not being told is that they can have both. It would require us to discard the easy answers. It would require designers to build security into systems from the beginning instead of tacking it on at the end. It would require the structuring of incentives to improve overall security rather than simply decreasing its costs. And it would make us all more secure. Some broad surveillance, in limited circumstances, might be warranted as a temporary measure. But surveillance should not be designed into our electronic infrastructure. As the saying popularized by Thomas Jefferson goes: "Eternal vigilance is the price of liberty." Historically, liberties have always been a casualty of war, but a temporary casualty. This war - a war without a clear enemy or end condition - has the potential turn into a permanent state of society. We need to design our security accordingly. Bruce Schneier is at Counterpane Internet Security, 19050 Pruneridge Ave, Cupertino, California 95014, USA. This is an edited version of an article in Crypto-Gram at www.counterpane.com. from Wired, 2001-Oct-17, by Declan McCullagh with Ben Polen contributing: Senator Backs Off Backdoors WASHINGTON -- Sen. Judd Gregg has abruptly changed his mind and will no longer seek to insert backdoors into encryption products. A spokesman for the New Hampshire Republican said Tuesday that Gregg has "no intention" of introducing a bill to require government access to scrambled electronic or voice communications. "We are not working on an encryption bill and have no intention to," spokesman Brian Hart said in an interview. Two days after the Sept. 11 attacks, Gregg strode onto the Senate floor and called for a global prohibition on data-scrambling products without backdoors for government surveillance. Gregg said that quick action was necessary "to get the information that allows us to anticipate and prevent what occurred in New York and in Washington." A few days later, Gregg told the Associated Press that he was preparing legislation "to give our law enforcement community more tools" to unscramble messages in hopes of fighting terrorists. Gregg received support from defense hawks, conservative columnists and some newspapers, and even a poll conducted by Princeton Survey Research Associates for Newsweek magazine. The poll asked: "Would you favor reducing encryption of communications to make it easier for the FBI and CIA to monitor the activities of suspected terrorists -- even if it might infringe on people's privacy and affect business practices?" Fifty-four percent of those polled answered "yes," and 72 percent said anti- encryption laws would be "somewhat" or "very" helpful in thwarting similar terrorist attacks. Complicating the debate were conflicting reports about whether the Internet- savvy terrorists who attacked the World Trade Center and the Pentagon used encryption. Citing unnamed sources, Reuters reported "the hijackers did not use encryption," while WorldNetDaily claimed they did. "There will be some point in the future where a criminal or terrorist uses encryption to pull off a horrific crime," says Mike Godwin, a policy fellow with the Center for Democracy and Technology. "What we have to ultimately recognize is that we're safer from those criminals if we have those encryption tools than we would be if we didn't have them." In response to then-FBI director Louis Freeh's entreaties, a House committee in 1997 approved a bill that would have banned the manufacture, distribution or import of any encryption product that did not include a backdoor for the federal government. The full House never voted on that measure. Many cryptographers and legal scholars believed that following a catastrophic terrorist attack, the U.S. Congress would move swiftly to impose backdoors on anyone manufacturing or distributing encryption products -- a requirement that would not only hamstring American firms, but wreak havoc in the open-source world. In a 1995 law review article, University of Miami law professor Michael Froomkin foresaw that possibility. He wrote: "In the wake of a great crime, perhaps by terrorists or drug cartels -- the detection of which could plausibly have been frustrated by encryption -- that which today looks clearly unconstitutional might unfortunately appear more palatable." "I've never been happier to be wrong," Froomkin said Tuesday. Froomkin said there may be a greater awareness among politicians of encryption's double-edged sword: It can cloak the communications of criminals, but shield the Internet from miscreants. "I think if they put a crypto provision in this bill, it would have passed," Froomkin said. "Look at what the administration got." Froomkin was talking about additional eavesdropping and surveillance powers requested by the Bush administration, which the Senate and the House overwhelmingly voted for last week. That bill is called the USA Act (PDF). After Gregg's floor speech following the Sept. 11 attacks, crypto-buffs mobilized to oppose laws limiting encryption. Rob Carlson, who organized an emergency meeting of activists the following weekend at the University of Maryland, said he's relieved to hear Gregg appears to have changed his mind. "I'm glad to hear it's gone. Whether or not it's true is another matter," Carlson said. "(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again." from the Associated Press, 2001-Sep-21: Gregg wants codes, secrets unscrambled CONCORD — Computer software companies would have to install a backdoor for law enforcement agencies to unscramble secret messages on phones, e- mails and other communications used by suspected terrorists under a proposal by U.S. Sen. Judd Gregg, R-N.H. “We are in a new world and we have to give our law enforcement community more tools,” Gregg said yesterday. “We’re blind . . . as to what these people want to do to us,” he added. “We need this information.” Some investigators say suspected terrorist Osama bin Laden has used scrambled messages, steganography — a complex digital masking technology to send photos over the Internet bearing hidden messages — and pornography Web sites to communicate with collaborators. If investigators are given the technological capability to intercept these messages, they may have a better chance of anticipating events similar to the terrorist attacks in New York and Washington on Sept. 11, Gregg said. He pointed out that before the attacks, former FBI Director Louis Freeh identified encryption capability as the greatest problem the agency faced. But critics of Gregg’s proposal are unimpressed. David Sobel, general counsel of the Washington-based Electronic Privacy Information Center, noted it’s an old issue and lawmakers have rejected similar measures. “If the argument is that terrorists are currently using encryption technology passing a law is not going to take that technology out of their hands,” he said. Some critics point to reports that bin Laden purposely shunned communications technologies to stymie efforts to track him — relying instead on messengers and close-knit groups such as family members. “I think the senator is wasting his time,” said Richard Smith, chief technology officer of the Privacy Foundation, a Denver-based non-profit that researches privacy issues. “I don’t think encryption is used that much. It’s just a minor issue in the scheme of things.” Critics also say the measure would infringe on individual privacy. Claire Ebel, director of the New Hampshire Civil Liberties Union, compared the proposal to allowing the government to open any sealed letter addressed to anyone in the country. Although the average person doesn’t send encrypted e-mail messages, it is a widespread security means used by businesses and when citizens make Internet transactions with their credit cards, experts say. Gregg, who is still drafting the measure, stresses it would be used cautiously. Police agencies could access encryption keys only with permission from a quasi- judicial commission appointed by the U.S. Supreme Court, and their requests would be subject to search and seizure standards, he said. Gregg’s goal is to make it mandatory for U.S. companies to provide law enforcement agencies a backdoor to decode messages. As for foreign companies, the U.S. should use its marketplace power to insist that international businesses comply with those requirements, he said. Gene Poteat, president of the Association of Former Intelligence Officers, said he hopes the recent attacks will provide the impetus to move the bill forward. He believes the measure is necessary to fight terrorism. “We don’t want to give up our Constitutional rights and freedoms,” he said. “But I want my children to be safe.” from CNET via MSNBC, 2001-Sep-18, by Wendy McAuliffe: Americans back encryption controls 72 percent say new laws could help prevent repeat of attacks LONDON, Sept. 18 - A poll in the United States has found widespread support for a ban on "uncrackable" encryption products, following proposals in Congress to tighten restrictions on software that scrambles electronic data. The survey found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C. The poll, conducted by Princeton Survey Research Associates on Sept. 13 and 14, reveals that the question of banning encryption tools without "backdoors" for government interception is under serious debate in the United States. Congress was quick to blame sophisticated encryption methods for the massive intelligence failure last week and is proposing that government officials should have backdoor access to encryption products to aid national security. The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers. Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future. But privacy groups have accused Congress of political and economic opportunism-influencing public opinion while the nation is still coming to terms with last week's unprecedented events. "No one should ever trust figures collected in the aftermath of a disaster; people are confused and emotional and will be led easily by imagery," said Simon Davies, director of human-rights group Privacy International. "It would be extremely irresponsible to shape public policy in response to a tragedy." In the United Kingdom, the Home Office is scheduled this winter to enforce the final stages of the Regulation of Investigatory Powers Act (RIPA), which will grant law enforcement the power to demand decryption keys from the place where data is encrypted. Privacy groups are concerned that Britain's enthusiasm for a unilateral global approach toward surveillance could re-energize the key escrow debate. Key escrow is a controversial mechanism whereby individuals and businesses must lodge a decryption key with a government-appointed body in case law- enforcement officials need to decrypt the data. "I expect that the U.K. government will do everything in its power to claw back the ground that they lost in the public debate over RIPA," Davies said. "If it means subverting and amending legislation, the Home Office will propose this, and it will go through Parliament on the nod. Such a move would be a travesty and subvert the democratic process." from the New York Times, 2001-Sep-15, by Robin Toner: Some Foresee a Sea Change in Attitudes on Freedoms WASHINGTON, Sept. 14 - The political pressure to do something - anything - to ensure that there is never a repeat of this week's terrorist attacks is immense on Capitol Hill. And civil liberties advocates are watching with quiet concern. Across the political spectrum, lawmakers are arguing that the United States has entered a new and more dangerous era that demands heightened security measures, including armed guards on commercial airliners and greater surveillance powers for federal agents. Senator Trent Lott, the Republican leader, declared the day after the attacks: "When you are at war, civil liberties are treated differently. We cannot let what happened yesterday happen in the future." The attitude shift is not confined to conservative Republicans. Representative , Democrat of Massachusetts, said, "The general assumption in this country is freedom and individual privacy." But he added, "When conditions turn adverse, you respond to them." In his case, Mr. Frank said, "I think I will be more supportive of more freedom for electronic surveillance than I was before, and I think more of an armed presence on airplanes." Civil liberties groups, while initially muted as the nation grieved, were just beginning to voice their concerns today. "It's very important at a time of crisis to reaffirm national principles, national ideals," said Marc Rotenberg, director of the Electronic Privacy Information Center. "I certainly understand the sense of frustration and tragedy - my own family has been touched by what's happened this week - but it would be an enormous cost to severely limit American freedoms." Some advocates were dismayed by a proposal the Senate approved on Thursday night that would, among other things, make it easier for federal law enforcement to wiretap computers. Senator Jon Kyl, Republican of Arizona, who is a member of the Senate Intelligence Committee, declared: "We are in a race to the finish line with agents of terror. Will we enhance our security and defenses before they are able to strike again?" But Barry Steinhardt, associate director of the American Civil Liberties Union, said today, "This amendment proposes significant and dangerous changes to our wiretapping laws and should not have been adopted literally in the middle of the night without debate or scrutiny." Civil liberties groups are also concerned about ideas like expanding use of face- recognition technology, which allows security cameras tied to computers to search a crowd for criminals. Representative Martin T. Meehan, Democrat of Massachusetts, said: "I don't think we've done a good enough job in this country utilizing the technology available, like facial recognition technology. We need to make greater investments there." Mr. Meehan, who was interviewed while the Capitol was being evacuated on Thursday night, also felt that the nation's attitudes had fundamentally changed after the attacks. "Given this unspeakable act, Americans will tolerate some restraint on their liberties for the sake of security," he said. And polling suggests that they are more than willing to make that tradeoff. With many of these proposals, like face-recognition systems, "we have to really reflect on how much we value privacy," said Walter Dellinger, who served as acting solicitor general in the Clinton administration. "With terrorism, our only defense might be infiltration and surveillance," Mr. Dellinger said, "so we're going to have to choose between security and privacy." To monitor such proposals from both Congress and the administration in the coming months, a new coalition of civil rights, civil liberties, religious and other organizations is beginning to form, advocates said. Already, such groups were sounding the alarm about the possibility of a backlash and discrimination against Arab-Americans. In part, such fears are a reaction to history. "We know what happened post- Pearl Harbor; we know what happens when you have these national security situations," said Ralph Neas, president of People for the American Way, a liberal rights group, recalling the wartime relocation and internment of Japanese- Americans after the 1941 attack. "Many times," Mr. Neas said, "there are overreactions, not based on fact or careful analysis, that lead to a violation of the Constitution." from Wired Magazine, 2001-Sep-13, by Declan McCullagh: Congress Mulls Stiff Crypto Laws WASHINGTON -- The encryption wars have begun. For nearly a decade, privacy mavens have been worrying that a terrorist attack could prompt Congress to ban communications-scrambling products that frustrate both police wiretaps and U.S. intelligence agencies. Tuesday's catastrophe, which shed more blood on American soil than any event since the Civil War, appears to have started that process. Some politicians and defense hawks are warning that extremists such as Osama bin Laden, who U.S. officials say is a crypto-aficionado and the top suspect in Tuesday's attacks, enjoy unfettered access to privacy-protecting software and hardware that render their communications unintelligible to eavesdroppers. In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance. "This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," Gregg said, according to a copy of his remarks that an aide provided. President Clinton appointed an ambassador-rank official, David Aaron, to try this approach, but eventually the administration abandoned the project. Gregg said encryption makers "have as much at risk as we have at risk as a nation, and they should understand that as a matter of citizenship, they have an obligation" to include decryption methods for government agents. Gregg, who previously headed the appropriations subcommittee overseeing the Justice Department, said that such access would only take place with "court oversight." Gregg, the GOP's chief deputy whip, predicted that without such a requirement, "the quantum leap that has occurred in the capacity to encrypt information" will frustrate the U.S. government's efforts to preserve the safety of Americans. Gregg's speech comes at a time when privacy and national security, long at odds, had reached an uneasy detente. In response to business pressure and the reality of encryption embedded into everything from Linux to new Internet protocols, the Clinton administration dramatically relaxed -- but did not remove -- regulations intended to limit its use and dissemination. Janet Reno, Clinton's attorney general, said in September 1999 that the new regulations struck a reasonable balance between privacy and security. "When stopping a terrorist attack or seeking to recover a kidnapped child, encountering encryption may mean the difference between success and catastrophic failures," Reno said at a White House briefing. "At the same time, encryption is critically important for protecting our privacy and our security." Now the balance has abruptly shifted -- and new laws that were unthinkable just three days ago are, suddenly, entirely plausible. As a measure of how suddenly the political winds have shifted from business to national security, consider this: Gregg recently has won 100 percent ratings from the National Federation of Independent Business and the U.S. Chamber of Commerce. An Associated Press dispatch on Thursday, written by Dafna Linzer, reports: "These days, terrorists can download sophisticated encryption software on the Internet for free, making it increasingly difficult to tap into their communications." The Los Angeles Times, in an article by Charles Piller and Karen Kaplan, predicted "calls for new restrictions on software encryption." Frank Gaffney, head of the Center for Security Policy, a hawkish think tank that has won accolades from all recent Republican presidents, says that this week's terrorist attacks demonstrate the government must be able to penetrate communications it intercepts. "I'm certainly of the view that we need to let the U.S. government have access to encrypted material under appropriate circumstances and regulations," says Gaffney, an assistant secretary of defense under President Reagan. Gaffney said that he's unsure, however, if a global encryption-restriction regime is wise: "I'm not sure if I'm in favor of trying to foster an international regime whereby hostile goverments, or for that matter governments that may not be hostile at the moment but may be hostile in the future, can take advantage of backdoors." Instead of privacy being in the minds of legislators, as it was until Tuesday, domestic security concerns have become paramount. The four hijacked airplanes and the disasters they created have abruptly returned the debate on Capitol Hill to where it was years ago, when FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use. "We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh told the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices." He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult." In response to the FBI director's entreaties, a House committee in 1997 approved a bill that would have banned the manufacture, distribution, or import of any encryption product that did not include a backdoor for the federal government. The full House never voted on that measure. Another Clinton administration initiative was the Clipper Chip, a cryptographic device that included both a data-scrambling algorithm and a method for certain goverment officials to decode intercepted, Clipper-encoded communications. After a public outcry, the federal government eventually abandoned its plans to try to convince American businesses to build Clipper-enabled products. Gregg, in his speech Thursday, said that the kind of court oversight Clipper was intended to have would let "our people have the technical capability to get the keys to the basic encryption activity." It's far too early to know how serious foes of encryption are, what kind of a hearing business and privacy lobbyists will receive on Capitol Hill, and whether Democratic and Republican leaders will encourage or discourage Gregg's approach. But some of encryption's brightest lights are already worrying about the effect of Draconian new laws and regulations. In a post to a cryptography mailing list that he moderates, Perry Metzger wrote: "Cryptography must remain freely available to all." "In coming months, politicians will flail about looking for freedoms to eliminate to 'curb the terrorist threat.' They will see an opportunity to grandstand and enhance their careers, an opportunity to show they are 'tough on terrorists,'" wrote Metzger, president of Wasabi Systems of New York City. "We must remember throughout that you cannot preserve freedom by eliminating it." During the early and mid 1990s, when e-mail was a rarity and good encryption programs even more scarce, it was easy for encryption's proponents to argue that terrorists and other malcontents were not cloaking their communications. Now, with readily available applications like hushmail.com and PGP, crypto buffs are left with one less argument than before. Matt Blaze, the AT&T Research scientist who was a chief critic of Clipper, said in an essay this week that: "I believed then, and continue to believe now, that the benefits to our security and freedom of widely available cryptography far, far outweigh the inevitable damage that comes from its use by criminals and terrorists." Wrote Blaze: "I believed, and continue to believe, that the arguments against widely available cryptography, while certainly advanced by people of good will, did not hold up against the cold light of reason and were inconsistent with the most basic American values." In an open letter this week, cypherpunk co-founder Eric Hughes offered a public plea not to restrict privacy or anonymity -- such as that offered by anonymous remailers -- in an attempt to preserve national security. "We will find that there are internal champions of liberty that have without conspiracy or knowledge furthered the plans of our opponents, who have taken advantage of the liberties that America offers all who enter her shores," Hughes predicted. from Wired Magazine, 2001-Feb-7, by Declan McCullagh: Bin Laden: Steganography Master? WASHINGTON -- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet. So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message- scrambling techniques to evade law enforcement. USA Today reported on Tuesday that bin Laden and others "are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other websites, U.S. and foreign officials say." The technique, known as steganography, is the practice of embedding secret messages in other messages -- in a way that prevents an observer from learning that anything unusual is taking place. Encryption, by contrast, relies on ciphers or codes to scramble a message. The practice of steganography has a distinguished history: The Greek historian Herodotus describes how one of his cunning countrymen sent a secret message warning of an invasion by scrawling it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank. Both Axis and Allied spies during World War II used such measures as invisible inks -- using milk, fruit juice or urine which darken when heated, or tiny punctures above key characters in a document that form a message when combined. Modern steganographers have far-more-powerful tools. Software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files, that are sent to a recipient. The software usually works by storing information in the least significant bits of a digitized file -- those bits can be changed without in ways that aren't dramatic enough for a human eye or ear to detect. One review, of a graphical image of Shakespeare before and after a message was inserted, showed JPEG files that appeared to have no substantial differences. Steghide embeds a message in .bmp, .wav and .au files, and MP3Stego does it for MP3 files. One program, called snow, hides a message by adding extra whitespace at the end of each line of a text file or e-mail message. Perhaps the strangest example of steganography is a program called Spam Mimic, based on a set of rules, called a mimic engine, by Disappearing Cryptography author Peter Wayner. It encodes your message into -- no kidding -- what looks just like your typical, quickly deleted spam message. So if steganography is so popular, is there anything the feds can do about it? Some administration critics think the FBI and CIA are using potential terrorist attacks as an attempt to justify expensive new proposals such as the National Homeland Security Agency -- or further restrictions on encryption and steganography programs. The Clinton administration substantially relaxed -- but did not remove -- regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins. One thing's for certain: All of a sudden, the debate in Washington seems to be heading back to where it was in 1998, before the liberalization. "I think it's baloney," says Wayne Madsen, a former NSA analyst and author. "They come out with this stuff. I think it's all contrived -- it's perception management." Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use. "We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices." He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult." But Freeh never complained about steganography -- at least when the committee met in open session. Some of the more hawkish senators seemed to agree with the FBI director, a former field agent. "I think the terrorist attacks against United States citizens really heighten your concern that commercial encryption products will be misused for terrorist purposes," said Sen. Dianne Feinstein (D-Calif). Sen. Jon Kyl (R-Ariz) added he was concerned about "the sophistication of the terrorists, the amount of money they have available (and) their use of technology like encryption." In March 2000, Freeh said much the same thing to a Senate Judiciary subcommittee headed by Kyl. He echoed CIA Director George Tenet's earlier remarks, saying: "Hizbollah, HAMAS, the Abu Nidal organization and Bin Laden's al Qa'ida organization are using computerized files, e-mail and encryption to support their operations." from Wired Magazine, 2001-Sep-14, by Declan McCullagh: Senate OKs FBI Net Spying WASHINGTON -- FBI agents soon may be able to spy on Internet users legally without a court order. On Thursday evening, two days after the worst terrorist attack in U.S. history, the Senate approved the "Combating Terrorism Act of 2001," which enhances police wiretap powers and permits monitoring in more situations. The measure, proposed by Orrin Hatch (R-Utah) and Dianne Feinstein (D- California), says any U.S. attorney or state attorney general can order the installation of the FBI's Carnivore surveillance system. Previously, there were stiffer restrictions on Carnivore and other Internet surveillance techniques. Its bipartisan sponsors argue that such laws are necessary to thwart terrorism. "It is essential that we give our law enforcement authorities every possible tool to search out and bring to justice those individuals who have brought such indiscriminate death into our backyard," Hatch said during the debate on the Senate floor. Thursday's vote comes as the nation's capital is reeling from the catastrophes at the World Trade Center and the Pentagon, and politicians are vowing to do whatever is necessary to preserve the safety of Americans. This week, Sen. Judd Gregg (R-New Hampshire) called for restrictions on privacy-protecting encryption products, and Carnivore's use appears on the rise. In England, government officials have asked phone companies and Internet providers to collect and record all their users' communications -- in case the massive accumulation of data might yield clues about Tuesday's terrorist attacks. Under the Combating Terrorism Act, prosecutors could authorize surveillance for 48-hour periods without a judge's approval. Warrantless surveillance appears to be limited to the addresses of websites visited, the names and addresses of e-mail correspondents, and so on, and is not intended to include the contents of communications. But the legislation would cover URLs, which include information such as what Web pages you're visiting and what terms you type in when visiting search engines. Circumstances that don't require court orders include an "immediate threat to the national security interests of the United States, (an) immediate threat to public health or safety or an attack on the integrity or availability of a protected computer." That covers most computer hacking offenses. During Thursday's floor debate, Sen. Patrick Leahy (D-Vermont), head of the Judiciary committee, suggested that the bill went far beyond merely thwarting terrorism and could endanger Americans' privacy. He also said he had a chance to read the Combating Terrorism Act just 30 minutes before the floor debate began. "Maybe the Senate wants to just go ahead and adopt new abilities to wiretap our citizens," Leahy said. "Maybe they want to adopt new abilities to go into people's computers. Maybe that will make us feel safer. Maybe. And maybe what the terrorists have done made us a little bit less safe. Maybe they have increased Big Brother in this country." By voice vote, the Senate attached the Combating Terrorism Act to an annual spending bill that funds the Commerce, Justice and State departments for the fiscal year beginning Oct. 1, then unanimously approved it. Since the House has not reviewed this version of the appropriations bill, a conference committee will be created to work out the differences. Sen. Jon Kyl (R-Arizona), one of the co-sponsors, said the Combating Terrorism Act would give former FBI Director Louis Freeh what he had lobbied for years ago: "These are the kinds of things that law enforcement has asked us for. This combination is relatively modest in comparison with the kind of terrorist attack we have just suffered." "Experts in terrorism have been telling us for a long time and the director of the FBI has been telling us (to make) a few changes in the law that make it easier for our law enforcement people to do their job," Kyl said. It's unclear what day-to-day effects the Combating Terrorism Act would have on prosecutors and Internet users. Some Carnivore installations apparently already take place under emergency wiretap authority, and some civil liberties experts say part of this measure would give that practice stronger legal footing. "One of the key issues that have surrounded the use of Carnivore is being addressed by the Senate in a late-night session during a national emergency," says David Sobel, general counsel of the Electronic Privacy Information Center. A source close to the Senate Judiciary committee pointed out that the wording of the Combating Terrorism Act is so loose -- the no-court-order-required language covers "routing" and "addressing" data -- that it's unclear what its drafters intended. The Justice Department had requested similar legislation last year. "Nobody really knows what routing and addressing information is.... If you're putting in addressing information and routing information, you may not just get (From: lines of e-mail messages), you might also get content," the source said. The Combating Terrorism Act also expands the list of criminal offenses for which traditional, court-ordered wiretaps can be sought to explicitly include terrorism and computer hacking. Other portions include assessing how prepared the National Guard is to respond to weapons of mass destruction, handing the CIA more flexibility in recruiting informants and improving the storage of U.S. "biological pathogens." from Wired Magazine, 2001-Sep-12, by Declan McCullagh: Anti-Attack Feds Push Carnivore WASHINGTON -- Federal police are reportedly increasing Internet surveillance after Tuesday's deadly attacks on the World Trade Center and the Pentagon. Just hours after three airplanes smashed into the buildings in what some U.S. legislators have dubbed a second Pearl Harbor, FBI agents began to visit Web- based, e-mail firms and network providers, according to engineers at those companies who spoke on condition of anonymity. An administrator at one major network service provider said that FBI agents showed up at his workplace on Tuesday "with a couple of Carnivores, requesting permission to place them in our core, along with offers to actually pay for circuits and costs." The person declined to say for publication what the provider's response was, "but a lot of people" at other firms were quietly going along with the FBI's request. "I know that they are getting a lot of 'OKs' because they made it a point to mention that they would only be covering our core for a few days, while their 'main boxes were being set up at the Tier 1 carriers' -- scary," the engineer said. The FBI's controversial Carnivore spy system, which has been renamed DCS1000, is a specially configured Windows computer designed to sit on an Internet provider's network and monitor electronic communications. To retrieve the stored data, an agent stops by to pick up a removable hard drive with the information that the Carnivore system was configured to record. Microsoft's Hotmail service has also been the target of increased federal attention, according to an engineer who works there. "Hotmail officials have been receiving calls from the San Francisco FBI office since mid-(Tuesday) morning and are cooperating with their expedited requests for information about a few specific accounts," the person said. "Most of the account names start with the word 'Allah' and contain messages in Arabic." By Tuesday evening, nearly 12 hours after the twin attacks that crippled Manhattan and left Washington deserted by mid-afternoon, it was unclear who was responsible. The Washington Post, citing anonymous government sources, reported that former Saudi businessman Osama bin Laden appears to be the prime suspect. In February, U.S. officials claimed that bin Laden had turned to data-hiding steganography software to conceal communications with his operatives by means of public websites. In Washington, use of data-scrambling encryption software is also frequently mentioned in conjunction with terrorists. "Uncrackable encryption is allowing terrorists Hamas, Hezbollah, al-Qaida and others to communicate about their criminal intentions without fear of outside intrusion," then-FBI Director Louis Freeh told a Senate panel last year. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Those comments, and the prospect of congressional reaction to Tuesday's terrorist attacks, have prompted some civil libertarians to fret about possible domestic regulation of encryption products. A few years ago, one House committee approved a bill that would have banned any encryption product without a back door entrance for the federal government. By Tuesday afternoon, at least one NBC affiliate had interviewed defense expert Jim Dunnigan, who warned that "PGP and Internet encryption" would be blamed for the attacks. "Those of us who value our liberty, even in the face of danger, will need to be vigilant in the days to come," says Thomas Leavitt, an online activist who co- founded Webcom. Other civil libertarians say it's a mistake to believe that the U.S. government will overreact to Tuesday's disasters. Marc Rotenberg of the Electronic Privacy Information Center said he believes that the better approach is to argue that the U.S. must not allow a terrorist attack on our form of open government to succeed. It's too early to tell whether he's right or not, but by late Tuesday, operators of anonymous remailers were already so worried about being conduits for terrorist communications -- or being blamed for the communications, rightly or wrongly -- that they pulled the plug. Operator Len Sassaman said in a post to a remailer-operators list: "I don't want to get caught in the middle of this. I'm sorry. I'm currently unemployed and don't have the resources to defend myself. At this point in time, a free-speech argument will not gain much sympathy with the Feds, judges and general public." Remailers forward messages but remove the originating information, so that the resulting e-mail is anonymized. They customarily don't keep logs, so if the system works as designed, it should be nearly impossible for anyone to find who sent the message. from the Los Angeles Times, 2001-Sep-12, by Charles Piller and Karen Kaplan: Officials Call for More Net Security But technical experts say new surveillance efforts would not deter terrorism because of the high level of encryption. Politicians and policymakers on Tuesday called for the broader use of technology to flag terrorism attacks. But technical experts said increased monitoring of Internet messages and data would do little to deter terrorist attacks because sophisticated encryption technology already makes their messages unreadable. "The idea that we can magically install technology to prevent [terrorism] is the wrong way to think," said Bruce Schneier, chief technology officer of Counterpane Internet Security in San Jose, and a noted cryptographer. "You can't eavesdrop on everybody--it doesn't work, you don't have the resources." But in Washington, the former chairman of the Senate Select Committee on Intelligence expressed strong support Tuesday for modernizing the National Security Agency, the federal agency that conducts most of the nation's electronic spying. "We've got to modernize the NSA," said Sen. Richard C. Shelby (R-Ala.), the ranking Republican on the Senate Select Committee on Intelligence. "The NSA used to be on the cutting edge of technology. A lot of people think they've fallen way behind." Rep. Christopher Cox (R-Newport Beach), chairman of the House Select Committee on National Security, said he would not support draconian new surveillance efforts. "Frisking everyone on the planet to find the one person with the weapon is a high-cost, low-yield way to go. That's a fair analogy to searching through everyone's e-mail," Cox said. "Not only do such schemes threaten civil liberties, they are such scattershot approaches that they're bound to fail. . . . The notion that we can reorganize every aspect of civil society to protect against terrorism is fool's gold." Rep. Bob Stump (R-Ariz.), chairman of the House Armed Services Committee, urged more emphasis on developing spy networks. "We can listen to anybody around the world talking on the phone that we want to. [But] we can't penetrate these groups," he said. "We've said for a long time that we've been short on human intelligence." Civil libertarians found such sentiments reassuring, but predicted there would be pressure to implement more Big Brother-style technological responses. This could include calls for new restrictions on software encryption, and the increased use of biometric monitors in public places. Biometrics precisely measure physical characteristics--such as facial contours or eye color--as a means of positively identifying individuals. But the mass use of such methods has proved unreliable, according to experts. At the 2001 Super Bowl in Tampa last January, about 100,000 fans were scanned by secret cameras to snare criminals in the crowd. "To these systems . . . one out of every 50 people looks like [the infamous terrorist] Carlos the Jackal," Jim Wayman, a biometrics expert at San Jose State University, said at the time. "And the real Carlos has only a 50% chance of looking like himself." Wholesale biometric screening also has been criticized as a threat to personal privacy. "When you have a national catastrophe, there's a very quick and swift reaction to try and give lots of security at the expense of civil liberties," said Shari Steele, executive director of the Electronic Frontier Foundation in San Francisco. "There has always been a tension between security and freedoms." from Newsweek online via MSNBC, 2001-Sep-11, by Steven Levy: Did Encryption Empower These Terrorists? And would restricting crypto have given the authorities a change to stop these acts? Sept. 11 - "Well, I guess this is the end now. . . ." So wrote the first Netizen to address today's tragedy on the popular discussion group, sci.crypt. The posting was referring what seems like an inevitable reaction to the horrific terrorist act: an attempt to roll back recent relaxations on encryption tools, on the theory that cryptography helped cloak preparations for the deadly events. But the despondency reflected in the comment can be applied more generally. The destruction of the World Trade Center and the attack on the Pentagon comes at a delicate time in the evolution of the technologies of surveillance and privacy. In the aftermath of September 11, 2001, our attitude toward these tools may well take a turn that has profound implications for the way individuals are monitored and tracked, for decades to come. The first issue on the docket will be the fate of tools that enable citizens to encrypt their e-mail, documents and phone conversations as they zip through cyberspace and the ether. Over the past decades there have been heated debates over whether this technology should be restricted-as it can clearly benefit wrong-doers as well as businesspeople and just plain average people. The prime government argument in favor of restrictions invoked the specter of precisely this kind of atrocity. Quite literally, it was the fear of "another World Trade Center" that led the Clinton administration in the 1990s to propose a system whereby people could encode their e-mails and conversations, but also provide the Feds with a "back-door" means of access. Now that those fears have come to pass, it's fair to ask those who lionized crypto as a liberating tool to face a tough question: Did encryption empower these terrorists? And would restricting crypto have given the authorities a chance to stop these acts? The answer to the first question is quite possibly yes. We do know that Osama Bin Laden, who has been invoked as a suspect, was a sophisticated consumer of crypto technology. In the recent trial over the bombing of the Libyan embassy, prosecutors introduced evidence that Bin Laden had mobile satellite phones that used strong crypto. Even if Bin Laden was not behind it, the acts show a degree of organization that indicates the terrorists were smart enough to scramble their communications to make them more difficult, if not impossible, to understand. If not for encryption, notes former USAF Col. Marc Enger (now working for security firm Digital Defense) "they could have used steganography [hiding messages between the pixels of a digital image] or Web anonymizers [which cloak the origin of messages]." But that doesn't mean that laws or regulations could have denied these tools to the terrorists. After all, many of the protocols of strong cryptography are in the public domain. Dozens of programs were created overseas, beyond the control of the U.S. Congress. The government used to argue that allowing crypto to proliferate, particularly to the point of being built into popular systems made by Microsoft or AOL, would empower even stupid criminals. But these were sophisticated terrorists, not moronic crooks. Before September 11, commercial interests, privacy advocates and most in the government had reached a sort of common ground, balancing high-tech with threats. Cryptography was regarded as a fact of life, one with some benefit to national secruity as well as risks. (In an age of Info-Warfare, we are the most vunerable nation, and cryptography can help secure our infrastructure.) Intelligence agencies could make up for the difficulties that crypto creates for them by several means, including heightened work in codebreaking, more use of "human assets" (spies), and-most of all-taking advantage of the bounty of new information that the telecom revolution has forced out into the open. E-mail, pagers, faxes, cell phones, Blackberries, GPS systems, Web cookies-every year another device or system seems to emerge to expose information to eavesdroppers. Even if terrorists encrypt content on some of those tools, simply tracking who talks to whom, and measuring the volume of messages, can yield crucial intelligence. (Indeed, this form of "traffic analysis" did produce evidence that was used in the Embassy bombing trial.) The challenge to our spy agencies- one tragically not met this time around-is to use those means to compensate for whatever information might have been lost to encryption. Beyond the crypto issue are a raft of controversies involving other technologies of surveillance. Before this attack, there was a general feeling that we would see legislation to protect privacy on the Web and perhaps limit tools that threatened civil liberties. Some feared that face-scanning devices like the one used at the last Super Bowl can track individuals as they move from one publicly mounted surveillance camera to another. There was criticism directed toward the FBI's "Carnivore" device, capable of scooping up massive numbers of e-mails from Internet service providers. There was concern over Web bugs that tracked people's movements on the Internet. There were objections to the Department of Justice's scheme to insure that cell phones were also tracking devices, presumably to aid 911 services, but potentially becoming homing devices to follow our roamings. Until today, a pro-privacy consensus was building. Will those concerns be set aside in the rush to do something-anything-to assure ourselves that we can prevent another September 11, 2001? Privacy advocate Richard Smith anticipates big changes in airport security, but not necessarily a reboot on overall privacy outlook. "Those types of restrictions just don't work against people like [these terrorists]," he says. Let's hope that he's right-that wisdom and courage, and not fear, dictates future policy. Otherwise, the legacy of this terrible day may become even more painful. from PRIVACY Forum Digest 08.07 1999-May-4, by Dick Mills:

Date: Mon, 19 Apr 1999 20:55:04 -0400 From: Dick Mills Subject: Activism Without Principles is Futile As I read the most recent issue, PRIVACY Forum Digest Volume 08 : Issue 06, I was struck by the repetitive nature of the privacy gripes. They follow a common theme. We have a laudable motive for intrusion that must be "balanced" with a privacy interest. Because there can never be unanimity about laudability, balances are always compromises. I'm sick and tired of balancing my privacy. Thousands of times per year we balance away some tiny bit of it. After a long time, big mountains are eroded to molehills, one grain of sand at a time. If our approach to protecting privacy is to strike balance after balance, the end result is inevitable. We loose. In the USA, our primary claim to a legal right to privacy comes from Warren and Brandeis' famous 1890 essay. But their concept of "reasonable expectation of privacy" is deficient. What is reasonable to expect today is less than it was in 1890, and it will be still less tomorrow and the day after that. Reasonable expectation is a slippery and increasingly steep slope. The slide down is a one way trip. Every time one of us says, "Because of your laudable motives, I approve of your intrusion of someone else's privacy," we lower the bar of reasonable expectation another notch. Laudable motives are seldom considered justification to encroach upon the rights of speech or religion. We consider those rights absolute, not relative. We try to hold them inviolate. Are there no inviolate principles of privacy? If privacy activism is worthwhile, then we must foresee the point where the general erosion of privacy will bottom out and perhaps rebound. If that's not reasonably foreseeable, what's the point? -- Dick Mills http://www.albany.net/~dmills from TPDL 2001-Jul-3, from the Wall Street Journal: Big Brother's Camera Tomorrow, as millions of Americans drive to Fourth of July celebrations, many will encounter a worrisome new import from Europe: photo radar traps that automatically send traffic violators a ticket. While such devices could be a useful tool in discerning traffic patterns or dangerous intersections, right now they're little more than Orwellian cash cows. Camera technology has been used for years in countries like England and France to catch those who speed or run red lights. A machine-generated ticket arrives in the mail with a de facto presumption of guilt, and in almost all cases it costs more to go to court than pay the fine. Unlike normal tickets, no points are added to a driver's record. That fact helps give the government's game away: Many of the 50 U.S. cities with traffic cameras appear to be using them as a revenue-raising device with safety concerns taking a back seat. Last year, a notorious camera on Washington's Capitol Hill was shut down after police reluctantly agreed its huge ticket volume made it nothing more than a high- tech trap. San Diego's red-light cameras were shuttered last month after a lawsuit uncovered documents showing the private contractor based almost all its camera placements on the volume of traffic and the length of the yellow waiting time. One intersection was rejected with the notation: "Long yellow, volume not there." A 1998 study by the Insurance Institute for Highway Safety found that some 80% of red-light violations occur in the first second of red. Safety engineers know how to deal with problem intersections by lengthening the yellow light. It's also possible that rather than fix traffic problems, cameras create a new one. Regular motorists on a road eventually learn where the cameras are, but newcomers don't know. This creates two different reactions to yellow lights or speed limits. Drivers slowing down suddenly can cause those behind them who are ignorant of the cameras to rear-end them. Nonetheless, government officials still insist the cameras are only there for safety reasons. "If Big Brother saves lives," says Florida's Palm Beach County Commissioner Burt Aaronson, "then I'm happy to be Big Brother." But Ontario, the largest Canadian province, scrapped radar speed-cameras in 1995 after Premier Mike Harris said: "We've concluded that photo-radar is a government cash grab." No kidding. Montgomery County, Maryland, has issued 54,000 camera citations since 1999 and county leaders now want to raise the fine for running a red light to $250 from $75. The federal government is also getting into the act. The National Park Service has posted two cameras along the George Washington Parkway in northern Virginia as a prelude to deploying them throughout its 5,000 miles of roads. House Majority Leader Dick Armey says the camera placement violates an executive order requiring a full review of any Park Service action that raises "novel legal or policy issues." Virginia Governor Jim Gilmore also opposes the cameras, and he and Mr. Armey hope to persuade Interior Secretary Gale Norton to drop the idea. It is hard to reconcile traffic camera tickets with a free society. There is no due process and no right to confront your accuser. Imaginative police chiefs are already coming up with new uses for the technology. Tampa, Florida's Ybor entertainment district has 36 mounted cameras that can capture images of up to eight people at a time and compare them with a computer database filled with the facial features of people wanted on active warrants. What's next? Cameras to catch those smoking, using cell phones or not wearing seat belts? We're all for traffic enforcement, but there is a danger that this technology could ultimately be used to monitor the comings and goings of citizens. In addition to marking an appreciation of the freedoms we enjoy, the Fourth of July could also use a little reflection on how to make sure we don't lose any of them. from BBC News Online, 2001-Aug-22, by BBC News Online technology correspondent Mark Ward: Warning over wiretaps Laws designed to catch computer criminals could result in a huge increase in the amount of covert surveillance carried out on British citizens by the police and intelligence services. The controversial Regulation of Investigatory Powers Act requires many companies providing communication services to install technology that allows up to one in 10,000 of their customers to be watched at the same time. Experts and lobby groups fear that this requirement could drive a "tenfold" increase in the number of wiretaps and threaten the fundamental rights to privacy of many citizens. But the government said just because it would soon be possible to covertly watch thousands of people using phones, fax machines and the net, this did not mean that all these potential wiretaps will actually be used. People watching Last year the government pushed through the controversial Regulation of Investigatory Powers Act which was intended to update existing legislation to cope with the migration of life into more electronic forms. The Act also made it easier for law enforcement agencies to carry out surveillance on computer-savvy criminals, and to get hold of keys to unscrambled [unscramble -AMPP Ed.] encrypted data. The Act was criticised almost from the moment it was drafted by privacy watchdogs, lobby groups and business leaders. They said it gave too much power to police and intelligence services, placed too few safeguards on their actions, eroded rights to privacy and placed a heavy burden on companies forced to comply with it. Just how heavy a burden is now becoming clear. Section 12 of the RIP Act requires many large Communication Service Providers (any company offering telecommunication, net or data services) to put in place links to a government monitoring centre so law enforcement agencies can quickly turn on wiretaps to start watching suspects. The government is currently talking to all the organisations who will have to comply with this requirement on how to do it. Under current proposals large CSPs could be forced to install enough equipment to concurrently monitor one in 10,000 of their customers. The consultation period ends on 24 August. Watching worries Security experts, net thinktanks and lobby groups are worried that this demand could drive a huge increase in the number of wiretaps and the amount of covert surveillance carried out every year. "It could allow a tenfold increase in the current level of interceptions that are going on," said Caspar Bowden, director of internet thinktank the Foundation for Information Policy Research. According to the most recent figures, the government currently issues over 2000 interception warrants every year. If the one in 10,000 figure survives the consultation process, the amount of surveillance the government could carry out every year could rocket. BT would have to install equipment to monitor over 2000 people just for its 21 million domestic customers. More equipment would have to be put in place to monitor business customers, or those using its mobile phones or net services. The only organisations exempt are CSPs servicing financial companies. Suspicious activity "The agendas being pursued here are not police agendas but intelligence agendas," said Tim Snape, head of West Dorset Internet and a member of the industry committees debating the regulations. He fears that the intelligence services will be able to carry out "trawling" expeditions to look for suspicious activity rather than restrict surveillance to individuals as they are forced to do now. But a Home Office spokesman said just because there was the potential to covertly watch thousands of citizens did not mean the government would actually use all of it. He said: "The capacity maybe there but there's no indication that it would all be used." He added that that one in 10,000 figure was a "maximum" and the restrictions the RIP Act places on the issuing of interception warrants would likely limit the amount of wiretapping carried out. Net experts dispute this interpretation and said that the RIP Act actually makes it easier for police forces to get initial approval for surveillance and to renew warrants. Assistant Information Commissioner Francis Aldhouse said: "Interceptions should be authorised by judicial warrant, but that's not the policy that has been adopted." He added that any interference with communications is interference with a fundamental human right guaranteed by the European Convention on Human Rights which is already part of UK law. from TPDL 2001-Sep-3, from the Los Angeles Times, by Jube Shiver Jr., staff writer: Single-Number Plan Raises Privacy Fears Technology: System would link telephones, faxes and Web addresses while creating giant databases. WASHINGTON -- A controversial technology under development by the communications industry that links Internet addresses with phone numbers has quietly picked up key government support as concern mounts among critics that the technology will broadly undermine privacy. The technology, known as e-number, or ENUM, would link phone numbers to codes that computer servers use to route traffic on the Web. Proponents say the technology would improve communication for consumers and marketers alike. The industry envisions a sophisticated electronic address book that would be able to direct messages to virtually any fax machine, computer or telephone, using a new 11-digit e-number. As a result, a fax could be sent to someone who lacked a fax machine but had an e-mail address. Likewise, cell phone users would only have to key in 11-digits to send e-mail, not a cumbersome alphanumeric address. But privacy advocates fear the system could undermine online privacy and erode the security of the public phone system as well. They worry that the system would destroy a pillar of Internet privacy: the assumption by users that they enjoy anonymity in cyberspace. The government's endorsement of the technology, disclosed in interviews and outlined in an Aug. 21 letter distributed to an industry group, is seen as critical in pushing it forward. "The United States does see merit in pursing discussions regarding implementation of a coordinated, global [system] . . . for ENUM," Julian E. Minard, a State Department advisor to the International Telecommunication Advisory Committee, wrote to representatives of AT&T and other companies. But Minard cautioned in the letter that aspects of the technology advocated by industry "go beyond what is prudent or necessary." ENUM is likely to be voluntary, requiring users to sign up for the service. But privacy experts say it will not be worth the time and investment the industry is making in the technology unless it is widely used. So they expect ENUM will be aggressively promoted. "We believe that ENUM raises serious questions about privacy and security that need to be addressed before it's widely deployed," said Alan Davidson, associate director of the Center for Democracy and Technology, a privacy watchdog group based in Washington. "They are promoting this as a system that is going to make it really easy for people to find you in all kinds of ways. Well, we want to make sure that consumers can opt out if they don't want to be found." Today, vigilant Web surfers can maintain a high degree of anonymity because e- mail and other Web addresses contain little personal information. What's more, Web addresses under aliases can easily be created to cloak the identity of the sender. As a result, marketers have been forced to spend millions of dollars to get Web surfers to voluntarily give up personal information. By contrast, a phone number has a wealth of personal information associated with it, including a street address, billing records and dialing data. Marrying such information to Web addresses would represent a leap in private data warehousing in cyberspace and dramatically increase the risk of privacy invasions, experts say. "Someone could write a program to query the ENUM database and obtain every line of your contact information and send spam to every communications device you own," said Chris Hoofnagle, legislative director of the Electronic Privacy Information Center in Washington. Hoofnagle added that industry claims that consumers would be able to opt out of the system, or otherwise protect their private information, are hollow. "There could be coercion down the road [by marketers] to push consumers to use ENUM to store their contact information. Absent legislation, there is likely to be abuse." Since the Federal Communications Commission regulates the nation's telephone industry and the Commerce Department administers key contracts that allow private firms such as Mountain View, Calif.-based Verisign Inc. to register Internet domain names, the government is likely to play a powerful role in the outcome of ENUM. Its backing of further ENUM development is the most significant support yet for the technology. It comes as a newly created industry group, called the ENUM- Forum, agreed last week to an ambitious schedule to conclude work on ENUM by next May. "This is a big milestone," Gary W. Richenaker, of Telcordia Technologies Inc., said of the group's first meeting last Monday. Richenaker, who chaired the gathering, said that officials of the State Department, Federal Trade Commission and Commerce Department attended. ENUM would work by combining two massive electronic databases: North American telephone numbers now administered by a Washington company called NeuStar Inc. and the main database that routes Internet messages, which is largely controlled by Verisign. An ENUM address reverses a standard phone number and appends "e164.arpa" to it. For example, the toll-free directory assistance number would be converted to 2.1.2.1.5.5.5.0.0.8.1.e164.arpa. ENUM would recognize both the e164.arpa address and the phone number as belonging to directory assistance. With some software tweaks to the current Internet system, computers could be made to route messages to such 11-digit ENUM addresses in much the same way they now use up to 12-digits to send e-mail and display Web pages. Although industry engineers recently completed technical specifications for ENUM, AT&T, Cisco Systems Inc., SBC Communications Inc. and more than 20 members of the ENUM-Forum agreed last week to work out additional critical details of the system. ENUM-Forum players also include AOL Time Warner Inc., British Telecommunications plc and NetNumber.com Inc.--a Web start-up that has been operating a private, volunteer ENUM system for nearly a year. The companies will tackle operational and security issues, such as who would be authorized to make service changes. Phones are ordinarily associated with street addresses, not individuals, so businesses and households with more than one person or phone would need to determine who has control over the ENUM associated with the phones. The State Department's Minard said his Aug. 21 letter reflected the input of several government agencies but termed the document a "draft" that could change as industry details about ENUM evolve. Minard declined to elaborate on the misgivings expressed about ENUM in the letter. Other sources say ENUM is most strongly supported by the Commerce Department, while the FCC and State Department remain wary of the potential political fallout from embracing the technology. The industry, too, is divided over how much the government should be involved. The heavily regulated telephone industry supports a broader government role than do Internet companies such as Verisign and AOL Time Warner. Stacy M. Cheney, an attorney for the Commerce Department, said the government has not decided whether to play any regulatory role. But he said officials support "continuing discussions" on ENUM and would send representatives to a Sept. 12 meeting of an International Telecommunication Union panel to discuss the technology. Industry officials liken ENUM's potential effect to the introduction of touch-tone dialing in 1963. That advance paved the way for a host of modern phone features, including the ability to bank by phone and navigate voicemail menus. ENUM "could be a huge boon to Internet telephony and basic communications convergence," said Aristotle Balogh, vice president of technology at Verisign. ENUM, however, may never be embraced by businesses or consumers because of the privacy concerns. The technology will also require support from Internet service providers, software developers, phone carriers and others. Still, ENUM is expected to gain momentum with the government's support. It could also get a big boost from efforts by Microsoft Corp. and AOL Time Warner to make new versions of their software support ENUM technology. from NewsMax, 2001-Mar-31, by David M. Bresnahan: Fingerprint May Soon Be Needed to Buy Groceries The day will come when you put your finger on a scanning device to prove who you are before you engage in transactions at retail stores, ATMs, banks and even when you buy groceries. One company making such a device is engaged in a pilot project with the nation's largest grocery chain. Biometric Access Corp. has teamed up with four Kroger stores in the Houston area to test a point-of-sale finger-scanning device for retail transactions. The pilot project has been under way for just over a year and is working well, even though some customers don't like it, according to Kroger spokesman Gary Huddleston. The Kroger stores are using the device to provide positive identification for payroll check cashing, not for actual sales. Huddleston says customer acceptance is one of the challenges that must be overcome if the device is to be used for all transactions. "Many customers have seen the value of the security in the system. The finger image is positive identification," Huddleston told NewsMax.com in a phone interview. He said a personal identification number was not very secure. Will the finger-image scanner become common in all retail stores in the future? "I'm sure it will," said Huddleston. "Customer acceptance is one challenge, and cost is the other challenge. As soon as we overcome those." Use of the finger image for check cashing at the four pilot Kroger stores is optional, but Huddleston said most customers use it once they understand how it works and that they can get their check cashed faster if they submit to the finger- image scan The finger-image scanner can easily be used for all point-of-sale transactions, including the use of checks, credit cards and debit cards, according to Biometric Access Corp. spokesman Hal Jennings. The system is also used for computer security and for clocking workers in and out of work, replacing old-fashioned time cards. The use of finger-image scans is hailed by some and highly criticized by others. "My primary objection is to government surveillance of citizens, more so than that of private businesses. However, the trend by retailers and employers to use biometrics to screen customers and employees is alarming," said activist Scott McDonald, who has a Web site (www.networkusa.org/fingerprint.shtml) that fights the use of fingerprints. Conditioning the Public He says the use of finger-image scans by retail stores is one way the government can "condition" the public to "accept the same kind of perpetual scrutiny by government using the same technologies." McDonald told NewsMax.com that he was concerned about an increase in the number of government and business partnerships. "It is likely the information generated by private biometric scanning by banks, businesses and employers will eventually be linked to, or accessible by, government computers," explained McDonald. Biometric Access Corp. has also established a contract with H.E. Butt Grocery Co. in Texas "which will result in a large-scale implementation of the SecureTouch On-Time(tm) time and attendance system," Jennings said. More than 700 units will be installed in stores using biometric fingerprint readers to keep track of 50,000 employees as they clock in and out of work. Biometric Access Corp. also sold 6,000 similar readers to the state of New York for the Office of Mental Health to be used to protect highly confidential files. David M. Bresnahan ([email protected]) is an independent journalist. An archive of his work is available at http://InvestigativeJournal.com. from TPDL 2000-Oct-31, from Reuters via Yahoo, by Judith Crosson: Colorado Bookstore Records Sought in Drug Case DENVER (Reuters) - One of the nation's most famous bookstores is fighting an effort by prosecutors to force it to reveal the names of people who bought books on how to make methamphetamines in a freedom-of-speech case that is being closely watched by book stores nationwide. The Tattered Cover Book Store, one of the largest independent bookstores in the United States, has until the end of the week to appeal a judge's order to open its records on who bought two books on drug making found in a suspected methamphetamine laboratory. Store owner Joyce Meskis has said the order could have a ''chilling effect'' on the First Amendment and on readers who may hesitate to buy certain books. Bookstore owners around the country are concerned about the case, according to Oren Teicher, chief operating officer of the American Booksellers Association in Tarrytown, New York. ``Book stores feel very passionate about the importance of preserving the privacy of our customers,'' Teicher said by telephone. The case is reminiscent of Independent Counsel Kenneth Starr's attempt to get a Washington bookstore to turn over records of Monica Lewinsky's book purchases in 1998. Starr was trying to confirm whether the former White House intern gave President Clinton a book about phone sex. Lewinsky ultimately gave Starr the information he wanted. The Tattered Cover's troubles began last April when five police officers showed Meskis a search warrant to review records on book sales. She refused and went to court. Police Raid Mobile Home, Find Lab In March, suburban police raided a mobile home that had been used as a suspected methamphetamine laboratory but they could not determine who lived in the mobile home because a number of people were seen going in and out. However, they did find two books, ``Advanced Techniques of Clandestine Psychedelic and Amphetamine Manufacture'' and ``The Construction and Operation of Clandestine Drug Laboratories.'' Police found an envelope with an invoice number from the bookstore and wanted to know who that invoice was sent to. A judge granted a temporary restraining order earlier this year, but 10 days ago said police could look at the records, calling them important to the case and saying police had tried to obtain the information through other means. ``We engage in a whole host of transactions like buying books that reveal a part of our private life,'' Denver District Attorney Bill Ritter said. But he did say the suburban police should have told his office that a neighboring county had earlier turned them down for a search warrant. ``It's a sign of how fundamental freedoms and privacy are being eroded because of the drug war,'' said David Kopel, research director at the Independence Institute, a conservative think tank in Golden, Colorado. He was one of a dozen people who showed at the district attorney's office to protest the court order. (The following is strange, in that it creates an unreasonably high standard of privacy.) from TPDL 2001-Jun-11, from the Associated Press via the Las Vegas Sun: Court Rules on Heat-Sensor Searches WASHINGTON (AP) - Police violate the Constitution if they use a heat-sensing device to peer inside a home without a search warrant, the Supreme Court ruled Monday. An unusual lineup of five justices voted to bolster the Fourth Amendment's protection against unreasonable searches and threw out an Oregon man's conviction for growing marijuana. Monday's ruling reversed a lower court decision that said officers' use of a heat- sensing device was not a search of Danny Lee Kyllo's home and therefore they did not need a search warrant. In an opinion written by Justice Antonin Scalia, by many measures the most conservative member of the court, the majority found that the heat detector allowed police to see things they otherwise could not. "Where, as here, the government uses a device that is not in general public use to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant," Scalia wrote. While the court has previously approved some warrantless searches, this one did not meet tests the court has previously set, Scalia wrote. The decision means the information police gathered with the thermal device - namely a suspicious pattern of hot spots on the home's exterior walls - cannot be used against Kyllo. The court sent the case back to lower courts to determine whether police have enough other basis to support the search warrant that was eventually served on Kyllo, and thus whether any of the evidence inside his home can be used against him. Justices Clarence Thomas, David H. Souter, Ruth Bader Ginsburg and Stephen Breyer joined the majority. Justice John Paul Stevens wrote a dissenting opinion joined by Chief Justice William H. Rehnquist, and Justices Sandra Day O'Connor and Anthony M. Kennedy. At issue was how modern police technology fits into the court's long line of decisions on what should be considered a search requiring a court warrant. Last year, the Supreme Court ruled that police must get bus passengers' consent or a search warrant before squeezing their luggage to see if drugs might be inside. The court also requires a warrant to put a "bug" in someone's home or in a telephone booth. But the justices have said police do not need a warrant to go through someone's garbage left on the curb, fly over a backyard to see what is on the ground, or put a beeper on a car to make it easier to follow. Kyllo was arrested in January 1992 and charged with growing marijuana at his home in Florence, Ore. Police had been investigating his neighbor, but they focused on him after they trained a thermal imaging device on his home and saw signs of high-intensity lights. Using those images, electricity records and an informant's tip, police got a warrant and searched Kyllo's home, finding more than 100 marijuana plants. Kyllo contended the marijuana plants could not be used as evidence against him because the police did not have a search warrant when they used the heat- sensing device. A judge ruled against him, and Kyllo pleaded guilty on condition he could appeal the search issue. The 9th U.S. Circuit Court of Appeals upheld the use of the device, saying it should not be considered a search. During arguments at the Supreme Court in February, Kyllo's lawyer told the justices that people should feel free to let down their guard at home without fear of the government unreasonably looking over their shoulder. The Justice Department contended the heat-sensing device did not intrude on Kyllo's home but instead passively detected the heat that escaped from it, and the court's dissenters apparently agreed. Police gathered only information available on the outside walls, and used "a fairly primitive" device to do so, Stevens wrote. Using the Thermovision device "did not invade any constitutionally protected interest in privacy," Stevens wrote. The case is Kyllo v. U.S., 99-8508. from TPDL 2000-Aug-8, from WorldNetDaily 2000-Aug-2, by Charles Smith: Al Gore bugs America? The written proof that Vice President Al Gore worked to bug America is freely available; the documentation was obtained from the Justice Department, the CIA and the Commerce Department through the Freedom of Information Act. In 1993, Vice President Gore and Attorney General Janet Reno were ordered to form an IWG or "interagency working group" in a secret White House memo. The sign off sheet on the secret memo specifically sought Gore and Reno's signature. Included in the working group were White House Counsel Vince Foster and convicted Whitewater figure Webster Hubbell. Gore quickly went to work with the secret group of Clinton advisers and delivered a report to the president. "Simply stated, the nexus of the long term problem is how can the government sustain its technical ability to accomplish electronic surveillance in a advanced telecommunications environment characterized by great technical diversity and many competing service providers (numbering over 1500, some potentially antagonistic) who have great economic and political leverage," states the top secret report prepared by Gore's Interagency Working Group. "The solution to the access problem for future telecommunications requires that the vendor/manufacturing community translate the government's requirements into a fundamental system design criteria," noted the Gore report. "The basic issue for resolution is a choice between accomplishing this objective by mandatory (i.e., statutory/regulatory) or voluntary means." This chilling conclusion, that there is no choice but to be monitored by Big Brother is backed by several other documents. One such document released by the Justice Department is a March 1993 Justice memo from Stephen Colgate, assistant attorney general for administration. According to the Colgate memo, Vice President Al Gore was to chair a meeting with Hubbell, Reno, Commerce Secretary Ron Brown, and Leon Panetta in March 1993. The topic of the meeting was the "AT&T Telephone Security Device." According to Colgate, AT&T had developed secure telephones the U.S. government could not tap. The Clinton administration secretly contracted with AT&T to keep the phones off the market. Colgate's memo noted that the administration was determined to prevent the American public from having a private phone conversation. "AT&T has developed a Data Encryption Standard (DES) product for use on telephones to provide security for sensitive conversations," wrote Colgate. "The FBI, NSA and NSC want to purchase the first production run of these devices to prevent their proliferation. They are difficult to decipher and are a deterrent to wiretaps." Buried in the Colgate memo is the first reference to government developed monitoring devices that would be required for all Americans. According to the March 1993 Colgate memo to Hubbell, "FBI, NSA and NSC want to push legislation which would require all government agencies and eventually everyone in the U.S. to use a new public-key based cryptography method." In 1993, the "public-key" system referenced by Colgate had already been developed by the Federal government. The system, a special computer chip called "Clipper," provided the Federal government with an "exploitable feature" allowing a wiretap of any secure phone communications. However, the only way to force "everyone in the U.S. to use" the new Clipper chip was to enact "legislation" which would require that it be manufactured into all phones, fax machines and computers. There was a final solution to the problem. According to a presidential directive of April 1993 on the Clipper project, "Should (U.S.) industry fail to fully assist the government in meeting its requirements within a reasonable period of time, the Attorney General will recommend legislation which would compel manufacturers to meet government requirements." Al Gore quickly embraced the Clipper chip and the concept of monitoring America at all costs. In 1994, Gore wrote a glowing letter supporting the Clipper chip and the government approved wiretap design. According to Gore, "As we have done with the Clipper Chip, future key escrow schemes must contain safeguards to provide for key disclosures only under legal authorization and should have audit procedures to ensure the integrity of the system. Escrow holders should be strictly liable for releasing keys without legal authorization." "We also want to assure users of key escrow encryption products that they will not be subject to unauthorized electronic surveillance," wrote Gore in his July 20, 1994 letter to Rep. Maria Cantwell. However, Gore did not tell the truth. In 1994, federal officials were keenly aware that the Clipper chip design did not have safeguards against unauthorized surveillance. In fact, NASA turned down the Clipper project because the space agency knew of the flawed design. In 1993, Benita A. Cooper, NASA associate administrator for management systems and facilities, wrote, "There is no way to prevent the NSA from routinely monitoring all (Clipper) encrypted traffic. Moreover, compromise of the NSA keys, such as in the Walker case, could compromise the entire (Clipper) system." Yet, Al Gore pressed ahead, continuing to support a flawed design, despite warnings that the design could "compromise" every computer in the U.S. A 1996 secret memo on a secret meeting of DCIA Deutch, FBI Director Freeh and Attorney General Janet Reno states, "Last summer, the Vice President agreed to explore public acceptance of a key escrow policy but did not rule out other approaches, although none seem viable at this point." According to the 1996 report to Gore, by then CIA Director Deutch, Ms. Reno proposed an all-out federal takeover of the computer security industry. The Justice Department, proposed "legislation that would ... ban the import and domestic manufacture, sale or distribution of encryption that does not have key recovery. Janet Reno and Louis Freeh are deeply concerned about the spread of encryption. Pervasive use of encryption destroys the effectiveness of wiretapping, which supplies much of the evidence used by FBI and Justice. They support tight controls, for domestic use." The move to tighten domestic controls has so far failed. The Clipper chip was canceled in 1997 after wasting over a billion dollars. Yet, history often repeats itself, especially for those who refuse to learn from it. The FBI recently aroused much trouble in July by unveiling a new program called "Carnivore." The FBI Carnivore software is designed to monitor e-mail by intercepting all mail at the Internet provider. The FBI installed the Carnivore software initially at several Internet providers with little requirements for legal authority. Testimony by software expert Matt Blaze revealed the FBI Carnivore program might not be smart enough to recognize a target's e-mail, thus false prosecutions are possible. In addition, the Carnivore programs scoops up all data without regard to legal problems. Carnivore is clearly open for abuse. While Federal law does provide for an audit trail to prevent abuse of Carnivore data, the audit only occurs if there is a federal prosecution. No prosecution -- no audit trail. Data acquired by the FBI e-mail tap could be accumulated on anyone without an audit. The problems of privacy, e-mail and government wiretapping are not unfamiliar to Vice President Al Gore. The Clinton-Gore White House recently lost a large portion of the vice president's e-mails and is now unable to deliver them to investigators involved in the 1996 campaign finance probe. The vice president has a darker side yet to be covered by the media. Al Gore knows much about the federal government efforts to wiretap every home and office in America. He should. Al Gore has led that effort to bug America since 1993. As part of the Clinton administration, Al Gore made the policy that endorsed the Clipper chip and created the FBI Carnivore software program. from TPDL 2000-May-1, from the New York Times, by William Safire: Consenting Adults WASHINGTON -- Politicians of the left and right are finally beginning to pay attention to the groundswell of resentment about invasions of privacy. In the Senate, transportation subcommittee chairman Richard Shelby leads the way: the law he sponsored to prevent states from selling to private investigators information and pictures required from motorists seeking a driver's license was upheld by the Supreme Court. He also led repeal of the ill-advised federal standard for licenses that would have used Social Security numbers to create an Orwellian national identification card. In the House, Texas Representative Ron Paul's bill to prohibit the use of the Social Security number as an all-purpose identifier is no longer in limbo. Ways and Means subcommittee chairman Clay Shaw reports that this action to combat widespread identity theft will be taken up this month. Chairman Dan Burton's Government Reform Committee will move on that privacy bill in June, as well as the bill to create a Privacy Protection Commission pressed by the G.O.P.'s Asa Hutchinson and Democrat Jim Moran. Here's evidence that we're getting traction: President Clinton and Vice President Al Gore have detected the growing political appeal of personal privacy in a time of data rape. To a commencement audience yesterday, Clinton unveiled his plan to repel the invaders, challenging the Republican Congress to get on with legislation to stem the tide of snooping. Up to now, the Clinton-Gore record has been troubling to civil libertarians; under the rubric of searching for "deadbeat dads," this administration now forces private employers to inform on workers to federal bureaucrats as never before. But Clinton's belated concern about penetrations of our privacy by marketers and e- snoops, often in support of legislation already in work, is welcome. In assessing his proposals, keep in mind the key words consumer consent. Should banks and credit card companies be able to sell our financial secrets to outside pitchmen? Clinton favors forbidding this practice, so ardently hailed as efficient by believers in "targeted marketing," unless the individual specifically gives an informed consent. That's good; Treasury Secretary Larry Summers tells me, "It's got to be wrong for my stockbroker to see my life insurance physical and where I shop." When banks merge with insurance companies or H.M.O.'s, should we allow medical records to be passed around within the conglomerate? Clinton says no, unless the patient or consumer affirmatively consents. That's also good; none of this "opt out" trickery, by which marketers piously claim to be sensitive to privacy but put the burden of protecting personal information on the patient. What about sharing financial data having nothing to do with medical records? Here the Clinton-Gore plan caves in to the secret salesmen. "We will preserve financial firms' ability to share the information that they need," goes the administration proposal, "to develop new products and manage their risks . . ." No bank is required to obtain depositor's consent; it's up to the individual to "opt out" -- to take the difficult initiative of demanding that the bank not make his life an open book. In defense of this weakness, Summers explains "We're trying to strike a balance between the efficient use of information and the need to protect privacy. Opinions have certainly changed over the past couple of years. In terms of what you want," Summers tells the privacy nut who has long been badgering him, "last year we were on our 15-yard line. Now we're within field-goal range." A man to carry the ball as Clintonians head for the showers is "Senator Privacy," Shelby of Alabama. His bill in the Banking Committee against "behavioral profiling" stops bankers and credit card issuers from disclosing transactions unless "the consumer has affirmatively consented in writing to the transfer of such information." Harangues on this issue will continue in this space, while apostles of efficiency, in bureaucracies public and private, try to pooh-pooh concerns of newly energized asserters of privacy. Consent! is our byword. And our first line of defense is the private, personal Social Security number; we won't let anybody coerce us into giving it out. from The New Hampshire (the student newspaper of the University of New Hampshire, 2000-Sep-12, by Steven Callahan: About a month ago the University Police pulled me over for a faulty brake light. Almost immediately, however, the officer's true reason for stopping me became readily apparent. He asked if there was any alcohol in my car. There wasn't, and I told him so. Apparently, my word was not good enough, and he asked if I'd mind him "taking a look in the trunk." Although there was nothing in there, I denied the request. Why, one might wonder, if there really wasn't anything there? Simple. Because in a free society, we have protections against unreasonable searches and seizures. As a student advisor for the judicial programs office for the past year I have seen many students bullied into allowing R.A.'s to search their rooms. I have seen instances of R.A.'s searching refrigerators, trashcans and other personal belongings with impunity and, in some cases, malice. Many times, these students do indeed have alcohol in their rooms. Other times, R.A.'s find nothing. The larger issue here, though, is the fact that R.A.'s have absolutely no right to search a resident's room. Listen closely the next time one confronts you. They'll say, "I have reason to suspect that drinking is going on in your room, do you mind if I take a look?" or, "If you have nothing to hide, then why can't I look in the fridge?" They'll never say, "I'm going to search your room," or, "You have to let me search." They simply have no legal right to do so. The department of residential life knows this, and therefore trains them to act accordingly. Moreover, many students here at UNH have very good reasons for refusing searches. For instance, many of us have medical conditions which require medications to be stored our rooms. Some might be stored in desk drawers. Others, believe it or not, in refrigerators. The only people who might have a reason to rummage through our personal belongings in search of alcohol would be the police. And, even here, their search must conform to constitutional requirements. Certainly R.A.'s hold no search and seizure power, and the reason they search and seize so much is out of the University community's ignorance. Unless we, as students and members of a free society, come to understand and employ our privacy rights, they mean nothing. What good is the right to refuse an illegal search if we never utilize it? Remember, the next time you are asked to allow someone to search your belongings, politely tell them no. Eventually, if everyone does this, the department of residential life will come to realize that they can no longer intimidate, harass students and the abuse of our privacy rights might one day come to an end. Steven Callahan Senior (In the fallout from the above letter to the editor, Callahan was administratively ejected from his position as a student advisor.) from the Associated Press via CNET, 2000-Feb-6: Government sites disregard children's privacy law WASHINGTON--Contrary to a federal directive, some government Web sites-- including the one operated by the White House--are not adhering to a law that requires companies to obtain parental consent before soliciting personal information from children. The White House Web site invites children to submit personal information, such as their name, address and age along with email messages to the president and first family. Sites operated by the Environmental Protection Agency and NASA also collect personal information from children who submit art work to be posted on the site. Both agencies show the child's name, age and hometown along with posted drawings. Federal law that took effect earlier this year requires private sector Web sites to protect the privacy of children. The law does not apply to government sites, but the Office of Management and Budget (OMB) recently ordered federal agencies to comply with the statute. The Federal Trade Commission is readying a crackdown on commercial sites that fail to comply with the law. "My jaw dropped," said Jim Harper, administrator of Internet privacy site Privacilla.org. "This very concern with commercial Web sites giving where children lived and what their ages are was the supposed justification for COPPA (Children's Online Privacy Protection Act)." The federal law requires commercial Web sites to carry privacy policy statements, get "verifiable parental consent" before soliciting information, and give an opportunity to remove the information. Peter Swire, OMB's chief counselor for privacy, refused to say in an interview whether the government sites would be investigated or any of their content changed. He stressed that the law was targeted against commercial sites and that the administration tried to exceed those standards. "We comply with the spirit of COPPA, given the special legal rules that apply to the White House," Swire said, adding that the Presidential Records Act would keep the correspondence secret for up to 12 years. Swire also said that all federal Web sites have been directed to provide their privacy practices along with their budget requests at the end of the year, though there is no plan to audit the agencies to review their practices. "We think that putting privacy compliance into the agency's budget process is a new and useful tool for spreading good privacy practices throughout the federal government," Swire said. Harper says he has no objection to how the government sites communicate with children, calling the methods "neat." But he points to how businesses have had to remove seemingly harmless content to comply with the law. "This illustrates the kind of things that commercial Web sites would be doing," Harper said. "But rather prematurely, the COPPA law cut off the right of commercial Web sites to provide this kind of interaction." A company that has run afoul of COPPA, calling it a "terrible law," said the government obviously has no ill will toward children, and they were both caught in the same trap. "COPPA goes far beyond limiting the practice of a business collecting personal information for its own use to include the responsibility that the business not provide any tool or service that would permit a child to send their personal information to anyone." said Steven Bryan, CEO of Zeeks.com, a site aimed at children. Zeeks.com said it had to take down its chat area, free email system and other features because it couldn't afford the cost of getting and verifying a parent's permission. Bryan said the features were always monitored and had security systems to check for suspicious activity. Lee Peeler, the FTC's associate director for advertising practices, was unapologetic for the situation faced by Zeeks.com, saying it "goes to the safety issue of giving kids the ability to communicate with predators without any parental involvement." Peeler said the commission will start its formal sweep of noncomplying businesses within the next two months and confirmed that federal sites won't be on the list. COPPA requires the commission to provide a report to Congress on compliance and to identify law enforcement targets. Zeeks.com's bulletin boards are filled with messages signed by children upset that the features are gone. Bryan said COPPA won't make children safer but will simply drive them to other free email services and unmonitored sites not designed for youngsters. "Without question, that is where the kids will go to find these activities," Bryan said. "We've closed the playgrounds and sent the kids to play in the street." from TPDL 2000-Jul-31, from WorldNetDaily, by David M. Bresnahan: Bank privacy bill 'dangerous' Official calls proposed legislation 'Know Your Customer' in disguise Even though an unprecedented public outcry stopped regulators in their tracks when they tried to enact invasive "Know Your Customer" banking regulations just over a year ago, Congress has found a back door way to accomplish the same goal -- and more -- according to one concerned congressman. The "International Counter-Money Laundering and Foreign Anticorruption Act of 2000," H.R. 3886, was recently passed by the House Banking and Finance Committee, of which Rep. Ron Paul, R-Texas, is a member. Paul told WorldNetDaily that while the bill appears to be aimed only at international banking transactions, it also gives the secretary of the treasury the ability to expand those regulations to apply to all transactions without further approval from Congress. The bill is now being prepared for a final vote in the House this fall. "I think they're limiting it to the international aspect because the average guy on the street isn't going to be affected and this is the way they set the precedent," explained Paul. There is an international effort to eliminate privacy from financial transactions, and this proposed change will affect Americans soon, he believes. "Know Your Customer" -- although the wording is not used in the current bill -- refers to regulations that would require banks to obtain unprecedented amounts of information about customers, monitor all financial transactions and report transactions that do not fit set profiles established by those customers. After WorldNetDaily broke the original "Know Your Customer" story, publicity resulted in a massive public response -- with over 300,000 individuals and banks protesting efforts to establish the regulation -- and "Know Your Customer" was withdrawn. Paul led the earlier effort, and has again sounded the alarm. He told WorldNetDaily H.R. 3886 gives the treasury secretary essentially unlimited powers to change and make regulations without additional approval from Congress. In fact, H.R. 3886 includes a section entitled: "GUIDANCE TO FINANCIAL INSTITUTIONS OPERATING IN THE UNITED STATES ON TRANSACTIONS BY OR ON BEHALF OF CORRUPT FOREIGN OFFICIALS." It states: "The Secretary of the Treasury, in consultation with the Attorney General of the United States and the Federal functional regulators (as defined in section 509(2) of the Gramm-Leach-Bliley Act), shall, before the end of the 180-day period beginning on the date of the enactment of this Act, issue guidance to financial institutions operating in the United States on appropriate practices and procedures to reduce the risk that such institutions may become depositories for, or transmitters of, the proceeds of corruption by or on behalf of senior foreign officials and their close associates." Paul sees these new powers granted to the secretary of the treasury and the attorney general as extremely broad, and is concerned that they will be enabled by this legislation to establish any regulation they wish with no guidance or oversight from Congress. "There are those who want to know what we're doing with all citizens' personal finances. They are determined and they haven't let up," he said. "They probably have calculated correctly that not as many American people will be riled up over this, but hopefully we can alert a lot of people to what's happening so that they are prepared and can object to this, even if it doesn't personally affect them yet." The bill is part of a major push by the Treasury Department and banking regulators to eliminate "harmful tax practices" worldwide. Treasury recently issued a news release announcing that six countries long known for the privacy protections they provide bank depositors -- Bermuda, the Cayman Islands, Cyprus, Malta, Mauritius and San Marino -- have agreed to change drastically the way they permit bank customers to conduct financial transactions. As a result, offshore banking with numbered accounts may soon be a thing of the past. All six countries have signed virtually identical letters promising to end those protections. "The jurisdictions have pledged changes to help ensure that their financial sectors will meet international standards of fairness, transparency and disclosure, including the exchange of information in the context of criminal and civil tax matters," said Secretary of the Treasury Lawrence Summers in a prepared statement. Summers has a great deal of experience dealing with international banking. He came to the Clinton administration from the World Bank where he served as vice president of development and chief economist. President Clinton first appointed him as undersecretary of the treasury for international affairs in 1993. He then moved on to deputy secretary of the treasury, and in July 1999 became secretary. Summers is a strong supporter of the Organization for Economic Co-operation and Development -- a 29-member-nation group that "provides governments a setting in which to discuss, develop and perfect economic and social policy, according to its website. Summers has worked closely with the OECD to bring about the current actions. "In today's global economy, it is vital that we put an end to international tax practices that encourage tax evasion and improper tax avoidance and that distort capital flows. We encourage all jurisdictions that have not previously made commitments to eliminate harmful tax practices to do so," said Summers. Based on the principles outlined in OECD's "report on Harmful Tax Practices," each of the six nearly identical letters state that the country involved "commits to refrain from: 1."Introducing any new regime that would constitute a harmful tax practice under the OECD (Organization for Economic Cooperation and Development) Report; 2."For any existing regime related to financial and other services that currently does not constitute a harmful tax practice under the OECD Report, modifying the regime in such a way that, after the modifications, it would constitute a harmful tax practice under the OECD Report; and 3."Strengthening or extending the scope of any existing measure that currently constitutes a harmful tax practice under the OECD Report." All six letters promise to provide information previously held in highly guarded confidence -- effectively ending offshore banking advantages of privacy in financial transactions. The change will take place no later than by the end of 2005, according to the promises in the letters. The published goals of the OECD are "to build strong economies in its member countries, improve efficiency, hone market systems, expand free trade and contribute to development in industrialized as well as developing countries." The six countries that signed the historic letters are well known as tax havens, where their unique tax laws help many shelter funds from their home country. So why would those six countries suddenly change their banking laws? "I think they might be intimidated by the powerhouse -- the American Empire -- as it spreads its wings militarily and economically. We probably put tremendous pressures on them. Some of these tax havens are not dependent on foreign aid or things like this, but they must feel intimidated that they could be put off limits if they don't go along with our regulators," Paul told WorldNetDaily. The Treasury Department has also created a list of 47 other countries known for banking privacy -- a list that will be used to institute sanctions and punitive actions to force those countries into compliance as well, according to Treasury Department reports. The list of 47 comes from a report prepared by the OECD and released in June. "We encourage all jurisdictions that have not previously made commitments to eliminate harmful tax practices to do so," said Summers. Tax evasion and tax avoidance have become so extensive that the tax revenues of many countries, including the United States, are now suffering, according to the OECD. "I personally was a tax lawyer for many years and I know these definitions can be tricky. Tax evasion is easy -- it involves breaking the law. By 'tax avoidance' OECD means 'unacceptable avoidance' where the taxpayer has circumvented or even subverted the law in order to avoid paying taxes due. This can be contrasted with acceptable tax planning. What is critical is transparency," said Donald J. Johnston, secretary general of the OECD speaking to a high-level symposium on "Harmful Tax Competition" June 29. Recently, the OECD has been "setting its analytical sights on those countries -- today nearly the whole world -- that embrace the market economy," according to OECD policy documents. Johnston also pointed a finger at those countries openly advocating the avoidance of taxes and providing privacy for those who wish to do so. He called the practice "tax poaching" and said it undermines the revenue base of other countries. "Every government or jurisdiction that is not engaged in harmful tax competition is threatened and must protect itself from those that do," Johnston said. He warned that individual governments are helpless unless they join forces to stop the so-called "tax poachers." "Cooperation among governments and jurisdictions is the prerequisite to managing this aspect of globalization -- just as it is the prerequisite for managing other aspects of globalization such as trade, investment, capital flows," said Johnston. He also proposed an international enforcement agency to go after tax offenders. "Tax authorities must develop global cooperative networks -- among themselves and with other law enforcement authorities such as those who fight money laundering, namely, the Financial Action Task Force (FATF), attached also to the OECD and supported by the Secretariat. Such co-operation can be reinforced if governments set minimum requirements for regulation, transparency, and co- operation with other jurisdictions," said Johnston. Countries with a zero income tax are not the problem, according to Jeffrey Owens, OECD Financial, Fiscal and Enterprise Affairs Directorate. Countries that do not provide access to financial records for tax authorities are the target. "We define harmful tax practices by any of three operative criteria: lack of effective exchange of information, lack of transparency, and attracting business with no substantial domestic activities where coupled with low or zero tax rates," explained Owens in a written statement. He said the "tax problem" caused by the offending countries is growing bigger every day. "Over 1 trillion dollars (US) is invested in offshore funds, and that the number of funds has increased by more than 1,400 percent over the last 15 years," he said. According to a report issued by the OECD, member countries are putting pressure on those countries currently providing offshore banking to come into compliance by the end of 2005. The pressure is being exerted through threats to change treaties in place and under negotiation, according to the OECD. Member nations of the OECD have been told, "the harmful features of preferential regimes must be eliminated before the end of five years. The guidelines also provide that "the Forum should be used by Member countries to co-ordinate their national and treaty responses to harmful tax practices." The OECD told member nations that the six nations that have signed compliance letters are expected to be joined by others soon in an effort to have all nations embrace "international tax standards for transparency, exchange of information, and fair tax competition." What must the problem countries do to gain the approval of the OECD? "The international standard means, for example: (1) The beneficial ownership of shares and trusts must be kept on records that can be accessed by governmental authorities. (2) There are audited or filed financial accounts. (3) There is an efficient administrative process to all the tax authorities of another state to obtain information needed to enforce its own revenue laws with regard to geographically mobile income. These are some examples of the international standards of transparency and disclosure that tax havens are being asked to meet. And let me emphasize that it is going to be the same standards for all member countries and non-member countries," explained Owens. Owens acknowledged that many "tax havens" would be financially damaged if they were no longer able to offer privacy in banking. He said the OECD is studying ways to provide assistance, but he did not offer much sympathy for countries that may be hurt by the changes. "Let's be clear. For decades some of these states have been eroding the tax base of not just OECD countries but those of developing countries as well. They have been assisting dishonest taxpayers to avoid paying their fair share of taxes in their countries of residence. And who has borne the burden of these activities? Honest taxpayers," said Owens. Meanwhile, Paul has created a website to provide information and recommend action for those concerned, like he is, about the loss of domestic banking privacy rights. Under the proposed law, insists Paul, banks would be forced to collect information on every depositor, including those who are not engaged in foreign transactions. Since every depositor has the potential to conduct an international banking transaction, banks will be asked to keep records and profiles on everyone. "It leads eventually to the government knowing everything we do all the time," explained Paul. "It's very, very dangerous. We have to watch out." "The regulations seem to affect the honest, law-abiding citizen," warned Paul. "It never gets to the criminal. I don't think all these regulations will catch the criminals, and it will take away some of our personal liberties and our personal privacy, which we in the Congress should be doing more to protect instead of carelessly undermining. "When you're reported, your obligation is to prove yourself innocent," he said. "It isn't like you're being suspected and we have a search warrant with a judge's authorization. This is just surveying everybody and then if you look like you're out of line, you better explain yourself. I think it's just a horrible precedent. The idea that we are considered guilty of something and then the obligation's on us to prove that we're innocent I think is a bad sign," said Paul. Does he really believe Summers will push the regulations to their limit, as the bill's wording allows? "I think he can, and I think he will try. And the only thing that will stop him -- it won't be the courts, and it won't be the Congress -- it must come from the people when they just hear about it and do a bit of shouting," said Paul. from TPDL 2001-Jun-12, from Insight magazine, by John Berlau: Postal Service Has Its Eye on You Since 1997, the U.S. Postal Service has been conducting a customer- surveillance program, `Under the Eagle's Eye,' and reporting innocent activity to federal law enforcement. Remember ``Know Your Customer''? Two years ago the federal government tried to require banks to profile every customer's ``normal and expected transactions'' and report the slightest deviation to the feds as a ``suspicious activity.'' The Federal Deposit Insurance Corp. withdrew the requirement in March 1999 after receiving 300,000 opposing comments and massive bipartisan opposition. But while your bank teller may not have been snooping and snitching on your every financial move, your local post office has been (and is) watching you closely, Insight has learned. That is, if you have bought money orders, made wire transfers or sought cash cards from a postal clerk. Since 1997, in fact, the window clerk may very well have reported you to the government as a ``suspicious'' customer. It doesn't matter that you are not a drug dealer, terrorist or other type of criminal or that the the transaction itself was perfectly legal. The guiding principle of the new postal program to combat money laundering, according to a U.S. Postal Service training video obtained by Insight, is: ``It's better to report 10 legal transactions than to let one illegal transaction get by.'' Many privacy advocates see similarities in the post office's customer-surveillance program, called ``Under the Eagle's Eye,'' to the ``Know Your Customer'' rules. In fact, in a postal-service training manual also obtained by Insight, postal clerks are admonished to ``know your customers.'' Both the manual and the training video give a broad definition of ``suspicious'' in instructing clerks when to fill out a ``suspicious activity report'' after a customer has made a purchase. ``The rule of thumb is if it seems suspicious to you, then it is suspicious,'' says the manual. ``As we said before, and will say again, it is better to report many legitimate transactions that seem suspicious than let one illegal one slip through.'' It is statements such as these that raise the ire of leading privacy advocates on both the left and right, most of whom didn't know about the program until asked by Insight to comment. For example, Rep. Ron Paul, R-Texas, who led the charge on Capitol Hill against the ``Know Your Customer'' rules, expressed both surprise and concern about ``Under the Eagle's Eye.'' He says the video's instructions to report transactions as suspicious are ``the reverse of what the theory used to be: We were supposed to let guilty people go by if we were doing harm to innocent people'' when the methods of trying to apprehend criminals violated the rights of ordinary citizens. Paul says he may introduce legislation to stop ``Under the Eagle's Eye.'' The same sort of response came from another prominent critic of ``Know Your Customer,'' this time on the left, who was appalled by details of the training video. ``The postal service is training its employees to invade their customers' privacy,'' Greg Nojeim, associate director of the American Civil Liberties Union Washington National Office, tells Insight. ``This training will result in the reporting to the government of tens of thousands of innocent transactions that are none of the government's business. I had thought the postal-service's eagle stood for freedom. Now I know it stands for, `We're watching you!''' But postal officials who run ``Under the Eagle's Eye'' say that flagging customers who do not follow ``normal'' patterns is essential if law enforcement is to catch criminals laundering money from illegal transactions. ``The postal service has a responsibility to know what their legitimate customers are doing with their instruments,'' Al Gillum, a former postal inspector who now is acting program manager, tells Insight. ``If people are buying instruments outside of a norm that the entity itself has to establish, then that's where you start with suspicious analysis, suspicious reporting. It literally is based on knowing what our legitimate customers do, what activities they're involved in.'' Gillum's boss, Henry Gibson, the postal-service's Bank Secrecy Act compliance officer, says the anti-money-laundering program started in 1997 already has helped catch some criminals. ``We've received acknowledgment from our chief postal inspector that information from our system was very helpful in the actual catching of some potential bad guys,'' Gibson says. Gillum and Gibson are proud that the postal service received a letter of commendation from then-attorney general Janet Reno in 2000 for this program. The database system the postal service developed with Information Builders, an information-technology consulting firm, received an award from Government Computer News in 2000 and was a finalist in the government/nonprofit category for the 2001 Computerworld Honors Program. An Information Builders press release touts the system as ``a standard for Bank Secrecy Act compliance and anti-money-laundering controls.'' Gibson and Gillum say the program resulted from new regulations created by the Clinton-era Treasury Department in 1997 to apply provisions of the Bank Secrecy Act to ``money service businesses'' that sell financial instruments such as stored- value cash cards, money orders and wire transfers, as well as banks. Surprisingly, the postal service sells about one-third of all U.S. money orders, more than $27 billion last year. It also sells stored-value cards and some types of wire transfers. Although the regulations were not to take effect until 2002, Gillum says the postal service wanted to be ``proactive'' and ``visionary.'' Postal spokesmen emphasize strongly that programs take time to put in place and they are doing only what the law demands. It also was the Bank Secrecy Act that opened the door for the ``Know Your Customer'' rules on banks, to which congressional leaders objected as a threat to privacy. Lawrence Lindsey, now head of the Bush administration's National Economic Council, frequently has pointed out that more than 100,000 reports are collected on innocent bank customers for every one conviction of money laundering. ``That ratio of 99,999-to-1 is something we normally would not tolerate as a reasonable balance between privacy and the collection of guilty verdicts,'' Lindsey wrote in a chapter of the Competitive Enterprise Institute's book The Future of Financial Privacy, published last year. Critics of this snooping both inside and outside the postal service are howling mad that the agency's reputation for protecting the privacy of its customers is being compromised. ``It sounds to me that they're going past the Treasury guidelines,'' says Rick Merritt, executive director of PostalWatch, a private watchdog group. The regulations, for example, do not give specific examples of suspicious activity, leaving that largely for the regulated companies to determine. But the postal-service training video points to lots of ``red flags,'' such as a customer counting money in the line. It warns that even customers whom clerks know often should be considered suspect if they frequently purchase money orders. The video, which Gibson says cost $90,000 to make, uses entertaining special effects to illustrate its points. Employing the angel-and-devil technique often used in cartoons, the video presents two tiny characters in the imagination of a harried clerk. Regina Goodclerk, the angel, constantly urges the clerk to file suspicious- activity reports on customers. ``Better safe than sorry,'' she says. Sam Slick, the devil, wants to give customers the benefit of the doubt. Some of the examples given are red flags such as a sleazy-looking customer offering the postal clerk a bribe. But the video also encourages reports to be filed on what appear to be perfectly legal money-order purchases. A black male teacher and Little League coach whom the female clerk, also black, has known for years walks into the post office wearing a crisp, pinstriped suit and purchases $2,800 in money orders, just under the $3,000 daily minimum for which the postal service requires customers to fill out a form. He frequently has been buying money orders during the last few days. ``Gee, I know he seems like an okay guy,'' Regina Goodclerk tells the employee. ``But buying so many money orders all of a sudden and just under the reporting limit, I'd rather be sure. He's a good guy, but ... this is just too suspicious to let go by.'' Gillum says this is part of the message that postal clerks can't be too careful because anyone could be a potential money launderer. ``A Little League coach could be a deacon in the church, could be the most upstanding citizen in the community, but where is that person getting $2,800 every day?'' Gillum asks. ``Why would a baseball coach, a schoolteacher in town, buy [that many money orders]? Our customers don't have that kind of money. If he's a schoolteacher, if he's got a job on the side, he's going to have a bank account and going to write checks on it, so why does he want to buy money orders? That's the point.'' Despite the fact that the Little League coach in the video was black, Gillum insists that the postal service tells its employees not to target by race or appearance. One thing that should set off alarms, the postal service says, is a customer objecting to filling out an 8105-A form that requests their date of birth, occupation and driver's license or other government-issued ID for a purchase of money orders of $3,000 or more. If they cancel the purchase or request a smaller amount, the clerk automatically should fill out Form 8105-B, the ``suspicious- activity'' report. ``Whatever the reason, any customer who switches from a transaction that requires an 8105-A form to one that doesn't should earn himself or herself the honor of being described on a B form,'' the training manual says. But the ``suspicious'' customers might just be concerned about privacy, says Solveig Singleton, a senior analyst at the Competitive Enterprise Institute. And a professional criminal likely would know that $3,000 was the reporting requirement before he walked into the post office. ``I think there's a lot of reasons that people might not want to fill out such forms; they may simply think it's none of the post office's business,'' Singleton tells Insight. ``The presumption seems to be that from the standpoint of the post office and the Bank Secrecy regulators every citizen is a suspect.'' Both Singleton and Nojeim say ``Under the Eagle's Eye'' unfairly targets the poor, minorities and immigrants people outside of the traditional banking system. ``A large proportion of the reports will be immigrants sending money back home,'' Nojeim says. Singleton adds, ``It lends itself to discrimination against people who are sort of marginally part of the ordinary banking system or who may not trust things like checks and credit cards.'' There's also the question of what happens with the information once it's collected. Gillum says that innocent customers should feel secure because the information reported about ``suspicious'' customers is not automatically sent to the Treasury Department's Financial Crimes Enforcement Network (FinCEN) to be shared with law-enforcement agencies worldwide. Although he says FinCEN wants the postal service to send all reports along to it, the postal authorities only will send the clerks' reports if they fit ``known parameters'' for suspicious activity. ``We are very sensitive to the private citizenry and their rights,'' Gillum insists. ``For what it's worth, we have every comfort level that, if we make a report, there are all kinds of reasons to believe that there is something going on there beyond just a legitimate purchase of money orders.'' But Gillum would not discuss any of the ``parameters'' the postal service uses to test for suspicious activity, saying that's a secret held among U.S. law- enforcement agencies. And if a clerk's report isn't sent to the Treasury Department, it still lingers for some time in the postal-service database. Gillum says that by law the postal service will not be able to destroy suspicious-activity reports for five years. Gillum says the postal service is very strict that the reports only can be seen by law-enforcement officials and not used for other purposes such as marketing. A spokeswoman for the consulting company Information Builders stated in an e- mail to Insight, ``Information Builders personnel do not have access to this system.'' Observers say problems with ``Under the Eagle's Eye'' underscore the contradiction that despite the fact that the postal service advertises like a private business and largely is self-supporting, it still is a government agency with law- enforcement functions. Gibson says his agency must set an example for private businesses on tracking money orders. ``Being a government agency, we feel it's our responsibility that we should set the tone,'' he said. The Treasury Department ``basically challenged us in the mid-nineties to step up to the plate as a government entity,'' Gillum adds. In fact, Gillum thinks Treasury may mandate that the private sector follow some aspects of the postal-service's program. He adds, however, that the postal service is not arguing for this to be imposed on its competitors. In the meantime, the private sector is getting ready to comply with the Treasury regulations before they go into effect next January. But if 7-Eleven Inc., which through its franchises and company-owned stores is one of the largest sellers of money orders, is any guide, private vendors of money orders probably will not issue nearly as many suspicious-activity reports as the postal service. ``Our philosophy is to follow what the regulations require, and if they don't require us to fill out an SAR [suspicious-activity report] ... then we wouldn't necessarily do it,'' 7-Eleven spokeswoman Margaret Chabris tells Insight. Asked specifically about customers who cancel or change a transaction when asked to fill out a form, Chabris said, ``We are not required to fill out an SAR if that happens.'' So why does the U.S. Postal Service? That's one of the major issues raised by critics such as PostalWatch's Merritt. He says that lawmakers and the new postmaster general, Jack Potter, need to examine any undermining of customer trust by programs such as ``Under the Eagle's Eye'' before the postal service is allowed to go into new businesses such as providing e-mail addresses. ``Let's hope that this is not a trend for the postal service, because I don't think the American people are quite ready to be fully under the eagle's eye,'' he says. from TPDL 2000-Aug-18, from NewsMax, by Dr. James Hirsen: Prying Eyes, Round Two A little more than one year ago, there was an attempt in Congress to turn bank executives into dutiful informants. It seems that government officials want precious information about our individual, personal patterns of finance. In fact, they want it so badly that despite an initially resounding defeat of some incredibly meddlesome regulations they are trying for a second time. The original proposal was heralded as the "Know Your Customer" rules. But Americans who cherish liberty weren't about to be hoodwinked, particularly when it came to the invasion of their financial profiles. A coalition of 300,000 ordinary people from all parts of the political spectrum banded together to preserve a vital component of the Constitution, and they succeeded in stopping the measure cold. Challengers celebrated its failure to pass, not only because an illicit and intrusive mechanism had been halted, but more so because a sinister effort was terminated through bold expression of citizen action. The victory celebration, though, may have been premature. Know Your Customer is paying a visit once again, but this time it is sporting a new look. H.R. 3886, an anti-money laundering bill entitled International Counter-Money Laundering and Foreign Anticorruption Act of 2000, is its most recent attempt at disguise. Although the champion of liberty, Rep. Ron Paul of Texas, tried valiantly to attach some pro-privacy amendments to the bill, he has of yet been unsuccessful. The bill's title and content are designed to convince the public that the presumed target is the international banking community. But, if passed, discretion and power to expand regulations so that they encompass all banking transactions will be granted to the Secretary of the Treasury, and no further approval from Congress will be needed. It appears as though this legislative maneuver will be portrayed, at least initially, as a basic method of dealing with international transactions. That way the average person on the street will remain unconcerned and, most likely, uninvolved. Supporters of the initiative could get the legislation passed first and save the task of expanding it for a later date. Essentially, the Know Your Customer regulations that irate citizens had previously opposed could silently slip into law through a cleverly designed trap door. One would ordinarily be surprised that our representatives would try to pass the same kind of legislation after the chilly reception they received from their constituents the first time around. Perhaps they believe that it would be more difficult for advocates of individual liberty to rally the same degree of support, since attachment of an international label provides such a tidy distraction. But Americans must prove these misguided legislators wrong if the notion of privacy is to be sustained. Limited government is based upon unalienable rights that emanate from a divine source. Government is charged with securing those rights. The rights of life, liberty and the pursuit of happiness, as stated in the Declaration of Independence, and the rights of life, liberty and property, as enumerated in the Constitution, can only flourish when government is restrained. Underlying our foundational structure is a simple yet exquisite maxim born of a hands-off philosophy: Whenever possible, leave the citizen alone. Traditionally, our body of law has viewed personal financial information as an area of privacy requiring even greater protection. Those who believe that government should have more depth and scope of authority have demonstrated an intense persistence in pursuit of their goals. The public would be well served to reassemble the coalition that defeated the original Know Your Customer operation. Our representatives need to know, whether hidden by dark brush or shrouded away in a high rise office building, America hates a snoop. from TPDL 2000-Aug-2, from the Wall Street Journal, by Holman W. Jenkins Jr.: On Web Privacy, What Are We Really Afraid Of? Most people have figured out by now you can't do anything on the Web without leaving a record. E-mail lingers long after it's been deleted. Your Internet service provider can't help but have a record of pages you downloaded. The nature of information technology is to create information. If the issue of Web privacy makes the public sweat, it's because the average user knows he's already gone beyond the point of no return. He left his name and click trails all over the Internet. He sent e-mail saying any ninny thing that popped into his head; he visited chat rooms and pretended to be a CEO or a 15-year-old cheerleader. About 3 a.m., he sits upright in bed and wonders: Is all that information sitting out there on an AOL server? What if my wife (neighbor, employer) were to have access? If he has a streak of paranoia, he further wonders: What if a site I visited was placed there for the specific purpose of seducing me into creating some embarrassing information? Two words that should be central to any Internet privacy debate are "subpoena" and "entrapment." At the moment the debate is still tangled up in distractions. The issue was pushed into the arena by those whose primordial agenda is the regulation of business, as if our greatest fear in life is another catalog in the mailbox. It's not. If targeted advertising is effective, people are going to like it more not less. Nothing is more annoying than clutter, but relevant ads are not perceived as clutter. And if targeting doesn't work, we're no worse off than before. Amazon's sales per customer so far aren't what you'd expect if the ability to personalize a sales pitch were such a powerful lever to open wallets. As the worm continues to turn, governmental spying has now emerged as a new focal point of the privacy warriors. Kudos to the genius who applied the name "Carnivore" to the FBI's plan for Web taps, which despite the media overreaction would still leave the courts in charge. Most of us who aren't Mafia dons don't worry about phone taps. This episode should blow over too. Fears of marketing and Big Brother have been stoked by unimaginative interest groups trodding their well-worn paths. Less attention has been paid to assurances like AOL's that it will release personal data only to a "valid legal process." In the case of "boysrch," a gay Navy man, AOL handed over his personal details without troubling the Pentagon to get a lawyer. And Yahoo didn't put up much fight when Raytheon sought the names of 21 employees who had been griping on a Yahoo message board; four of them lost their jobs and the rest were sentenced to "corporate counseling." A rash of companies have hit upon the tactic of filing defamation suits to ferret out the real names of those posting critical comments on investment sites. Worse is coming. According to the Boston Herald, the ABA's Family Law Section recently conducted a seminar "to help divorce lawyers learn how to get at the e- mails, hard drives and computer sites of one spouse or the other for divorce or child-custody cases." How long before an SEC sting sets up a chat room to nab stock touts? Or the FDA to catch patients seeking drugs for non-approved purposes? Last month a federal judge nixed the money-laundering conviction of a Miami banker because the FBI's informant had been told in advance by the agency that he'd be allowed to keep a percentage of any laundered funds. He had a clear incentive, in other words, to conceal from the banker that she was doing anything illegal. That stinks. And now the Web threatens to turn such enterprising law enforcement into a mass-market opportunity. Take the case of Patrick Naughton, the disgraced Infoseek/Disney executive. He was prosecuted on a morals charge after agreeing to meet an FBI agent who had been posing as a 13-year-old girl in a chat room. Eventually he copped a plea when his first trial ended in a hung jury. Mr. Naughton never tried to conceal his true identity and the "girl" had energetically pursued the dialogue over several months. We can't peer into Mr. Naughton's heart, but his lawyer argued convincingly during the trial that his client couldn't be accused of expecting to meet a 13-year- old girl because nobody in a sex chat room is who they say they are. That's a hard idea for law enforcement to get its mind around, especially when it would take away some of the easy busts the cyber patrol has been making lately. But it seems to be true. Why do so many surfers use multiple screen names? Why have employees learned to go outside company e-mail systems, using Yahoo or Hotmail to exchange messages during working hours without their bosses monitoring? Long before Web privacy became a debate about "personal rights," it was a matter of personal strategy, with deception and disguise being standard operating procedure. MIT's Judith Donath, who studies social behavior on the Web, says concealment has become the norm because it's almost effortless and "makes people feel safer." EBay has been pilloried because sellers have been using fake screen names to bid up their own goods. Should this be illegal or a case of caveat emptor? Stamping out fraudulent stock chatter is mission impossible. The SEC's biggest mistake would be to give the public the false comfort that such activities are under control. Maybe we all just need to be skeptical about what we hear and see on the Web. As for personal privacy, information that you have a right to conceal someone else might have a right to try to find out. Why did you get fired from your last job? Do you really qualify for a non-smoker insurance policy? It's not too hard to think of Web stratagems for trying to elicit such information from you. Hence a prediction: In the future we won't be fighting over marketing databases. And we won't be fighting over whether the police can use the same means to snoop for crime on the Web that they use in the rest of life. The battle will be over tools. The Clinton administration has already fought one knock-down battle trying to keep the lid on private encryption. Look for more such fights. Anonymizer.com and Privada already offer services that let users surf or send e-mail untraceably. Even venerable Bell Labs recently came out with "Publius" software that allows untraceable postings on the Web. Nobody expects the police to save them if they don't bother to lock their doors and take normal precautions against their fellow man. On the Web, too, the first line of defense is "protect thyself." from USA Today 2000-Aug-10, from the Associated Press: Netscape revising software after privacy suit SPRINGFIELD, Va. (AP) - Web browser designer Netscape Communications said it will revise a program for downloading files from the Internet so that it will no longer collect data about users' online activity. The software, called SmartDownload, is the subject of a federal class-action lawsuit that claims it violates a federal law protecting computer users' privacy. The program is designed to make it easier for people to download large files. If a transfer is interrupted, SmartDownload allows a user to resume from the interruption instead of starting over. It also provides information to Netscape about what kinds of files a user is downloading. Andrew Weinstein, a spokesman for Dulles, Va.-based America Online, which owns Netscape, said Wednesday the information was designed to give Netscape's technical experts insight into what kinds of files were difficult to download. Weinstein said neither Netscape nor AOL ever looked at the information and that it is regularly purged from Netscape's databank. Because the information is never used, Weinstein said the new version of SmartDownload will not collect the data. Regardless, it is illegal for Netscape to collect the information at all under the Electronic Communication Privacy Act, said Joshua Rubin, the plaintiffs' lawyer in a class-action suit filed against Netscape in U.S. District Court in the Southern District of New York. ''The SmartDownload product essentially spied on SmartDownload users,'' Rubin said. The law allows aggrieved parties to collect damages up to $10,000 a person, Rubin said. It's unclear exactly how many people use SmartDownload. It is not included with Netscape's popular Navigator Web browser, but users can download SmartDownload any time they update the browser or visit Netscape's home page. AOL's Weinstein said the class action suit is ''totally without merit.'' No release date had been set for the new version. from TPDL 1999-Feb-14, from WorldNetDaily, by Joseph Farah: Meet the 'Digital Angel' -- from Hell 'Twas Lord Byron who said it first, I believe: "'Tis strange but true; for truth is always strange; Stranger than fiction." In the 21st century, I'm certain we will find that truth is even stranger than science fiction. You had better sit down for this one, privacy fans. A company called Applied Digital Solutions has what sounds to me like the final solution. The NASDAQ- traded high-tech company is excited about its acquisition of the patent rights to a miniature digital transceiver -- which it nicknamed "Digital Angel (R)." Personally, I think it should be rated X -- or worse. The product is billed as a versatile transceiver that can send and receive data -- and which can be implanted in humans. It can provide a tamper-proof means of identification for enhanced business security, the company boasts. It can locate lost or missing individuals, say the proud owners. It can track and locate valuable property, they claim. It can monitor the medical conditions of at-risk patients. And it can slice, dice and destroy the last vestiges of personal privacy in an increasingly impersonal world. The implantable transceiver's signals can be tracked continuously by global positioning satellites. When implanted in the body, the device is powered electromagnetically through the movement of muscles, and it can be activated either by the wearer or by the monitoring facility. "While a number of other tracking and monitoring technologies have been patented and marketed in the past, they are all unsuitable for the widespread tracking, recovery and identification of people due to a variety of limitations, including unwieldy size, maintenance requirements, insufficient or inconvenient power-supply and activation difficulties," explains a company prospectus. "For the first time in the history of location and monitoring technology, Digital Angel(R) overcomes these limitations." Oh, goody. The company projects a global market for this technology in excess of $100 billion. But the applications it discusses just don't add up to that kind of number. The math doesn't work for me. You decide. Here's what the company is talking about: business security, locating individuals, monitoring medical conditions, tracking and locating essential military and diplomatic personnel, tracking personal property. The only way that adds up to a hundred billion in my calculator is if every human being on earth gets one of these implants. And maybe that's the idea. On Jan. 31, APS accepted the special "Technology Pioneers" award from the World Economic Forum for the company's contributions to worldwide economic development and social progress through technology advancements. And what is the World Economic Forum? It bills itself as an independent organization committed to improving the state of the world. It does this by "creating the foremost global partnerships of business, political, intellectual and other leaders of society to define and discuss key issues on the global agenda." Now, I want you to use your imagination here, for a moment. Why would an organization committed to breaking down nationalist barriers and moving the world toward global government give a technology award to a company that just acquired the patent to a sophisticated, implantable identification device? Hmmmmm? And guess what one of the foremost goals of WEF is? You got it -- vaccinating every human being on the planet. How convenient! What a coincidence. President Clinton recently addressed the WEF in Davos, Switzerland. He boasted about asking the Congress to give pharmaceutical conglomerates tax credits to make vaccines more widely available at low cost. He appealed for a similar effort from the World Bank, other nations and the corporate world to deliver the vaccines to the people who need them -- meaning everyone. How could ADS ever hope to make $100 billion with this new technology? By implanting it in every human being in the world. And how could that be done? At vaccination time, of course. Let's see now. The application is buying and selling. The technology is implantable. The plans are global. This sounds remarkably like something I read in Revelation 16-18: "And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six." Digital Angel? Sounds more like we could be entering the age of the Digital Devil. from TPDL 2000-Mar-17, from the Washington Times, by James Bovard: Census intrusions ''There are three certainties in life death, taxes and the continuation of the Census Bureau's proud tradition of keeping information it collects about individuals strictly private." So announces the Census Bureau's web page, seeking to assure Americans that they have nothing to fear by opening their lives to the prying of this year's Census. Regrettably, after seven years of the Clinton administration, some Americans may be a little skeptical about this "trust us - we're the government" line. And, considering the Census Bureau's dark history, people have plenty of reason to fear that their answers could be used against them. In 1942, the Census Bureau made up a special list telling the U.S. Army how many Japanese-Americans lived in each neighborhood in the United States. The Army used the Census lists to send out trucks to round up Japanese-Americans for internment camps during World War II. Census Bureau spokeswoman Paula Schneider stressed that, because the Census Bureau did not disclose the specific names and addresses of Japanese- Americans, it did not compromise the confidentiality of Census respondents. Ms. Schneider noted, "unfortunately, what was used was data for small geographic areas that showed where the Japanese lived." This is like someone claiming he has no responsibility for setting loose a wolf on your street that just happened to gnarl your leg - simply because he didn't set the wolf free at your doorstep and tell the wolf to bite you personally. Why should Americans believe the Census Bureau would be more trustworthy than the White House? In 1993-94, the Clinton White House illegally requested and received from the FBI 900 confidential background files that the FBI had compiled on Bush and Reagan administration nominees. When news of this abuse surfaced in 1996, Mr. Clinton shrugged off the gross violation of privacy as a "completely honest bureaucratic snafu." Congressional investigators recently discovered the White House had wrongfully refused to turn over thousands of subpoenaed e-mails regarding the use and abuse of the files. No White House official has faced a serious prospect of jail time for breaking the law. Federal law states that "in no case shall [Census] information be used to the detriment of any respondent or other persons to whom such information relates." But, according to the U.S. General Accounting Office, Census responses have also been used for government housing code crackdowns. Responses are especially helpful in allowing local governments to know where to carry out raids for allegedly overcrowded housing. When asked about such uses of Census data, Ms. Schneider replied: "You balance the need for small area data with the possibility that it could possibly be used for purposes for which it was not intended." Such housing crackdowns sometimes appear little more than a pretext to evict blacks, Hispanics, or other low-income people. The information the Census gathers will help fuel new government interventions. A Census Bureau press release noted that "Race data are required . . . to assess racial disparities in health and environmental risks." This is part of the Clinton administration's "environmental justice" campaign - an effort to portray routine business decisions as part of a racist conspiracy. These policies have helped discourage new factories from locating in areas of high unemployment. The Census Bureau is also trying to whip up enthusiasm by telling people of all the federal benefits their localities will receive thanks to their cooperation. The Census has degenerated from a method of counting the population into a scheme for generating grist for the expansion of the welfare state. Information on occupations is used to construct affirmative action quotas for different industries. Information on "place of birth" is used by the Civil Rights Commission as a base line for determining discrimination by national origin. Information on home value and rental levels is used by housing agencies to establish subsidy programs. Census Director Kenneth Prewitt declared that people's Census answers affect "power, money, group interests, civil rights; in short, who gets how much of what." But the federal government has no right to dictate "who gets how much of what." The Census, by providing reams of information, allows politicians to further manipulate people's lives. The more information government collects, the more control government can exert. The Constitution mandates that an enumeration of the citizenry be conducted every 10 years in order to apportion seats in the House of Representatives. Citizens should refuse to answer any Census question except for the number of residents at an address. A partial boycott of the Census questionnaire is necessary to safeguard our liberties. James Bovard is the author of ``Freedom in Chains: The Rise of the State & the Demise of the Citizen'' (St. Martin's Press, 1999). from TPDL 2000-Apr-3, from the Boston Herald, by Don Feder: Senseless count adds up to intrusion Senate Majority Leader Trent Lott is urging citizens not to answer census questions they deem to be an invasion of their privacy. On the long form, that would be 52 out of 53 questions, everything except the number residing in your household. The census isn't the dumbest thing the federal government does, or the most wasteful, or the most immoral. But it is intrusive and expensive ($6.8 billion for the 2000 census) and unconstitutional. But isn't a decennial census mandated by the Constitution? Article I does require Washington to take a head count every 10 years to apportion congressional seats - period. It does not give the Census Bureau the authority to inquire about your race, the number of bedrooms in your home or how long it takes you to get to work. To encourage compliance with this indignity, the bureau is employing a tried and true elitist technique - inducing guilt. One of its TV ads shows a class meeting in a janitor's closet. Message: If you don't fill out your senseless form, the feds won't know how much aid to direct to your school district and students at the Millard Fillmore Elementary School will receive instruction in a windowless cubicle. It's true, some of the data collected is used to distribute $2 trillion a year in federal largess. If you like the idea of Washington taking 22 percent of your income and doling it out in the form of welfare, subsidies and various grants, then of course you'll want to facilitate its acts of plunder and redistribution by completing your census form ASAP. It isn't just your money, but your life that interests them. As Washington has grown from the relatively modest republican institution it was at the beginning of the 20th century to the musclebound ape it is today, its curiosity has increased proportionally. Now, its appetite for details of our private lives is insatiable. If yours was among the one in six American households lucky enough to get the long form, you were subjected to 53 impertinent interrogatories. (Gov. George Bush has said he's not sure he would fill out the form.) How old are you? What's you race? There are 15 choices here. George Getz, the Libertarian Party's spokesman, sardonically notes that South Africa's apartheid government had only four racial classifications. What's your level of education? What do you earn? Where do you work? How do you get there? How long does it take? Where do you live? Who lives with you? What's your rent or mortgage payments? What's your house worth? What's the annual cost of utilities? How many kinds of different flowers are there in an English country garden? Just kidding. Like a blob creature in a sci-fi movie, the census is growing at an alarming rate. The current assault on privacy costs twice as much as the 1990 count. Where will it end? In 2010, the census long form might include the following: What do you usually eat for breakfast (choices include cereal, eggs or yogurt)? What's you favorite TV show? How many guns do you own? What caliber? Don't you know that's dangerous? What's your weight? Have you gained or lost weight in the past year? List the fatty foods you consume in a typical week? Do you smoke? Do you exercise? How often? Did you vote? If not, don't you know it's your civic duty? If yes, for whom did you vote (include third-party candidates)? Do you subscribe to any publications that disparage the federal government and/or elected officials? List alphabetically. Do you ever have bad thoughts about your government? How bad? How often? Have you read the preamble of the Declaration of Independence, which enunciates the people's right to revolt when government becomes tyrannical? If yes, report to one of the centers listed in the accompanying brochure for further interrogation. By statute, the Census Bureau can fine you $100 for refusing to complete your form and $500 for supplying false information. (The provision is never enforced. The bureau doesn't want to publicize non-compliance and lacks an enforcement mechanism.) Even if it did come after you, $100 is a small price to pay to defend your constitutional rights. from the Associated Press, 2000-Apr-5: States' Census Return Percentages The percentage of Census 2000 forms mailed back to the Census Bureau in each state, as well as Puerto Rico and the District of Columbia, as of Wednesday: State Pct. State Pct. State Pct. Ala. 52 La. 50 Okla. 51 Alaska 46 Maine 54 Ore. 58 Ariz. 53 Md. 59 Pa. 62 Ark. 56 Mass. 60 P.Rico 37 Calif. 59 Mich. 63 R.I. 58 Colo. 58 Minn. 59 S.C. 49 Conn. 60 Miss. 51 S.D. 62 Del. 55 Mo. 58 Tenn. 55 D.C. 50 Mont. 58 Texas 52 Fla. 54 Neb. 64 Utah 58 Ga. 55 Nev. 55 Vt. 52 Hawaii 52 N.H. 59 Va. 61 Idaho 58 N.J. 59 Wash. 56 Ill. 57 N.M. 50 W.Va. 54 Ind. 59 N.Y. 55 Wis. 61 Iowa 62 N.C. 52 Wyo. 57 Kan. 59 N.D. 57 U.S. 57 Ky. 57 Ohio 63 Source: Census Bureau from the Star Tribune of Minneapolis/St. Paul, 2000-Jun-30, by Paul Gustafson with Curt Brown: Officials angered by St. Paul officers posing as census takers Two St. Paul police officers investigating an alleged drug house posed as U.S. censusworkers earlier this month. Patricia Waller, the U.S. Census Bureau manager for Ramsey and Washington counties, said Thursday that she was "just awed" by the officers' duplicity and that she was checking with the regional office in Kansas City to determine whether impersonating a censusworker constitutes a federal offense. And Ramsey County public defenders, who informed the Census Bureau of the ruse by the officers, questioned whether it was legal or ethical. "I don't know if [the officers] broke the law, but it seems to me that what they did was highly unethical and so unprofessional that it should be discontinued immediately," said Diane Alshouse, an assistant public defender. Federal officials, concerned that members of minority groups are undercounted in the census, have waged a campaign this year to convince the public that census data is kept private and that censusworkers can be trusted. St. Paul police spokesman Michael Jordan confirmed that the officers said they were censusworkers, but his account of the incident differs from a written police report. Jordan said that he couldn't explain the differences between the accounts, but that he may have more information today. Department officials haven't talked to the officers about the incident because one was on vacation and the other was away at training, he said. Asked whether the department believes such conduct is proper, Jordan said, "I'll give you a response to that at a different time." According to Jordan, the incident on June 6 began as the two officers were talking to a resident who complained about an alleged drug house on St. Paul's East Side. When a person suspected of selling drugs at the house approached the officers and demanded to know who they were and what they were talking about, the officers replied that they were census takers, Jordan said. But a written report filed the day of the incident says that the two officers, posing as censusworkers, went to the alleged drug house in the 1000 block of Greenbrier St. and asked Heidi Frison for information about who lived at the house. The report doesn't name the officers. Several hours later, officers executed a search warrant at the house and arrested four people, including Frison. Some of those arrested were black and some were white. Frison and two other people were issued citations for operating a disorderly house, but charges were later dropped against Frison and one of the other people. Frison confirmed Thursday that two men who said they were censusworkers talked to her outside of the house before it was searched. "They just said they were censusworkers," she said. "They said they were sent out because two houses had not filled out their forms. I took them as who they said they were. But I'm learning." Concerned about trust Several public defenders said that, at the request of census officials, they have been encouraging clients, many of whom are poor and minorities, to cooperate with censusworkers. Now, the public defenders worry they have lost their clients' trust. Waller said Thursday that she fears the St. Paul incident may undermine public confidence in Census Bureau workers who don't condone and had no knowledge that officers were posing as census takers. "I really want people to know that if they have any concerns about this, I will take their calls directly. I don't want the credibility of the St. Paul census office injured by this. We had absolutely no idea about this," she said. The Washington Post reported in February that census officials in Texas earlier this year rejected an FBI agent's demand for a censusworker badge and other identification in order to impersonate a census employee. Federal law states that "whoever falsely assumes or pretends to be an officer or employee acting under the authority of the United States or any department, agency, or officer thereof, and acts as such, or in such pretended character demands or obtains any money, paper, document, or thing of value, shall be fined under this title or imprisoned not more than three years, or both." Census Bureau officials have yet to contact the Police Department about the incident, Jordan said. He added that he is not aware of any other incidents in which officers posed as censusworkers. from TPDL 2000-Jan-5, from The Libertarian, by Vin Suprynowicz: Coming soon: mandatory government home inspections Companies that allow employees to work at home -- even part-time -- are responsible for keeping conditions at those home work sites up to federal health and safety standards, according to a new Labor Department advisory. The decision covers millions of people, "not only the estimated 19.6 million adult workers who regularly telecommute from their homes to their jobs, but also millions more who work at home occasionally -- even the parent who has to dash out of the office to be with a sick child and finishes a memo at home," The Washington Post reported Tuesday. Of course, OSHA sidesteps any requirement that such new rules be subject to public hearings or congressional approval by simply declaring the letter is "not a proposed rule, but rather a declaration of existing policy the agency deems already to be in effect." "This is nuts. They're trying to match a 30-year-old law with a Year 2000 workforce," protests Pat Cleary, vice president of human resources policies at the National Association of Manufacturers. "The law doesn't contemplate everyone painting their (home) banisters yellow." But Peg Seminario, health and safety director of the AFL-CIO, says she agrees with the policy spelled out in the new advisory. "It makes sense," she said. "Employers have to provide employees a workplace free from hazards." Needless to say, OSHA was quick to assure all parties the agency has no intention of conducting inspections at private homes the way it does at employer work sites. They also insist the ruling will not require employers to routinely inspect the home work sites of their employees -- though (wink wink, nudge nudge) OSHA warns that employers should require home workers to certify they have first aid kits at hand, and also to file "emergency medical plans." Also, any injuries occurring at the home work site must now be reported on the employer's injury log just as though they'd happened at the employer's office or factory. OSHA officials also insist they're not particularly concerned about the state of an employee's home outside the designated work site -- though the advisory letter offers as one example: "If work is performed in the basement space of a residence and the stairs leading to the space are unsafe, the employer could be liable if the employer knows or reasonably should have known of the dangerous condition." In other words, all disclaimers aside, this is precisely a first extension of the government's slimy tentacles into the business of having someone inspect "home work stations," where everything from locked exit doors and heaps of papers (fire hazards, you understand) to the presence of smoking materials, "unsecured" self-defense firearms, and the kind of reading material or home hobby equipment that might raise a curious agent's eyebrow, will be duly noted. (Furs and fancy cars? IRS might be interested. Bruises on the kids? Inform Child Protection. Hispanic nanny? Memo INS. Grow lights on the aquarium? Wonder what else they might be growing?) Why? Labor unions and their pet Labor Department bureaucrats have fought for years against the "telecommuting" movement, identifying it with the old tradition of farming out "piecework" to home knitters -- a practice much harder to regulate and oversee than work in traditional, 19th-century factories. Times have changed, of course. Salesmen and brokers and attorneys who e-mail work product to the office aren't generally recruiting their children to string beads for a nickel an hour. But government's urge to regulate and "rent-seek" never changes. The bureaucrats have learned better than to start by threatening "mandatory government home inspections." But by holding employers responsible for making sure home work sites now have "ergonomically correct furniture, as well as proper lighting, heating, cooling and ventilation systems" (the Post) -- even leaving open the possibility of a workers' comp claim should a worker electrocute him or herself while doing the laundry barefoot during those hours when the home PC is "logged into the office" -- they clearly mean to make it either prohibitively expensive, or reminiscent of Orwell's "1984," for anyone to continue developing a new 21st century employment paradigm featuring flextime and cyber-commuting. How ironic that this overdue breakdown of the long-outdated "9 o'clock factory whistle" mentality -- a boon to young working parents, particularly -- is now so fiercely resisted by the very "labor movement" which once claimed to hold workers' best interests at heart. Republican leaders had already vowed to scrutinize OSHA after Congress returns from its holiday break, after the agency proposed new regulations requiring employers to spend billions making workplaces more "ergonomic" -- despite a lack of hard data that such redesign is likely to reduce injuries. Adding this new "advisory" to the mix, it should now be clear to all that OSHA has gone completely nuts. If the engine of America's economic growth is to stay on track, Congress should contemplate a lot more than merely reining this agency in. from New Scientist, 1999-Dec-11, by Duncan Graham-Rowe: Warning! Strange behaviour Nobody sees the thief looking for a car to break into, or the woman steeling herself to jump in front of a train--- but somehow the alarm is sounded. Duncan Graham-Rowe enters a world where machines predict our every move GEORGE IS BLISSFULLY UNAWARE that a crime is about to be committed right under his nose. Partially obscured by a bag of doughnuts and a half-read newspaper is one of the dozens of security monitors he is employed to watch constantly for thieves and vandals. On the screen in question, a solitary figure furtively makes his way through a car park towards his target. The miscreant knows that if the coast is clear it will take him maybe 10 seconds to get into the car, 15 to bypass the engine immobiliser and 10 to start the engine. Easy. But before he has even chosen which car to steal, an alarm sounds in the control room, waking George from his daydream. A light blinking above the screen alerts him to the figure circling in the car park and he picks up his radio. If his colleagues get there quickly enough, they will not only catch a villain but also prevent a crime. The unnatural prophetic powers of the security team would not exist but for some smart technology. The alarm that so rudely disturbed George is part of a sophisticated visual security system that predicts when a crime is about to be committed. The remarkable research prototype was developed by Steve Maybank at the University of Reading and David Hogg at the University of Leeds. Although in its infancy, this technology could one day be used to spot shoplifters, predict that a mugging is about to take place on a subway or that a terrorist is active at an airport. Once connected to such intelligent systems, closed- circuit television (CCTV) will shift from being a mainly passive device for gathering evidence after a crime, to a tool for crime prevention. But not everyone welcomes the prospect. The technology would ensure that every security screen is closely watched, though not by human eyes. It would bring with it a host of sinister possibilities and fuel people's fears over privacy. Criminals certainly have reason to be worried, with the car park system, for example, the more thieves try to hide from a camera--by lurking in shadow, perhaps--the easier it is to spot them. Underlying the system is the fact that people behave in much the same way in car parks. Surprisingly, the pathways they follow to and from their cars are so similar as to be mathematically predictable--the computer recognises them as patterns. If anyone deviates from these patterns, the system sounds the alarm. "It's unusual for someone to hang around cars," says Maybank. "There are exceptions, but it's rare." To fool the system, a thief would have to behave as though they owned the car, confidently walking up to it without casing it first or pausing to see if the real owner is nearby. In short, they have to stop behaving like a thief. It sounds easy, but apparently it isn't. Another surprising thing about the system is that it employs relatively unsophisticated technology. For decades, researchers have been devising clever ways for a computer presented with a small section of a face, arm or leg to deduce that it is looking at a person. Maybank and Hogg have rejected all this work, giving their prototype only the simplest of rules for recognising things. "If it's tall and thin it's a person," says Maybank. "If it's long and low it's a car." It's the trajectory of these "objects" that the system follows. An operator can constantly update the computer's notion of "normal behaviour" by changing a series of threshold values for such things as the width of pathways and walking speed. In this way it can be made more reliable over time. If trained on enough suitable footage, the system should be able to view children running in the car park or somebody tinkering with their engine without raising the alarm. Its ability to calculate where people are likely to go even allows the system to predict which car a thief is aiming for, though Maybank concedes that the crook's target cannot be guaranteed. The system should identify more than just potential car thieves. Because it spots any abnormal behaviour, the computer should sound the alarm if a fight breaks out--though this hasn't been tested yet. Of course, not all unusual activity is criminal. But if the system flags up an innocuous event, says Maybank, it doesn't really matter. The idea is to simply notify the Georges of this world when something out of the ordinary happens. It's up to them to decide whether or not they need to act on what they see. Maybank plans now to join forces with Sergio Velastin of King's College London and others in a project funded by the European Commission to develop a full range of security features for subways. Velastin has already broken new ground in this area. In a recently completed project, called Cromatica, he developed a prototype that has been tested on the London Underground for monitoring crowd flows and warning of dangerous levels of congestion. It will also spot people behaving badly, such as those going where they shouldn't. Most impressive of all, Cromatica can identify people who are about to throw themselves in front of a train. Frank Norris, the coroner's liaison officer for London Underground, says there is an average of one suicide attempt on the network every week. These incidents are not only personal tragedies but also cause chaos for millions of commuters and great distress for the hapless train drivers. Keeping track of thousands of people in a tube station is impossible for a human or a computer. Following individuals is tough enough: as people move, different parts of their bodies appear and disappear, and sometimes they are completely obscured. To get round this problem, Velastin rejected completely the idea of identifying objects--people, that is. Instead, Cromatica identifies movement by monitoring the changing colours and intensities of the pixels that make up a camera's view of a platform. If the pixels are changing, the reasoning goes, the chances are that something is moving and that it's human. The system compares its view second by second with what it sees when the platform is empty. The more its view changes from this baseline, the more people are passing, and the speed of change gives a measure of how quickly those people are moving. If things stay constant for too long, it's likely that the crowd has stopped and there may be dangerous congestion--so an alarm would sound. Averting a tragedy Cromatica's ability to spot people contemplating suicide stems from the finding, made by analysing previous cases, that these individuals behave in a characteristic way. They tend to wait for at least ten minutes on the platform, missing trains, before taking their last few tragic steps. Velastin's deceptively simple solution is to identify patches of pixels that are not present on the empty platform and which stay unchanged between trains, once travellers alighting at the station have left. "If we know there is a blob on the screen and it remains stationary for more than a few minutes then we raise the alarm," says Velastin. Security guards can then decide whether or not they need to intervene. So far, Cromatica has not seen video footage of real suicide cases--it has only identified people who have simulated the behaviour. In trials where Cromatica was pitted against humans it proved itself dramatically, detecting 98 per cent of the events--such as congestion--spotted by humans. In fact, the humans performed unrealistically well in the tests because they had to watch just one screen, whereas they would normally check several screens at once. Cromatica also scored well on false alarms: only 1 per cent of the incidents it flagged up turned out to be non-events. This low rate is vital, says Velastin, if operators are to trust the system. Velastin and Maybank's present project, which includes partners such as the defence and communications company Racal, aims to detect other forms of criminal activity, "anything for which eventually you would want to call the police", says Velastin. This will include people selling tickets illegally and any violent behaviour. But detecting violent crime is not as straightforward as it might appear. Certainly if a fight breaks out the characteristic fast, jerky movements of fists flying and bodies grappling would show up as unusual activity. But what of a mugging? Often a mugging is a verbal confrontation with no physical contact. To a vision system, someone threatening a person with a knife looks much the same as someone offering a cigarette to a friend. Indeed, recognising that there is any interaction at all between people is still a monster challenge for a machine. No one yet has the answer. Nevertheless, Maybank is taking the first tentative steps into this field, incorporating into his car park system a method for identifying what people are doing and then annotating the videotape with the details. The technique works by attaching virtual labels to objects, such as cars and people, and then analysing the way they move and interact. So far the system can distinguish between basic activities such as walking, driving and meeting (or mugging). It is here, provided the system can be perfected, that Maybank sees the potential for sinister uses of the technology. In places such as the City of London--the capital's main business area--CCTV cameras are so widespread that it's difficult to avoid them. With such blanket coverage, and as it becomes possible to track a person from one camera to the next, it would be relatively easy to "tail" people remotely, logging automatically their meetings and other activities. Maybank and his colleagues worry about this type of use. "This is something that will have to be considered by society as a whole," he says. Simon Davies, director of the human rights group Privacy International, is scathing about the technology. "This is a very dangerous step towards a total control society," he says. For one thing, somebody has to decide what "normal behaviour" is, and that somebody is likely to represent a narrow, authoritarian viewpoint. "The system reflects the views of those using it," he argues. Anyone who does act out of the ordinary will be more likely than now to be approached by security guards, which will put pressure on them to avoid standing out. "The push to conformity will be extraordinary," Davies says. "Young people will feel more and more uncomfortable if that sort of technology becomes ubiquitous." On the other hand, to fully grasp the benefits of a system that can recognise and record details of different activities, consider the following scenario: a future, technology-savvy George keeps watch as thousands of people flow through an airport. The security team has been tipped off about a terrorist threat. But where to begin? One starting point is to watch for unattended baggage. Most airports do this continuously, with the majority of cases turning out to be lost luggage. So how do you distinguish between a lost item and one deliberately abandoned? The best way would be if George could rewind to the precise moment when a bag was left by its owner. George takes a bite of doughnut and washes it down with some tepid coffee when suddenly an alarm sounds: "Suspect package alert. Suspect pack..." He flicks a switch. The system has zoomed in on a small bag on the ground next to a bench. "Where is it?" he demands. "Terminal three, departure gate 32," squawks the computer. "How long?" "Four minutes." "Show event," orders George. The system searches back until it finds the electronic annotation that marks where the bag and its carrier parted company. The screen changes to show a man sitting on the bench with the bag at his feet. He reaches into it briefly, looks around, then stands and walks away. "Where is he now?" asks George. "Terminal three, level 2, departure lounge." "Show me." The screen changes again, this time showing the man walking quickly towards the exit. George picks up his radio: "Jim. We've got a two-zero-three coming your way. Red shirt, black denim jacket. Pick him up." After alerting the bomb squad and clearing the departure gate, he pops the remainder of the doughnut into his mouth and turns back to that pesky crossword . . . Seamless tracking There are plenty of instances where it would be helpful to refer back to specific events. And though this scenario may sound far-fetched, it isn't. The Forest of Sensors (FoS), developed by Eric Grimson at the Massachusetts Institute of Technology, near Boston, already has all the foundations of such a system--apart from speech recognition. "We just haven't put it all together yet, so I don't want to say we can definitely do it now," he says. Grimson's system, which is partly funded by the US government's Defense Advanced Research Projects Agency, sets itself up from scratch with no human intervention. The idea behind it was that dozens of miniature cameras could be dropped at random into a military zone and FoS would work out the position of every camera and build up a three-dimensional representation of the entire area. The result is a network of cameras that requires no calibration whatsoever. You simply plug and play, says Grimson. Quick and dirty In order to build up a three-dimensional image, most 3D surveillance systems, such as those used in the car park and subway, need every camera to be "shown" where the floor and walls are. Grimson's system does this automatically. And provided there is a little bit of overlap between the cameras' images, FoS will figure out where in the big scheme of things every image belongs. "We do it purely on the basis of moving objects," he says. "As long as we can track anything in sight, we can use that information to help the system figure out where all the cameras are." Having decided what is background movement, such as clouds passing or trees blowing in the wind, FoS then assumes that other objects are moving on the ground. From these movements, it calculates the ground plane and reconstructs the 3D space it's looking at. The system then allows seamless tracking from one camera to the next. FoS is smart in other ways too. The system can learn from what it sees and build up a profile of what is and what is not normal behaviour. It differentiates between objects by sensing their shapes, using quick-and-dirty methods to detect their edges and measure their aspect ratios. It then classifies them as, for example, individuals, groups of people, cars, vans, trucks, cyclists and so on. Moreover, the system can employ its inbuilt analytical powers to decide for itself what activities the camera is seeing, such as a person getting into a car or loading a truck. Of course, the system doesn't understand what these activities are, says Grimson, it merely categorises activities by learning from vast numbers of examples. It's up to a human to give each activity a name. Like Maybank and Hogg, Grimson is still struggling to distinguish a meeting from a mugging. He hopes that higher resolution cameras, that can spot small details and movements, will help to crack the problem, and that's what he's working on now. Higher resolution should also allow him to exploit progress made in recent years in gesture recognition. In particular, he thinks that "gait recognition" will make its mark as a way to identify people. It needs lower resolution than face recognition and its reliability is growing fast (New Scientist, 4 December, p 18). FoS can already perform many of the tasks that gives Maybank the jitters. Grimson, too, has reservations about what his research might be used for. His system could conceivably be used by intelligence agencies to monitor the behaviour of individuals. But he would be unhappy if his research were used in this way. "You have to rely on the legal system to strike a balance," he says. "It is a real worry." Fortunately, both these tasks are probably impractical at present. "The volume of data is so huge it's incredibly unlikely," he says. One place where Grimson is keen to deploy FoS is in the homes of elderly people. Many old folk are unhappy about being monitored in their homes by CCTV because of the lack of privacy, he says. But with FoS, there would be no need for a human to watch at all. The system would train itself on a person's patterns of behaviour and ask them if they were all right if they failed to get up one morning or fell over. If the person didn't respond, the system would issue a distress call to a help centre. Another George would send someone round to help, without even once seeing inside the person's home. Is this, then, an unequivocally good use for a smart surveillance system? Davies reckons not. "This is like justifying road accidents because they provide hospital beds," he says. Elderly people will end up trying to conform to the system so as not to trigger the alarm. But, whether for good or bad, surveillance machines are going to to get smarter. They're already starting to recognise people's faces in the street (New Scientist, 25 September, p 40), and systems that spot abnormal behaviour will not be far behind. So, if you have a hanker- ing to cartwheel down main street you'd better do it now. Wait a few years and it will be recorded, annotated and stored--just waiting to come back and haunt you. Further reading:

• For more information about Hogg and Maybank's work, see: www.cvg.cs.rdg.ac.uk/papers/list.html

• Details of Velastin's research are at: www.research.eee.kcl.ac.uk/~vrl/

• Information about the Forest of Sensors is at: www.ai.mit.edu/projects/vsam/ from Electronic Privacy Information Center's front page 1999-Aug-27 (http://www.epic.org/ - follow this link for the latest update): Latest News[August 27, 1999]

• EPIC has expressed its concern that a Federal Communications Commission (FCC) decision issued on August 27 could result in a significant increase in government interception of digital communications. In its decision, the FCC largely has adopted technical standards proposed by the Federal Bureau of Investigation (FBI) that would dictate the design of the nation's telecommunications networks. Included is a requirement that cellular telephone networks must have the ability to track the physical location of cell phone users. See EPIC's Wiretap Archive for background information. • On August 18, the U.S. Tenth Circuit Court of Appeals handed down a decision that erodes consumer control over telephone usage information. The court ruled that phone companies can sell or give consumer proprietary network information (CPNI) -- which includes the location, duration, and frequency of phone calls -- to telemarketers without the explicit permission of customers. The Federal Communications Commission has announced that it will appeal the decision. [...] from TPDL 2000-May-24, from Capitol Hill Blue, by Michael Hedges: Obscure Drug Law Could Expand Police Search and Seizure Powers Federal agents would have enhanced authority to search your house, vehicle or workplace without telling you, and take property without immediately informing you of what was seized if a proposed law passes Congress, critics charge. That would be one of the consequences of a seemingly innocuous bill designed to increase criminal penalties for the production or distribution of methamphetamine, according to both liberals and conservatives who have targeted the measure for defeat. The Justice Department backs the bill called the Methamphetamine Anti- Proliferation Act saying it provides, "important and necessary tools for deterring the spread of methamphetamine manufacturing and abuse in our nation," according to Assistant Attorney General Robert Raben. The bill was sponsored by Sen. Orrin Hatch, R-Utah, chairman of the Senate Judiciary Committee, whose staff said the law merely standardizes practices that already occur, but are handled inconsistently by federal judges. But a provision of the law that would allow police and federal agents to "delay giving notice" of the intention to serve a search warrant has drawn fire. What that means, according to a statement from the American Civil Liberties Union, is that, "the government could enter your house, apartment or office with a search warrant when you were away, conduct a search, seize or copy things such as your computer hard drive, and not tell you until months later." Marvin Johnson, the ACLU's legislative counsel, said, "If a man's home is his castle, this is a tunnel under the moat." That assessment is shared by Rep. Bob Barr, R-Ga., a former federal prosecutor, who said the controversial provision "would in very substantial ways change the law about notice of a search warrant being given. It would loosen two aspects of search warrants, when notice of a search had to be given and when a person had to be told of property seized." The proposed law was inspired by difficulties that federal anti-drug agents experienced in busting those processing "meth," a powerful stimulant that is the drug of choice among white teenagers in much of the country. Federal law already allows for so-called "sneak and peek" searches in which federal agents go into a suspected drug warehouse or laboratory and document their suspicions without immediately informing the occupants, said Jeanne Lopatto, a spokeswoman for the Senate Judiciary Committee. And, in limited cases, federal judges can approve wiretaps, listening bugs or tracking devices without the knowledge of the person being investigated. But there had been confusion about when such warrants are appropriate. The proposed law was designed to set a uniform standard for when federal courts could issue a search warrant, especially in drug cases, said Lopatto. "Our ultimate goal is cracking down on methamphetamine labs," she said. "It does nothing to lessen the standard for a search warrant. You'd still have to convince a court you have probable cause. This would allow a delayed notice, for a limited time, in cases where you want to prevent destruction of evidence, flight from prosecution or putting a witness in jeopardy." But the ACLU and Barr said the provisions of the bill, if they become law, would not be restricted to searches for suspected methamphetamine labs. Instead, they could easily be applied to any type of search for which a judge issued a warrant. "These provisions would apply generally; they have nothing to do with drug laws," Barr said. "They are not limited in any way, shape or form." The ACLU's Johnson said the law would make it much easier to get a search warrant that would allow federal agents to refrain from informing the subject of the investigation that property was taken. Now those warrants are granted under "highly unusual circumstances" when there is no other way to gather the evidence, he said. The bill has cleared the Senate and is scheduled to be considered by the House Judiciary Committee this week. If the House accepts the Senate version without changes, the bill could pass to the president to be signed into law soon. from WorldNetDaily, 1999-Aug-31, by Joseph Farah: The latest from Big Brother Attorney General Janet Reno, who brought you Waco, has a new plan to protect the federal government from the people. She wants the FBI to have the authority to break into the homes of those suspected of encrypting information on their computers, steal their hard drives and leave permanent bugging equipment behind. I'm not kidding. That's the latest Big Brother snooping plan from the Department of Injustice. What's most interesting about this proposal is not that it represents any significant breakthrough in the government's ability to snoop on you or me. The fact of the matter is that the FBI has the means and motive to accomplish such monitoring activities without entering our homes. The audacity of this proposal is that it would permit the government to snoop not on a few select individuals but on a massive number of citizens at bargain- basement costs "just in case" they might be up to something. You see, for a long time the technology has existed to pick up computer screen images and CPU and data transfers from as much as a mile away from the target using the radiated RF energy generated by a normal PC. The only problem, from the government's point of view, with such procedures is that they require a van, personnel, man-hours and about $15,000 worth of equipment. The easiest and cheapest way to do long-term surveillance on suspected "troublemakers" is to break into the home or office, copy the hard drive with the encrypted data, replace the keyboard connector with a radio transmitter and wait to capture the keystrokes with the help of a simple receiver with solid state storage in a telephone box or electric meter. The total equipment cost, according to one friendly hacker, would be less than $150. This is obviously a much cheaper method than continuous monitoring, which easily starts at $100,000 for a typical wiretap and monitoring personnel. So, you see, this plan is not intended, as Reno and the FBI would suggest, to help them monitor the activities of potential terrorists or drug kingpins. They already have the means to accomplish that. This is a plan to broaden its surveillance on you, me and everyone else concerned enough about privacy to use some form of encryption on computer-generated communications. The first assumption of this crowd in Washington is that people who attempt to protect their privacy must have something to hide. Their second assumption is that if they have something to hide, it is the government's right and duty to find out about it. This is about power -- the power to intimidate, the power to monitor, the power to read our very thoughts. I don't know how any intelligent observer could watch this renegade government in Washington without concluding that it is making big plans for massive population control. We're on the verge of a great leap into authoritarianism. America is not that far from totalitarianism. Fascism is just an emergency or two away. There are so many of these Big Brother eavesdropping and surveillance proposals coming down on us that it is nearly impossible to keep track of them, let alone mobilize opposition. I believe this is part of a deliberate strategy to overwhelm and demoralize those of us who are aware enough to fight back. Think about it. You know how effective the "scandal fatigue" strategy has been. So many have given up. So many have lost track. So many have lost interest. So many have missed the point. We've been overwhelmed with corruption so thick, you can't see the forest for the trees. The same is true with corrupt policies designed to curtail our freedom. Perhaps we will be successful at beating back one or two. But when they are coming at us by the dozens, what are the chances we as a people can preserve our freedom? So what hope is there for us? The only hope is to land a stunning blow to the forces of creeping fascism. The architects of such plans, not just the plans themselves, must be laid low. from the Washington Post p.A1, 1999-Aug-20, by Robert O'Harrow Jr.: Justice Dept. Pushes For Power to Unlock PC Security Systems Covert Acts Could Target Homes, Offices The Justice Department wants to make it easier for law enforcement authorities to obtain search warrants to secretly enter suspects' homes or offices and disable security on personal computers as a prelude to a wiretap or further search, according to documents and interviews with Clinton administration officials. In a request set to go to Capitol Hill, Justice officials will ask lawmakers to authorize covert action in response to the growing use of software programs that encrypt, or scramble, computer files, making them inaccessible to anyone who does not have a special code or "key," according to an Aug. 4 memo by the department that describes the plan. Justice officials worry that such software "is increasingly used as a means to facilitate criminal activity, such as drug trafficking, terrorism, white-collar crime, and the distribution of child pornography," according to the memo, which has been reviewed by the Office of Management and Budget and other agencies. Legislation drafted by the department, called the Cyberspace Electronic Security Act, would enable investigators to get a sealed warrant signed by a judge permitting them to enter private property, search through computers for passwords and install devices that override encryption programs, the Justice memo shows. The law would expand existing search warrant powers to allow agents to penetrate personal computers for the purpose of disabling encryption. To extract information from the computer, agents would still be required to get additional authorization from a court. The proposal is the latest twist in an intense, years-long debate between the government and computer users who want to protect their privacy by encrypting documents. Although Justice officials say their proposal is "consistent with constitutional principles," the idea has alarmed civil libertarians and members of Congress. "They have taken the cyberspace issue and are using it as justification for invading the home," said James Dempsey, senior staff counsel at the Center for Democracy and Technology, an advocacy group in the District that tracks privacy issues. Police rarely use covert entry to pave the way for electronic surveillance. For example, federal law enforcement agencies obtained court approval just 34 times last year under eavesdropping statutes to install microphones, according to the 1998 wiretap report issued by the Administrative Office of the Unites States Courts. David L. Sobel, general counsel at the Electronic Privacy Information Center, predicted the number of secret break-ins by police would soar if the proposal is adopted because personal computers offer such a tantalizing source of evidence for investigators -- including memos, diaries, e-mail, bank records and a wealth of other data. "Traditionally, the concept of 'black bag' jobs, or surreptitious entries, have been reserved for foreign intelligence," Sobel said. "Do we really want to alter the standard for physical entry?" The proposal follows unsuccessful efforts by FBI Director Louis J. Freeh and other Justice officials to secure laws requiring computers or software to include "back doors" that would enable investigators to sidestep encryption. Those proposals, most notably one called Clipper Chip, have been criticized by civil libertarians and have received little support in Congress. In a snub of the administration, more than 250 members of Congress have co- sponsored legislation that would prohibit the government from mandating "back doors" into computer systems. "We want to help law enforcement deal with the new technologies. But we want to do it in ways that protect the privacy rights of law-abiding citizens," said Rep. Robert W. Goodlatte (R-Va.), who originally sponsored the legislation, known as the Security and Freedom Through Encryption Act. Goodlatte said the Justice Department's proposal might upset the "very finely tuned balance" between law enforcement power and civil liberties. But Justice Department officials say there is an increasingly urgent need for FBI agents and other federal investigators to get around encryption and other security programs. "We've already begun to encounter [encryption's] harmful effects," said Justice spokeswoman Gretchen Michael. "What we've seen to date is just the tip of the iceberg." The proposed law also would clarify how state and federal authorities can seek court orders to obtain software encryption "keys" that suspects might give to others for safekeeping. Although few people share such keys now, officials anticipate that they will do so more often in the future. Administration officials played down the potential impact on civil liberties. In interviews, two officials said the law would actually bolster privacy protections by spelling out the requirements for court oversight of cyber-surveillance and the limits on how information obtained in a search could be used. "The administration is supportive of encryption. Encryption is a way to provide privacy, but it has to be implemented in a way that's consistent with other values, such as law enforcement," said Peter P. Swire, the chief White House counselor for privacy. "In this whole debate, we have to strike the right balance." Computer specialists predict that people under investigation will take countermeasures. "It's 'Spy vs. Spy,' " said Lance Hoffman, director of the Cyberspace Policy Institute at George Washington University, who praised the administration for raising the issue but expressed skepticism about the proposal as it was described to him. "I'd be leery if I were the government. . . . They have to be real careful," he said. from TPDL 2000-Jul-29, from The Libertarian, by Vin Suprynowicz: They're reading our mail Congressfolk from both sides of the aisle unloaded on the FBI in Washington hearings Monday, airing concerns about the agency's ability to tap into just about anyone's e-mail by deploying the new "Carnivore" sort-and-read software in the offices of any Internet Service Provider (ISP.) FBI Assistant Director Donald M. Kerr testified Carnivore has been deployed 16 times this year -- and 25 times since it was first developed two years ago -- primarily to investigate suspected cases of folks using the Internet to organize ventures in child pornography, terrorism, and credit card fraud. But are we to believe an FBI unit with a warrant to investigate some specific person or organization for planning "terrorism" won't end up sorting and reading the e-mail of scores or even hundreds of innocent Americans -- perhaps because they merely receive mail from the party being investigated, deleting it unread? And if, as their voracious software sorts for and locates "key words" referring to taxes, firearms, interest rates, or sexual activities, they stumble across correspondence not under the original purview of their investigation, but which their finely-honed "law enforcement instincts" tell them appears "suspicious" or merely "interesting" ... we're expected to believe their supervisor will tell them "No no, purge that message from your system, and all record of who sent it; we're only authorized to investigate this one porno ring, not to take note of people moving their income offshore out of sight of the IRS," or "We're only looking for this one particular set of terrorist bombers, that cross-talk e-mail from someone mentioning he's come across an unregistered Thompson gun is none of our business"? Oh. Sure. FBI and Justice Department witnesses stressed to committee member John Conyers, D-Mich., that it would be a violation of federal law for an agent to abuse the intelligence-gathering ability of Carnivore to collect information about non- suspects. "They're not going to unilaterally break the law," promised Tom Talleur, a former federal law enforcement official. "If they do, they're going to jail." Well, don't we all feel safer now? Like that incident in which the Clinton White House hired a couple of barroom bouncers to pore through hundreds of secret, raw, FBI files on the Clintons' political enemies, looking for anything that could be used against them -- remember that? How many people are now serving time for that violation? How many FBI personnel have ever gone to jail for listening to the wrong phone conversations while engaged in an authorized wiretap? How many IRS agents, for perusing secret tax records on their lunch hours, just for fun? Refresh our memories, Mr. Talleur. This technology is insidious. The question is not whether it will be misused to purposely create a chilling affect on political dissidents -- or to enforce the unconstitutional monopoly of the FDIC over many commercial and banking activities -- or to gather information of a sexual nature for potential political blackmail -- or to help the IRS track down those with new strategies for tax avoidance. So long as federal agencies are authorized to investigate such things, the question is only how often, and when. And for all their bellowing and table-pounding for the benefit of the galleries, we shouldn't hold our breaths expecting Rep. Conyers' committee -- or any other current power in the Congress -- to much shorten their chains. The Constitution never envisioned any federalized domestic police force. We are now learning why. Few genies are ever put back in their bottles. No technological "fix" is likely to pull the teeth of "Carnivore" for long. If the congressmen mean to restore our privacy, they must vastly reduce the number and size of these federal agencies, back to the minimal level necessary to deal with actual, documentable, incidents of foreign-based terror and espionage. Until that time -- though encryption for privacy is probably worth a try -- the best advice in today's America, unfortunately, is to assume that someone is, indeed, "reading your mail." from TPDL 2000-Jul-21, from the Washington Post p.A1, by John Schwartz: Republicans Oppose FBI Scrutiny Of E-Mail The Clinton administration's plans for policing the Internet are running into sharp opposition from Republican leaders in Congress, who say the government is overstepping laws intended to protect citizens' privacy. The controversy focuses on "Carnivore," the FBI-designed e-mail-sniffing system that allows law enforcement officials to sift a suspect's messages out of the full stream of data passing through an Internet service provider. Critics object to the fact that the system sorts through the communications of innocent people in order to monitor suspects. "Nobody can dispute the fact that this is not legal . . . within the context of any current wiretap law," said House Majority Leader Richard K. Armey (R-Tex.). Hearings about Carnivore and another system developed earlier by the FBI, code-named "Omnivore," are scheduled for Monday before the House Judiciary subcommittee on the Constitution. Carnivore is only one of a number of initiatives that the Clinton administration is pursuing to ensure that law enforcement officials will be able to use wiretaps in the online world. But their authority is unclear because many laws governing wiretaps never envisioned the kinds of technological changes now taking place. FBI officials have said they are not seeking new capabilities in the online world but are simply trying to preserve their ability to monitor criminal activity, a capability that is being eroded by the growing use of new technologies such as encryption, cell phones and wireless message devices. The Carnivore system, they argue, actually protects privacy because it can be configured to identify only the senders and recipients of the suspect's e-mail, giving law enforcement an Internet equivalent to the "trap and trace" systems that are commonly used in telephone monitoring. The system selects only the data related to the criminal suspect, officials said, so that human reviewers see only what the machine has culled. The chief objection to Carnivore technology, said Albert Gidari, executive director of the Internet Law and Policy Forum, is that it resembles what is known in the telephone world as a "trunk side" wiretap--that is, a monitoring system that takes in all communications running through a telephone office to find the calls related to a suspect. Congress rejected the use of trunk-side wiretaps more than 30 years ago because they mix the communications of the innocent with those of suspects, Gidari said. "The privacy advocates are never satisfied," countered Amitai Etzioni, a George Washington University professor and author of "The Limits of Privacy." Etzioni said technologies such as Carnivore will prove to be important tools for law enforcement. As long as the checks and balances that now protect citizens from unreasonable wiretaps are in place, Etzioni said, technologies such as Carnivore should be used in the same way telephone taps are. The alternative, he warned, is to say, "It's a new world--they can get away with murder." Some of the most significant initiatives by law enforcement focus on ensuring that the Internet not become an enforcement-free zone. Last year, for example, FBI officials encouraged makers of Internet equipment to ask the Internet Engineering Task Force, the programmers who design and maintain the technologies underlying the Internet, to add wiretap-friendly features to next- generation Internet technologies. The IETF and Internet service providers have challenged such efforts, which they see as an FBI move to extend the wiretap powers granted to the agency in the Communications Assistance to Law Enforcement Act of 1994--a law that specifically excluded the Internet. Even the FBI's recent objection to the merger between Japanese-owned Nippon Telegraph & Telephone Corp. and U.S. Internet provider Verio Inc. could be related to the Internet wiretap plan. Neither the FBI nor the companies are talking about the objection, which is ostensibly based on national security concerns. But sources familiar with the case say that much of the focus of the FBI's complaint is about preserving wiretap capabilities when an Internet service provider (ISP) is foreign-owned. In the wake of the Carnivore controversy, White House Chief of Staff John D. Podesta announced Monday that the administration would soon propose legislation that would "harmonize" the laws of wiretapping across the many technologies by which people communicate--telephone, dial-up modem, high- speed broadband access and more. To Gidari, it was an admission that the administration had been overstepping. "Basically, what he said is, 'We've been operating surveillance on the bleeding edge of the law with sort of a wink and nod to the existing procedures designed for telephones,' " Gidari said. "It's the wrong way to make surveillance law." But Peter Swire, privacy counselor to the president, said Podesta's speech contained no such admission--and argued that the rules are being proposed precisely to ensure that the balance is maintained between law enforcement needs and privacy rights. "Carnivore has raised serious privacy issues and demonstrates the need for strong privacy protections and law enforcement accountability," Podesta said through a spokeswoman. "The administration's proposals are aimed directly at stronger legal protections for electronic communications privacy." Armey said Congress was ready to consider the kinds of rules that Podesta talked about Monday. "We have a Congress that is anxious to work with them toward that end. But in effect, they have said, 'We're going to go on our own and not wait for the technology or the Congress to catch up with our desires to be cyber-snooping.' That's a dangerous thing for us to allow to go along unchecked," Armey said. The most troubling problem with Carnivore, Armey added, is the psychological effect on citizens: "There is an erosion of trust in the government." Sen. Patrick J. Leahy (D-Vt.), long a staunch privacy advocate, said the FBI has made a convincing case on the need for technologies such as Carnivore. "The law authorizes the FBI to seek court orders for wiretaps or to scout for address information in a suspected criminal's e-mail. If an ISP says it will not or cannot execute the order, what is the FBI supposed to do?" Leahy asked. "Carnivore is a like a car," Leahy said. "It can be useful, or it can be abused. What counts are the rules of the road and the license we give the driver." An ISP owner who will be testifying at Monday's hearing said, "I would never permit it to be put on my system." Peter Sachs, who owns a small New Haven, Conn.-based ISP, Iconn.net, said outside equipment threatens his customers' security. He thinks the ISPs should be responsible for turning over the information sought by the FBI. "I have no objection whatever to cooperating with law enforcement agencies in the pursuit of an investigation," Sachs said. "My only objection is they want to do the work rather than us having to do the work for them--and no one knows my system better than me." from BBC News, 2000-Jul-20: Peers pass e-mail interception bill The bill gives the security forces unique powers Plans to allow the security services to intercept private e-mails have passed the House of Lords. But the bill only gained the approval of peers after ministers agreed to another significant change to the widely criticised bill. On Wednesday, ministers put in place a new safeguard allowing business to sue the security services if their confidentiality was breached as a result of the interception of e-mails. Under the bill companies are required to surrender encryption keys to the authorities during the conduct of an investigation. Material taken will be held by MI5, under strict security conditions. 'Zombie legislation' Responding to the news, Caspar Bowden, director of the Foundation for Information Policy Research, an Internet policy think-tank, said the legislation would leave the UK as the only European nation where the government had the power to seize encryption keys from businesses. Although welcoming the changes made by peers on Wednesday, Mr Bowden said the bill was still seriously flawed. "It's Zombie legislation. Although clinically dead with macabre wounds, it still lumbers on menacing both individual privacy and commercial confidence" Increased regulation Tighter regulation of the measures contained in the Regulation of Investigatory Powers Bill has also been put in place. Police will now be required to inform a judge within seven days of serving an order on a company. Other changes to the bill will see a Technical Advisory Board oversee the installation of intercept capabilities at internet service providers. The cost of this will be partially borne by the government, which has already set aside £20m for the purpose. Most of the changes to the bill had been forced by an alliance of Conservative and Liberal Democrat peers. Tory peer Lord Cope said much had been done to mitigate the worst aspects of the bill but he added: "It has been done too much in haste." The bill, which ministers say is necessary to allow the authorities to combat criminals' use of technology, now returns to the Commons for its final stages. from TPDL 2000-Jul-17, from Science News, by P. Weiss: Magnifier May Crack Crimes, Crashes Presidencies have teetered because of information captured on audiotapes. Tape-recorded evidence of Richard Nixon's Watergate misdeeds led to his 1974 resignation. More recently, information gathered secretly on tapes in the Monica Lewinsky scandal almost unseated President Clinton. A device under development by government scientists in Colorado may soon help investigators both judge the authenticity of magnetically recorded evidence and glean information from magnetic media that have been damagedintentionally or otherwise. David P. Pappas of the National Institute of Standards and Technology (NIST) in Boulder and his colleagues have come up with a microscope that can reveal the landscape of magnetic bumps and dips found on recorded audiotapes, floppy disks, and other sorts of magnetic media. The instrument, a type of so-called magnetoresistive microscope, slowly and repeatedly passes a sample piece of tape or other medium under a tiny read-write head from a computer hard drive. As the sample moves back and forth, the head detects the strength and direction of the magnetic field at millions of points. A computer then can make a topographic image from the data or interpret the data directlyinto sound, for instance. Physicists at the University of California, San Diego invented the first scanning magnetoresistive microscope in 1996, primarily as a tool for the hard disk industry. The Colorado researchers have adapted the device for forensic use in collaboration with the FBI and the National Transportation Safety Board. Investigators of an airplane crash or explosion may want to play back "little scraps of tape," such as cockpit-recorder tape, says the microscope's codeveloper Stephen D. Voran of the Institute for Telecommunication Sciences, also in Boulder. In one proof-of-principle test, the researchers recovered a second of music from a fragment of abused tape. The team has also read digital data encoded in a tape snippet from a flight-data recorder, or black box. The swaths of magnetic field recorded by ordinary tape deck heads are hundreds of times wider than the microscope's head requires. So, even if much of a tape's surface is destroyed, the new instrument might still find a meandering path that retains the original signal, says Pappas. "Imagine a motorcycle driving around potholes," he suggests. An erase head leaves some inaudible marks on tape that may indicate tampering. The new device shows such telltale marks in more detail than the current technique, which uses magnetic fluid, the researchers say. However, a bigger question is whether erased data can be recovered. "Only more experiments will tell," Pappas says. So far, only NIST and the FBI have prototype instruments. "We're very excited about its potential," says FBI agent James Ryan, unit chief of the agency's Forensic Audio/Video & Image Unit in Quantico, Va. The FBI has eagerly sought an alternative to magnetic fluid because the fluid ruins digital tapes and disks. The new magnetoresistive microscope is the only tool that Ryan knows of that might help investigators detect certain manipulations of those media, he says. Ryan expects to attend a meeting this fall on the infamous 18 1/2-minute gap - an erased section of the Watergate tapes. The keepers of the Nixon tapes at the National Archives and Records Administration in College Park, Md., are considering whether to reexamine the tape gap with new technologies. Ryan says he thinks the new microscope could be among them. from TPDL 1999-Jun-30, from the Washington Post 1999-Jun-27 p.A1, by Robert O'Harrow Jr.: Uncle Sam Has All Your Numbers As part of a new and aggressive effort to track down parents who owe child support, the federal government has created a vast computerized data- monitoring system that includes all individuals with new jobs and the names, addresses, Social Security numbers and wages of nearly every working adult in the United States. Government agencies have long gathered personal information for specific reasons, such as collecting taxes. But never before have federal officials had the legal authority and technological ability to locate so many Americans found to be delinquent parents - or such potential to keep tabs on Americans accused of nothing. The system was established under a little-known part of the law overhauling welfare three years ago. It calls for all employers to quickly file reports on every person they hire and, quarterly, the wages of every worker. States regularly must report all people seeking unemployment benefits and all child-support cases. Starting next month, the system will reach further. Large banks and other financial institutions will be obligated to search for data about delinquent parents by name on behalf of the government, providing authorities with details about bank accounts, money-market mutual funds and other holdings of those parents. State officials, meanwhile, have sharply expanded the use of Social Security numbers. Congress ordered the officials to obtain the nine-digit numbers when issuing licenses - such as drivers', doctors' and outdoorsmen's - in order to revoke the licenses of delinquents. Enforcement officials say the coupling of computer technology with details about individuals' employment and financial holdings will give them an unparalleled ability to identify and locate parents who owe child support and, when necessary, withhold money from their paychecks or freeze their financial assets. "They never get away from us anymore. It's just wonderful. . . . What you're trying to do in child support is build a box, four walls, around a person," said Brian Shea, the acting executive director of child-support enforcement in Maryland. "It has in some ways revolutionized this business." But privacy experts and civil libertarians say the scope of the effort raises new questions about the proper line between aggressive public policy and intrusive government snooping. In pursuing an objective that is almost universally applauded, the government has also created something that many Americans have staunchly opposed: a vast pool of fresh personal information that could be used in a variety of ways to monitor their lives. "What you have here is a compilation of information that is much better and more current than any other data system in the U.S.," said Robert Gellman, a lawyer and privacy specialist in the District. "All of the sudden we're on the verge of creating the Holy Grail of data collection, a central file on every American." Already lawmakers, federal agencies and the White House have considered expanding the permitted aims of the system to include cutting down on fraud by government contractors, improving the efficiency of the government and pinpointing debtors, such as students who default on government loans. Under the system, every employer must send information about new hires and quarterly wages to state child-support agencies. State officials gather the data, along with information on unemployment benefits and child-support cases, and then ship it to computers run by the Administration for Children and Families. ACF officials then use computers to sort and send back to state authorities reports about people obligated to pay child support. Government officials say the system is safe, accurate and discreet. They also say it is secure. Because it has, among other safeguards, systems that confirm the accuracy of Social Security numbers, officials say it will not intrude into the lives of most people. An examination of the program, however, shows that government officials have downplayed or overlooked a variety of privacy and security concerns as they worked to meet congressional deadlines. The computer system that houses much of the data at the Social Security Administration "has known weaknesses in the security of its information systems," according to a Dec. 31 report by the General Accounting Office. And authorities have not studied the frequency of mistakes that might arise from incorrect data, even though the system will enable local child-support enforcement officials to routinely freeze a parent's assets without an additional court hearing. Few people know about the system, even though it was created through one of the signature acts of Congress and the Clinton administration - the Personal Responsibility and Work Opportunity Reconciliation Act of 1996, the law that ended the federal guarantee of welfare payments. Much of the congressional debate and news coverage at the time focused on the broad policy and political implications of the new law. Officials have not publicized their ability to obtain financial information because they do not want to alert delinquents to the ability of enforcement workers to seize or freeze financial assets, according to Michael Kharfen, spokesman for the federal Administration for Children and Families, which administers the program. "We're setting aside some of the courtesies in order to accomplish what we're trying to do," said Kharfen, who described the network as an "unprecedented, vast amount of information that is updated constantly." He added: "This is about getting financial support to the kids." A Boost for Some When welfare reformers on Capitol Hill and the White House approved the system in 1996, their aim was to cut down welfare spending by boosting child- support payments. They had in mind people such as Stephanie Dudley and her son Robert, who live in Farmington, Minn. Robert's father had split up with Dudley shortly after the boy was born and drifted from place to place. He owed $350 a month in child-support payments, but it was hard tracking him down and getting him to pay. Officials found Robert's father - and then started withholding money from his paycheck - after a new employer in Pennsylvania reported him to the network. "I literally was living from check to check," Dudley said. "I mean, that money literally put shoes on the kid's feet, helped pay the rent." Kathy Robins of Tazewell, Va., and her 7-year-old son, Dwight, never received court-ordered child support until the system turned up his father in North Carolina. Now she gets about $120 a month, money she plans to use to pay for a babysitter this summer. "It'll help," she said. "I mean, it's better than I was getting before, which was nothing." Child-support advocates contend that fears about privacy are overblown when weighed against such successes. As of 1997, the latest year for which figures available, more than 7.4 million delinquents owed more than $43 billion in past child support. The system has helped boost support payments from $12 billion in 1996 to $14.4 billion last year, officials said. And in 1997, the burgeoning system helped enforcement programs locate more than 1.2 million delinquents. The system is essentially an electronic dragnet. It collects the names, Social Security numbers and other data about every newly hired employee in the nation from employers, who also must provide pay reports for most wage-earning adults. States ship along the names and other identifying information of people who receive state unemployment insurance. The Administration for Children and Families, a part of the Department of Health and Human Services, serves as a sort of clearinghouse that automatically matches all of that information against a file of nearly 12 million child support cases to locate parents obligated to pay support. Then the agency provides information about those parents - no matter whether they are behind on payments - to the appropriate state enforcement workers. The idea is to track the parents across state lines. Supporters of the system note that Congress explicitly restricted access to it. Those authorized to use the information include the Social Security Administration, which can use the directory of new hires to verify unemployment reports; the Treasury Department, which can use it to cross-reference tax- deduction claims; and researchers, who gain access only to anonymous data. Next month, financial institutions that operate in multiple states - such as Crestar Financial Corp., Charles Schwab & Co. and the State Department Federal Credit Union - will begin comparing a list of more than 3 million known delinquents against their customer accounts. Under federal law, the institutions are obligated to return the names, Social Security numbers and account details of delinquents they turn up. The Administration for Children and Families will then forward that financial information to the appropriate states. For security reasons, spokesman Kharfen said, the agency will not mix the financial data with information about new hires, wages and the like. Bank account information will be deleted after 90 days. In a test run this spring, Wells Fargo & Co. identified 72,000 customers whom states have identified as delinquents. NationsBank Corp. found 74,000 alleged delinquents in its test. Later this year, smaller companies that operate only in one state will be asked to perform a similar service. Officials say most of these institutions will compare their files against the government's. But some operations that don't have enough computing power - such as small local banks, credit unions and securities firms - will hand over lists of customers to state officials for inspection. States can then administratively freeze the accounts. In California, more than 100 financial institutions have already handed over lists of all their depositors to state officials, including names, Social Security numbers and account balances, a state official said. "This is a major leap forward," said Nathaniel L. "Nick" Young Jr., director of child-support enforcement in Virginia, who estimates that more than 200,000 Virginia parents owe up to $1.6 billion in past support. "We are now into the electronic age." A New Standard Civil liberties activists say it would be a mistake to consider the system solely in terms of finding bad parents and making them pay up. They worry that the network - a massive expansion of earlier child-support efforts - sets a new standard for data surveillance by using computers to cross-reference hundreds of millions of personal records about Americans. Over the past quarter-century, since the Privacy Act was enacted in 1974, the federal government has tried to place limits on how its officials could compare databases to find or profile people. And in general, the government was supposed to limit data collection about people who paid taxes, received a federal benefit, served in the military or tangled with the judicial system. Critics say this new effort leaps beyond those practices by systematically creating centralized files about workers, wages and families, and sifting through those files to find a relatively small number of suspected deadbeats. The new registry of child-support cases, for example, now requires the names of all parents and children involved, even if they do not receive public assistance or ask for help in getting a problem resolved. The registry has information about nearly 12 million families. There is also concern about the government's reliance on private employers and financial institutions to watch citizens. A proposal last year to require banks to routinely track customer transactions for signs of criminal activity prompted an outpouring of protest. Regulators ditched the plan, called Know Your Customer, this spring after acknowledging they had misstepped. Critics say this system in essence asks banks and other financial companies to do the same thing. "It really starts to blur that line between the government and the private sector," said Deirdre Mulligan, staff counsel at the Center for Democracy and Technology, a privacy and civil liberties advocacy group in the District. A review of the swift development of the system has turned up still other questions about whether the government paid enough attention to privacy particularly at a time when the issue has become a flash point in public policy debates across the country. As the system was phased in, officials posted federally required notices only in the Federal Register. No additional information has been added to W-4 forms that people must fill out when taking a new job. Linda Ricci, a spokeswoman for the Office of Management and Budget, defended the approach. She said people received notice when the program was publicly debated by Congress before its approval in 1996. She said existing language on the W-4 forms "makes clear the data will be shared with law enforcement for a variety of purposes." In addition to the issues raised by the GAO about the security of computer systems gathering and transmitting personal information, the systems in about a dozen states also have not been certified by federal officials as meeting security and privacy guidelines. But government officials say they are confident the security is adequate. Ricci noted that the GAO based its report on a private audit conducted at the request of the Social Security Administration. It found no security breaches, she said, and the agency has taken many steps to address concerns. Officials in OMB and the Administration for Children and Families sought to allay fears about mistakes. While acknowledging they have no idea about the likely rate of errors because no study was conducted, officials said the program verifies the accuracy of any Social Security numbers before sending data along to the states. In addition, officials said, individuals in every state will have an opportunity to appeal administrative actions. Virginia, for instance, will give parents up to 10 days before seizing assets, a state official said. Critics wonder what might happen to someone who is away on vacation or business. "A Social Security number is not a bullet-proof identifier. There are always going to be mistakes," said Mary J. Culnan, a business professor at Georgetown University's McDonough School of Business, who drew an analogy to problems with the accuracy of credit reports in the early 1990s. Finally, the operation appears to be at odds with the Clinton administration's recent push to make privacy a priority. Last month, Clinton called on banks and other financial institutions to give consumers more control over how their information is gathered and used. "President Clinton believes that consumers deserve notice and choice about the use of their personal information," said a White House memo about the event. Ricci said the administration distinguishes between data collection efforts by government for issues such as child support and those of business. "There's no opting out for law enforcement. Individuals don't have an option about paying taxes or court-ordered child support," she said. "That's just the law." Critics Unappeased The assurances of such officials do little to assuage the fears of people who worry about the potential ills of having a government that closely monitors its citizens. Taylor Burke, vice president of Burke & Herbert Bank & Trust Co. in Alexandria, said he doesn't believe banks should be asked to watch their customers so closely on behalf of the government. "We're all good citizens. But it doesn't mean we spy on our neighbors," Burke said. "It's really scary." Such anxieties have been underscored by mistakes child-support enforcement workers have made in recent years. Last year, officials in Virginia had to apologize to 2,300 parents for misidentifying them as delinquent and announcing they would lose their hunting and fishing licenses. Officials attributed the mistake to a computer programming error. "We're not perfect," a state official said at the time. California officials also misidentified hundreds of men after it began the federally mandated, data-driven crackdown on deadbeats. In some cases, they confused men who had similar names. "In my estimation, this is going to be nothing more than a huge invasion of privacy," said James Dean of Oshkosh, Wis., who was unable to get a fishing license because he refused to provide his Social Security number. Connie White, the system-development manager for the Virginia division of Child Support Enforcement, said she understands such qualms. But she believes the system is ultimately in the best interests of society. "I have problems with the Big Brother concept myself," White said. "But the need for people to support their children far outweighs their need for privacy." Wade Horn, a former official in the Administration for Children and Families, agrees about the need to improve child support. But he is far from certain about the right balance between government action and individual privacy. "What we're now going to do is put a system into place that will track the earnings and comings and goings of the entire adult population of the U.S.," said Horn, head of a fathers' rights group in Maryland. "In a free society, we should always be on the lookout for the possibility we do harm through good intentions." from TPDL 2000-Mar-27, from Scripps Howard News Service, by Michael Arnold Glueck and Robert J. Cihak: Privacy and medical privacy (March 27, 2000 12:12 a.m. EST http://www.nandotimes.com) - Did you know the federal government is making new rules about who can look at your personal medical records? These rules will make it easier for a wide range of individuals and groups to see your medical information - without your knowledge. To fulfill part of the Health Insurance Portability and Accountability Act of 1996, the U.S. Department of Health and Human Services published the "Proposed Rule Making for Standards for Privacy of Individually Identifiable Health Information." More than 150,000 words are squeezed into the final 148 pages of fine print. Final regulations will be published soon and will have the force of federal law. Americans should consider two important questions about what those pages contain: Will you or the government decide who has access to your medical records? Under the proposed regulations, it will be the government. Who can look into your electronic medical records - including genetic information - without getting your OK? Again, the government. In many cases, nobody will even have to ask you if the government can give out your personal medical information. The government would also make it easier for its own bureaucrats to look into your medical records without your permission. Any government agent claiming a "national priority purpose" can poke around in your most private medical details. The proposed regulations do have some penalties for lawbreakers. But you won't be able to sue anybody breaking this law; all power to sue or prosecute is reserved to the government itself. The government will keep any penalties or fines collected by the government for the breach of your personal privacy. As physicians, we know that many patients request that certain parts of their medical history not be recorded in official records. Now it's up to bureaucrats, behind closed doors, to finally decide whose comments are important enough to take seriously. Will they carefully consider your comments? How will they weigh the conflicting demands of special interest groups? Only those with very special access will know. It will be up to the American people to let elected public officials, including the president and those in Congress, know what to do to protect medical privacy. The government already has access to your credit records and your files at the IRS and FBI. Do you want the government to also know what's going on in your body? We suggest that you will be able to control your own private medical information only if: (1) the government enforces, not eliminates, your right to require your consent before your personal medical information can be given out; (2) you are not forced to accept a "unique health identifier" for tagging and tracking your medical records electronically; and (3) finally, that you should have the right to sue if anyone, including a government official, abuses your privacy and breaks the law. You should be compensated for invasion of your privacy, not the federal government. There is not a person or family among us who directly or indirectly does not have some private and personal health issues that he or she might not wish to share with the entire world. Such conditions could include a wide range of conditions such as mental illness, disability, cerebral palsy, retardation, herpes and genetic disorders. Will your future education, job, mate, and insurance policies be decided on the basis of information given out under force of law? Do you want to lose control of your medical history, lab studies, diagnostic tests like CT or MRI and perhaps your unique DNA structure? We hope not. Michael A. Glueck, M.D., is a Newport Beach, Calif., physician/writer who has published extensively on health care issues. Robert J. Cihak, M.D., is a health- care consultant in Washington State and is president-elect of the Association of American Physicians and Surgeons. from MSNBC, 1999-Sep-27, by Paul Somerson, PC Computing/ZD Net Why you should get a chip implant Capabilities would make life so much better - or would they? Sept. 27 - How'd you like to avoid waiting in lines for the rest of your life? Breeze through everywhere like you owned the place. Watch lights snap on, doors open automatically, money pop out of ATMs as you approach. Never have to show an ID, buy a ticket, carry keys, remember a password. You'd leave stores loaded with packages and waltz right past the cashiers. You wouldn't have to carry a wallet. Ever. Family and friends could find you instantly in any crowd. There's only one catch - you'd need to have a tiny little chip implanted in your body. No big deal. Just ask Kevin Warwick, a British professor who had a silicon- based transponder surgically inserted into his forearm last year. You'd think from all the attention that the natty professor was jacking chips into his brain like some cheese-ball sci-fi android. Truth is, his modest implant simply turned him into a walking EZ-Pass. Warwick's gizmo - a coil of wire and a few chips embedded in a small glass capsule about a tenth of an inch wide and a little less than an inch long - generates a 64-bit number when zapped by an RF transmitter. A receiver then looks it up in a database. Animal shelters have implanted millions of these electronic IDs in cats, dogs, and birds. Metal tags can fall off, and tattooed numbers could be placed anywhere and are often hard to find - who wants to play slap-and-tickle with a snarling rottweiler? A lot of us carry similar mechanisms inside ID cards, to open doors. But these can get lost, forgotten, or stolen and misused. And biometric devices like retinal scanners and fingerprint sensors are intrusive and imperfect. Besides, people have been sticking all sorts of things in their bodies for years - pacemakers to fix broken hearts, silicone to perk up skinny chests, Norplant to prevent third-world countries from becoming fourth-world ones. Consider the benefits. It would end password PINsanity forever. Sensors would wave chipped consumers through checkout lines and tollbooths. Contractors would build implant-friendly homes and offices with Gatesian gimmicks that could customize temperature, background music, and even images on wall-size flat- screen displays as you move from room to room. It would help sort out newborn babies, Alzheimer's patients, amnesiacs, comatose (or worse) accident victims, and military casualties. In fact, there's an entire paranoid-delusional faction out there that believes the government is already chipping soldiers and prisoners. And kidnap-prone executives are supposedly implanting tiny Lo-Jack devices to track their movements. Internal chips could measure irregular heartbeats and blood-sugar levels in diabetics. Or, as Warwick points out, chips could sense muscular movements so you could play air guitar, type on virtual air keyboards, move invisible mice. And Warwick won't make a lot of new redneck friends with his suggestion that gun buyers first get chipped before their weapons are delivered. Computers are rapidly evolving into Internet terminals. When your chip goes in, you'll be able to walk up to any terminal in any office and log on instantly. Incoming phone calls and faxes will automatically be routed to wherever you happen to be. Of course, employers could also log your time in the john or at the water cooler. If you don't think you're already being monitored, you're naïve. Your credit cards, telephone bills, supermarket club cards, Internet purchases and public records like home purchases and car licenses already do a pretty good job. How will they convince people to implant these chips? First, they'll hype the convenience of leaving your keys, credit cards and money at home. Then they'll automate everything from cash registers to tollbooths so if you're chipped you can zoom through in a digital carpool lane. Me, I'll wait. from the Associated Press, 1999-Oct-27, by Amy Beth Graves, AP Writer: Insurance Co. Monitoring Drivers CLEVELAND (AP) - The lure of saving up to one-fourth off their premiums has some drivers subjecting their behind-the-wheel habits to the scrutiny of their auto insurer via a ``black box'' installed in their car. Progressive Insurance Co., the nation's fifth-largest auto insurer, has placed hundreds of monitoring devices in customers' vehicles to measure how much they drive, when and where. The customers, all in Texas, volunteered for the 14-month-old test program, which the suburban Cleveland company calls Autograph and charges extra for. The incentive is that customers can save up to 25 percent on insurance rates tailored to their individual driving habits rather than broad estimates. The company expects to benefit by getting new business from consumers who like the idea of having some control over their insurance rates and saving money, said Bob McMillan, Progressive's director of consumer marketing. But privacy advocates said they were concerned that use of the black boxes could be expanded. The device's patent describes a system of onboard sensors that could track whether a driver signals before turning, tailgates or stops so sharply that anti-lock brakes engage. McMillan says that once a month, the company's computer calls the device in the car and uploads the information it has collected. ``There could be a high degree of interest from the government in getting access to this type of data. It could be used for litigation between private parties or by law enforcement. You can't create a swimming pool of data without putting a fence around it,'' said Deirdre Mulligan, spokeswoman for the Center for Democracy and Technology, a free speech and privacy group. Progressive does not plan to release any of its driving records to marketers unless they are ``consumer friendly and the customer agrees,'' McMillan said. The company won't say if it is going to expand the test beyond Texas, but McMillan said there are no immediate plans to change the scope of what is monitored. ``The product's working right now. It's easy to understand and we wouldn't want to complicate it,'' he said. Rolling out a nationwide plan would be time consuming because insurance regulations vary from state to state. Progressive started the program in Texas because it isn't subject to state regulation there. The cost for participating is $1 per month for one car and $15 per month for each additional car, plus installation charges, which Progressive would not give figures for. The black boxes are another in a long line of technology that lets consumers gain savings, safety or convenience in exchange for giving up information about where they travel or what they buy. For example, some toll booths have sensors to read monthly passes and video cameras to catch violators. Robert Ellis Smith, publisher of the monthly newsletter, Privacy Journal, said he was concerned about people being observed more than ever. ``It's not just the disclosure of information, it's the effect of one's psyche of being tracked all the time,'' he said. Progressive makes customers aware of any privacy concerns by having them sign a contract, McMillan said. ``When we talked to consumers, most had a privacy issue, but when we told them that data would be used to help them save money and used only in a specific way, they agreed,'' McMillan said. Other insurance companies probably will be reluctant to try such a non-traditional approach to calculating rates, said Jim Jones, spokesman for the non-profit Insurance Institute of America based in Malvern, Pa. ``Companies have had their own systems in place. They have a legacy of systems that they've invested a lot of money into, and you're not going to see a lot of shift in that overnight,'' he said. ``I think they'll take a wait-and-see approach.'' from TPDL 1999-Sep-25, from New Scientist: Caught on camera You can run, but you can't hide. Big Brother can recognise your face even if you're in disguise, says Nick Schoon EVERY DAY, EVERY MINUTE, video cameras scan the crowds in a busy shopping centre. But this is no ordinary public surveillance system. The faces of all those passers-by are being converted into digital code and processed by computer. Continuously, instantaneously, the facial code of each stranger is compared with that of several dozen local criminals. If there is a match, an alarm sounds in a control room, a human operator double-checks the computer's assessment and alerts the police. Someone they want to keep tabs on, or someone they want to arrest, is in town... This is not a scene from some Orwellian future. The system has been running for a year on the streets of Newham in East London -- the first trial of its kind in the world. And the potential this kind of system doesn't stop there. Last month, several large stores in Regent Street, London, began using a system that includes a database of convicted shoplifters who operate in the area. When a store detective catches someone they think has been stealing and takes them to the manager's office, a camera mounted on the wall captures their face, which is automatically checked against the database. You would also expect this technology to be leapt on by state security services, such as those unseen watchers who scan airport crowds for terrorists and drug smugglers. And sure enough, a face-recognition system devised by Neurodynamics, a company based in Cambridge, England, is being tested in secret at a British airport. Facial recognition technology creates new opportunities for companies and government agencies that want to keep tabs on people. But it is an infant technology which some fear may be trying to run before it can walk. Is it reliable enough to be used in such a sensitive field as public safety? And have our rights to privacy been adequately debated? We are our faces. To our fellow human beings, if not to ourselves, they are the key identifiers. Our brains have exquisite machinery for processing and storing a particular arrangement of eyes, nose and mouth and for picking it out from other very similar arrangements. This ability is now being passed on to computers. True, facial recognition systems have worked for years under ideal conditions in labs. But they are now moving out. Recent increases in processing power and improved algorithms can give even fairly ordinary PCs the ability to capture faces in the hustle and bustle of the real world. They can spot people who are on the move and are not facing square on to the camera, and they can compensate for changing light levels. Visionics of New Jersey, the company behind the trials in Newham and Regent Street, claims that its technology is not even fooled by hats, spectacles, beards and moustaches (see "I see you"). We know who you are Surveillance is not the only way this technology can be used. In fact much of the impetus behind it comes from a different branch of the security industry -- one which wants ways to make sure we are who we say we are. "Biometric" features such as faces, fingerprints, irises, hand geometry and DNA are powerful identifiers, and facial recognition offers important advantages over its rivals. It is remote, quick and convenient -- the machine equivalent of a cool glance from a stranger. Many people don't like having to touch things that thousands of others have fingered and they are certainly not keen on parting with bodily fluids. So, when employees in Texas withdraw their pay cheques at hole-in-the-wall cash machines, a camera and computer make sure that their faces and PIN codes match. On the Mexican border, people can "fast track" their way into the US after submitting their faces to automated scans. And in Georgia, digital images of applicants for a driving licence are checked against the facial codes of the millions of other licence-holders. (The system has already detected the same face on more than a dozen different licences.) But what is so special, and slightly sinister about facial recognition technology is that people need never know that their identity is being checked, which is where many surveillance projects begin. The project in Newham is slightly different in that the local council and London's Metropolitan Police want criminals to know they're being watched. The system works by picking out as many faces as possible from passing crowds, demonstrating that it has "acquired" a face by placing a red ring around it on a monitor in Newham's closed circuit television control room. If the software finds a good match between that face and one in its database of mug shots, the ring turns green and an alarm sounds. On another screen, a close-up of the face on the street flashes up alongside that of the criminal. Then human judgment comes into play. Only if Newham's civilian operator in the control room considers that the two faces are identical does she or he phone the local police station. For the police, the system is a potentially useful tool for gathering intelligence about local villains as much as a way to locate wanted criminals. Before the Visionics system, called FaceIt, went live last October, Newham carried out tests to see if it could detect staff members whose images had been placed on the database. They paraded before the cameras wearing hats, glasses and other disguises, but the software still recognised them. Since the system went live, however, it has succeeded in identifying only two criminals on its database walking the streets of Newham. In both instances, the police decided not to make an arrest. There are two possible explanations for this low detection rate. The first is that villains were so alarmed when they heard about this new crime-fighting technology that they decided to stay away and have done so ever since. The second is that criminals are still coming into the area but the system isn't spotting them. Bob Lack, Newham's head of security, is hedging his bets on which explanation is correct. He is delighted that crime in the target area has fallen and believes it could be acting as a deterrent. But he also accepts that the software still needs improving. Criminals do, it seems, have a good chance of going undetected, although not surprisingly Lack and the Metropolitan Police are reluctant to discuss this. FaceIt was initially attached to only six of the 154 video cameras scanning Newham's streets, and it does not acquire every face "seen" by those six. So what was originally intended as a six-month trial has been extended, apparently indefinitely. The aim is to have it linked to more cameras and adapted for "multi- heading" -- acquiring three faces at a time from the passing crowds. Newham is seeking Home Office funding for this expansion; in the meantime, the system remains operational. Lack is keen to stress the multitude of measures designed to prevent the system being abused. The control room is closely guarded and the digitised faces of men and women in the streets are discarded as soon as the system finds no match. Furthermore, the control room operators see only the faces of criminals on the database: they do not see their names or records. That information stays with the police, who will not say who is on the database or even how many offenders are included. Nothing to fear? An internal police committee chooses the list of names, which probably embraces paedophiles and drug dealers as well as violent robbers and burglars. David Holdstock, a spokesman for the Metropolitan Police, says people convicted of trivial offences, or who were not regarded as active criminals, would never go on the database. "It's pretty focused and pretty targeted," he said. "If you're innocent you have nothing to fear." Others are not convinced by this reassurance. When the project began, the Metropolitan Police reckoned that the system made accurate matches in 80 per cent of cases, says Liz Parratt of Liberty, Britain's council for civil liberties. "I see that as a 20 per cent failure rate," she says. "That's an unacceptable level of error." How many innocent people must have their collar felt for every criminal caught? There's also the more general issue of whether we are watched enough already. Britain has become the surveillance capital of Europe, with cameras in virtually every city and large town, and many smaller ones. "Everyone wants to see crime fall," says Parratt, "But I'm not sure I want to live in a society in which when I walk down the road my face is compared with a couple of hundred local criminals." Robin Wales, the elected leader of Newham Council, sees things the other way round. "There is a civil liberties issue at stake here," he says. "It's the right of our citizens to live in Newham without fear of crime." He claims widespread local support for its decision to introduce the technology. Britain's Data Protection Registrar, whose task is to protect the interest of individuals against data collectors, has scrutinised Newham's system and is satisfied with the safeguards. But what happens next might be a problem. If the trial is eventually pronounced a success in reducing crime then it may well be extended to other public surveillance systems, first in Britain and then elsewhere. And if these systems share a large, common database then criminals on it would, in effect, be "electronically tagged". The police would know whenever they showed their faces in any place covered by cameras. Clearly this could be a powerful deterrent to crime, but it would take us a big step nearer to a world in which Big Brother really is continuously watching everyone. "We would have serious concerns about such a general system," says Jonathan Bamford at the Office of the Data Protection Registrar. "We think it would be inappropriate." After all, the decision to sentence offenders to be electronically tagged, which gives the authorities a constant check on their location, is made by the court, not the police. So the spread of this technology raises an old but important question: who guards the guardians? The actions of police, other state authorities and private companies in compiling and maintaining face databases needs to be kept under scrutiny. How serious a crime do you have to commit before your face goes on a system? How long do you have to stay clear of crime before your face is removed? Do you have the right to know that you are on a database? In Newham, there has been no debate about these issues. These questions are not just of interest to the criminally-inclined. A small but fast growing number of PCs are sold with an integral video camera facing the operator. One potential use for this is to check a person's identity when they log on to a network or try to buy something over the Internet. Chris Solomon, who works on facial recognition at the University of Kent in Canterbury, believes this kind of security system will be commonplace within a few years. Visionics' rival Miros, a company based in Wellesley, Massachusetts, is already marketing software that gives access to secure Web servers only to those who have registered their faces. Solomon sees great advantages and a host of applications in the technology. "But there are concerns," he says. "Like so many things in life, it's a stick with two ends." I see you BOTH IN GREY MATTER and in silico, facial recognition is a two-stage process. First you need to detect that a face is in the visual field. Then you need to lock onto it and rapidly compare it with a database of thousands of faces in memory. This process needs to allow for the fact that faces differ from moment to moment and year to year. The most obvious source of variation is the angle from which it is seen, but there are others, from changing light levels and skin tones to expressions and facial hair. Our brains overcome these confusions, allowing us to recognise a face with astonishing rapidity, along with a host of accompanying information -- favours owed or owing, character assessment and (if we're lucky) a name. Algorithms capable of mimicking this astonishing ability, at least in part, improved through the 1990s. Increases in computing power and the reduction in cost of computers and video technology is starting to make facial recognition affordable. Several different approaches to automatic face recognition have emerged. One builds up a person's face by overlaying many different facial types, known as eigenfaces. A computer varies the brightness of every eigenface in turn until it finds a combination that resembles the face. The set of numbers representing the brightnesses of the eigenfaces can then be compared with other sets stored in memory (Sleuth City, New Scientist supplement, 4 October 1997, p1). The Visionics system, deployed in Newham, works by dividing up the image of a face into between 12 and 40 elements, such as the outer corners of the eyes, tip of the nose and ends of the eyebrows. It then measures the distances between these elements, and gauges the angles between lines that are drawn between them. These numbers become the digital identity of a face. The software can compensate for head movements and changes in expression because it "knows" that the elements can move slightly relative to one another. The system focuses on a triangle between the base of the nose and the outer edges of the eyebrows so, say the company, moustaches and beards do not confuse it. Nor, it claims, do spectacles--unless heavy shades or glare occludes the eyes. Faces can be turned up to 15 degrees away from the camera without any loss of recognition performance. Once that angle is exceeded, its ability to identify starts to deteriorate. Of course, before the work of recognising can begin, the system has to find a face within the video camera's field of view. It does this with another set of pattern-matching algorithms which detect "head-shaped" objects in the field of view. Then, once a face has been detected, it is "normalised" to compensate for variations in lighting condition, size (or distance from the camera) and skin colour. This is rather like taking a photograph of a crowd, enlarging each face in it to fill the same size of frame and adjusting the contrast and the average shade of each to standard values. What can you do to fool a face recognition system? Sporting a bag over your head might arouse suspicion. Wearing heavy shades and a daft expression would almost certainly throw the software off the scent, but you'd just have to hope that you didn't bump into someone you knew. from the Mindszenty Report, 1999-Jan, from http://www.mindszenty.org/report/1999/jan99/jan99.html: Privacy vs. Orwellian Intrusions "Big Brother is watching you." - George Orwell, 1984 With only 12 months to go until the year 2000, some advocates personal privacy protection are warning that intrusive government agencies -- as well as insurance companies, health care corporations, the Internal Revenue Service, and even state and local law enforcement bureaus -- are only slightly behind schedule in initiating the sort of Big Brother society envisioned in Orwell's terrifying futuristic novel 1984. Others, meanwhile, argue that public safety, fighting crime, improving health care for the young and other concerns far outweigh worries about individual privacy which, with only few exceptions, will affect very few law- abiding citizens. Government ultimately knows best what's good for the majority of Americans. Right? Since 1945, as an example, U.S. officials have hailed as one of the century's great advances in public health the fluoridation of public water systems. With an estimated 62% of the country's communities in compliance, fluoridation has resulted in many children reaching adulthood cavity-free; but a study to be released early in 1999 by the Center for Disease Control estimates that 25% of America's children are now affected with fluorosis, a permanent discoloration of their teeth by exposure to too much fluoride because it also occurs naturally in foods that we all consume, such as grape juice and tea. About 1 percent of children are also allergic to peanuts. Under the 1986 Air Carrier Access Act, a federal law guaranteeing access to airlines for the disabled, the U.S. Department of Transportation has advised the ten major carriers to consider designating "peanut-free zones" on all flights similar to those smoke- free sections were on planes before smoking was completely forbidden. Similarly, the New York Times in a Sept 26 editorial entitled "Peanut Butter as a Health Threat" hints that, while peanut-free zones in school lunchrooms may sound like a good idea, "a ban may create a false sense of security since there is no way to insure that no student will ever bring a snack that may contain the offending substance and then share that item with an allergic student." Schools must create policies instead, the paper advises, to have epinephrine and other medications on hand to stop severe allergic reactions to food -- milk, eggs, wheat and such-sadly unavailable at the time to all the children who "have died after coming into contact with peanuts in school." Stopping short of advocating peanut searches of passengers boarding planes or students entering schoolrooms, many Americans who might consider such measures extreme, willingly approve the practice of police setting up sobriety checkpoints supposedly to nab drunk drivers responsible for the deaths of 20,000 children and adults every year. While Supreme Court justice John Paul Stevens points out -- in dissent from other High Court members who have ruled the practice not in violation of the Fourth Amendment -- that no evidence shows sobriety checkpoints do anything to reduce the rate of drunk-driving accidents, the general public has expressed little opposition to law officers arbitrarily stopping them on highways without any suspicion they are driving under the influence of alcohol or drugs. As the problems of crime and drugs and drink get worse, the cry to do something -- anything -- will tempt politicians and judges to start narrowing constitutional protections, writes liberal syndicated columnist Charles Krauthammer. Sobriety checkpoints, he goes on, "are part of a larger phenomenon: when dealing with serious social ills like drunk driving or drug abuse or illegal immigration, it has become an American habit to take the lazy road. The path to least resistance is always to violate privacy first. Now it's the sobriety checkpoints. Yesterday it was mandatory drug testing. As a curb on illegal immigration, even national ID cards were once contemplated."

Big Brother's Many Faces? This past December 22, some 20,000 Mom-and-Pop and other small private gasoline stations across the U.S. were forced out of business at the stroke of midnight by the U.S. Environmental Protection Agency (EPA). As approved by Congress in 1988, the EPA had set that date for them to upgrade or replace underground tanks or face fines of up to $11,000 each day per pump. "Every time they change the rules, we mortgage our home or whatever we have to stay in compliance," says Al Lewis who closed his small station in Canton, Massachusetts. "Now, there's nothing left to mortgage." Mike Mohajerin of Montgomery, Alabama who likewise shut down his Advanced Automotive station, adds: "With the law, small businesses are out and large companies are in." Both were unable to afford an estimated $100,000 to replace their old tanks which the EPA adduced were probably leaking and contaminating soil and groundwater on their properties. Some will say the new EPA regulation is a good thing -- to protect the environment. Others, however, see this as an example of Big Brother at work dictating how and under what conditions private citizens are able to use their own land and conduct their own affairs. Similarly, hardly anyone disagrees that young people should not smoke or use tobacco, but legal authorities who hire young people to supposedly catch merchants selling them cigarettes smacks of Big Brotherism, according to many constitutional experts. Is the U.S. in danger of becoming a Big Brother style police state where federal and local officials monitor our daily activities and destroy personal privacy? Orwellian intrusions into our lives should be a major concern of all citizens. Yet, few are aware of the many plans and proposals to do just that. Here are a few examples: • National Directory of New Hires On October 1, 1997 the Federal government began operating a computerized directory showing every person newly hired, newly promoted, by every employer in the U.S. Called the National Directory of New Hires, it is required by changes in the 1996 welfare laws, supposedly to track down parents who owe support money to their children. "But the directory is not just for welfare recipients," the New York Times reported on Sept. 22, 1997, "it will record basic information, including names, addresses, social security numbers and wages, for everyone hired ... for a full- or part-time job by an employer of any size ... it will be one of the largest, most up-to-date files of personal information kept by the Government." Not only will the directory record data on up to 60 million newly hired employees per year, a few of whom may owe support money to their children, it will contain information on every person entering the work force, married, single or divorced, from now on -- without exception. The directory will be available to state welfare and child support officials and also the internal Revenue Service, the Social Security Administration and the Justice Department for whatever information those agencies deem is necessary. "The Government is creating a gigantic database with very broad uses and very little attention to the protection of personal privacy," the Times quotes Robert M. Gellman, an expert on privacy and information policy. "Private detectives will find a friend in the police department or a child welfare office to give them access to information in the directory of new hires. That already happens with criminal, medical and credit records."

• Health Identifier Codes As part of legislation passed by Congress in 1996 that permits employees to take their health insurance with them when they switch jobs -- the Health Insurance Portability and Accountability Act -- the U.S. Department of Health and Human Services was authorized to assign "unique health care identifiers" to each American so that the government can electronically tag, track and monitor our personal medical records. This, according to the New York Times (7/20/98), "would be the first comprehensive national identification system since the Social Security number was introduced in 1935." It requires codes for employers, health plans, doctors and hospitals. What sort of code would be used? Too many health plan agencies -- as well as credit card companies, motor vehicle officials and others -- already use our social security numbers for identification, so some government experts have suggested thumb prints or an electronic scan of the retina combined with the latitude and longitude of each citizen's birthplace as "identifiers" -- ideas straight out of Orwell's Big Brother society, with no provision for privacy protection. Indeed, Dr. Arthur Caplan, director of the Center for Bioethics at the University of Pennsylvania, has noted (in the same issue of the Times), "It's illusory to give people the idea that they can protect privacy. Your managed (health) care company knows what doctors you see, what pills you take, how often they are prescribed. What don't they know?" Adds, A.G. Breitenstein, director of the Boston-based Health Law Institute, "That information will be irrevocably integrated into a cradle-to-grave medical record to which insurers, employers, government and law enforcement will have access." And this information is "exactly what privacy is not," he goes on. "People are not going to feel comfortable going to the doctor, because now you are going to have a permanent record that will follow you around for the rest of your life that says, you had syphilis, or depression, or an abortion or whatever else" (Times 7/20/98). While today there are federal laws that protect the privacy of the titles of movies we rent at Blockbuster or other video shops, there are no laws to protect our medical records-especially as such personal health history would be available with government "identifiers" authorized under this 1996 law. As Dr. Richard Sobel of the Harvard Law School points out: "The American political system was set up to be inefficient, to divide power. What ID numbers do is centralize power, and in a time when knowledge is power, then centralized information is centralized power. I think people have a gut sense that this is not a good idea." In fact Congress, in an Omnibus-spending bill passed in October 1998, forbids the government from going ahead with the Big Brother national database "identifier" scheme "until legislation is enacted specifically approving the standard" on how it win be done and what privacy protections will be set into place. in the meantime, however, Orwellian intrusions in our daily lives are cropping up elsewhere.

Still More Big Brother Watching Law-abiding private citizens are the targets of other Big Brother-proposed encroachments on our privacy. One example is the government's assumption that we could all be common criminals making Cellular phone calls to underworld mob bosses, setting up drug deals and laundering illegal profits through our bank accounts. In 1994 when Congress passed the Communications Assistance for Law Enforcement Act (CALEA), FBI Director Louis Freeh assured us that the statute would not include any power to monitor cellular telephone calls. But now, the Federal Communications Commission is attempting to require cellular and other wireless phone companies to track the location of their customers, identifying the site at the beginning and end of every call as an aid to criminal detection. Here is another busybody Big Brother attempt to monitor every citizen's movements, associations and activities in the name of fighting crime. Likewise the Federal Deposit Insurance Corp. -- you see their logo, FDIC, in every bank to assure you that your money is safely deposited -- has proposed something called "Know Your Customer" that assumes every customer is a potential felon. It would require the following: determine each customers source of funds; determine each customer's normal and expected bank transaction; monitor the activity of each account looking for deposits and withdrawals that are inconsistent with the expected pattern of financial transactions; and then report any transactions that someone might call "suspicious." Phyllis Schlafly, president of Eagle Forum, who was one of the first to note this expanding encroachment on personal privacy, explains: "Know Your Customer will enter a profile of all your financial transactions on the bank's database. The bank Will maintain a computer record of the amounts you normally deposit each month and the sources of the money (e.g., your weekly paycheck, your Social Security, your stock dividends) and the amount you normally withdraw each month (e.g., rent or mortgage, auto payment, food, utilities, credit card payment, pocket money). Then, if you deviate significantly from this pattern (such as by earning some extra money or buying or selling a car), your once-friendly bank will report the inconsistent transactions to a federal database." Current law already requires banks to report to the government cash transactions exceeding $10,000 -- to spot criminals who may be depositing drug money or profits from other illegal activities. There is no reason for Big Brother to know what law-abiding customers are doing with their finances under this snooping Know Your Customer scheme that is Officially titled the Minimum Security Devices and Procedures and Bank Security Act Compliance Program. from TPDL 1999-Jun-30, from the Conservative News Service: Postal Service Delays Imposition of Controversial Mailbox Regulations (CNS) - Growing concern from the public and Congress has prompted the United States Postal Service to delay imposing its recently adopted mailbox regulations, but critics say the agency's move is nothing more than an effort to pacify those skeptical of its motives. The Postal Service eventually will enforce a new policy requiring customers of Mail Boxes Etc. and other commercial mail receiving agencies to use "Private Mailbox" or "PMB" as an address designation. Only post office customers would be allowed to use the designation "P.O. Box." The new policy is an effort to prevent fraud: Agency officials say the change prevents criminals from hiding behind a "P.O. Box" address. In addition to mandating the PMB address, the Postal Service also wants private mail service customers to provide two forms of personal identification, one of which must include a photograph of the individual and a serial number "traceable to the bearer." Such a registration process raises concerns about privacy issues. from TPDL 1999-May-11, from Softwar, by Charles Smith: Clinton Administration Refuses Hill Questions About CIA/PLA Bases! Congressional investigators confronted Clinton administration officials last week with the latest information from SOFTWAR. House and Senate investigators want to know why the U.S. and China continue to operate joint signals (SIGINT) intercept bases inside the People's Republic of China. The joint CIA/PLA bases are located at Korla and Qitai in the western province Xinjiang. The bases were established in 1978, during the height of the Cold war. In response, Clinton administration Defense Dept. officials refused to answer questions about the joint CIA/Chinese Army bases. At one point, Clinton officials refused to answer any questions on joint U.S./Sino military operations. "We are going to have to call them in on the carpet," stated one frustrated Congressional investigator. "We certainly need to know about Korla and Qitai. The Chinese Army is setting up a SIGINT base with the Cubans to monitor U.S. military forces 90 miles from Florida. Just how much of that new PLA base is 'made in the U.S.A'?" One Congressional source told this reporter that the two CIA/PLA bases at Korla and Qitai are of little use today. "Some years ago, I asked about the quality of the stuff coming from there and was told, 'C+ at best'", stated the source, a top Hill investigator and a China specialist. "My guess is that it is even lower, now. Again, as I recall (former Defense Secretary) Perry and (PLA General) Ding set it up in the late 70's, maybe 1980... I get the impression we continue the program for political reasons with China, not any real military reasons at this point." The joint CIA/PLA SIGINT bases are also reported to be part of the National Security Agency (NSA) chain of stations linked to the "ECHELON" system. ECHELON is a giant NSA network of intercept posts, satellites and super- computers intended to monitor communications and signals on a world-wide scale. ECHELON is also plugged into various monitoring systems, each with individual code names such as "MAYFLY". Whether the Chinese receive information from the ECHELON system is no longer in question. The inclusion of red China into the ECHELON system raises serious concerns that Clinton has a secret deal with communist China to share global communications intelligence. The secret deal is reported to include CIA training inside the United States and equipment. The bases at Korla and Qitai are jointly manned by NSA and Chinese Army personnel. Representative Bob Barr (R-GA), a member of the House Judiciary Committee, recently participated in a panel discussion that centered on Project ECHELON. According to Barr, ECHELON began in the 1980s, and is controlled largely by the United States National Security Agency (NSA) in coordination with at least four other countries, including Canada, the United Kingdom, Australia, and New Zealand. "Anyone who cares about protecting privacy rights of American citizens should repeatedly contact Members of Congress, the news media, and the Administration. We must demand the government account for its surveillance activities, including Project ECHELON, and take steps to ensure the privacy of electronic communications," said Barr.

from TPD 1999-Oct-21, from WorldNetDaily, by Joseph Farah: Outlawing personal political speech Have you ever thought about using your website to campaign for your favorite candidate? Or, perhaps, to urge the defeat of that congressional representative who has been ignoring your letters? Better think again. Leo Smith of Connecticut decided he would use his business website to do just that -- urge the defeat of his congressional representative, Republican Nancy L. Johnson. He decided to add a new section to an already existing Internet site to advance the cause of her challenger, Charlotte Koskoff. Just a few days later, Smith was contacted by Koskoff's campaign manager. No, it wasn't a call to thank him for his efforts. It was a warning of legal problems he might encounter because of campaign finance regulations. Smith was told by the Federal Elections Commission that he was in violation of federal law because he had spent more than $250 in expressing his political views without disclosing his identity and filing the required reports. Never mind that Smith didn't spend anything (except time) creating the new page. The FEC, however, insisted in an advisory opinion that the value of the computer hardware and software is factored into its calculations. If a computer used to express political viewpoints cost more than $250, the FEC said, its owner would have to meet the filing requirements. Do you believe this? For those who argue that campaign finance restrictions do not abrogate free-speech rights, I hope this is an eye-opener. Now, I don't particularly like Leo Smith's opinions. What motivated him to get politically involved was his irritation with a congresswoman who voted to impeach the president -- a president, I believe, who is guilty of high crimes and misdemeanors and deserves to be removed from office for a hundred different reasons. But, as they say, I support Leo Smith's right to express his viewpoints. And I'll defend that right to the death. "Forget about free speech," Smith told the American Civil Liberties Union, which has come to his aid. "If you can't advocate what you want for an election, that strikes at the heart of our democracy." No kidding. And Smith's plight has caught the eye of some members of Congress. Sens. Robert Bennett, R-Utah, Slade Gordon, R-Wash., and Mitch McConnell, R-Ky., offered an amendment to the bill sponsored by Jon McCain, R-Ariz., and Russ Feingold, D-Wis., that would exempt from regulation by the federal government political speech on the Internet by individual citizens. But that is too little, too late. What the Smith story illustrates is that there are fundamental flaws in the whole notion of regulating the ideas exchanged during election campaigns. No matter how you slice it, that's what federal campaign spending laws do. This time, the ACLU is right. Well, not exactly right. The national office put out a statement saying that Smith's encounter with the FEC "and its Orwellian mindset goes to the core of what is at stake as Congress and the courts struggle with revising the nation's election laws." But the ACLU contends the answer is more taxpayer financing of elections. Rather, the answer to those who say we need stricter limits on campaign spending is that we need NO limits. Any limits are limits on speech. You cannot divide money and speech. Money buys speech. Effective communications requires money. It's an illusion to pretend otherwise. The Internet is a great equalizer. It levels the playing field in so many ways. It allows anyone with a phone line to become a town crier with a voice that can resonate around the world. But it's not just the new technology that we must consider when debating campaign spending restrictions. If it is inherently wrong to gag speech on the Internet, it is inherently wrong to gag it anywhere -- especially political speech. We don't need more government control -- whether it is through taxpayer- financed elections or limits on political speech. Either solution spells less freedom. What we need to do, as much as possible, is to get government's nose out of the election process -- and, for that matter, the rest of our public and private affairs. from TPDL 1999-May-10, from WorldNetDaily, by Joseph Farah: New threats to the Internet Last week, WorldNetDaily published a series of stories about a government- corporate plan to introduce the notion that Internet sites should be "handicapped accessible." Maybe some people thought it was a joke. It certainly sounded like one. I was surprised by the lack of reaction to the story and the threat to our freedom that it revealed. Yet, I've got to tell you, there is another graver and more immediate government threat to Internet freedom -- not just in the United States, but worldwide. Later this month, the European Union will consider a plan, developed at the initiation of the Clinton administration's FBI, to require manufacturers and operators of all digital communication forms to build into their systems "interception interfaces." In plain English, what that means is "back-door surveillance devices." In the early 1990s, the FBI tried repeatedly to get Congress to pass laws making it easier to tap the new digital telephones. The agency's goal was to turn every type of modern communications system into a national surveillance network capable of real-time, full-time access to anyone in America. Frustrated with inaction by Congress, the FBI switched tactics in 1993. Officials invited to Quantico their colleagues from foreign nations -- Germany, France, the Netherlands, Sweden, the United Kingdom, Norway, Denmark, Spain and Hong Kong -- and called the new organization the "International Law Enforcement Telecommunications Seminar." A year later, Austria, Belgium, Finland, Portugal and Spain had joined the group. Behind the scenes was the National Security Agency, which had already successfully completed its Echelon project, an international eavesdropping system for phones, faxes and email communications. The whole approach to this massive global surveillance has been one of secrecy. However, you can see for yourself what the EU will be discussing later this month in a restricted document titled Enfopol 19, leaked to the Foundation for Information Policy Research. There has been no public debate, no legislation submitted to the will of the people, no release of information to an unsuspecting public. In fact, to my knowledge, this column represents the first media report on this draconian plan to be written and widely distributed in the United States. Nevertheless, this plan is in an advanced stage of development and implementation. It may sound like science fiction, but we're talking about off-the- shelf technology. The only thing that could possibly prevent this plan from being fully implemented would be an expression of outrage from the American people. That, of course, can not and will not happen if the American people are kept in the dark about what's in store for them. It's no coincidence that this plan got off the ground during the Clinton administration -- the most abusive, power-hungry, repressive and corrupt in the history of our Republic. It was Clinton's hand-picked FBI director, Louis Freeh, who, along with the goons at the NSA, nursed and incubated this plot. It was in 1993 that former FBI Director William Sessions was summarily fired by the White House to create the conditions for a thoroughly politicized FBI. For two years, I've had a ringside seat for a demonstration of how the Internet has the potential to liberate Americans and people around the world with information they could be systematically denied by the corporate-government media establishment. It represents a real threat to the forces of darkness -- those in government around the world who would like people to remain subjects rather than free, self-governing agents. If the new media are stifled, controlled and regulated, I believe in short order the world will be consumed in cataclysmic tyranny. In other words, all that stands in the way, right now, is the ability of free people to communicate freely and efficiently -- without the constant threats of government interference, spying and coercion. Those threats are arising -- fast and furious. The old corporate media establishment -- threatened as much by the new media as are the tyrants of government -- will not lift a finger to inform you of the dangers we face. So shortsighted are they, so blinded by jealousy and ineptitude, the old-line press dinosaurs are probably secretly hoping that something -- anything -- will stop their inevitable decline and fall. But if you cherish your freedom, if you love the information revolution represented by the Internet, you had better pay close attention to what's happening in Brussels and Washington. And help me sound the alarm. from PDL 1999-Mar-30, from the Washington Times, by Robert Holland: Orwellian intrusion into home and family In a postindustrial society tending more to collectivism than individualism, parents are no longer honored figures. Presuming all parents potential abusers, the nanny state now sends out swarms of "experts" to monitor the rearing of America's children. The ultimate social intervention -- just one short step from state licensing of parents -- entails nabbing first-time parents when their newborns are still in the hospital nursery. The idea is that agents of social uplift will go into private homes to "train" these parents for up to 50 visits annually per family. Expectant parents are enlisted by being asked to sign permission forms at the hospital, where amid all the excitement of a first birth they may not be aware of the implications for their privacy and parental rights. Information that the agents collect from families will be put into a nationwide computerized system called the Program Information Management System (PIMS), which will contain medical and psychological entries and observations on family relationships. PIMS' tracking of a newborn's development could easily be linked with other preschool and public-school databanks currently being expanded. Eventually, the information in a comprehensive, permanent record could be shared with employers when an individual applies for a job. Presented as a way to prevent child abuse, this movement has far broader implications. As Rep. Henry Hyde, Illinois Republican, observes: "This is Big Brother intervention as we have never seen it before. It is a case of the 'village' mentality run wild. American have never experienced such intrusion in their family lives." The lead organization is the Chicago-based National Committee to Prevent Child Abuse (NCPCA). In a statement on their Website (www.childabuse.org), NCPCA leaders declare: "Parenting is too often a responsibility that cannot be performed alone. It is imperative for communities to support overburdened families with resources so that parents can provide their children with a safe and supportive environment." That echoes an assertion by first lady Hillary Clinton at a White House child-care conference that parents may mean well but do not necessarily know what's best for their children. On Oct. 1, 1997, The Washington Post quoted her as saying the following in support of public child care: "A lot of times they [the parents] don't know what is quality. If somebody's nice to them, it doesn't matter that they don't know the difference between caring for a 1-year-old or a 4-year-old." Mrs. Clinton and her Children's Defense Fund allies have expropriated the African proverb, "It takes a village to rear a child," in an attempt to justify sweeping intervention in family life. The key program is the NCPCA's Healthy Families America (HFA). It was launched in 1992 in partnership with the Ronald McDonald House Charities and the Freddie Mac Corporation, but as of Congress' 1997 reauthorization of the Adoption and Safe Families Act, the program has picked up major federal funding to go with backing from several left-wing foundations (such as Annie E. Casey, Rand and Carnegie). The federal act expanded Family Preservation and Support Services with $275 million for fiscal 1999, $295 million for fiscal 2000, and $305 million for fiscal 2001. "Unfortunately," Mr. Hyde notes, "most members of Congress were not aware of the inherent dangers in this program. Preventing child abuse is admirable and removing children from homes where abuse is indicated is necessary. However, using Family Preservation and Support Services to investigate every first-time parent in America in an effort to identify the troubled ones exceeds any authority previously given to any government agency." HFA is rendered more difficult to follow by being given different names in virtually all the 40 states in which it operates to date. For instance, in Georgia, it's called "First Steps"; in California it's "Welcome Home Baby" or "Safe and Healthy Families"; and in Hawaii it's "Healthy Start." In Virginia, the program is embodied in the "Healthy Families Initiative," which has operated mostly in the Fairfax and Hampton Roads areas, with General Assembly support of more than $1 million. As with the related federal Goals 2000, HFA often carries the label "voluntary" -- yet the NCPCA describes its goal as providing "universal home visitation for all new parents and intensive services for families most in need." It calls for coordinating the work of paraprofessionals and volunteer home-visitors with professionals such as social workers, public-health nurses, and guidance counselors. Critics charge that parents who decide they want out of the visitations could be reported to Child Protective Services and possibly even lose their child to state custody. While "high-risk" families are to receive more intensive and longer-term scrutiny under HFA than other parents, definitions of "high-risk" are elastic. Almost any family could be deemed high-risk, with risk factors like the following: "inadequate" income; inability of parent to cope with inappropriate child behavior (in the parent-trainer's opinion); overindulgence or "spoiling" by a parent; low functioning of parent due to various conditions, including being "too heavy"; and negative reactions, such as "getting angry" about a child's actions. Of course, social- service agents have an incentive to identify as many "at-risk" parents as they can, because that increases their budgets. What's going on in the guise of preventing child abuse dovetails with massive new tracking ventures by the U.S. Department of Education's research arm, the National Center for Education Statistics (NCES). In the year 2000, for example, the Early Childhood Longitudinal Study will begin following thousands of newborns through their 6th birthdays. Federal investigators will use birth certificates to collect the names of newborns, and when the infants are 9 months old federal "assessors" will visit their homes (according to the Dec. 16 issue of Education Week) -- there to "interview their parents, observe parents and children at play, and evaluate the infants' growth and development." Soon there may be a governmental presence in every home. All this will undermine the American family, not strengthen it. Robert Holland is a columnist and opinion page editor with the Richmond Times- Dispatch. from alt.radio.pirate, 1999-Oct-4, by [email protected], subject "ReHAS FCC GONE HI_TECH// BETTER YET!": Better yet. You will like this one. A friend's boss got busted for cable television piracy. He had a chipped descrambler, and a bidirectional communications blocker. He was watching HBO one night, when he got a knock at the door. They said they knew 100% he was watching pirated programming, and they had two options. They were a private firm hired by Cox Communications, and they could seize the box and collect a $500 fine or settle in court. They threatend they had legal evidence of the reception. They told him what channel before they saw the TV. He asked how. They said they had a setup with a notebook PC and a special radio receiver, along with some other hardware. They mainly look for people who pirate the whole feed, but do catch people with illegal descramblers. They "Saw" he was tuned to HBO when he didn't subscribe. His boss had a 2nd descrambler in another room, which was actually on but tuned to a different channel. They didn't know about it. The TV in that room was off. My theory is this. This is 100% theory based on what I've heard. This probably isn't exactly how its done, I'm probably overstepping their methoods in technology and automation. Notebook PC connected to Cox's database via cellular modem, possibly with GPS or a database that has each address of every street. Goons drive around. At the head end, a tracer signal is injected into the television signal. This tracer occours on unused lines of the television signal. Like closed captioning. This tracer could mark the exact channel being watched, and also have a timestamp. Goons have a diretional YAGI and a "van eck" style receiver which listens for the tracer data from RF energy given off by CRT. As known, CRTs being high power devices radiate the analog signal enough that one can reconstruct the picture from over 2 kilometers away using wideband radio equipment and synch regenerators. Known as Van Eck Phreaking named after the German that originally demonstrated it. The address of the house is checked against the Cox database. If the tracer is detected yet the customer doesn't subscribe to Cox, then they are nabbed. If the tracer is detected on a pay channel and they don't subscribe to they are nabbed. The data could be extracted without using a cellular modem, and prestored on the mobile computer. GPS wouldn't have to be used. One could enter the street and just whack a key as they drive by each address. The tracer is injected at the headend, therefor DSS wouldn't count. A timestamp could protect against false acusation.. if someone was watching recorded material from someone elses house. Someone told me their girlfriend saw people walking around the front of an apartment complex with what was described as a pretty small yagi and a laptop under their arm or something. This isn't the FCC. This is the private sector. Another "rumor" I heard was Bill Gates invested lots of money into this, so Microsoft could use the same techniqe with computer displays echoing out the Microsoft serial number(s). This is probably nothing to worry about as LCD's become popular. Van Eck is still possible with LCDs, but its insanely more limited. Just food for thought. The cable companies have more money than the FCC. from the Libertarian Party USA, 1999-May-10, by George Getz, press secretary: Police pay hotel workers to snitch on "suspicious" guests for $1,000 bounty WASHINGTON, DC -- State troopers in New Jersey are paying hotel employees $1,000 to spy on their guests and anonymously snitch on them to the police -- a practice the Libertarian Party calls a "shocking police state tactic" that threatens the privacy of hotel guests across the country. "For the price of an overnight stay on the New Jersey Turnpike, you get a clean room, a comfortable bed -- and a government informer," said Steve Dasbach, national director of the Libertarian Party. "Thanks to this spy-on-your-guest program, the next time you enter a Holiday Inn to check in, you may end up checking into a jail cell, especially if you're Black or Hispanic." Under the New Jersey State Police's so-called Hotel-Motel Program, troopers have been conducting "surveillance seminars" to recruit hotel employees -- from such major chains as the Hampton Inn, the Ramada Inn, and Holiday Inn -- to inform on overnight guests who fit their "profile" of drug smugglers, according to a recent expose in The New York Times. Indications of drug trafficking can include paying for your room with cash, taking too many phone calls, or pulling a trailer behind your vehicle, according to police. When hotel employees spot such "suspicious" behavior, they are encouraged to call the police, who promise to protect the anonymity of the spy by making arrests off hotel property. If a tip from a desk- clerk-turned-government-informer leads to a successful arrest, the police will pay a $1,000 bounty. The snitch-on-your-guest program has been going on since "the early 1990s," according to The New York Times, and is modeled after a similar program in Los Angeles and by some federal agencies. "Thanks to these kinds of programs, you can be stalked by state troopers, interrogated, and arrested -- all based on information from a hotel clerk who was bribed into invading your privacy," said Dasbach. "Vacationers and business travelers beware: You can now be treated like Public Enemy Number One every time you check into a hotel." The danger is especially great if you are Black or Hispanic, noted Dasbach, because like most police profiling operations, the Hotel- Motel Program has a racial component. "The police instruct hotel workers to single out African-Americans and Spanish-speaking people for special scrutiny," he said. "Apparently there aren't enough murderers, rapists, and robbers in New Jersey to keep the troopers busy, so they've created two new crimes: Vacationing While Black and Checking In While Speaking Spanish." The hotel spy program bears an eerie resemblance to the FDIC's recent Know Your Customer program, said Dasbach, in which the government forced bank tellers to spy on customers and report any "unusual transactions" to federal agents. "Call this program Know Your Guest," he said. "First the government coerces your banker into destroying your financial privacy, and now it's bribing bellboys into violating your right to check into a hotel room without alerting the police. "Sadly, in America in 1999, police are constantly tracking, monitoring, and investigating innocent people -- even as they lay sleeping. Because of the War on Drugs, racist police, and a casual disregard for our civil liberties, the No-Tell Motel has been turned into the No-Rights Motel." from PDL 1999-Mar-2, from the Free Congress Foundation via the Conservative News Service 1999-Mar-1, by Lisa S. Dean: ENFOPOL: Another Threat to Liberty As new laws are introduced and new regulations are proposed, many of us oftentimes sit back and wonder what the big picture looks like and what the motive of the Administration and many in Congress is for instituting these policies. Well, here's one instance where the motive is clear. A task force assembled by the European Parliament released a study in September of 1998 entitled "An Appraisal of the Technologies of Political Control" which sheds light on a new global surveillance system, a plan currently being drafted and negotiated by the Federal Bureau of Investigation and the Council of the European Union. According to the study, ENFOPOL is designed to intercept and record every electronic communication between participating nations, much like the STASI, or the East German Secret Police did to their citizens not too long ago. Through ENFOPOL, federal law enforcement agencies here in the United States as well as those in the United Kingdom would have access to private citizens' communications, not through satellite, but through laws and regulations requiring telephone companies and Internet providers to give law enforcement access to those communications. They, in turn, would intercept and transcribe the conversations using modern day technology. While ENFOPOL is not yet in existence, the well-known and respected UK-based organization, Statewatch claims that it is slowly being assembled through legislation and regulations in various countries. Sound too far-fetched? Couldn't happen here in the United States? Well, let's take a look at some of the laws that have been passed here in the US that might contribute to the establishment of a global surveillance network. In 1994 Congress passed the Communications Assistance for Law Enforcement Act, or CALEA, which essentially told the telecommunications industry that as its technology advanced, it could not impede wiretap surveillance necessary for the FBI and other law enforcement agencies to conduct investigations. But because of the bill's wording, the FBI and the FCC have been interpreting the law as permission to expand wiretap capability. In October of last year, the FCC interpreted the law to mean that all cell phone and other wireless telephone companies are required to track the location of their customers from the time the call was initiated until the time it was terminated, all by locating the cell site the person was near at each end of the call. The result is that the location of every citizen who uses a cell phone can be tracked and logged by the telephone companies and reported to the FBI upon request. The same would go for Internet providers as well. ISPs would have to provide the FBI access to customer's computer files and email upon request. Then there's the age-old question of who should keep the keys to citizens' encryption codes, the citizens themselves or federal law enforcement. Through various proposals, beginning in 1993 with the Clipper Chip, the Clinton Administration, along with FBI Director Louis Freeh, have been fighting for the keys that hold secret, the electronic communications of American citizens. It's at this point where we begin to see the motives behind these laws and why the battle over encryption is so critical to our future as a free society. ENFOPOL and surveillance systems like it that require compliance on the part of telephone companies and Internet providers will become a reality if CALEA is implemented to the FBI and FCC's liking. Every telephone conversation in America will be subject to interception by federal law enforcement and our whereabouts could be tracked if we use a cell phone because telephone companies and Internet providers will be forced to report that information to law enforcement. ENFOPOL would also become a reality if Bill Clinton and Louis Freeh have their way with regard to encryption and CALEA implementation. It's the insecurity of information that makes ENFOPOL possible. If computer files, email and other electronic communications are secured through strong encryption, and CALEA is repealed entirely, then ENFOPOL will be impossible to implement. However, the way the debate is shaping up in the media and in Congress, ENFOPOL just might become a reality unless those same citizens who have so effectively educated and pressured their legislators to oppose the federal banking agencies' "Know Your Customer" regulations now turn their attention to the ENFOPOL matter, perhaps then Congress will actually take an interest in what federal law enforcement is up to these days. Lisa Dean is vice president of the Free Congress Foundation's Center for Technology Policy. modtime 1998-Dec-13, from http://www.aci.net/kalliste/wassenaa.htm: The Wassenaar Invasion of Privacy by J. Orlin Grabbe From the first moment it proclaimed the "information superhighway", the Clinton administration has waged a wholesale assault on Internet free speech and privacy. The latest blow is the Clinton administration's strong-arming of the 32 fellow countries of the Wassenaar Arrangement to agree to an export ban on strong cryptographic (data scrambling) software. The net effect will be to make it easier for each government to read its own citizen's email and other private documents. Normally if a nation attempts to restrict the domestic sale of strong encryption software, that attempt is made ineffective by the availability of strong encryption software from other countries. But such software won't be available anymore--at least not from one of the Wassenaar countries, once they have enacted local legislation to implement the terms of the Wassenaar agreement of December 2. The Wassenaar Arrangement is supposed to be an intergovernmental agreement to restrict international traffic in arms. What does this have to do with encryption? Simply this: the US government still holds that secret-code-producing software is a munition. So if you encrypt your letters and files, and the government hasn't given you permission to use that caliber encryption, then the person who gave you the encryption software may be in violation of some regulation on arms dealing. "They've plugged a loophole," gleefully proclaimed Ambassador David Aaron, the President's Special Envoy for Cryptology. The day following the agreement, the US Department of Commerce issued a press release in which Aaron spouts gobble-de-gook phrases about a "level playing field" and about balancing "commercial and privacy interests with national security and public safety concerns" (see Appendix A for Commerce Dept. press statement). How has this agreement supposedly created a "level playing field" and helped U.S. industry? Well, namely, by censoring foreign publishers of cryptology software in the same way that the US government already censors US publishers. This is similar to arguing that by increasing tyranny in surrounding countries, we can create a "level playing field" for freedom. "It's ironic, but the US government is leading the charge internationally to restrict personal privacy and individual liberty around the world," said Alan Davidson, a staff counsel at the Center for Democracy and Technology, according to Reuters (see Appendix B for Reuter's news release). A restriction on cryptology is a restriction on free speech. In the Second World War, the US used native Navaho speakers for secure communications. Since no one else understood the language, it served as a powerful secret code. But is what you speak or write in an email message suddenly not speech or language if the government can't understand it? If your message says "Xu23MN iilc]z &#MNBl", does the government suddenly have the right to imprison you for writing gibberish? While the clear answer is No, nevertheless the US government thinks it has the right to restrict your "gibberish" if it is produced by encryption software that it can't crack. The Wassenaar agreement says encryption software that is "weak" (less than 56 bit keys in some cases, or less than 64 bit keys in others), so that the government can unscramble and read the real message underneath the gibberish, is okay, and in fact frees up some export restrictions on this type of software. The trade-off? Greater restrictions on software that produces secret code the government can't read. Arms control. It sounds wonderful, doesn't it? Go over to the Wassenaar web page and take a look. High nobility of purpose, right? "We're keeping those guns away from the Indians," they proclaim. But what they mean to say is: "We fully intend to read what is written on the hard drive of your computer." Posting to the cypherpunks mailing list, Timothy May noted: I recently heard T. J. Rodgers, CEO of Cypress Semiconductor, repeat his oft- made point that Silicon Valley and the high tech industry gains nothing by talking to Washington. That as soon as dialog is started with Washington, things get worse. This applies as well to crypto, to gun rights, to everything. Everything Washington touches turns to statist shit. Is there any good news? Enabling legislation has to be enacted in each country to carry out the terms of the Wassenaar agreement. Raising a hue and cry with legislators over this latest invasion of privacy should have a positive effect. In the meantime, Mr. "Information Superhighway" Al Gore is poised for a presidential run, so he can continue to ignore privacy concerns and bend over for the Big Brother agencies of the national security establishment. from the Privacy Forum digest: Date: Fri, 18 Dec 1998 19:53:11 -0500 From: Monty Solomon Subject: Harmful changes to Wassenaar Arrangement FYI, from the IETF Secretariat. Subject: Harmful changes to Wassenaar Arrangement Date: Fri, 18 Dec 1998 18:15:36 -0500 From: Steve Coya The IAB and the IESG deplore the recent changes to the Wassenaar Arrangement (http://www.wassenaar.org) that further limit the availability of encryption software by including it in the Wassenaar agreement's list of export controlled software (section 5.A.2.a.1 of the list of dual-use goods, WA LIST 98 (1)). As discussed in RFC 1984, strong cryptography is essential to the security of the Internet; restrictions on its use or availability will leave us with a weak, vulnerable network, endanger the privacy of users and businesses, and slow the growth of electronic commerce. The new restrictions will have a particularly deleterious effect on smaller countries, where there may not be enough of a local market or local expertise to support the development of indigenous cryptographic products. But everyone is adversely affected by this; the Internet is used world-wide, and even sites with access to strong cryptographic products must be able to talk to those who do not. This in turn endangers their own security. We are happy that the key size limit has been raised in some cases from 40 bits to 64; however, this is still too small to provide real security. We estimate that after a modest capital investment, a company or criminal organization could crack a 64-bit cipher in less than a day for about $2500 per solution. This cost will only drop in coming years. A report released about three years ago suggested that 90-bit keys are the minimum for long-term security. Brian Carpenter (IAB Chair) Fred Baker (IESG and IETF Chair)

Read the Softwar archive chronicling Charles Smith's progress uncovering the conspirator's efforts to maintain and increase the effectiveness of their SIGINT apparatus. from TPDL 1999-Feb-23, from Softwar, by Charles Smith: Hubbell the key to corruption The direct link between Beijing espionage, millionaire drug lords and Bill Clinton is Webster Hubbell. In 1993, Webster Hubbell was personally charged by Janet Reno with a top-secret project to tap every phone in America. Hubbell's initial task was to tap every phone in the government, starting with the Drug Enforcement Administration. This month, the Department of Justice was forced by the Freedom of Information Act (FOIA) to release the Hubbell files. According to Justice, many of the Hubbell documents are being withheld for "national security" reasons. In addition, 15 Hubbell documents remain in the hands of the FBI and National Security Agency to be reviewed prior to any release. According to the NSA, FBI and the National Security Council, the Hubbell files are so sensitive that to release them today could result in charges of treason and the death penalty. The newly released Hubbell files are so secret that even the code word classification level was blacked out for "national security" reasons. Furthermore, Justice was forced to admit that a 1993 letter from AT&T CEO Robert Allen to Hubbell was "destroyed pursuant to the records destruction schedules." This in itself is highly suspect because this author has obtained documents dating as far back as 1983 that were returned by the NSC -- over 10 years prior to the "destroyed" AT&T Hubbell letter. One document released by Justice is a March 1993 memo from Stephen Colgate, assistant attorney general for administration. Colgate's memo to Hubbell details the Clinton officials charged with bugging every phone in America. According to the Colgate memo, Vice President Al Gore was to chair a meeting with Hubbell, Reno, Commerce Secretary Ron Brown and Leon Panetta. The meeting was on the "AT&T Telephone Security Device." In 1992, AT&T had developed secure telephones the U.S. government could not tap. The Clinton administration secretly contracted with AT&T to keep the phones off the American market. According to Colgate, the secure phones were simply too dangerous for American citizens. Colgate wrote to Hubbell: "AT&T has developed a Data Encryption Standard (DES) product for use on telephones to provide security for sensitive conversations. The FBI, NSA and NSC want to purchase the first production run of these devices to prevent their proliferation. They are difficult to decipher and are a deterrent to wiretaps." In 1993, Hubbell was personally tasked with the project by Reno and Clinton. Hubbell arranged for the entire production run of secure AT&T phones to be secretly purchased by Justice, using a slush fund supplied by confiscations from the "drug war" to keep the buy off the general books. Part of the secret project included re-fitting the purchased AT&T phones with a new chip called "Clipper" developed by the NSA at Fort Meade, Maryland. This chip contained a secret "exploitable" feature allowing the government to tap the phone conversation with a special back door key. The project also included plans to "mandate" the Clipper chip be installed in all American telephones. According to the March 1993 Colgate memo to Hubbell, "FBI, NSA and NSC want to push legislation which would require all government agencies and eventually everyone in the U.S. to use a new public-key based cryptography method." The re-fitted Clipper phones were to be given to the DEA for their line agents to use. According to a 1993 classified White House e- mail from George Tenet, "Ron Brown" insisted the Commerce Dept. be one of the "key holders" for all Clipper phones. Thus, Commerce and Ron Brown demanded direct access to tap any phone in America. According to highly classified documents, Hubbell received a letter from AT&T's Allen in October of 1993. The AT&T letter, according to Justice, was "destroyed." However, the "control data sheet," a summary of the AT&T letter to Hubbell, survived. According to the data sheet, Allen wanted the Clinton administration to allow AT&T to distribute a limited version of their secure phone until the government Clipper project was ready. One document returned from the files of Hubbell was so classified that five pages are currently being withheld by the NSA, FBI and NSC for "national security" reasons. The top-secret cover page even has the classified code word blacked out by the NSA. The document, a top-secret January 1994 memo to Janet Reno from Mark Richard, deputy assistant attorney general, describes a classified "principles" meeting of an "NSC chaired Inter-Agency Working Group." The Hubbell files show that in 1994 the soon-to-be felon met with Gore, Brown, NSA Director McConnell and White House power broker, John Podesta. The files show Hubbell met in late January 1994 at "the White House Situation Room" on secret presidential orders such as "PDD-5" and "PRD-27." The 1994 secret meeting included details on the Clipper project and "Podesta Alternative Draft Legislation." John Podesta's brother, Tony Podesta, is the owner of Podesta Associates, a D.C.-based lobby firm. In 1994, Podesta Associates represented a dozen major donors to Bill Clinton, including AT&T. Many DNC/Podesta Associates donors, including AT&T, obtained trade trips to Beijing and valuable export deals with China. According to documents obtained from the Commerce Department, Tony Podesta obtained classified encryption briefings for his lobby group inside the White House. The computer companies, including Apple, AT&T, Digital, Cray, Unisys and Silicon Graphics, are called the Computer Systems Policy Project (CSPP). In 1994, the CSPP was represented by the brother of White House power broker John Podesta. In 1993, White House employee John Podesta was also charged by Bill Clinton with making encryption policy. The Hubbell documents clearly show that in 1994 John and Tony were working the same subject, at the same time, and in the same place. According to congressional investigators, in 1993 John Podesta signed a legal statement in which he promised not to engage in any conflict of interest with his brother Tony Podesta. In 1997, according to White House lawyers, John Podesta was absolved of any conflict with his brother by President Clinton. In April of 1994, Hubbell resigned from the Justice Department under allegations of fraud. By late June 1994, Lippo boss James Riady met with John Huang, Webster Hubbell and Bill Clinton during five days of White House visits. Early the next week, a Lippo unit paid Hubbell the first $100,000 of what is reported to be over a half million dollars. In December 1994, Hubbell pled guilty to several felony charges relating to illegal billing in the Whitewater affair. Webster Hubbell also cited his Fifth Amendment rights to not testify before the Senate congressional hearings. Two weeks after the Lippo money was given to Hubbell, John Huang got his job at the Commerce Department as assistant secretary. Huang's position determined technology transfers that went to places such as Indonesia and Communist China. Huang and his wife have both taken the Fifth Amendment and refused to testify at Senate hearings. DNC fundraiser, former Lippo banker and Commerce employee Huang was briefed 37 times on encryption communications by the CIA while working at the Brown-controlled Commerce Department. Immediately after each briefing, Huang would walk across the street to the Lippo/Stephens Group offices and make long- distance phone calls and send faxes to points unknown. In 1994, Podesta Associates client, AT&T, sold military-grade secure communications systems directly to the Chinese army under the guise of a "commercial" sale. The export, called "Hua Mei," included encryption computer source code, enabling the Chinese army to change their secret code systems at will. The secure military-grade export left America with the full blessing of Bill Clinton. Hua Mei is one of many such military-grade systems exported to directly into the hands of the generals in Beijing by Mr. Clinton. Clinton gave the PLA military-grade secure communications while secretly working to keep the same secure communications from the American public. Chinese generals now communicate with complete security, locking out U.S. military intelligence monitoring, thanks to Bill Clinton. The Clinton policy is far more than a paradox. It clearly shows that Bill Clinton trusts Chinese communist generals more than any American citizen. The Department of Justice co-operation with the Chinese government includes more than secure systems for the PLA. Clinton authorized the Chinese army information warfare lab LOIS (Laboratory of Information Security) to obtain designs with "exploitable" features similar to the Clipper chip. The transfer took place under the guise of "law enforcement" in cooperation between Justice and the Chinese police. Bill Clinton and Janet Reno have given the Communists the ability to track every Chinese citizen using advanced chip technology and backdoor-like recovery systems. The digital chains of a modern police state to enslave millions of Chinese citizens -- made in the U.S.A. American technology, shipped with the personal OK of both President Clinton and Janet Reno. The Clinton administration is also trying to duplicate Communist powers here in America. Every Justice Department move to establish new computer tracking systems and expand wire-tapping to millions of phones is another abuse of power. They want to monitor every American 24 hours a day and make it a crime to prevent illegal monitoring. According to the 1996 report to Gore by CIA Director John Deutch, Reno proposed an all-out federal take-over of the computer industry. The Justice Department, proposed "legislation that would ... ban the import and domestic manufacture, sale or distribution of encryption that does not have key recovery." The White House, Justice and the Clipper project were all penetrated by agents of the Chinese army. Reno is covering up the penetration. Hubbell was Clinton's man in Justice and Janet Reno's right hand man. Hubbell knows more than enough about Chinese espionage operatives with Bill Clinton to fill a novel. Reno continues to cover it all up and keep the investigation of herself entirely under her command. The attempt by the PLA to obtain secret access to DEA phones clearly illustrates the close-knit intelligence/crime syndicate operating inside the White House. One does not need much imagination to wonder why drug lords such as Democratic national Committee donor Ng Lapseng would want to monitor the DEA. DEA agents and all Americans, however, can take no solace in Reno's reluctance to look into the penetration of their phones by agents of the Chinese Army. They need look no further than the photo of drug lord Ng with Bill and Hillary Clinton to wonder why. from The US Federal Trade Commission, from http://www.ftc.gov/opa/1998/9808/transuni.htm: FOR RELEASE: AUGUST 26, 1998 FTC Charges Against Trans Union Upheld: Administrative Law Judge Orders Credit Bureau Stop Using Credit Data to Create Target Marketing Lists Federal Trade Commission Administrative Law Judge James P. Timony has ordered Trans Union Corporation to stop distributing and selling target marketing lists based on consumer-credit data, except for certain authorized purposes. In his decision released today, Judge Timony said that federal law "protects consumers' privacy by prohibiting consumer reporting agencies from communicating information ... to marketers for impermissible purposes. ... Trans Union invades consumers' privacy when it sells consumers' credit histories to third- party marketers without consumers' knowledge or consent. ... " Trans Union, based in Chicago, Illinois, is one of the three major credit bureaus in the United States. Trans Union gathers information on consumers and sells consumer reports containing data about the credit of millions of Americans. Buyers use this information to evaluate consumers' credit. Performance Data, a division of Trans Union, is engaged in the target marketing business. Target marketing involves selling goods and services directly to consumers by mail or telephone. Trans Union's target marketing uses information from its consumer reports to prepare a list of consumers who meet certain criteria. It sells this list for use in soliciting consumers. The FTC enforces the Fair Credit Reporting Act (FCRA), which protects the privacy of credit information by prohibiting credit bureaus from furnishing to anyone the data they compile except under specific circumstances. For example, the law permits credit bureaus to release "consumer reports" for a client's use in deciding whether to approve an application for credit or a job, and also in response to a court order. Under the FCRA, a permissible purpose for disclosure exists if a consumer authorizes the disclosure. The FTC also permits "prescreening" -- providing lists of consumers meeting certain credit criteria to credit grantors, as long as the credit granter gives each person on the resulting list a firm offer of credit. FCRA amendments give consumers the right to opt-out of prescreening -- giving them the right to participate in the decision to use their information for firm offers of credit. Trans Union's opt-out program does comply with the FCRA, Judge Timony said. Trans Union does not, however, require its clients to notify consumers of their right to opt -out of target marketing lists other than on prescreen. In 1992, the FTC charged that Trans Union's sale of target marketing lists violated the FCRA. Those charges were upheld by Administrative Law Judge Lewis F. Parker in a 1993 summary decision and by the Commission in 1994. Judge Parker's finding that there was no real dispute as to the facts of the case was rejected by the U.S. Court of Appeals, which returned the case to the Commission. The Commission then remanded the case for trial before Judge Timony. The trial before Judge Timony began on February 17, 1998. The record closed on March 27, 1998. During the 1998 trial, FTC lawyers offered a survey to assess consumer attitudes regarding the use of consumer credit information to compile marketing lists. Sixty-eight percent of the survey's respondents found the use of credit report information for the compilation of marketing lists to be unacceptable. "The conclusion that the Fair Credit Reporting Act protects consumers' privacy interests by prohibiting the unauthorized dissemination of their credit histories to third-party marketers is supported by the results of the consumer survey ... ," Judge Timony said in his decision. One Trans Union argument rejected by the Commission and the administrative judges was that target-marketing lists do not fall within the definition of "consumer reports" that are protected by the FCRA. "Each of Trans Union's target marketing products is a consumer report because it discloses information from Trans Union's consumer reporting database that is also used by credit grantors for credit eligibility determinations," Judge Timony said. The decision points to a 1993 Commission agreement with TRW Information Systems -- a second major credit bureau -- which allows TRW to extract certain consumer information such as: name, telephone number, mother's maiden name, address, zip code, year of birth, age or social security number from its database for target marketing. TRW, unlike Trans Union, does not extract high credit amounts, auto loan expiration dates, and loan dates from its consumer reporting data base for use in target marketing lists. Only Trans Union offers target marketing lists based on individual-level credit data, the decision states. These lists are unique in their source, in the extent of individual information they reveal, and in their use in target mail and telephone promotions. For example:

• Trans Union offers lists indicating the number of open automobile loans, loan type, the open and expiration dates for the lease or loan, and the high credit amount of the lease or loan. (Other target marketing firms offer automobile lists limited to ownership information and not the range of data that Trans Union supplies.)

• Trans Union sells lists that permit target marketing of persons who have an open bank card. (Other firms offer bank card lists, with the information at the household level, from self-reported survey responses or from suppliers of credit card information not from consumer credit reporting databases.)

• Trans Union offers a list of an open department store trade. (Other list providers offer department store card information from self- reported survey responses or from suppliers of credit card information.)

• Trans Union offers mortgage-related lists including: the presence of an open mortgage, presence of a second open mortgage, and the open and closed dates and high credit amounts of both mortgages. Trans Union's customers can also obtain information about the type of mortgage loan (VA, FHA loans or secured home improvement loans). (List providers other than Trans Union offer mortgage lists. Their information is from self-reported sources such as surveys, and the public record -- including county registrar and tax assessor files.)

• Trans Union's income estimator, calculates an individual consumer's estimated income based on its credit data. (Competitive lists providers offer estimated income developed from public record and self-reported data, subjective information that has not been verified, and household income rather than individual level income.) Judge Timony also rejected arguments that Trans Union's lists are protected by the First Amendment, citing both the government's substantial interest in protecting consumers' right to privacy and the fact that the FCRA advances this interest without being unduly restrictive. Judge Timony noted that the FCRA and the Order he issued "directly advance the governmental interest in protecting consumers' right not to have covered information communicated by consumer reporting agencies to target marketers without a permissible purpose." The judge also concluded that the opt-out procedure required by the FCRA does not cure the problem. "While the right to opt-out theoretically allows the consumers to request their names to be removed from target marketing lists, most consumers are unaware of this procedure. Although Trans Union complies with the notice requirement for opt-out under the FCRA, there is no credible, direct evidence of the success rate of opt-out actually stopping direct mail or telemarketing calls," the decision states. Judge Timony also pointed out that the statute does not outlaw the use of credit information for target marketing; it merely requires credit reporting agencies to include consumers in the decision to use their information. Thus Judge Timony concluded that Trans Union assembles information on consumers to furnish consumer reports to subscribers and consumers. Trans Union is a consumer reporting agency. Trans Union's target marketing lists are consumer reports. Trans Union furnishes consumer report information in target marketing lists to persons who do not have a permissible purposes under the FCRA. By this conduct, Trans Union violates the FCRA. The judge's order is subject to review by the full Commission on its own motion or at the request of either Trans Union or the FTC staff. If the order is not appealed within 30 days, it will become binding on Trans Union as the final Commission order.

Copies of Judge Timony's decision are available from the FTC's web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 6th Street and Pennsylvania Avenue, N.W., Washington, D.C. 20580; 202- FTC-HELP (202- 382-4357); TDD for the hearing impaired 202-326-2502. To find out the latest news as it is announced, call the FTC NewsPhone recording at 202-326-2710. MEDIA CONTACT: Victoria Streitfeld, Office of Public Affairs 202-326-2718 (Docket No. 9255) (transuni) from Reuters via FoxNews, 1999-Mar-12: Spy Satellites Will Count Florida Keys Boats KEY WEST, Fla. - U.S. authorities said Friday they will use top secret spy satellites to watch boat traffic on the fragile Florida Keys' coral reef, a decision that outraged privacy-mad free spirits in the island chain. Although officials said the satellite data will be used only to learn about human impact on the reef, feisty residents who have warred with the Feds on issues ranging from the booty of the Spanish Main to the collection of tropical fish complained they will be under the watchful eye of Big Brother. "We're talking 1984 here,'' said local treasure hunter Pat Clyne, referring to the George Orwell novel. Starting in June the spy satellites will begin counting boat traffic at various points along the 110-mile (176 km) archipelago, said scientist Chris Elvidge of the National Geophysical Data Center in Boulder, Colorado. The National Reconnaissance Office operates constellations of spy satellites to eavesdrop on foreign communications and photograph clandestine military sites. Some of the satellites are believed to produce black and white photos so detailed that they can literally read the writing on the wall. But Elvidge, who runs the lab where the satellite photos will be read, denied scientists were trying to invade anyone's privacy. He said the spacecraft will be restricted to gathering statistics on the size and numbers of boats at three sites. "We're not identifying the individuals who are associated with the boats. We're not identifying the boats or recording how frequently the same boat comes to an area,'' Elvidge said. ''Data's not being gathered for any law enforcement or regulatory linkage.'' Bob Leeworthy, chief economist for the U.S. National Ocean Service in Silver Spring, Maryland, said he will use the data to count boat traffic in three protected sites along the reef: Molasses Reef, Key Largo Dry Rocks and the Elbow. Fishing, tropical fish collection, and harvesting are banned in those areas, which are managed by the National Oceanic and Atmospheric Administration (NOAA). But other activities such as diving, snorkeling and glass bottom boat tours remain big business. Some scientists fear even these limited uses are taking a toll on the frail coral. "You need a process that looks at the type of human uses to see if you can separate human impacts from natural impacts like global warming or pollution,'' Leeworthy said. "It's just a piece of the puzzle. Carrying capacity is a complex issue.'' The U.S. government and the anti-establishment residents of the Florida Keys have clashed often over the years. Treasure hunters have waged legal fights to keep Spanish treasure found in wrecks off the coast. Fishermen have battled for the right to fish in reef waters. In 1982 local officials, angered by roadblocks set up at the entrance to the Keys to catch illegal immigrants, declared a tongue-in-cheek "war'' against the U.S. government, seceded, surrendered and applied for foreign aid. Now island natives, who are called "Conchs'' after the tough mollusk that lives in surrounding waters, say the government wants to watch them from the sky. "People come down here for solitude,'' Clyne said. "They go out on their boats but they're actually being monitored all the time.'' Leeworthy said that during a 72-day monitoring period when the satellites are taking pictures, NOAA crews will ride boats to the sites to count people in the water and on boats. "A lot of the details we can't get from satellites we'll get from the ground surveys,'' he said. Leeworthy's project was selected in late December by the U.S. civil applications committee, a 10-member board of scientists that decides which civilian applications are appropriate for U.S. spy satellites. Officials said copies of the spy satellite photos will be sent via to Elvidge's lab in Boulder. A single NOAA scientist has been granted clearance to view the photos and record boat data onto spreadsheets to be sent to Leeworthy, who cannot view the actual photos. U.S. spy satellites are barred by statute from monitoring U.S. citizens, officials said. from TPDL 1999-Sep-11, from the Associated Press: Court says heat scan without warrant OK The federal appeals court for nine Western states reversed itself and said federal agents do not need a warrant before scanning a home with a device that can detect different heat levels indoors. The 9th U.S. Circuit Court of Appeals had ruled in April 1998 that the device, which is supposed to detect heat from indoor drug labs but may also be able to peek into bedrooms, was intrusive enough that agents should have to get a warrant by persuading a judge they were likely to find evidence of crimes. But while the government's request for a rehearing was pending, one judge on the panel retired and a replacement was appointed. The result was a 2-1 majority ruling Thursday to allow the scan without a warrant and uphold a marijuana conviction from coastal Oregon. from TPD 1999-Oct-9, from The Federalist Digest: [...] Also, the House defeated a measure that would have effectively converted state driver's licenses into national ID cards. Rep. Ron Paul said, "This is a great moment for all Americans; we have succeeded in defeating a program that would have deprived Americans of constitutional liberties, while imposing a massive federal bureaucracy to monitor their every step from cradle to grave." [...] from the Libertarian Party, 1999-Feb-1, by George Getz: Should state governments be allowed to sell your drivers license photo? WASHINGTON, DC -- The decision by three states to sell millions of drivers license photographs to a private company is a "picture perfect" example of why you can't trust politicians to protect your privacy, the Libertarian Party said today. "Without your permission, politicians in three states have decided to sell your most personal possession -- your image," said Steve Dasbach, the party's national director. "If we don't stop them now, what will they sell next?" In what is being described as the latest "Big Brother" privacy scandal, politicians in three states -- Florida, South Carolina, and Colorado -- have agreed to sell a combined total of 22.5 million drivers license photographs to Image Data LLD, a private anti-fraud company in New Hampshire. Image Data LLD said it will use the photos to build a nationwide photographic database, which retail establishments can use to confirm the identity of customers who cash checks or use credit cards. But whether such a database will actually prevent fraud, the Libertarian Party said politicians have no right to sell people's images, especially without their permission. "Your photographic image represents the essence of who you are, and politicians should not be able to sell it to the highest bidder," said Dasbach. "It is a classic case of identity theft -- and the ultimate violation of your personal privacy." Americans seem to agree: Already, residents of South Carolina and Florida are flooding state offices with complaints about the program. Politicians in South Carolina said they will attempt to retrieve the photographs, and legislation may be filed in Florida to curb the practice. In addition, at least two states, New Hampshire and Louisiana, have refused to sell drivers license photos. Other states -- including Maryland and Virginia -- have laws which restrict access to such photographs. But even if a few states stop the sale of drivers license photos, that leaves dozens of other states that may decide to sell them later, Dasbach noted. And photographs are just a small part of the flood of personal data - - ranging from mandated fingerprints on drivers licenses, to omnipresent Social Security numbers, to roving wiretaps, to the new "Know Your Customer" bank spying law, to cameras mounted on traffic lights, to the "Deadbeat Dad" federal employment database -- the government collects about its citizens, he said. "Your privacy is under assault from a hundred laws and government agencies," Dasbach said. "Big Brother is already watching you -- only now, he's got a camera in his hands and plans to sell your photograph." The controversy over the sale of the drivers license photos also illustrates an important difference between the government and private companies when it comes to privacy, said Dasbach. "With the government, you usually can't say no," he noted. "For example, you have no choice about surrendering your photographic image if you want a drivers license. And once the government has acquired that image, you have limited ability to stop politicians and bureaucrats from doing whatever they wish with it. "By contrast, you have a great deal of control over private companies. A new consumer privacy survey by Louis Harris/Alan Westin revealed that almost 80% of Americans have refused to give a company or business information they thought was too personal or unnecessary. And if a private company invades your privacy, you can refuse to do business with them -- an option you don't have with the government." Whatever the outcome of the drivers license photo debate, Dasbach said he hopes the controversy will send a message to Democratic and Republican politicians that Americans simply won't stand for such violations of their privacy. "Americans are tired of being photographed, numbered, filed, monitored, recorded, and cross-referenced by the government," he said. "We're tired of having our personal information abused by politicians. We want our privacy back." from Wired Magazine Online, 1999-Sep-7, by Declan McCullagh: Smile for the US Secret Service WASHINGTON -- A New Hampshire company began planning in 1997 to create a national identity database for the federal government, newly disclosed documents show. Image Data's US$1.5 million contract with the US Secret Service to begin digitizing existing driver's license and other personal data was widely reported early this year. But documents unearthed by the Electronic Privacy Information Center reveal the details and scope of the project. An Image Data presentation to the government -- marked confidential -- stressed that pilot projects in three states would "ensure the viability of deploying such service throughout the United States," according to about 300 pages of files EPIC obtained under the Freedom of Information Act. In a February 1999 report, Image Data CEO Robert Houvener ridiculed the idea that there were any legitimate privacy issues at stake, including those raised by civil libertarians when the project was first disclosed. "Many other newspapers, television programs, magazines also did news stories on Image Data LLC and its system [that] in some cases... focused on the 'Privacy' concerns and presented an inaccurate presentation," Houvener wrote. But privacy groups aren't wavering. "We think that their proposal for a national database of photographs runs directly contrary to the types of privacy safeguards that should be developed," says EPIC director Marc Rotenberg, who met with Houvener last week. "This is not a database that people can easily opt out of. You have to give up your photograph when you get a driver's license." Houvener, who says he has been a "victim of identity fraud," says his national photo file will be targeted at "identity criminals" that he estimates cost businesses billions of dollars a year. US legislators who funded the project believed the database would be used to stop illegal immigrants and terrorists. "The TrueID technology has widespread potential to reduce crime in the credit and checking fields, in airports to reduce the chances of terrorism, and in immigration and naturalization to verify proper identity," said a September 1997 letter from eight members of Congress to Image Data. Image Data's "True ID" technology currently feeds photos into its database in one of two ways. The company has contracts with state motor vehicle departments that supply the analog negatives or the digital images on magnetic tape. It also persuades shoppers to scan their IDs into the database by inserting them into devices at specially equipped stores. After news reports appeared focusing on the project, the governors of Colorado and Florida halted the transfer of images to Image Data, and South Carolina filed suit asking for the return of millions of images already in the company's possession. How did Image Data feel about South Carolina's actions? "The PR, legal, and legislative situation in the pilot State will continue to be evaluated and dealt with," a January 1999 company report says. Image Data has publicly downplayed the Secret Service's involvement, but the documents show that the agency decided which states would be part of the initial pilot project and directed the timing of the effort. According to one of Image Data's monthly reports sent to Special Agent Cary Rosoff of the Secret Service's financial crimes division, company representatives were negotiating a contract with Missouri officials, too. "Missouri [is] in the final stages of implementing a digital driver license system. Most issues are resolved, and we expect closure within 4-6 weeks," the document says. The Secret Service deleted some information from the documents before releasing them, and only a few pages prepared by the government are included. But it seems that discussions of the project began in early 1997. The government signed an agreement with Image Data in late 1997 and the contract took effect on 15 December of that year. Soon after, the company began to work closely with Telecheck, a subsidiary of First Data Corporation. By mid-June 1998, the computer interface between Image Data and Telecheck was complete and images could readily be exchanged. One frequent problem: Scanning millions of existing 35 mm photos into the database. "The digitizing machine is behind schedule.... There has also been some slippage due to the custom machining of the components for the scanner itself," the documents reported about Colorado DMV photos. Another headache for Image Data executives was Florida's policy of allowing drivers to renew their licenses twice by mail. That means people are less likely to come in and be photographed by digital cameras, which can automatically forward the photo to Image Data. "For a state like Florida, [up] to 45 million negatives would have to be digitized to get an online image of all current licenses," a November 1998 report says. The documents show how Image Data planned to sell the idea not just to the federal government, but also to state officials. "This program will demonstrate a highly effective way of ... increasing tax revenue. The positive impact of this demonstration cannot be ignored. Once government agencies and businesses see the effectiveness of this technology and implement it for their own programs, the positive impact to state and federal budgets will be in the billions of dollars per year," says one Image Data proposal that is marked "proprietary." from TPDL 1999-Feb-18, from the Washington Post p.A1, by Robert O'Harrow Jr. and Liz Leyden, Staff Writers: U.S. Helped Fund Photo Database of Driver IDs Firm's Plan Seen as Way To Fight Identity Crimes A small New Hampshire company that wants to build a national database of driver's license photographs received nearly $1.5 million in federal funds and technical assistance from the U.S. Secret Service last year, according to documents and interviews with officials involved in the project. Congressional leaders who helped make those arrangements envisioned using the photo file to combat terrorism, immigration abuses and other identity crimes -- applications that appear to go beyond recent company claims the database would only be used to prevent check and credit card fraud. "The TrueID technology has widespread potential to reduce crime in the credit and checking fields, in airports to reduce the chances of terrorism, and in immigration and naturalization to verify proper identity," said a letter about Image Data LLC from eight members of Congress in September 1997. "The Secret Service can provide technical assistance and assess the effectiveness of this new technology." These details about Image Data's development add fuel to an intense privacy debate that was touched off last month by reports that the Nashua, N.H., company recently bought more than 22 million drivers' images in South Carolina, Florida and Colorado. As the company lobbied to gain access to motor vehicle files, officials apparently told few people about its ties to the Secret Service or the money it received from Congress. State legislators, motor vehicle administrators and others who worked with the company said in interviews they had no inkling that federal officials might be involved. Several officials from Florida and South Carolina said they now feel misled by the company. In response to a surge of complaints after news reports on the transfer of license images, Florida Gov. Jeb Bush (R) canceled a contract to sell 14 million photographs. Colorado Gov. Bill Owens (R) halted the sale of 5 million images, while the state legislature pushed through a bill that would ban the transfer. South Carolina Attorney General Charles M. Condon sued the company for the return of 3.5 million digital photographs already being used in a pilot project there. A state judge rejected that claim last week, saying the company's True ID system is "no more intrusive on the privacy of an individual than showing the driver's license itself." But Condon is appealing the decision to the state supreme court. State legislators, meanwhile, have proposed laws blocking future sales and a South Carolina woman filed a class-action lawsuit this week seeking to stop Image Data from using the images. Officials in Florida, Colorado and New York also have said they intend to study sales of personal information by their states, with an eye toward new restrictions. Officials at Image Data have consistently defended the company's efforts, saying that photographs, names, addresses, Social Security numbers and personal data would only be used in a secure computer network to stop retail fraud. They said their computers can briefly flash a tamper-proof photo of a person named on a check or credit card to a tiny screen at a retailer, enabling a clerk to verify the shopper's identity. A pilot program for check writers started in South Carolina last August. In an interview yesterday, Image Data founder Robert Houvener said he believes his company has the potential to save consumers, businesses and governments billions of dollars in losses to identity theft -- a fast-growing crime in which fraud artists take on the persona of victims and rack up bills in their names. Houvener said that's why he sought out federal assistance and welcomed the expert advice of the Secret Service, which investigates identity theft and electronic crimes. Houvener played down any contradiction between his recent statements and the potential uses cited by congressional supporters, saying in every instance the technology would be used to prevent a fraudulent transaction. That holds true for airlines that use it to screen passengers buying tickets, Houvener said, or for banks verifying the identity of welfare recipients getting their benefit. "An airline counter is the same as a counter at a 7-Eleven," Houvener said. "It's the exact same situation. All you're trying to do is prevent fraudulent transactions." But state officials said they are skeptical. "The arguments against this program become much more credible if the federal government and others ultimately intended to use the technology and data on Americans for purposes broader than fighting retail fraud," said Tom Feeney, a Florida Republican legislator who, after meeting with an Image Data's lobbyist, sponsored a law enabling the sale of the state's driver photographs last year. As recently as two weeks ago, during a court hearing in South Carolina about the company's purchases of the images, Houvener passed up several opportunities to discuss the federal funding when asked about the company's financing, according to a transcript of the hearing. Houvener said several newspapers mentioned the federal funds and the Secret Service role when they were first approved and so he assumed that people knew about these matters. The one article in a national newspaper cited by Houvener, however, briefly referred to the funds in a long report on the federal budget. He said Condon, who questioned him in the case, had asked about investors -- not federal financing. Condon said he intends to review Houvener's statements to determine if he misled the court. "This office is going to investigate," said Condon, who predicted that South Carolina drivers will not appreciate hearing about the ties between Image Data and the Secret Service. "We don't want to be a guinea pig for the federal government to experiment on how to solve federal problems," he said. A Secret Service official said the agency did not seek to be included in the effort. But the official, who is overseeing the project, also saw a chance to help Image Data tailor its technology to fight a vexing crime. "We were trying to show them positive ways the system could work," said Cary Rosoff, a special agent in charge who visited the company's pilot program in South Carolina in December. "Our feeling was, if the government was going to invest money into the program, why not make it work as well as it can?" Company officials have portrayed themselves as well-meaning corporate newcomers, overwhelmed by attention from the media and policymakers. Houvener said some critics mistakenly believe the images will be sold or made available on the Internet. "We've been forthright with everyone," Houvener said yesterday. "There's nothing inconsistent here at all." With help from an influential Boston public relations firm, the Rasky/Baerlein Group, Image Data hired lobbyists in Florida and South Carolina. The company spent about $25,000 on the South Carolina lobbyist -- five times the cost of the database it eventually bought. It contributed $500 to state Sen. John Land, the legislator who sponsored a bill enabling the sale, as well as $1,000 to former governor David Beasley. Image Data also received help from eight legislators on Capitol Hill. They include Sen. Judd Gregg (R-N.H.), who received $2,000 in campaign contributions in his last campaign from the company's officials or their families, and Rep. Charles F. Bass (R- N.H.), who received $3,000 in contributions from company officials since 1995, according to Federal Election Commission data. In the September 1997 letter written to Sen. Ben Nighthorse Campbell (R-Colo.), chairman of the Appropriations Committee panel that oversees the Secret Service, Gregg, Bass, Sen. Ernest F. Hollings (D-S.C.) and the others expressed thanks "for including $1.46 million for a pilot program to combat identity-based crimes." A spokeswoman for Gregg said he was not available for comment. Bass was also unavailable for comment, but spokeswoman Sally Tibbetts said he remains supportive of the company's effort. Hollings continues to support the company's anti-fraud initiatives, as long as drivers can choose not to participate, according to his spokesman. from The Internet PRIVACY Forum, 1999-Apr-18, by Lauren Weinstein, PRIVACY Forum Moderator: License Plate Camera Surveillance in California Greetings. An emerging area of privacy concerns is the mushrooming of surveillance cameras in public places. These are often placed with laudable goals in mind, and with promises that information gathered will only be used for specific purposes. But as in so many areas of information collection, the risk of what I call "data creep"--information collected for one purpose ending up being used for something else--is always present. We may be on the verge of yet another example of this problem. Here in California, the state capital of Sacramento is planning to use 19 cameras along Interstate Highway I-5 (an increasingly typical sort of placement for traffic management purposes) to photograph drivers' license plates. The idea is to determine who is traveling during rush hours and from what zip codes they come, to aid in traffic planning. I'm all for less congestion on the freeways! But the potential privacy problems with such a system, regardless of stated goals, are prime examples of "data creep" waiting to happen, especially if such systems become highly automated and widely deployed--possibilities that currently available technologies certainly make increasingly practical. from PDL 1999-Mar-25, from the Associated Press via Nando Media, by Richard Carelli: Justices seem willing to limit media access to raids WASHINGTON (March 24, 1999 5:33 p.m. EST http://www.nandotimes.com) - Dealing with First Amendment issues, the U.S. Supreme Court appeared determined Wednesday to stop police from letting TV cameras and other news media accompany them into people's homes to observe arrests or searches. Justice David H. Souter balked most emphatically at being told "media ride- alongs" can help deter crime and police excesses, and should trump concerns for personal privacy. "What's the help provided here?" he asked. "I don't see why you have to take the news media people into someone's home ... it sounds like fluff." When a lawyer contended that such ride-alongs are commonplace, Justice Sandra Day O'Connor shot back in incredulous tones, "Ride right into the house?" She later called one such incident "an amazing invasion." In all, six of the court's nine members asked pointed questions or voiced concerns, suggesting a willingness to let people sue law enforcement officers who let journalists enter someone's home. For such liability to exist, the court must rule that police with court warrants violate the Fourth Amendment's protection against unreasonable searches and seizures when they take journalists with them. If so, another legal issue looms: Can the journalists be punished financially, too? Twenty-four news organizations, including The Associated Press, have sided with law enforcement officers in two cases from Maryland and Montana the court will decide by late June. They cite the news media's role as a watchdog, but First Amendment rights were barely mentioned Wednesday. Hardly new, the police practice of letting journalists accompany them has been given higher visibility in recent years by "true-life" television programs that focus on police work. "The only authority police have is to enter the home, (not) bring along the media on a news-gathering expedition," Washington lawyer Richard Willard argued. He represents a Maryland couple photographed by The Washington Post in their nightclothes as sheriff's deputies and federal agents unsuccessfully searched for their fugitive son. Los Angeles lawyer Henry Rossbacher sounded a similar theme in arguing for a Montana couple whose ranch was raided by about 20 federal agents because they were suspected of killing eagles. He said the agents, who were accompanied by a Cable News Network camera crew, "came to search for poison; they brought along the press to search for TV footage." Lawyer Richard Cordray of Grove City, Ohio, who represents the federal agents in both cases, urged the court not to ban every instance of the news media entering someone's home at the invitation of police. But, under persistent and rapid-fire questions from the bench, he was hard-pressed to explain when such access is justified. No one doubted that police are free to take along some outsiders to help them - such as translators or owners of searched-for stolen property - but Willard contended that journalists do not offer police that kind of specific assistance. At one point, Justice Antonin Scalia asked Cordray, the federal agents' lawyer, whether police officers with court warrants could elect to take along their sisters- in-law as well as the news media. "Personally, I'd rather have your sister-in-law come along," Scalia said as the courtroom exploded in laughter. In the 80-minute argument session, only Chief Justice William H. Rehnquist asked questions that consistently portrayed the police conduct in a positive light. Comments and queries from Justices Anthony M. Kennedy, Ruth Bader Ginsburg and Stephen G. Breyer were far more critical. The court could use the Montana case to draw a distinction between entering a residence and other types of private property, such as ranchland. And even if the justices decide that such news media access can violate privacy rights, they still must determine whether those rights were "clearly established" when the Maryland and Montana raids occurred - in 1992 and 1993, respectively. If not, the officers cannot be forced to pay any damages. In the Maryland case, Montgomery County deputies and deputy U.S. Marshals took along a Washington Post reporter and photographer when they entered the Rockville home of Charles and Geraldine Wilson early one morning. The photographs were never published. The Montana case arose from a raid at Paul Berger's sheep and cattle ranch. Berger was acquitted of all charges except improper use of a pesticide, a minor offense, and CNN eventually used footage of the raid as part of its coverage of government efforts to protect endangered species. from the American Society for Information Science, from http://www.asis.org/Bulletin/Feb-97/lutz.html: 1997 ASIS Mid-Year Meeting Preview Monitoring Your Movements by W.E. Lutz © 1997 ASIS

"Suppose I had a good friend here in the Bureau," Mallory said. "Someone who admired me for my generous ways." Tobias looked reluctant and a bit coy. "It ain't a simple matter, sir. Every spinning-run is registered, and each request must have a sponsor. What we did today is done in Mr. Wakefield's name, so there'll be no trouble in that. But your friend would have to forge some sponsor's name, and run the risk of that imposture. It is fraud, sir. An Engine-fraud, like credit-theft or stock-fraud, and punished just the same, when it's found out." "Very enlightening," Mallory said. "I've found that one always profits by talking to a technical man who truly knows his business. Let me give you my card." (William Gibson and Bruce Sterling, The Difference Engine) We understand the many means by which our daily activities are accessed and used for specific purposes via transactional databases. We are also aware how databases from credit cards track our activities and movements and how magazine subscription listings betray our wants and desires. What we overlook, however, is how our image -- our physical appearance -- is accessed and employed without our consent or knowledge. Image processing, combined with routine databasing and commercially advanced tracking devices, add a new dimension to the erosion of our privacy. The routine access of personal information combined with the physical monitoring of movements creates a growing, dangerous threat to personal privacy. The Power of Imaging Systems Imaging systems are high-speed multi-processing portrait storage and retrieval systems. Portraits or images of individuals are taken via electronically scanning cameras, with any accompanying data files automatically linked to any computer- generated portrait. This combination of data file acquisition (fingerprint, background information, prior history) with electronic mug-shot imaging offers a powerful tool for law enforcement agencies. The power of imaging systems cannot be underestimated. It is an uncomfortable fact that many police background checks for newly arrested suspects often take 24 hours. Suspects arrested for minor offenses often are released without the arresting law enforcement agency's knowledge of the suspects prior criminal record, owing to delays associated with standard file checks (i.e., non-imaged police data systems). An average arrest takes approximately 60 to 90 minutes to process -- fingerprinting, mug shot, file processing and statement preparation. Cross referencing with state and federal databanks often requires a delay up to 24 hours. But, according to the Camden Police Department, the use of imaging systems can cut back the average arrest time to approximately 15 to 30 minutes. Imaging systems offer unprecedented portrait manipulation and rapid data retrieval of all associated file information for law enforcement. For a growing number of agencies, gone are the days of ink fingerprints and the piles of tiresome mug shots. Imaging systems allow agencies to simply type in a rough description of a perpetrator based upon eyewitness account. In some imaging systems, simultaneous access to SCIC (State Crime Information Computers) and the FBI's NCIC (National Crime Information Computer) is enabled, allowing direct link-up with any known federal or state suspect list within a matter of minutes. Imaging systems are becoming more prevalent outside of law enforcement. ATMs (Automatic Teller Machines) and surveillance cameras in convenience stores are another form of imaging documentation. Although a far cry from the imaging technology used in law enforcement, the potential is still present. For example, in the Pepsi/hypodermic needle scare of 1993, the culprit was captured on a video camera in a Colorado convenience store. The public hears this and breathes a sigh of relief, knowing that yet another evil perpetrator has been captured. Note, however, that the capture was made after an intensive search through millions of video images taken from thousands of convenience stores nationwide. Out of all those thousands of convenience stores and from those million or so video shots, the single incriminating video still-shot of the crime was found. Based upon the single freeze-frame image, the perpetrator was caught and prosecuted. The wonder of modern technology is renewed when one appreciates the amount of time and human resources such actions would have taken but five years ago. As video cameras are often used to monitor employees (casinos, high-security locales such as computer chip factories or other such industries), surveillance cameras are increasingly employed as a panacea for dealing with crime. Recent federal grant awards illustrate a growing trend of public housing authorities using video cameras to monitor and prevent illegal activities. DEA (Drug Enforcement Agency), FBI or the ATF (Alcohol, Tobacco and Firearms) account for a number of video cameras within high-crime locales, with criminal activity dramatically evaporating for fear of being captured on record. Local police agencies are not loath to spread rumors and gossip regarding potential locales as a means to further deter illegal activity -- often when no such cameras or agencies are actually intended or involved. Beyond Surveillance Cameras: Automobile Tracking Systems Video cameras are not alone in tracking one's physical movements. In New Jersey, a proposal for automatic toll collection by several previously non-linked authorities would allow motorists to open and maintain a common account with agencies participating in the automatic toll collection service [Since this was written, the system has been deployed. -Ed.]. Using strategically placed magnetic stickers, motorists could drive past automatic scanners without stopping to pay a toll collector or a cash receiving machine. The flip side to this convenience is that the participating motorist could be readily tracked while driving through toll booths across the state. Other new vehicle tracking technology has also recently appeared. LoJacks, installed in standard passenger vehicles, are gaining in popular usage, particularly in New York, Boston, Newark and Los Angeles. LoJacked vehicles possess a specific signature signal identifying the vehicle identification number (VIN). Each vehicle is thus uniquely identified so as to prevent confusion with other LoJack beacons. Upon the report of a stolen vehicle, police cars equipped with LoJack scanners cruise their assigned areas, literally homing in on the specific signal emitter (which flashes a signal every fifteen seconds) of the stolen car. In some areas, the installation of LoJacks is credited with a drop of up to 50% in vehicle thefts. The combination of imaging/picture tracking systems and powerful database sort/retrieval presents a new breach in the wall of privacy. It is no longer just a question of personal information being accessed by the varieties of databases, but rather how the average citizen is increasingly tracked in relation to this personal information. We know who you are, where you've been and what you've been doing. Soon, we will know specifically where you are at any given time. Addressing Our Perceived Need for Security As Pogo said, "We have met the enemy, and they is us." Breaches of privacy are actively encouraged. Federal monies are offered to housing authorities for surveillance systems. We think nothing of cameras which record our every move in stores, shopping malls or at ATMs. Insurance companies offer discounts of up to 25% of annual rates for those who install LoJacks, while commuters welcome the convenience of rushing past time-consuming toll plazas. Privacy protection efforts are few and presently hold little promise. Many county sheriffs encourage families to image their children, that is, to store the personal characteristics, background information and images of children within law enforcement databanks to allow for ready and rapid retrieval if the children are kidnapped. Although one cannot argue against the safety of children, one should question the underlying premise of fear. Committing oneself and one's children to any information system is an act fraught with long-term consequences and should be considered carefully. Cable Television: Who Is Watching Whom? Another vivid example of overlooking how convenience creates privacy invasion involves recent advances in cable television technology. Many cable companies employ a standard cable TV box manufactured by General Instrument (Jerrold boxes). The latest General Instrument development is the CFT2200, which, unlike most cable TV boxes, can both send and receive signals, thus facilitating pay-per-view without having to employ the telephone line or answering TV polls. Upon review, it would appear that the CFT2200 can employ home telephone lines for operation and would eventually allow for full usage of ISDN lines. Potentially, these boxes could allow for direct informational access (i.e., Internet service providing Web TV) and may very well serve for the next wave of data access. What is disturbing about this development is the ability of cable companies to conduct real-time monitoring of viewer's preference in TV entertainment and information access, offering simultaneous send/receive signals while the viewer is watching their shows. A detailed record of what, when and how long a viewer watched any particular show at any given moment is enhanced through new cable television technology. If the average consumer were aware of this fact prior to purchase, would so many readily accept? The difficulty lies in the average lay person understanding the power and extent of the technologies arrayed against the common person; it is this knowledge gap which makes resolving the issues surrounding the protection of privacy a formidable challenge. Many cannot readily appreciate the subtleties surrounding esoteric cable television services or imaging/monitoring technologies. As information professionals, we can share the vitality of an Internet search engine or personal communication system for common household usage while seeking out protection against privacy abuse. The question remains: where do we draw the line between the sublime and the extreme? Options and Considerations We are witness to the demise of our notions of privacy; this trend is congruent with rapid technological development. Luddites could argue that as technology grows, privacy dissipates; thus, technology must be curbed (so the argument goes). The genie is, however, well out of the bottle. Modern conveniences and economic advantages far outweigh any notions of denying the benefits and comforts which we amply enjoy. The approach we must now initiate rests upon legislation and education. Education and awareness on the part of those who know and understand the reality of their surroundings remains the key to ensuring privacy. Proprietary information will remain such, but the key to economic success will be that of creative dissemination of the uses of proprietary data and/or developments. If the general public is aggressively enlightened in the ways and means of information technology, then it follows that perhaps we can expect the general population to be more discriminating when it comes to privacy protection. Just as we speak of a green consumer culture, so too we might encourage the beginning of a privacy culture. True privacy could be an emerging marketing approach given the right impetus. Effective legislation must come into play if we are to prevent further erosion of privacy. Perhaps we should consider employing European laws as models for the control of personal information and the protection of privacy. Database access or use of one's name or other personal information could be subject to the individuals' prior approval and/or payment -- similar to royalties -- with violations subject to substantial monetary penalties. The logic is inescapable: if private/public entities gain a profit from the sale and/or use of our personal information, then we should receive royalties, if we choose to participate. Those who seek not to participate in the sale and dissemination of their information should be permitted, under strict legislation, to opt out with strengthened privacy guarantees. The time has come to reach out and enlighten legislators about the issues surrounding privacy. Some cultures hold that taking pictures of individuals and/or places robs the soul or essence of the place or person; arguably, this is now taking place. The act of taking pictures -- regardless of public safety or security -- constitutes an act of capturing our image without our permission. Similarly, when information is accessed -- habits, purchases, profiles -- could it not be argued that this is the theft of our truest proprietary data -- our identities? In the coming century, our identities will be how we appear on innumerable databases; our visage reflected in the hidden cameras and how we stand within society's walls defined in the roll calls of databases. The time is right, therefore, to educate both the public and legislators about the relationship between ourselves and the tools which gather information about us and our fellows. Given the prevalence of modern technology, it is time to recognize that our tools are but an extension of ourselves, the surveillance cameras reflecting back our images. How we view ourselves ultimately determines how we view and shape our future. How better than to smile into the camera with a confident cheer? W.E. Lutz is a licensed law enforcement planner in the department of administration & finance, Camden, New Jersey. from Issues & Views, Spring 1998, by Nat Hentoff (Newspaper Enterprise Association): Forget Big Brother; Beware Little Sister Turning Children Into Spies or Be Careful of What You Think and Say Here on the Internet is the Kid's Page of the Justice Department, with a friendly looking attorney general delivering a message: "Kids like you have to deal with the prejudice of their family members. . . . When someone makes jokes about people, or labels people because of where they come from, the color of their skin, their religion or gender, it's both a hurtful act and a hateful act." This message is directed to kids from kindergarten to fifth grade. What is a child to do if he or she hears racism, anti-Semitism, anti-Catholicism or any of the other flourishing forms of bigotry at home? It can come from an uncle, a grandfather or one's very own parents. Well, says Attorney General Janet Reno, "If this happens in your home, you might try talking to your parents, teacher, religious leader, counselor, or some other adult with whom you feel comfortable." And if at first your parents say you are making too much of just a joke, according to this directive, then tell your teacher or religious leader that there is hateful speech in your home. The Rev. Jesse Jackson might come by and set up a speech code for your parents. Unfortunately, the Justice Department has not provided many specifics as to which words are hurtful or hateful. Children between kindergarten and fifth grade may already know some of those words, but other words may be confusing. Targeting people as bigots is not quite as easy as the Justice Department believes. For instance, a child may overhear a black comedian on HBO--making satirical fun of other blacks--and then watch his or her family members laughing uproariously at that humor. Are they racist? Should the child tell a teacher or religious leader what his family finds amusing on television? A child, moreover, may misinterpret an aside by mom or dad that is over the kid's head. Or suppose Minister Louis Farrakhan comes on C-SPAN one night and dad directs some unfriendly words, even hateful words, at the smiling minister. Should the child add that indictment to the list of prejudices in his family? What if a child turns in a parent to his teacher, counselor, religious leader or other adult? Dad and mom certainly won't be put in prison, but one thing will surely happen. Dad and mom will become very careful of what they say in what used to be the privacy of their home. Is this really the proper function of government--to advise children to monitor their parents' or their uncles' or their grandfathers' speech--however offensive that speech? My wife and I used to play Lenny Bruce records, and our children, rather small then, would sometimes listen as we laughed at some of his sketches. These days, the kids could have turned us in--and Lenny too. On its Home Kids' Page on the Internet, the Justice Department tells the children: "It's wrong to label people because of the color of their skin or where they come from." It surely is, but it's also wrong to turn kids--whether they're K-5 or older-- into speech police. As for the attorney general, suppose a child is afraid to correct her parents and has no adult whom she can trust on so delicate a matter? Is the Justice Department going to set up a file to which earnest youngsters can contribute the names of bigots in the family? Some child trained to be a speech cop may also grow up to resemble the librarian who called me recently. She is planning ahead for Banned Books Week in the fall--an annual defiance of censorship around the country. Setting up a program, she asked me if I would be willing to speak on Mark Twain. I said I would and started to think of the irreverent language which he directed at those who imprison speech. "One thing," the librarian told me. "You are not to use any language that might offend any of the people who come to the program." "You have the wrong author," I said, "and the wrong speaker." As a Jewish child in anti-Semitic Boston, I learned how hurtful certain kinds of speech can be. I also lost a tooth when that speech turned into a punch in the face. But as admirable as her intentions are, the attorney general should rethink installing child monitors of conversations in the home. Instead, let school librarians suggest honest books on prejudice, followed by open conversations in the library. Nat Hentoff is a syndicated columnist and author of Living the Bill of Rights: How to Be an Authentic American (Harpercollins).

Go back to Erosion of Individual Privacy - Part 1

Erosion of Individual Privacy - Part 2 from the Libertarian Party, 1999-Jan-29: Should high school students be bar-coded like industrial widgets? WASHINGTON, DC -- Bar-coded high school students: Is it the "Mark of the Beast" -- or just another example of the failure of public education? And could your local high school be next? That's what Libertarians are asking after controversy erupted at a high school in Elkins, West Virginia, where school officials now require students and faculty to wear a bar-coded ID card on a cord around their necks, visible at all times. "Do you want your child treated like an interchangeable, bar-coded widget in an impersonal educational machine?" asked Steve Dasbach, the national director of the Libertarian Party. "Unless something is done to reform American education, this could happen to your child." The mandatory ID card at Elkins High School -- complete with photograph and unique bar code -- is used to bill students for school lunches and to check books out of the school library. It also serves a safety function, say school officials, since anyone without the visible bar-coded ID card can instantly be identified as an outsider. Teachers are required to check that each student is wearing his or her bar-coded ID card before each class. The new policy has caused a storm of controversy, with some students and teachers refusing to wear their bar codes on religious grounds, arguing that it is the "Mark of the Beast" predicted in the Book of Revelation in the Bible. The Rutherford Institute, a Christian ACLU-type legal organization, has already offered to help fight the case. Libertarians say they are less concerned about the "Mark of the Beast" than about what this bar-coding incident reveals about public education. "The idea that students can be bar-coded -- like some mass- produced widget rolling down an industrial assembly line -- will be reprehensible to many Americans," said Dasbach. "Education should be about respecting each student as a unique individual, not treating them like interchangeable cogs in a machine." But bar-coded industrial efficiency is a natural by-product of an education system that puts government bureaucrats and teachers' unions in charge of learning -- rather than parents and classroom teachers, he said. "When government bureaucrats are in charge of schools, they will make decisions based on efficiency and convenience, rather than on what's best for students," said Dasbach. "Since most parents don't have the luxury of paying their school taxes and paying again to send their children to private schools, government bureaucrats know they have a captive audience. That's why you see situations like bar-coded students in Elkins." And that's why more Americans are spurning public education, he said. For example: • Home-schooling has skyrocketed over the past decade. Since 1985, the estimated number of home-schooled children has grown from only 50,000 to as many as 1.2 million, and continues to grow at a rate of 15% to 40% per year.

• A 1998 Washington Post survey of what people would do if they won a $250 million Powerball lottery revealed that "almost invariably, people mentioned that they would move their children or grandchildren into private schools." • Those "in the know" about government schools tend to send their children to private schools. For example, while only 14% of Americans send their children to private schools, a whopping 50% of U.S. Senators do so, and 34% of U.S. House members. And this doubt about government schools isn't new: As long ago as 1988, a Gallup Poll revealed that 45% of Americans give public schools low grades -- either a C, D, or F. What's the solution? Giving parents control over their children's education, said Dasbach. "When parents are personally in charge of their children's education, they will tend to select schools that treat their children with respect and dignity," he said. "Given the choice, parents want schools that value learning over industrial efficiency." That's why so many Libertarians support "choice in education" proposals, he said -- ranging from tax credits for private education to an eventual separation of school and state. "If you want an education system that respects students as unique, independent human beings rather than as bar-coded units, then moving towards a free market, choice-based system is the way to accomplish that," he said. "With genuine choice in education, students would learn their ABC's -- and not be treated like a UPC." I have just (1999-Jan-29) received a forward of this from a friend (anonymized for publication):

Received: from neptune.sixdegrees.com (neptune.sixdegrees.com [206.41.12.34]) by xxx.xxx.xxx (8.8.7/8.8.7) with SMTP id PAA01022 for ; Sun, 13 Dec 1998 15:02:44 -0500 (EST) Message-Id: <[email protected]> Date: Sun, 13 Dec 1998 15:01:28 -0500 From: "sixdegrees" To: "xxxxx xxxxx" Subject: xxxx x. xxxx [name of "sponsor"]

Name: xxxxx xxxxx E-Mail Address: [email protected] sixdegrees Password: xxxxxxxx

Hi. You've been sponsored as "Friend" by xxxx x. xxxx as part of something called sixdegrees, one of the fastest growing phenomena on the Web, located at http://www.sixdegrees.com

You may have already heard of the six degrees of separation concept - where everyone on the planet is connected to each other through fewer than 6 people. Well, we haven't quite connected the whole world yet, but there are over a million people participating, and over 900,000 of them are connected in one giant chain.

And, just by confirming your relationship with xxxx x., you can instantly tap into this interconnected community of interesting people from all over the world.

So what? Well, by getting connected, you can come to the Web site (which is completely FREE) and use a whole variety of valuable, fun and intriguing services that make use of this massive chain of connections.

You can come see who's logged on the site right now and when you find someone interesting, we'll show you exactly how you're connected no matter how many degrees it takes, and then you can instant message them.

You can also find out how you're connected to that head of personnel at the big firm where you've been trying to get your foot in the door.

You can chat with people from around the globe and then see who you know in common.

You can post burning questions on your own personalized bulletin board and get valuable answers from your "circle" (your friends and friends of friends).

You can even get Movie recommendations from the people you're connected to.

So, stop by the site at http://www.sixdegrees.com to learn more and give it a try. (You can log in with this password: xxxxxxxx).

======

You can also get things started and get yourself connected right from this e-mail:

** To confirm your relationship with xxxx x., just send a reply that says only CONFIRM on the first line of the message body

* To deny this particular relationship (but keep open the possibility of joining sixdegrees if the concept intrigues you) send a reply that says only DENY

* And, if you'd like to make sure you don't hear from us again (even if somebody else you know lists you as a contact) then simply send a reply which says REMOVE in the SUBJECT LINE so we can process your request right away

Thanks, and we look forward to seeing you at sixdegrees.

======

And, if you're really ambitious, you can get your network of connections growing right away. Just list the people you think might be interested in participating in sixdegrees and we'll contact them with an e-mail like this one which mentions your name and invites them to join.

Just follow these directions:

* Click your mail program's REPLY button.

* On the FIRST line of the message body of the reply e-mail that opens, type only the word CONFIRM to let us know that you are in fact xxxx x.'s Friend.

* On the next line of the message body list the first and last names and e-mail addresses of the people you'd like to invite (you can list as many as you'd like - but we recommend you list at least two), and the relationship numbers that correspond with how those people are related to you.

MAKE SURE:

* That the first name, last name, e-mail address and relationship number are separated by SEMI-COLONS.

* You follow the format of these examples:

John; Smith; [email protected]; 12 Jane; Doe; [email protected]; 3

* And that you define each relationship by choosing a number from this list:

1=wife 2=husband 3=life partner 4=significant other 5=mother 6=father 7=sister 8=brother 9=daughter 10=son 11=other family member 12=friend 13=employer 14=employee 15=co-worker 16=client 17=service provider 18=business contact 19=fellow alum 20=acquaintance

We look forward to hearing from you!

======

PLEASE NOTE: All replies to this address are processed by a computer. If you have any problems, questions or requests send an e-mail to [email protected] and you'll receive a prompt and courteous response.

And, if you'd like to review our privacy statement just visit http://www.sixdegrees.com/Public/About/Privacy.asp

======sixdegrees is Registered in the U.S. Patent and Trademark Office.

[a strange 10 character alphanumeric code appeared here] from PDL 1999-Mar-16, from "AMERICAN NEWSPEAK. Celebrating cutting edge advances in the Doublethink of the 90's" by Wayne Grytting #109: Smile and Be Happy Dept. The debate over privacy on the Internet finally came to an end thanks to the timely intervention of Sun Microsystems CEO Scott McNealy. At a recent news conference, he introduced his company's newest software, called "Jini", designed to integrate networks of computers and video and audio sources. To do so it assigns unique numbers so each computer can be readily identified just as Intel and all our better software companies are doing. Silencing worries that this may open the door to the total surveillance of computer usage, McNealy presented the knock- down clincher argument that most had overlooked. ``You already have zero privacy," he growled, "get over it.'' His staff is reportedly hard at work on a line of corollaries to this such as "You are already getting ripped off -- get over it" and even bringing back the ever popular British slogan from the Boston Tea Party, " You are already overtaxed -- get over it." (NYT 3/2/99) from TPD 1999-Oct-9, from Techweb, by Bill Frezza: Where's All The Outrage About The IPv6 Privacy Threat? What happens when companies such as Intel or Microsoft are found to have embedded unique identifiers in their hardware or software that pose potential privacy problems for Internet users? As we know from experience with both the Pentium III Serial Number flap and the Microsoft Win98 Registration Wizard brouhaha, professional privacy advocates sound the alarm, the press launches a feeding frenzy, Wall Street shudders and the alleged corporate miscreants are flogged into backing off. Now, what happens when the Internet Engineering Task Force does the same thing, specifying an addressing structure in its next- generation Internet protocol, IPv6, such that every packet can be traced back to each user's unique network interface card ID? Apparently, nothing. It's a conundrum that makes one wonder about the motives of the reigning Internet digerati, who spend much of their time assuring us that they are protecting our interests as they quietly arrogate power in the new world order. IPv6 was initially proposed to solve the "problem" that IPv4 has with running out of addresses. You would think that the 32-bit address field of IPv4, supporting more than 4 billion unique addresses, would be sufficient to last quite some time. Unfortunately, the cabal that controlled the disposition of these addresses had a habit of handing out large blocks to their friends, who parlayed these into start- ups with multibillion-dollar market caps. Hence, the "shortage." IPv6, on the other hand, has 128 bits of address space, enough to provide a billion-billion addresses for each square meter of the earth's surface. How one could ever route that many addresses is an interesting question, but at least IPv6 will never run out. As you might expect, the address field is so huge that the IETF didn't know how to assign it. So, in a move to get buy-in from established industry standards bodies, the right-most 64 bits were designated to contain EUI-64 format information. This is used by the IEEE to assign Ethernet addresses, which are normally not transmitted outside a user's LAN. Included in EUI-64 are two interesting pieces of information: the registered manufacturer of your NIC card and your 48-bit Ethernet address. Surprise! Every packet you send out onto the public Internet using IPv6 has your fingerprints on it. And unlike your IP address under IPv4, which you can change, this address is embedded in your hardware. Permanently. The spooks and weirdos in Washington, ever eager to empower the surveillance state as they fight a rear-guard action against strong encryption, must be thrilled with such a gift. They appear so thrilled that the Institute for Information Sciences, heavily funded by the Defense Department, is writing a reference stack for IPv6 that it is quietly hoping to slip into Windows 2000. Where are the professional privacy advocates on this issue? Let's start with the Electronic Frontier Foundation (EFF), champions of freedom in cyberspace and cofounders of the TRUSTe initiative. TRUSTe's mission is to build "trust and confidence in the Internet" with a branded, online "trustmark" assuring users that their privacy will be respected. Go search EFF's site and see if you can find a single word about IPv6 and its privacy problems. The EFF's silence is matched by a similar lack of concern from the Center for Democracy and Technology and the Electronic Privacy Information Center, both of which are usually the first to man the barricades when Big Brother comes knocking. Could it be that this unusual averting of the collective gaze is just an embarrassing attempt to avoid airing the family's dirty laundry? With all the interlocking boards, directorates, subcommittees and associations that keep the digerati in sync, it's hard to know where responsibility for this snafu begins and ends. A new advocacy group called the IPv6 Forum, headed by honorary chairman Vint Cerf, is leading the charge for adoption, and the usual alphabet soup of geek groups appears to be falling into line. This may be the reason the press hasn't shown much interest. It's a lot more fun to kick Intel and Microsoft than to rail at the folk heroes credited with creating the Internet. It looks like the geeks screwed up this time, though. I hope they have the wisdom to fix things before it's too late. Bill Frezza is a general partner at Adams Capital Management. He can be reached at [email protected] or www.acm.com. from The Register, 1999-Mar-13, by Mike Magee: Unique serial number exists in all .25 micron Intel chips An architect who currently works for Intel US has now confirmed what we were beginning to suspect all along -- every .25 micron Intel chip has the personal serial number (PSN). The chip designer, who revealed the news under strict conditions of anyonymity, said: "Any .25 micron core including the PII, all Celerons and all current Xeons have had serialisation ever since .25 micron technology started." This means that Intel is and was shipping products with the serialisation number switched off. The only exception is the Tillamook P5 .25 micron parts, he said. But why didn't Intel tell us and the whole world what it was doing then, and why? It seems that maybe it just thought it would lump in the PSN announcement to co-incide with the introduction of Katmai-PIII. So when we first broke the story about the Mobile PII with Dixon core, the only "erratum" was that Intel forgot to turn it off. Intriguing. How US bodies pushing for a boycott of Intel parts will react to all of this is even more interesting. from InfoWorld Electric, 1999-Mar-11, by Ephraim Schwartz, from http://www.news.com/News/Item/0,4,33622,00.html?st.ne.ni.rel: Privacy Firm Claims to Bypass Intel ID Protection Program can bypass Intel's scheme for turning off PIII serial IDs, Zero- Knowledge says. Zero-Knowledge Systems, a company that offers its customers anonymity while Web surfing, claims to have hacked Intel's software utility program meant to turn off the serial IDs in Pentium III processors. A Zero-Knowledge programmer created an ActiveX application that goes around Intel's Pentium Serial Number Control Utility and places a cookie file inside the user's system. Once the cookie is in place, even if the user turns off the unique chip serial number, the number can be broadcast. Zero-Knowledge President Austin Hill says he was concerned with his customers' right to privacy. "We are developing privacy software. Our users are putting a certain amount of trust in us to make sure information about them can't be leaked," said Hill. "Any scheme that can be used to track users on the Internet we frown upon. We don't see the real benefit of having a serial number for identification purposes," said Hill. "Authentication belongs in your wallet in Smart Cards and personal certificates that are protected with a pass phrase. This is traditional security, something you know, something you have, something you are. Very rarely do you carry around a PC," said Hill. Exposure to Hackers Hill believes his ActiveX program demonstrates that hackers and unscrupulous companies can steal the number and use it maliciously to do anything including selling your stocks or stealing your money through illegal wire transfers. "If you have a cookie that contains the serial number, an ad company can look for that cookie and track you. That cookie can keep coming back even if you erase it. It's the cookie that never goes away," said Hill. George Alfs, an Intel spokesperson, said Intel has not yet examined the Zero- Knowledge program. from CNET, 1999-Mar-10, by Michael Kanellos and Stephanie Miles, Staff Writers, from http://www.news.com/News/Item/0,4,33622,00.html?st.ne.ni.rel: Software claims to undo Pentium III fix Canadian software developers say they have created a program that can obtain the Pentium III processor serial number despite the privacy protection measures taken recently by Intel. Zero Knowledge Systems of Montreal said today that it has developed an ActiveX control that can retrieve the serial number under certain circumstances, even after a software repair released last month by Intel has disabled the feature and ostensibly "hid" the number from prying eyes. The Pentium III serial number has turned into a public-relations nightmare for the world's largest chipmaker. Although Intel included the number in the chip as a way to improve Internet security, it has drawn protests from privacy advocates who say it provides hackers with an opportunity to obtain sensitive information. Zero Knowledge's control essentially exploits the approximate 15-second gap between the time a Pentium III computer is turned on and exposes the processor serial number and when the software repair kicks in and covers it up. The control tricks the computer into crashing. Then, as the machine is rebooted, Zero's software grabs the number before the software utility has a chance to disable it again. "It simulates a crash and could be attached to a virus, hidden inside an email attachment, shareware--anyway that people get hostile code onto your machine," Zero Knowledge president Austin Hill said. The ActiveX control grabs the serial code upon reboot, Hill said, and places it in a cookie file that can be read by Web sites. from TPDL 1999-Jan-14, from the Wall Street Journal, by Glenn Burkins, Staff Reporter: U.S. May Require Contractors To Give Sensitive Worker Data WASHINGTON -- Companies that do business with the federal government may soon be required to disclose sensitive personnel data during routine affirmative- action audits. Under a plan quietly proposed by the Labor Department, the government would begin requiring audited contractors to submit the name, age, sex, race and salary of every person employed at a targeted site. Currently, the Office of Federal Contract Compliance Programs requests such data only when the agency believes discrimination may have occurred. And even then, labor lawyers said, most employers don't allow the government to view such sensitive data outside the companies' offices. The new rules, submitted to the Office of Management and Budget three days before Christmas, would change all that. Critics familiar with the plan, including some labor lawyers and groups that represent companies' interests in labor matters, are outraged. They contend the federal compliance office is trying to use a backdoor maneuver to put the plan into practice. "This is pretty sensitive information," said David Copus, an attorney in the Washington office of Jones, Day, Reavis & Pogue. "They are eliminating the need to ask for it. They want it all the time, from every contractor." The Labor Department audits about 4,000 employers a year. Under a 1965 executive order, companies that do business with the government are required to implement affirmative-action programs. The Office of Federal Contract Compliance is responsible for monitoring those programs. The department denied that its new plan would change the scope of the information it currently requests. The only change, the department said, is that employers would be required to report compensation data earlier in an audit. The department concedes, however, that some employers balk at handing over compensation data. Mr. Copus said the plan reminded him of the 1978 incident on which the current Labor Department policy is based. At that time, the department tried to force a contractor to submit extensive compensation data but was blocked by the Office of Management and Budget, which ended up approving a more limited data request. The ruling has served as a guideline for Labor Department audits since then, Mr. Copus said. Mary Jane Sinclair, managing partner at MJS Associates in Morristown, N.J., a human-resource consulting firm, said the Labor Department's plan would open the door to more government intrusion. Other critics have expressed concerned that sensitive personnel data, such as salaries, could fall into the wrong hands. But Labor Department spokesman David Saltz said such fears are unfounded because compensation data are exempt from the Freedom of Information Act. "The Labor Department has been vigilant in ensuring that federal contractors obey antidiscrimination and equal-opportunity laws, and the department will continue to do so," he said. Just last week, the agency announced an agreement with Texaco Inc. under which the company will pay $3.1 million to 186 female employees. The Labor Department found that the women had been systematically underpaid compared with their male counterparts. In announcing that agreement, Labor Secretary Alexis Herman said her department's affirmative-action audits have turned up numerous examples of gender and racial pay disparities. from the Privacy Forum digest: Date: Sat, 16 Jan 99 11:09 PST From: [email protected] (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Law Enforcement Access to Supermarket "Club" Data Greetings. It appears that the practice of supermarket purchase data being made available for investigatory purposes may be going mainstream. In one recent case, a major national chain admitted that it had provided "club card" purchase information, under subpoena, to investigators (in a drug enforcement case) who wanted to know if a particular person had bought large numbers of plastic garbage bags. Apparently such purchases may be an indication of involvement with illicit drugs (or, perhaps, lots of deciduous trees in the backyard? Are garbage bags classified as a "dual use" technology?) I believe it would certainly be inappropriate to fault the supermarket for complying with the subpoena. But a more fundamental question revolves around what happens if such investigatory practices continue to spread. Will supermarket and credit card records be subpoenaed in civil cases, such as divorce settlement suits? Did the spouse by a lot of booze? Racy books? Whip cream? Brightly colored prophylactics? In the absence of laws setting down standards for how incidental transactional purchase data are protected in different situations, abuses are sure to occur. The problem will only get worse as more persons are lured into providing additional data about their purchases and web browsing habits in exchange for free e-mail accounts, discount airline tickets, twenty cents off on a jar of mayo, or any number of other goodies. Vacuum does not make for good law. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com from the Privacy Forum digest: Date: Thu, 21 Jan 1999 14:22:51 -0800 From: "Mike O'Brien" Subject: Supermarket Tracking Cards / Professional Jurors [...] 1) Concerning supermarket consumer tracking systems: These people are willing to pay far, far more than "twenty cents off a jar of mayo." Those who have not used these systems are probably unaware of just how much. I have the best of both worlds: My housemate does all our shopping, and he self-confessedly has no life to spy on. Between the 5%-off-your-entire-order coupons, the 10%-off-your-entire-order coupons, the 2/3 off specials, the free Thanksgiving turkeys and the free Easter hams, we save several hundred dollars per year off our grocery bill. These savings are predicated on accumulated use of the SAME ID tag, so the "card- swapping club", while an attractive notion, wouldn't allow these savings. Frankly, while the accumulation of customer data seems off-putting, the savings are so huge that even the privacy-conscious might think twice. They're willing to pay big bucks for the info. [...] from Mountain Media, from The Libertarian, 1998-Aug-10, by Vin Suprynowicz: Guarding our privacy? As Americans grow increasingly concerned over the ongoing rape of their privacy, cynics in government race to drape themselves in various ill-considered or downright sleight-of-hand "privacy protection" bills. Unfortunately, most of the proposed "protection" would merely limit the way private outfits could gather personal information about their customers. Little or nothing is proposed to stop the growing comprehensiveness and centralization of government data banks -- the far greater danger. Yes, customers should probably be aware that every time they use a supermarket "discount card" someone is tracking which brands they buy, the better to regale them with future coupon offers. But is the fact that Smith's and Stop&Shop now know what brand of toilet tissue we prefer really as great a concern as the fact that we will soon be required to submit a Social Security number -- granddad was promised it would never become a "national ID number" -- before we can apply for a job or for any government license; the fact that a cop pulling us over without cause at a "sobriety checkpoint" can now "run" our drivers license to determine whether we own any firearms (and then ask to see them); the fact that bank tellers are now offered rewards for snitching if they believe we're conducting multiple small cash transactions to avoid reporting to the central authorities that we've moved as little as $5,000 out of our own bank account; the fact that even to board an airplane these days we're expected to present a "government-issued photo ID"? (For those interested in the congressional mandate for a new national "biometric ID card," to include a thumbprint or retinal scan as well as our Social Security numbers, and to be required for employment or licensing of any kind after Oct. 1 of the year 2000, refer to Section 656(b) of HR 2202, the Illegal Immigration Reform and Immigrant Responsibility Act of 1996. Congressman Bob Barr, R- Ga., had offered an amendment in the House last month to block funding of the national ID rule devised to put that section into effect -- specifically, "National Highway Traffic Safety Administration proposed rule Docket No. NHTSA-98- 3945, dated June 17, 1998." But Rep. Barr inexplicably withdrew that amendment in the early morning hours of July 31. "This indeed would be a national ID card," said Rep. Ron Paul of Texas, on the House floor that early morning. "There is an ongoing onslaught against personal privacy in this country. ... I think ultimately, if we are sincere about protecting the American people and guaranteeing that we do not have a national identification card, we will repeal that authority.") But instead of derailing these ominous attempts by government -- the folks who can actually put us in jail -- to better track, monitor and regulate our movements and economic behavior, the Federal Trade Commission tells us the best way to protect our "privacy" is to pass new laws to restrict how Web sites collect interactive information from children under 12. Yes, really. "The information that is requested on these Web sites appears to be so innocent, very harmless," warns Sen. Richard Bryan, D-Nev., who has dutifully introduced such a bill. "But they do invade a family's privacy and raise safety concerns." Wait a minute. A web site that allows one to voluntarily submit one's name, age and address to a commercial outfit "invades the family's privacy"? Yes, small children being lured into discourse with strangers via the Internet can present a potential danger -- but hardly one which rises to the level of a national crisis. Surely this is a matter far better handled by parental instruction and supervision. There is no conceivable way the government can block such interchanges without spying on and restricting the Internet liberties of adults, as well. This is like fighting the wolves at the door by thrashing the pet hamster. But worst of all, for all its simpering about "the children," the "Electronic Bills of Rights" proposed by the Clinton administration defends no real "right" but that of the government to get its regulatory jackboots all over the brave new frontier of the Internet. We have plenty of "rights," already. What is needed is a reduction in the number of government agencies relentlessly violating them. For starters, Sen. Bryan might move to repeal the aforementioned national ID law (as well as its equally evil twin -- Miss Hillary's "unique national health identifier"); to allow and encourage private Americans to protect their privacy by exchanging and using the strongest encryption programs they can develop (currently restricted under the absurd contention that such programs constitute "munitions"); and to short- circuit FBI Reichfuhrer Louis Freeh's insistence that all new telephone switching equipment contain "back-door" access for wiretaps on up to one million Americans ... "just in case." Vin Suprynowicz is the assistant editorial page editor of the Las Vegas Review- Journal. Readers may contact him via e-mail at [email protected]. *** Vin Suprynowicz, [email protected] "The right of self-defense is the first law of nature; in most governments it has been the study of rulers to confine this right within the narrowest limits possible. Wherever standing armies are kept up, and when the right of the people to keep and bear arms is, under any color or pretext whatsoever, prohibited, liberty, if not already annihilated, is on the brink of destruction." -- Henry St. George Tucker, in Blackstone's 1768 "Commentaries on the Laws of England." from the Washington Post, from http://www.washingtonpost.com/wp- srv/WPcap/1999-01/02/007r-010299-idx.html: Raid on Rights By Nat Hentoff

Saturday, January 2, 1999; Page A19 As the House voted the two articles of impeachment, the criers of coup d'etat and sexual McCarthyism failed to mention that William Jefferson Clinton is, in addition, a serial violator of the Bill of Rights, among other parts of the Constitution. These other attacks on the Constitution are not impeachable offenses because the Framers could not have imagined them. For example, the president has not been so distracted by the current scandal as to forgo a raid on the Fourth Amendment. On Oct. 20 this year, he signed the Intelligence Authorization Act for fiscal 1999. It includes a provision -- long desired by the president and FBI director Louis Freeh -- for roving wiretaps, despite the fact that neither the House- nor the Senate-passed versions of the bill did. The wiretap language was slipped into the conference report by Rep. Bill McCollum (R-Fla.) and has become a law of the land without hearings or public debate. So much for the people's democratic process -- a mantra intoned these days by the president's protectors. The Fourth Amendment came into being because the Framers were smarting from the abuses of the general search warrant used by British customs officers to search colonial homes and businesses at will. And that's why the Fourth Amendment requires law enforcement agents to get a warrant based on probable cause of criminal activity that must "particularly describe the place to be searched or the persons or things to be seized." A wiretap is a search and seizure of communications on the targeted phone. Since 1986, a very limited multipoint wiretap was permitted if the target showed a clear intent to evade a conventional wiretap. Under the new law, a specific intent is no longer required. Now the person subject to a roving wiretap will be followed, and all phones to which he or she is "reasonably proximate" while the court order is in effect will be tapped. The ACLU -- which led the fight against this offense to the Constitution -- points out that "this includes the phones in the private residences of a subject's friends, neighbors or business associates." The FBI can listen to the rovingly tapped phones even if the owner of a phone and his or her family -- and not the target -- are using it. In 1997, each time federal or state electronic surveillance was used, it stayed in place for an average of 45 days and intercepted an average of 2,081 conversations by 197 people. The president's attack on the Fourth Amendment is part of a long line of assaults on the Constitution. His 1996 Anti-Terrorism and Effective Death Penalty Act has so weakened the constitutional right of habeas corpus that innocent prisoners on death row -- convicted since 1996 -- will be executed because they now have only one year to get a federal court to review the fairness of the state trial that doomed them. Clinton (with a majority of Congress) also is responsible for that part of the 1996 act that authorizes the deportation of aliens, including long-term legal resident aliens, suspected of ties to terrorism -- without defendants or their lawyers being allowed to see the evidence against them. The president also pressured the Justice Department to persuade the Supreme Court to affirm the Communications Decency Act, which would have censored everything on the Internet that was insufficiently "decent" for children. The Supreme Court unanimously rejected Clinton's summary dismissal of the First Amendment. His defenders -- as they blame his plight on "right-wing extremists" -- do not mention his legacy as the president in this century who has inflicted the most harm on our constitutional rights and liberties. What is most disturbing, however, is that the polls showing widespread approval of Clinton also reflect the popular ignorance of the Constitution that his defenders invoke to save him.

© Copyright 1999 The Washington Post Company from MSNBC 1999-Jan-5, from http://www.msnbc.com/local/WSMV/14789.asp: Rights to privacy questioned in job drug testing If you haven't been asked to take a drug test where you work, the odds are you will. One researcher says employees now entering the work force can expect to undergo between ten and one-hundred tests for drug use during their careers. But even though the testing is often mandatory to get and keep jobs, some workers are now wondering if such testing is a violation of privacy. This is what many workers endure before landing a job. Your career is riding on a few ounces of fluid - urine for a drug test. If you have a job and refuse a drug test , your boss can fire you. If you're looking for a job and test positive, he can refuse to hire you. This year, more than four million American workers will be asked a question that affects their livelihood: will you submit to a drug test? Kelly Samples is looking for a job in sales. Snelling Employment Service lined up an interview for her with a Nashville office machine company. Samples remains composed, unfazed by being put on the spot. ``I guess it would make some people nervous, but interviewing doesn't really bother me,'' she says. Nor is Kelly nervous about what she knows will be a condition of employment - passing a drug test. In fact, drug testing has become the norm for many businesses. ``Used to (be), when I first started in this business 11 years ago, nobody drug tested except for your large major corporations. Nowadays, local companies are testing,'' says Janice Bobbitt of Snelling Personnel Services. Bobbitt estimates that 75 to 80 percent of the companies hiring through Snelling require a pre-employment drug test. And those who use the service to find job placement seem to understand. ``If I was the owner of a company, I'd want to know what somebody's drug history was,'' says Samples. Middle Tennessee is following a nationwide trend of steady growth in workplace drug testing. The American Management Association says in 1987 only 21 percent of its members did drug testing. In 1996, 81 percent did. ``Why the explosive growth in drug testing? Because employers recognixer that drug abuse in the workplace is a significant problem that directly and substantially affects their bottom line,'' says Mark de Bernardo, who directs the Institute for a Drug-Free Workplace. The Washington, D.C. non-profit organization promotes workplace drug testing. ``According to the US government, 73% of Americans who engage in illicit drug use are employed. Where are they? They're in our workplaces,'' explains de Bernardo. But despite safety and turnover concerns, drug testing is also a privacy issue. ``In general, we're against random drug testing,'' says Art Spitzer of the American Civil Liberties Union. The ACLU says it's wrong to subject people to tests if they don't show signs of having a problem. They compare it to the police searching everyone's home to see who has drugs or to patting down everyone on the street to see who might have a gun. Privacy advocates are also afraid that employers employer might use your sample to learn confidential information about you, such as whether or not you have AIDS, diabetes or a genetic disorder. But is it really far-fetched to think that your employer might use your urine or hair sample to find out your medical secrets? That invasion of privacy did happen in Washington, D.C. ``About ten years ago we got a call from a woman who was a trainee at the police academy here in DC, who told us she had submitted a urine sample for drug testing as was required. And that shortly after that the Sgt or Lt. … had sort of announced to everyone that she was pregnant,'' explains Spitzer. The woman was horrified to learn the class debated whether or not she should have an abortion. The ACLU says it confronted the police department, which agreed to stop the unauthorized tests. ``There are very legitimate privacy rights at stake here. That's why employers should either do drug testing the right way, or not at all,'' says de Bernardo. Legal experts say that while you may think that you have a right to privacy in the workplace, you might not. ``The Constitution says absolutely nothing about what private individuals and private companies can and can't do. I'm afraid many Americans never get taught that in school,'' says Spitzer. It's important to note that the Constitution protects you from the government invading your privacy - not your boss. Only six states have laws limiting employee drug testing. Tennessee, Kentucky and Alabama are not among them. Since 1983, an increasing number of states have adopted laws that are pro-drug testing. But despite the practice's increase in popularity, there are still those who disagree. ``We think that's just improper. It rests on the concept that you are guilty until proven innocent,'' says Spitzer. But the ball remains in the company's court, reminds de Bernardo. ``Employers have the most effective weapon on the war on drugs, and that's the paycheck,'' he says. from the Libertarian Party, 1999-Apr-16, by George Getz, press secretary: Libertarians blast government's chilling "deformed baby database" WASHINGTON, DC -- A new federal law encouraging states to build a nationwide, computerized database of infants with birth defects is a chilling proposal that smacks of government eugenics research -- and should be opposed by every decent American, the Libertarian Party said today. "Only a politician with a morality defect would support a database of babies with birth defects," said Steve Dasbach, the party's national director. "This proposal is not only unconscionable, it also opens the door to frightening abuse by the federal government of our most vulnerable citizens -- tiny infants who are already handicapped by genetic bad luck." Under the so-called Birth Defects Prevention Act of 1998, the federal government will provide states with $70 million to identify all infants born with a birth defect, label them by race and gender, enter them into a government database, and track and monitor them for five years. Nevada has become the first state to try to qualify for the federal money: The state legislature is currently debating AB 238, which would require doctors and midwives to "immediately report" the name of any child born with what is termed an "adverse birth outcome" to government health officials. Supporters of the bill claim such a database will allow researchers to better understand the causes of birth defects. But the Libertarian Party opposes the plan, said Dasbach, because the federal government should not be in the "baby registration" business -- especially when it involves parents and infants who are struggling with tragic, possibly life-threatening medical conditions. "On the face of it, this bill is appalling: The whole notion that government bureaucrats will maintain a database of deformed children, or children handicapped by genetic diseases, is repugnant," he said. "Even the language of the bill -- talking about 'poor reproductive outcomes' -- sounds chillingly close to the kind of 'master race' eugenics research done by totalitarian governments in the past." But what's worse, said Dasbach, is the possibility of what the government may do with this information in the future. "Once the government has its database of genetically handicapped children, how will it use that information?" he asked. "Can we trust federal bureaucrats not to use this data to try to control health care costs by pressuring women to have abortions against their will?" For example, he noted, the recent wave of lawsuits against the tobacco industry established the precedent that government has an obligation to try to recover the costs of treating people enrolled in tax-funded health-care plans. "Might politicians mandate genetic testing of children in the womb?" asked Dasbach. "If they discover an incurable defect, would mothers be encouraged to have an abortion? And if parents don't comply, might the government sue them to recover the staggering costs associated with many genetic diseases? Or, if some lifestyle decision by the parents was found to contribute to the likelihood of a birth defect, might the government sue them to recover the costs of treatment? "These are the kinds of questions that must be asked before we give the government the power to track and monitor infants, and put their names in a government eugenics-style database," he said. Of course, if a private hospital or non-profit medical organization decided to do this kind of research with the willing consent of parents, the Libertarian Party would have no objection, he noted. "It is possible that important knowledge could come from such a study; knowledge that might prevent birth defects in the future," he said. "But the way to conduct that research is with the consent of parents, using voluntary contributions, with adequate privacy safeguards, by private organizations with a history of helping children. "That's more safe and more moral than allowing government bureaucrats to intrude into your child's cradle -- and build their chilling, government-mandated database of 'poor reproductive outcomes.'" from PDL 1999-Mar-11, from the Washington Post p.A1, by Robert O'Harrow Jr., Staff Writer: U.S. to Start Gathering Patient Data Care Survey Draws Privacy Objections Federal officials will soon begin collecting personal information about millions of homebound patients -- including details about their mental stability, financial status and living arrangements -- in an effort to improve service in the home health care industry. The Health Care Financing Administration, which oversees Medicare and Medicaid, believes the new database will help federal and state authorities better track the performance of more than 9,000 home health care providers certified by Medicare. Agency officials said analysts will use information drawn from the questions to determine if home health care companies are providing the proper response to patient problems. Agency officials also intend to use the data to ensure Medicare pays the same amount for similar services across the country. As the home health care industry experienced rapid growth over the past decade, federal investigators found inflated billing and questionable medical practices had become common. In addition to patients' names and addresses and a series of questions about medical conditions, the 19-page assessment asks whether patients are depressed or feel a "sense of failure." It asks if patients have attempted suicide, exhibited "socially inappropriate behavior" or made any "sexual references" during conversations. It also touches on personal finances, such as whether a patient is "unable to afford rent/utility bills." Transmission of the data will begin next month. While HCFA maintains huge amounts of medical data about patients who receive federal benefits, the new survey includes questions that delve more deeply into patients' personal lives, according to Janlori Goldman, director of the Health Privacy Project at Georgetown University. "There has to be a way to check fraud and abuse without intruding on patient privacy. . . . There's a tremendous risk of abuse that the information will be used for other purposes," Goldman said. "It's truly a coerced collection of information." Civil liberties activists also said they were concerned that health care providers now will be required to compile and send along details about all patients they serve, not just those who receive federal benefits. Industry officials estimate that more than 4 million patients receive services through home care companies. Other critics include the Home Health Services and Staffing Association, an industry group that has complained about the cost of complying with the program, and the American Psychiatric Association, which objects to questions involving mental health. "There is no requirement that patients would be asked for their voluntary, informed consent before answering any questions," the psychiatric association said in a letter to the agency. Even strong supporters of the plan -- such as Rep. Fortney "Pete" Stark (D- Calif.), who believes it will improve care -- have balked at what patients will be asked. "Are they to be informed that this information, including their names, will be disclosed to their state government and the federal government?" Stark asked in a letter to the agency. Sen. Patrick J. Leahy (D-Vt.), who introduced a bill yesterday that would strengthen rules governing the confidentiality of medical records, said the effort demonstrates the need for stronger privacy laws. "The marriage of information technology with privacy rights needs a rule book that hasn't been written yet," Leahy said. "It is becoming easier to dig deeply into anyone's health and financial and personal information, and no one is there to tap the brakes." But HCFA officials said the detailed questions in the Outcome and Assessment Information Set, or OASIS, will enable them to "promote higher quality care." It also will help the agency -- part of the Department of Health and Human Services -- to reduce fraud and inconsistent billing, as Congress mandated in the Balanced Budget Act of 1997. Under rules that took effect in February, home health care providers will be required to conduct the survey when enrolling a new patient and then every 60 days until services conclude. The data will be sent electronically to computers at the state agencies that oversee the operation of the health care companies. Then it will be sent to databases maintained by HCFA. "We want beneficiaries who qualify for the home health benefit to get the best care and Medicare to pay appropriately," agency administrator Nancy-Ann Min DeParle said in a January statement. "This new patient assessment information will help Medicare both ways." Agency officials said they needed to collect data about patients who don't receive federal benefits because they have a legal obligation to ensure the same quality of care for all patients. Patients will be notified what information is being gathered and how it will be used, officials said. Officials also said access to the data will be extremely limited in accordance with existing federal privacy regulations. Chris Peacock, an agency spokesman, said medical researchers will not be allowed to see any identifiable information. Other government agencies will not be permitted to access the database, Peacock said. "It's secure at all times, and access is strictly limited," Peacock said. The agency "consistently safeguards confidential information." But critics said the government doesn't need to collect some of the information it requires. "Whether you're depressed or not is not information you should have to disclose to a government agency," said Denise Nagel, executive director of the National Coalition for Patient Rights, a nonprofit advocacy group. from The Internet PRIVACY Forum, 1999-Apr-3, by "Dennis S. Davies, P.T." : Health Care Financing Administration Database I have practiced physical therapy for 25 years and have seen many major changes in my profession. The most important of the changes of the past five years has been the government's intrusion into standard methods of practice. The most recent intrusion however, is an intrusion into the lives of the clients of federal and state chartered home health agencies. HCFA (the Health Care Financing Administration--the administrator of Medicare--pronounced "hecfa") now requires that a 17 page questionnaire be filled out on all clients of home health agencies. This questionnaire is required to be completed at the beginning, mid-term, and discharge of each client. The initial questionnaire is nine to 17 pages long depending on the agency's decision on size of print, etc. Many cases do not require the mid-term questionnaire because the length of services do not exceed 60 days. The discharge questionnaire is eight to 13 pages long depending on the same printing criteria. I have several concerns but the most important one is the intrusion that these questionnaires cause into the lives of every person receiving services from a home health agency. The questionnaires contain information about the client's financial ability to pay for services; medical history including open wounds and medications; medical risk factors including obesity; living arrangements including sanitation and people living with the client; mental status of the client including depression, suicidal thoughts and tendencies; psychiatric care; and even toilet habits. All of this information is linked to the client by their social security number and is added to HCFA's data base every thirty days. I am further concerned that the clients of home health agencies do not know that this information is being gathered and sent to a central data base. They sign a simple "release of information" clause and probably assume that it covers simple and basic information that the insurance company needs to process the claim. I believe that every client of a home health agency should be able to choose if their personal information is included in HCFA's data base and that HCFA should not cause that services be denied if the information is withheld. I have written to my congressmen. Who else should I contact concerning this? [ The need to collect data on medical services is obviously an important requirement to understand the funding of such services, which are a major component of government spending. However, when such detailed data is permanently linked to specific individuals, rather than maintained in aggregate or "anonymous" formats, the potential for privacy problems related to that data is of course much greater. Often it seems that such data is linked to individuals because it's viewed as the simplest procedure, and/or because the entities involved don't feel that they will be doing anything privacy-invasive with that data. But of course, data once collected can be used for other purposes later, and those who are collecting the data should not alone be making such decisions.

-- PRIVACY Forum Moderator ] from National Review, 1999-Mar-22, by John J. Miller: Private Parts: The government will soon know everything about you Last December, Iceland's parliament approved a plan to compile an elaborate computer database containing every Icleander's medical record, family history, and DNA profile. By the time this experiment is complete (the idea is to make the world's most isolated gene pool available to researchers examining hereditary disease), it is possible that no government in history will have systematically collected more sensitive information about its citizens. What has made it all possible is the country's socialized health-care system, which has maintained detailed patient files on Icelanders since 1915. The United States can't mimic Iceland because its gene pool is too diffuse (Melville: "You can not spill a drop of American blood without spilling the blood of the whole world.") and because it lacks the centralized medical records and genealogies of a national health-care system. But Iceland shows that governments are learning how to harness the power of technology in ways that imperil personal privacy and, ultimately, individual freedom. Bureaucracies may have gathered information in the past, but their ability to store and retrieve data was severely limited. Now, thanks to the digital revolution, it isn't, which makes keeping the information away from government in the first place increasingly important. There are constant pressures for more government collection of data. A central part of President Clinton's health-care plan entailed issuing every American a "health security card" that would guarantee coverage; he waved around a prototype of this quasi-national I.D. card during a 1993 speech to Congress. Clinton would have created a national database containing medical information on every American. Without such centralization, after all, there could be no government-run, health-care system that rations services. The threat of a national health-care database only went underground following the GOP takeover of Congress. In 1996, Clinton allies working on the Kennedy- Kassebaum health-care bill inserted a requirement that every American receive a "unique health identifier" so that government officials and insurance companies could compile a cradle-to-grave medical records on the entire population. Last summer, public pressure forced the administration to put the enabling regulations on hold, and the October budget agreement requires congressional approval before they can ever be implemented. Yet the regulations weren't repealed, meaning that health-care I.D. numbers are in suspended animation, waiting to be revived. In contrast, the national worker registry made it into law. Approved by Congress in 1996, it links records kept by the Immigration and Naturalization Service and the Social Security Administration to provide companies with an allegedly fail- safe method for determining whether prospective employees are illegal immigrants. When the pilot program expires in two years, there will be a drive to adopt the system nationally. If that happens, every hiring decision made in the United States will be subject to government approval. Worse is what the system may eventually become: an incredibly powerful tool for imposing even more stringent employment regulations. In December, the Labor Department proposed that all companies doing business with the federal government disclose the name, age, sex, race, and salary of their workers when they undergo routine affirmative-action audits. It can't be long before somebody decides to link this information with the worker registry and monitor employment discrimination - essentially forcing companies to hire and promote by numbers. Already, additional uses are being floated for the worker registry. Last year, Rep. Steve Horn, a California Republican, tried to enlist the worker registry in combating voter fraud. Others have suggested using it to track gun sales. It doesn't take a sinister imagination to see the worker registry used by the Internal Revenue Service for audits, or linked to criminal records to make sure former felons don't get bonded. Each small expansion will proceed with the finest intentions-few objected to a 1993 law establishing a database of child immunizations, or another one that helps states track ex-husbands behind in their child-support payments. On March 1, the Justice Department announced that a panel would study the legality of forcing everyone arrested to take a DNA test. Another privacy grab is coming through the banks. In December, the Federal Deposit Insurance Corporation proposed regulations demanding that banks adopt "Know Your Customer" rules. If those regulations are approved, banks will become surrogate law enforcement agents, requiring them to determine the source of all deposits and to compile profiles of customers based on their financial transactions. If there is a sudden shift in behavior - perhaps caused by inheritance income, or cashing in a winning lottery ticket - customers will be marked as potential money launderers. They will be reported to something called the Suspicious Activity Reporting System, a searchable database housed in Detroit and used by the IRS, FBI, bank regulators, and a dozen other government agencies. The real money launderers, of course, know how to game the existing system by masking their activity through small deposits. They will figure out "Know Your Customer," too, leaving everybody else with little financial privacy and more rules to obey. The good news is that "Know Your Customer" may get stopped in its tracks: Tens of thousands of people have filed complaints against the regulations during the formal comment period. The bad news is that the bureaucrats who want it will no doubt keep at it. One of the happy developments of the 20th century is that George Orwell's vision of Big Brother never came to pass. Technology has been largely a force for liberation rather than oppression. But technology has finally brought us to a crossroads: Government can know everything about us all the time, or it can know only what we want it to. If the American public doesn't insist on the latter, it may be time to say, We have seen the future, and it is Iceland.

I saw a cable documentary on one of the Eastern Bloc countries (might have been East Germany) which, up until their breakup, was collecting the scent of every citizen. The program showed how they collected and stored it. They would go to a person's workplace, put a cotton ball down and leave it for a few hours, then place it in a small jar, label and store it on a shelf. This was to track dissident citizens with bloodhounds if necessary. Most people don't realize what evil a corrupt government could do with individual biometric data. They could manufacture digital photos with fingerprints on murder weapons, manufacture DNA evidence found at the crime scene, etc. to frame people. Imagine if Clinton had all these tools at his disposal to rid himself of his detractors. Posted by: jedediah smith (emailname) * 03/11/99 06:41:18 PST from USA Today 1999-Mar-1, by Richard Willing: Reno urges study of broad DNA testing Attorney General Janet Reno has asked a federal commission to study the legality of taking DNA samples from everyone arrested instead of just the convicted sex offenders and violent felons currently permitted by law. Such widespread testing would hugely expand government's reach by placing the genetic fingerprints of millions of Americans into state crime databases even if they never were convicted of a crime. The study is to be announced in Dallas Monday at a meeting of the National Commission on the Future of DNA Evidence. The commission, a panel of judges, defense lawyers, police, prosecutors and scientists, will conduct the study. Driving Reno's request: a new law in Louisiana and proposals in North Carolina and New York City to permit widespread testing. "This doesn't imply an endorsement one way or another," said John Bentivoglio, a Justice Department attorney who is Reno's chief privacy adviser. "It does reflect (Reno's) deep interest and commitment in using our law enforcement tools in a manner that is sensitive to privacy rights." New York City Police Commissioner Howard Safir, who has proposed DNA testing for everyone arrested in his jurisdiction, backs the study. "This is not an invasive process, and if it's used properly it's going to protect society," he said. Taking DNA from convicts has been upheld by courts for the same reason as fingerprints. Both amount to warrantless searches, courts have said, but are justified by government's need to solve crime. Expanding DNA testing to everyone arrested is opposed by privacy advocates who fear that information from innocent people will be misused. "Why target everybody with a broad brush when many (arrested) people are never convicted of anything?" asked Harlan Levy, a New York City defense lawyer and author of a book on DNA. A second concern is that DNA taken in criminal investigations will be used later to extract genetic information about predisposition to disease and other hereditary factors. Reno has asked the commission to study that issue. The commission is scheduled to get recommendations to Reno by Aug. 1. She can use them to craft legislation and to set policy for using DNA in federal law enforcement. The FBI estimates 15.3 million Americans were arrested in 1997. All states now have laws permitting them to take DNA from convicted rapists and other felons such as murderers and child molesters. A national database now has 38,000 criminal DNA profiles. Another 450,000 have been collected but not analyzed. The back-down on the following incendiary issue is probably at least partially a result of Internet-based campaigning. Of course, the banks themselves have probably decided the laws conflict with their interests since they are sure to reduce deposit activity. Banks would prefer to just keep the deposit pattern information to themselves - they have the information whether or not the reporting requirements become law, after all. Finally, the CIA and friends may have gotten the willies from the plan, what with the increased overhead it would entail for them. from TPDL 1999-Feb-18, from the Wall Street Journal, by Michael Allen: Banking Authorities Likely to Abandon Proposal to Thwart Money Laundering Federal banking authorities, facing an unprecedented wave of public opposition, appear set to abandon a proposed rule that guides banks in how to catch customers who try to launder money. The proposed rule, which covers so-called know-your-customer policies at banks and thrifts, was unveiled in December by the Federal Reserve Board and other banking agencies. It calls for institutions to set internal policies to verify customers' identities and sources of income, and to monitor accounts for evidence of unusual transactions that might indicate illegal activities or money laundering. But fierce protests from privacy advocates and the banking industry, along with growing expressions of concern by members of Congress, have left regulators with little choice but to return to the drawing board, say people involved in the matter. "It's clear that whatever is done is likely to be different from what's proposed," says Steve Katsanos, a spokesman for the Federal Deposit Insurance Corp., which has received some 30,000 letters and e-mail messages condemning the rule. Regulators are expected to announce their intentions after the formal comment period ends March 8. Some in law enforcement worry that the political climate could be ripe for an erosion of other money-laundering laws. U.S. businesses are currently required to report most cash transactions of $10,000 or more, and banks must file reports of suspicious transactions with the Treasury Department's Financial Crimes Enforcement Network, or Fincen, if they suspect a customer is engaging in illegal activities. Fincen is drafting rules to oblige casinos and securities firms to make such reports, as well. Law-enforcement officials say such tips provide crucial help during investigations. And they note that the cash-reporting requirement has effectively ended the days when drug dealers routinely walked into bank branches with shopping bags full of cash. But some bankers have argued that the administrative burden of such regulations outweighs their usefulness to police. For now, the industry is focusing its efforts on defeating the know-your-customer proposal. "Given the widespread and growing negative perception of this proposal, we are very concerned about the prospect of having the public lose confidence in the banking industry, and in government institutions generally, if this proposal is not withdrawn," the American Bankers Association wrote in a letter last month to regulators. U.S. Rep. Ron Paul, a Texas Republican, has introduced a bill with about a dozen co-sponsors, including Majority Whip Tom Delay of Texas and Republican Dan Burton of Indiana, that would forbid regulators from enacting rules requiring depository institutions "to monitor the account of any customer" or inquire about the customer's source of funds. Wayne Allard, a Republican Senator from Colorado, last week introduced a similar bill. And George Gekas, a Pennsylvania Republican and chairman of the House Judiciary subcommittee on commercial and administrative law, plans to hold a hearing March 4 into the regulations. He says he became concerned about the issue after hearing several complaints from callers to a radio talk-show program. "It appears that the general complaint, and the one I adopt as my own because it is serious, is the big brotherism that's built into" the regulation, he said. from The Internet PRIVACY Forum, 1999-Apr-7, by [email protected] (Larry Sontag): Industry mergers and personal information Mega bank mergers pose an invisible threat to the financial well being and privacy of everyone, but especially for senior citizens. Privacy rights supporters reveal hidden repercussions of mammoth bank mergers with other financial institutions including investment firms and insurance companies. Practically no one is aware of the fact that when large financial entities merge, they also combine the contents of their vast databases, engaging in cross correlation and sharing of information. For example, a bank customer may receive an inheritance or large insurance award and deposit it in their money market account. If their bank has recently merged with a large investment firm, they may soon receive solicitations from that firm seeking to capture the new found wealth. The elderly, who often receive insurance or other assets, are frequent targets of these marketing efforts. If they are not prepared or highly astute in financial matters, these "opportunities" may be very seductive and lure them into speculative or unsafe ventures they should not be in. This has happened already with NationsBank, which marketed complex, uninsured investments of derivative hedge funds to a targeted group of unsophisticated senior citizens who merely wanted to renew their insured CDs. The bank, which admitted no legal violations, paid fines and penalties totaling nearly $7 million dollars to the SEC and other regulators, and over $35 million dollars in a class action lawsuit to its customers. Customers shopping for insurance or other products may also be affected, as the banks are free to share credit information with their affiliates without the legal requirements for informing customers spelled out in the Fair Credit Reporting Act. This law requires that anyone turned down for a loan or insurance must be notified and given the name of the credit reporting agencies used in the determination of eligibility so that they can request a free report and possibly correct any mistakes in their files. They must also be told of any other reasons for being denied. Because nearly a third of all credit files contain serious mistakes, according to a recent PIRG study and over 70% have some errors, this ability to check on one's personal records is vital to the financial well-being of average citizens. With the merger of large diverse institutions, an insurance or investment application may be evaluated internally with banking information. Likewise a loan may be denied because a person's medical records showed that they had some kind of illness or condition that the bank feels makes the person too great a risk. Extenuating circumstances or mistakes may never be revealed because the customer is never told the source of the negative information used to judge his application. Furthermore, if DNA tests are done on a person and they reveal a genetic weakness, this information might be used to deny banking or insurance services to an entire generation or family line. Once personal information is shared, a customer has no ability to demand treatment for that information under the Fair Credit Reporting Act. They may never be given the opportunity to check on the accuracy of their records, nor would they even know what records are being used. Banks also share their customers' information with outside marketing companies. Because the data is so valuable, banks freely sell it for whatever the market will bear. With the merger of large financial and insurance institutions, the amount of information, including medical data available on any one customer is staggering. Banks are required to allow customers to request that their personal information not be shared with affiliates, but this requirement is usually buried deep in applications and is almost never used. Furthermore, legislation seeking to regulate and limit this practice has stalled in Congress due to the enormous lobbying power of the banking industry. No one should expect the government to come to their rescue in this matter and therefore, it is recommended that all banking customers write a simple letter to their bank requesting that their accounts be excluded from sharing with any affiliates or outside marketing companies. They should also request a confirmation letter and ask how long this opt-out will last. As a follow-up, people should take a financial and medical inventory of their affairs, especially with the Y2K problems looming in the not to distant future and the potential for corruption of their files. Furthermore, they should make sure that they have paper copies of all important documents showing ownership, equity, payments, medical data, and anything else that would affect their financial or medical well-being should these records be lost or damaged in the computers. Larry Sontag Author of "It's None of Your Business: A Consumer's Handbook for Protecting Your Privacy" from TPDL 1998-Nov-23, from WorldNetDaily, by David M. Bresnahan: Big Brother Banks? FDIC has snooping plans Are you a potential criminal? Are you a threat to banks, airlines, a potential spy, or perhaps an IRS tax protester? The government would like to know and they are about to force banks to be their detectives. The federal government wants banks to investigate you. Soon your banker will know more about you than anyone else in town. Banks must not only determine your correct identity, they must also know how you make your money, and how you spend it. Once you establish a pattern of deposits and withdrawals, banks must inform federal agencies when you deviate. Bank customers may soon find themselves explaining to the FBI, Internal Revenue Service, and the Drug Enforcement Agency why they made a $15,000 deposit to their bank account. According to current Federal Deposit Insurance Corporation plans, banks will soon establish "profiles" of their customers and report deviations from those profiles. If you sell a car, for example, and place the proceeds in your account while you shop for a new one, a red flag may go off in the bank computer. Such a situation puts law abiding citizens in a situation where they must prove they are innocent, says Scott McDonald of the watchdog group Fight the Fingerprint. An uproar from grass roots Americans is the only thing that will stop the current plans for the FDIC "Know Your Customer" program, according to McDonald. His organization has led the charge against the national ID, medical ID, and computerized information about private aspects of people's lives. A recent announcement by the FDIC provides for citizen comment prior to implementation of their new banking regulations. The deadline for comments is Dec. 27, 1998. "The FDIC is proposing to issue a regulation requiring insured nonmember banks to develop and maintain 'Know Your Customer' programs," according to a recent FDIC information package sent to Congress to provide notice of proposed rulemaking, and to banks for comment. "As proposed," the 29-page FDIC document begins, "the regulation would require each nonmember bank to develop a program designed to determine the identity of its customers; determine its customers' source of funds; determine the normal and expected transactions of its customers; monitor account activity for transactions that are inconsistent with those normal and expected transactions; and report any transactions of its customers that are determined to be suspicious, in accordance with the FDIC's existing suspicious activity reporting regulation. By requiring insured nonmember banks to determine the identity of their customers, as well as to obtain knowledge regarding the legitimate activities of their customers, the proposed regulation will reduce the likelihood that insured nonmember banks will become unwitting participants in illicit activities conducted or attempted by their customers. It will also level the playing field between institutions that already have adopted formal 'Know Your Customer' programs and those that have not." Many banks across the country have already begun to implement such programs, according to the FDIC. A quick search of the Internet found many stories in press accounts of problems reported at such banks. There have been a number of stories dealing with banks requiring fingerprints to open accounts and to cash checks. There are several lawsuits presently underway testing the right of banks to make that requirement. McDonald has been fighting that issue, along with fingerprints on driver's licenses for some time. He pointed out the many errors found on credit reports and suggested that banks will soon make similar errors when they begin creating profiles of their customers. The FDIC is selling the planned regulations by pointing out the need for prevention of financial and other crime. "By identifying and, when appropriate, reporting such transactions in accordance with existing suspicious activity reporting requirements, financial institutions are protecting their integrity and are assisting the efforts of the financial institution regulatory agencies and law enforcement authorities to combat illicit activities at such institutions," says the FDIC. The proposed regulation is, according to FDIC spokesperson Carol A. Mesheske, authorized by current law. It comes from the statutory authority granted the FDIC under section 8(s)(1) of the Federal Deposit Insurance Act (12 U.S.C. 18189s)(1), as amended by section 259(a)(2) of the Crime Control Act of 1990 (Pub. L. 101-647). The FDIC claims that the law requires them to develop regulations to require banks to "establish and maintain internal procedures reasonably designed to ensure and monitor compliance with the Bank Secrecy Act. Effective 'Know Your Customer' programs serve to facilitate compliance with the Bank Secrecy Act." The proposed regulations will mandate that all banks insured by the FDIC must maintain an intelligence gathering department that screens out customers and keeps an eye on existing customers. Before you decide to move your money to a credit union, you should know that the FDIC is not the only federal organization making such plans. "Each of the other Federal bank supervisory agencies is proposing to adopt substantially identical regulations covering state member and national banks, federally-chartered branches and agencies of foreign banks, savings associations, and credit unions. There also have been discussions with the Federal regulators of non-bank financial institutions, such as broker-dealers, concerning the need to propose similar rules governing the activities of these non-bank institutions," reports FDIC attorney Karn L. Main in the proposal. The purposes for the regulation are to protect the reputation of the banks, to facilitate compliance with the law, to improve safe and sound banking practices, and to protect banks from being used by criminals as a vehicle for illegal activities. Current customers will be subjected to the new regulation in the same way new customers will be scrutinized. The FDIC does not wish to permit any loop hole which would leave any bank customer unidentified or unsupervised. Each bank will create profiles. The first profile will determine the amount of risk a potential customer might present by opening an account. The system of profiling potential customers will be different from one bank to the next, since the FDIC does not provide a uniform program. The purpose of the profile is to identify potential customers who might use a bank account for funds obtained through criminal activity. The next profile will be one that is used by automated computers to determine when suspicious activity is taking place in an account. When activity in the account does not fit the profile, banks will notify federal authorities so they can investigate. Banks are expected to identify their customers, determine normal and expected transactions, monitor account transactions, and determine if a particular transaction should be reported. The FDIC has sent copies of the proposal to all banks and is asking for input. The questions asked by the FDIC in the proposal do not ask whether the regulations should be put into place, only how to implement them in the best way. None of the questions in the proposal are directed to bank customers. The FDIC reassures banks that because the requirements will be universally applied to all banks it will not hurt their business and drive away customers. The proposal does not mention penalties for non-compliance, nor is there any mention of regulations to provide access to bank records by customers so errors can be found and corrections made. "If 'Know Your Customer' programs are required, insured nonmember banks can more easily collect the necessary information because customers cannot turn readily to another financial institution free of such requirements," stated the proposal. Comments from the public may be sent to Robert E. Feldman, Executive Secretary, Attn: Comments/OES, Federal Deposit Insurance Corporation, 550 17th Street N.W., Washington, DC 20429 or faxed to (202) 898-3838 or e-mailed to [email protected]. The full FDIC proposal, downloaded from http://www.fdic.gov/lawsregs/fedr/98knocus.txt, can be viewed here. from the Associated Press, 1999-Mar-5, by Marcy Gordon, AP Business Writer: Anti-Laundering Proposals Draw Fire WASHINGTON (AP) -- The Senate, joining a chorus of criticism from citizens worried about privacy, sent a message today to the government to withdraw proposed anti-money laundering rules that would track bank customers' habits. By an 88-0 vote, the Senate expressed support for a measure directing bank regulators to withdraw the proposed rules, called ``Know Your Customer'' regulations. The senators didn't vote on actual adoption of the measure, sponsored by Sens. Phil Gramm, R-Texas, and Wayne Allard, R-Colo., so it lacks the force of law. The proposed banking rules ``impinge on our constitutional rights,'' Gramm, the chairman of the Senate Banking Committee, said on the Senate floor. He maintained that the rules would violate the Fourth Amendment prohibition against unreasonable search and seizure. Privacy advocates, conservative groups, ordinary people and the nation's bankers have complained that the rules would transform every bank teller into spy for Big Brother. U.S. Comptroller of the Currency John D. Hawke Jr., who oversees nationally chartered banks, told a House subcommittee hearing Thursday that the rules should be scrapped. ``It is my judgment ... that the proposal should be promptly withdrawn,'' Hawke said. Hawke and Donna Tanoue, head of the Federal Deposit Insurance Corp., said recently they are reconsidering the proposed rules, which were denounced in a flood of angry e-mail starting in December. The FDIC has received tens of thousands of e-mail messages and letters during the 90-day public comment period, which closes on Monday. The other agencies involved in the matter are the Federal Reserve and the Office of Thrift Supervision. The nation's bankers recently joined the chorus of people and groups urging banking agencies to withdraw the proposals, warning they could make Americans lose confidence in the banking system and government. The proposed regulations would require banks to verify their customers' identities, know where their money comes from and determine their normal pattern of transactions. The current requirements for banks to report any ``suspicious'' transactions to law enforcement authorities would be expanded. The proposal is designed to combat money laundering techniques used by drug traffickers and other criminals to hide illegal profits. Money laundering is a major concern of law enforcement officials; it reached an estimated $30 billion in this country last year. Sen. Paul Sarbanes, D-Md., noting that law enforcement priorities are involved, urged senators to be ``careful'' in their actions related to bank privacy. Laundering includes the use of wire transfers and bank drafts as well as ``smurfing,'' the practice of breaking down transactions into smaller amounts that do not have to be reported under the Bank Secrecy Act. Sen. Peter Fitzgerald, R-Ill., voted present on the Senate measure today. from TPDL 1999-Feb-4, from the Associated Press via Nando Media, by Marcy Gordon: Texas lawmaker wants to block 'know your customer' bank rules WASHINGTON (February 3, 1999 8:48 p.m. EST http://www.nandotimes.com) - Noting complaints that new regulations could turn every bank teller into a cop, some House members are proposing legislation aimed at protecting the financial privacy of Americans. The legislative package announced Wednesday by Republican Rep. Ron Paul, R-Texas, would block proposed anti-money- laundering rules that would track the habits of bank customers. Paul said about a dozen lawmakers, including House Republican Whip Tom DeLay of Texas, are joining him as co-sponsors of the bill to stop the "Know Your Customer" rules. Privacy advocates, conservative groups, ordinary people and bankers' themselves have complained that the rules would make every bank teller responsible for doing the job of the police. At least two federal banking agencies are reconsidering the rules in response to the public outcry. The Federal Deposit Insurance Corp., for example, received more than 14,000 e-mail messages and letters opposing the proposal as of Friday. The Office of the Comptroller of the Currency also is looking into the situation. "We proclaim that American citizens have the right to be free of the snooping, spying, prying eyes of government bureaucrats," Paul told reporters. He said his legislation would "give Americans the peace of mind that comes from knowing that their every financial step is not being filed away and viewed as potentially criminal." The proposed regulations would require banks to verify customers' identities, know where their money comes from and determine their normal pattern of transactions. The current requirements for banks to report any "suspicious" transactions to law enforcement authorities would be expanded. Two other measures in his package - to repeal the Bank Secrecy Act and to let people see files on them created by the federal Financial Crimes Enforcement Network - have not attracted co-sponsors, and its legislative prospects were clouded. The Bank Secrecy Act of 1974 obligates banks to report customers' cash transactions of $10,000 or more to law enforcement authorities. Paul said the law has failed to catch drug dealers, who "are smarter than most bankers." Paul, a physician who is on the House Banking Committee, once ran for president as the Libertarian Party's nominee. He contends the "Know Your Customer" rules violate the Fourth Amendment prohibition against unreasonable search and seizure. from The Internet PRIVACY Forum, 1999-Apr-18, by Lauren Weinstein, PRIVACY Forum Moderator: Support for the FDIC's "Know Your Customer" Proposal Greetings. I reported here in the PRIVACY Forum Digest previously on the Federal Deposit Insurance Corporation's "Know Your Customer" proposal, which would have established a broad range of rules to encourage financial institutions to monitor customer accounts for income sources and unusual patterns of transactions, in an effort to track down various significant criminal activities (especially money laundering and the like). The proposal generated an unprecedented (by almost two orders of magnitude) response to its comment period--but not all of the responses were negative. In fact, out of the more than 254,000 comments received, it has been reported that 72 (that's 72 absolute, not 72,000) of them were in favor of the plan. Not too surprisingly, the current proposal has been withdrawn for now. from WorldNetDaily exclusives, from http://www.worldnetdaily.com/bluesky_exnews/19981222_xex_fdic_flooded.shtm l: FDIC flooded with e-mail 'Know Your Customer' plan met with angry response

By David M. Bresnahan © 1998 WorldNetDaily.com

Compliance through fear and intimidation may be the way the federal government plans to overcome the public outcry over a proposal forcing bankers to spy on customers. Thousands of letters expressing opposition to a proposed "Know Your Customer" regulation have been received by the Federal Deposit Insurance Corporation, and more continue to arrive each day. Letters began to arrive before the proposal was officially announced to the public. WorldNetDaily published the 'Know You Customer' proposal, and within days the FDIC was receiving record numbers of mail and fax responses in opposition. "I've been here for over 10 years, and I've never seen the general public respond like this," said one FDIC staff member who did not wish to be identified. "I'm not a spokesman, so I can't speak officially, but I know your article has raised some eyebrows around here. You must have a large readership," the staffer commented. A proposed banking regulation was provided to WorldNetDaily through a congressional staff source, resulting in an article announcing the proposal before the FDIC wanted it to be known to the public. "That document you found was only for comment from bankers. They didn't think the public would ever see that version," said the FDIC source. The FDIC has proposed that all banks, credit unions, and other financial organizations be required to maintain continuous surveillance of customer's accounts and report unusual financial activity to the FBI and other agencies. WorldNetDaily published an article about the proposal on Nov. 23. On December 4, when over 1,000 public letters of complaint had already been received, the nation's second largest bank was charged with money laundering. Citibank, now part of Citigroup, Inc., failed to detect illegal financial transactions. The General Accounting Office issued a report which concluded that Citibank "facilitated a money-managing system that disguised the origin, destination and beneficial owner of the funds," because the bank did not follow Know Your Customer requirements. The General Accounting Office is the investigative arm of Congress. Many of the thousands of people who sent letters of complaint to the FDIC also sent letters to their members of Congress. The Citibank funds in question were in an account owned by Raul Salinas, the older brother of Carlos Salinas de Gortari, former president of Mexico. The GAO report acknowledges that Citibank officials believed the money was generated from legal business activities through a construction company owned by Salinas. Investigators criticized the bank for not having detailed records about the construction company or the transactions involved. Citibank now faces possible criminal charges and a congressional investigation. "This is Washington. The name of the game in this town is 'win at any cost,'" said the source when asked if the action against Citibank was intended to intimidate other banks into compliance with the proposed regulation. "I don't know if it is, but I wouldn't be surprised," the source added. The proposal now on the Federal Register is a slightly watered-down version from the one that was leaked to WorldNetDaily in November. The FDIC claims the rules are necessary to combat illegal money laundering. Under the proposal, banks must verify the identity of all customers, determine their source of funds, and monitor their banking activities for anything suspicious. The initial proposal was scheduled to go into effect Oct. 1, 1999, but the newer version will be implemented on April 1, 2000. Because of the significant public attention and response, the comment period has been lengthened to March 8, 1999. "We obviously don't welcome any kind of regulation that requires us or the industry generally to be prying into customers lives and their financial affairs beyond what we prudently need to know to safely run our business," said Harris Simmons, president and CEO Zions Bankcorporation. Simmons spoke at length with WorldNetDaily about his concerns regarding the proposed regulations. He said he fully expects his bank will file comments with the FDIC about what he termed a "burdensome regulation." "We always get concerned whenever we are asked to look into our customer's affairs, other than for our own needs. That's something that we do find ourselves wanting to resist, and I expect we will be commenting on the proposal," Simmons said. Bankers are not interested in providing investigative services for the government, and banks do not want their good, honest customers to think they are snooping into their private affairs. Simmons pointed out that banks already report suspicious activity when they see it. He said his own bank recently reported a $30,000 deposit of cash that "literally smelled bad." It turned out to be from a drug dealer. The new regulation goes beyond just reporting suspicious activity that is observed by bankers. The FDIC now proposes that banks appoint at least one full-time employee to constantly monitor all customers and their transactions. If they do something that is not part of their profile, customers will be reported to federal authorities. Simmons doesn't like the idea of putting his bank depositors in a position of having to prove they are innocent. He said banks should not have to automatically investigate every customer without justifiable cause. See the FDIC Know Your Customer plan by doing a search for "Know Your Customer." Links to numerous government documents will be provided. Comments from the public may be sent to Robert E. Feldman, Executive Secretary, Attn: Comments/OES, Federal Deposit Insurance Corporation, 550 17th Street N.W., Washington, DC 20429 or faxed to (202) 898-3838. The new deadline is March 8, 1999. Comments may also be sent to members of congress, who have legislative authority to halt the regulation.

PREVIOUS STORIES: FDIC has snooping plans California bankers oppose snooping plan FDIC inundated with comments "inspecting the global underbelly: privacy, money laundering, espionage." from http://www.aci.net/kalliste The World Financial Police Attack Anonymity by J. Orlin Grabbe

The world financial police are determined to eliminate all opportunity for individual financial privacy and anonymity. Their coordinated efforts to make possible the tracking of every financial transaction represent a direct fascistic attack on human freedom. And there is nothing secret about what they are doing. Their campaign is as overt as the war on drugs, and as well- funded as next year's intelligence budget. New legislative proposals to make their political efforts "the law," to expand their intrusive powers, and to criminalize their critics, pour off the assembly line daily. Call their goal the Global Financial Jackboot. The jackboot's construction proceeds according to a fairly detailed blueprint. Maybe you should take a look. Why Anonymity? There are many reasons for financial anonymity. People with visible assets are inviting targets for theft or extortion; for lawsuits from customers, strangers, wives, husbands, girlfriends, boyfriends, family members, patients, and others seeking an easy and convenient way of enhancing their own financial well- being; for arbitrary assessments from governmental agencies which have budgetary problems or which have visions of expanded influence through a greater command of resources; for asset seizures based on inane and arbitrary laws such as those relating to minor drug possession (laws which allow parents' assets to be seized as a result of their children's activities); and for political pressures exerted by the implicit threat that if one does not toe the current political line, then one's personal belongings may become a government target. In short, the possession of financial assets can limit freedom as well as enhance it. Anonymity reduces the negative impact on freedom that comes from building personal wealth. Hence there is often a demand for anonymity from freedom- seeking individuals who don't choose to be poor. Imagine how this demand could be met. A truly anonymous bank account would provide much more security than does, say, a Swiss numbered account. A Swiss numbered account is not anonymous. The identity of a numbered account owner is not generally available within the Swiss bank, but is nevertheless known to a small number of upper level managers. A Swiss numbered account reduces the number of individuals who have access to information in the account, but it does not reduce this number to zero. Moreover, little consideration is given to the secure anonymity of transactions made within such an account. The Swiss numbered account system is based on outdated technology. For years Swiss banks have made a living by providing a haven for flight capital. But Swiss banks are as now leaky as a sieve. If even one bank employee knows who you are or what is happening in your account, that could be one too many. The motto of a truly anonymous bank would be: Don't know your customer. True anonymity would provide protection for the bank which issues anonymous accounts, as well as the customer. Bank employees could not be placed under legal, economic, or physical pressure to reveal what they know ("rubber-hose cryptanalysis"), because they would not know anything. Bank employees could not be bribed to give out information for the same reason. If bank records were seized, the only data that would be gained would be information that is already public. Hence there would be no reason to take such action in the first place. Neither would any customer be placed in the position of worrying that information about his activities might be given out to others by the bank: the bank would not possess such information. By contrast to popular press and belief, anonymity of this imagined type is not even remotely supplied by current purveyors of digital cash systems. Digital Cash By Itself Does Not Provide Anonymity Is anonymity of the type imagined here practical? Current digital cash systems fail to address this issue. At best such systems are interested in the anonymity of digital coins, not account holders. Such systems--such as David Chaum's ecash system-- offer a watered-down of anonymity that is severly limited in scope. They offer teenage anonymity. In such systems one can withdraw anonymous digital coins, and spend them anonymously. Parents (or anyone else) will not know the coins were used to rent a porno videotape, or spent on "unsavory" reading materials. But the coins will be withdrawn from a known, identifiable account, and the receiver of such coins will deposit them in a known, identifiable account. In short, there is customer spending anonymity, but not real anonymity in terms of bank accounts or asset- holdings. It is true that anonymous coins would prevent data-mining of one's spending habits. But they do not prevent data-collection on one's asset- holdings. Real anonymity, by contrast, would mean account- holder anonymity. Such a system would also provide a mechanism for transfers between anonymous accounts, which could take place for whatever reason. Possible business deals between account holders are not the business of the bank, and there is no reason for the bank to collect any information on the identity of its customers, or to know anything about such business dealings. In particular, there is no reason for the bank to guarantee payment in the familiar manner of credit-card transactions (which would require the collection of customer information). Rather, all the bank would need to do would be to make anonymous, authorized, secure transfers between accounts. Money serves two principal functions. It is a medium of exchange, and it is a store of value. A few digital cash systems seek to partially anonymize money in its role as a medium of exchange. But anonymous banking accounts would also anonymize money in its store of value function.

Current and proposed digital cash systems that anonymize coins do not provide anonymity in asset holdings: but only anonymity in payments.

There is nothing wrong with, or unattractive about, anonymous digital coins and anonymous small- denomination payments, of course. But a true system of anonymity would allow anonymous digital coins to be withdrawn from anonymous banking accounts, as well as to be deposited into anonymous banking accounts. Anonymity and the FATF The imagined anonymous account system as outlined so far would protect the customer's privacy. This, of course, creates the main problem: most governments don't want their citizens to have any privacy. To the organs of the State, privacy implies the ability to avoid taxes or whatnot. This is especially true of the United States, but the problem extends far beyond the U.S. Because such privacy services would directly conflict with stated national policies of governmental control of citizen resources, these privacy-providing institutions would inevitably become targets of government attack. Countries angry at the privacy services offered, and looking for something to steal, might fabricate spurious charges of "money laundering" or "catering to tax evaders," followed by an attempt to seize all or part of the anonymity-providing bank's assets. This is not a trivial probability. The existence of the Financial Action Task Force (FATF) almost guarantees it will happen. The FATF thinks it is the World's Financial Police. It promotes a metaphysical offense called "money laundering" in order to attack financial privacy and anonymity, and to subvert normal legal procedures. The FATF was established by the G-7 Summit in Paris in 1989 to "combat money laundering." In April 1990 it issued 40 recommendations. These recommendations were revised in 1996. (The revised version, The Forty Recommendations of the Financial Action Task Force on Money Laundering, is the basis of the discussion here.) There are 26 FATF member countries-- Australia, Austria, Belgium Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Iceland, Ireland, Italy, Japan, Luxembourg, the Kingdom of the Netherlands, New Zealand, Norway, Portugal, Singapore, Spain, Sweden, Switzerland, Turkey, United Kingdom, and the United States--along with 2 international organizations: the European Commission and the Gulf Cooperation Council. The purpose of the FATF is to criminalize money laundering among member states and to harass non-member states who do not follow its recommendations. Note: acts that are criminal, such as theft, are already outlawed in all these countries. The purpose of the FATF is to create a further criminal category called "money laundering" in abstraction, whether or not it is associated with any other activity that one might consider criminal. This includes (#5) the awareness that someone else is laundering money: ". . . the offence of money laundering should apply at least to knowing money laundering activity . . ." The objective of the FATF is to buttress the notion of "money laundering" with a sufficient number of circular and self- referential definitions so that the crime of money laundering may be applied to any financial activity the FATF disapproves of. This, in particular, includes anonymity. The key recommendations in this regard are #10 and #13. Recommendation #10 directly attacks anonymous accounts: 10. Financial institutions should not keep anonymous accounts or accounts in obviously fictitious names: they should be required (by law, by regulations, by agreements between supervistory authorities and financial institutions or by self-regulatory agreements among financial institutions) to identify, on the basis of an official or other reliable identifying document, and record the identity of their clients, either occasional or usual, when establishing business relations or conducting transactions (in particular opening of accounts or passbooks, entering into fiduciary transations, renting of safe deposit boxes, performing large cash transactions). Recommendation #13 says the FATF should monitor new technologies (such as anonymous digital cash software systems) that might favor anonymity, and--in a Luddite way--act to hinder their use if they could conceivably be used for money laundering: 13. Countries should pay special attention to money laundering threats inherent in new or developing technologies that might favour anonymity, and take measures, if needed, to prevent their use in money laundering schemes. In particular, the FATF has devoted taxpayer resources to the study of the question of when and how the assets of those citizens accused of money laundering can be seized, and how the loot can be shared among governments. In its standard circular reasoning, the FATF in another document notes: Confiscation is an important topic in relation to money laundering. The criminal's concern that their proceeds of crime may be confiscated is a major factor in motivating them to launder the proceeds of crime. An effective confiscation system is a necessary component of the anti- money laundering measures taken by any country. (FATF, Evaluation of Laws and Systems in FATF Members Dealing with Asset Confiscation and Provisional Measures.) No Burden of Proof A key focus of FATF attention has been to create an environment where financial assets can be seized by the government without any burden of proof such assets are in any way associated with any crime. The FATF says: Probably the single most important issue though for most members is the question of the burden of proof upon the government and whether it can be erased or reversed. Integrally linked is the question of depriving a defendent of proceeds of offences other than those for which he is immediately convicted. If the aim of governments is to strip a convicted defendent of all his criminal [read: "money laundering"] proceeds, then they should seriously consider measures to make the task easier for the prosecutor. Measures that should be considered include: applying an easier standard of proof than the normal criminal standard to the confiscation proceedings; the more effective alternative of reversing the burden of proof and requiring the defendent to prove that his assets are legitimately acquired; if a conviction is required for confiscation, enabling the court to confiscate the proceeds of criminal activity other than the crimes of which the defendant is immediately convicted. (FATF, Evaluation of Laws . . .) So, in sum, the FATF has declared itself the enemy of privacy and anonymity, and represents an international, inter- governmental endeavor to seize assets at will. Much like any thief. In its most recent statement concerning the application of these principles (1997-1998 Report on Money Laundering Typologies), the FATF continues to emphasize the threat posed by anonymity: What is clearly a problem, however, is the opening of bank sites on the Internet in breach of banking regulations. In this case, the difficulty is to bring proceedings against the perpetrator, given the international character of the Internet and the difficulty of locating a site, which may be different from the one where illegal practices were identified, and identifying the national law that would apply. As yet only one case of this kind has been encountered, namely that of the Antigua-based "European Union Bank" which explicitly proposed completely anonymous investments. Notice the identification of "completely anonymous investments" with "illegal practices". (The example is ironic, in that European Union Bank was a swindler's scam enacted by two Russians. But the FATF is more concerned with anonymity than fraud.) The report even suggests that software vendors become subject to money-laundering supervision: In more concrete terms, particular consideration might be given to the following measures: . . . authorisation and surveillance of issuers of new technology products, since anti-laundering measures are better complied with when they apply to a regulated and controlled sector. The FATF has declared itself the enemy of financial privacy enhanced by cryptology. What Is To Be Done? The next time one of Stanley Morris's or Louis Freeh's henchcreatures asks you, "What do you want anonymity for? Do you have something to hide?" respond by asking him or her: "Can I have a copy of your latest bank statement? "Where do you live? "Can you supply me with photos of your children?" You will quickly discover that the henchcreature believes in privacy and anonymity. Both for himself and for people like him. He just doesn't believe in it for scumbags like you. And that's precisely the problem. If you want to be a willing victim he will gladly oblige. But despite the efforts of the FATF fascists, privacy and anonymity in the present age are both possible and practical. Over the next several months (be patient), I will tell you how to obtain it. The first step is to achieve privacy in your communications. The next step is to achieve privacy in your finances. In the meantime, you might want to look around to better understand the dimensions of the problem. For this is a war. This ain't no disco. -30- This article appeared in Laissez Faire City Times, Vol 2, No 23. Email Reply to the Author from Lauren Weinstein's Privacy Forum (http://www.vortex.com) Digest of 1998- Dec-20, article originally authored by Lauren Weinstein and posted on 1998-Dec- 16: Privacy Discussions Classified as a "Criminal Skill" Greetings. Is discussing privacy in the PRIVACY Forum a criminal skill? According to one widely used commercial web filtering tool, the answer was yes! The controversy over software to block access to particular sites, based on perceived content, has been continuing to rage. Attempts to mandate the use of such software in environments such as libraries and schools have raised a variety of serious concerns. In addition to fairly straightforward freedom of speech issues, another factor revolves around how accurate (or inaccurate) these filtering systems really are. I've now seen firsthand that errors by a filtering system can indeed be quite serious, an event that seems to certainly validate some of these concerns. But there is something of a silver lining to the story, as we'll see later. I recently was contacted by someone at a large corporation, who was trying to reach the PRIVACY Forum web site, which is constantly being referenced by individuals and commercial, educational, government, and other sites around the world. This person was upset since whenever they attempted to reach the http://www.vortex.com site and domain that hosts the PRIVACY Forum, their web software blocked them, informing them that the block was in place due to the site being categorized as containing "criminal skills." As the webmaster for the vortex.com domain, this certainly came as news to me. The message they received didn't give additional information--they didn't even know exactly where it came from. It was apparent though, that the entire organization was probably blocked from reaching the PRIVACY Forum, since the filtering software in question was affecting a main firewall system. After a number of phone calls and discussions with the system administrator for that organization, the details began to emerge. The company was running a filtering software package from Secure Computing Corporation of San Jose, California. This package received weekly updates of blocked sites in a wide variety of categories, one of which was "criminal skills." The administrator had no idea what rationale was used for these decisions, they just pulled in the list each week and applied it. He immediately placed vortex.com on a local exception list so that it would no longer be blocked to their users. I then turned my attention to Secure Computing. After a number of calls, I found myself speaking with Ken Montgomery, director of corporate communications for that firm. He confirmed the information I had already received. The filtering product in question ("SmartFilter") was apparently not being marketed to individuals, rather, it was sold to institutions, corporations, etc. to enforce filtering policies across entire entities. The product covers a wide range of information categories that users of the software can choose to block. He said that the majority of blocked sites were in categories involving pornography, where there was (in his opinion) no question of their not belonging there. The "criminal skills" category reportedly was broadly defined to cover information that might be "of use" to criminals (e.g. how to build bombs). He had no explanation as to why my domain had been placed in that list, since by no stretch could any materials that are or have ever been there fall into such a categorization. He did discover that the classification of my domain had occurred over a year ago (meaning other sites could have been receiving similar blocking messages for that period of time when trying to access the PRIVACY Forum) and that the parties who had made the original classification were no longer with their firm--so there was no way to ask them for their rationale. (All of their classifications are apparently made by people, not by an automated system.) However, it seems likely that the mere mentioning of encryption may have been enough to trigger the classification. The administrator at the organization that had originally contacted me about the blocked access, told me that the main reason they included the "criminal skills" category in their site blocking list was to try prevent their users from downloading "unapproved" encryption software. This was a type of information that he believed to be included under the Secure Computing "criminal skills" category (the "logic" being, obviously, that since criminals can use encryption to further their efforts, encryption is a criminal skill). He also admitted that he knew that their users could still easily obtain whatever encryption software they wanted anyway, but he had to enforce the company policy to include that category in their blocking list. As PRIVACY Forum readers may know, no encryption software is or ever has been distributed from here. The topic of encryption issues does certainly come up from time to time, as would be expected. For the mere *mention* of encryption in a discussion forum to trigger such a negative categorization would seem to suggest the fallacy of blindly trusting such classification efforts. Mr. Montgomery of Secure Computing initially suggested that it was up to their customers to decide which categories they wanted to use in their own blocking lists--he also stated that as a company they were opposed to mandatory filtering regulations. I suggested that such determinations by their customers were meaningless if the quality of the entries in those categories could not be trusted and if errors of this severity could so easily be made. I felt that this was particularly true of a category with an obviously derogatory nature such as "criminal skills"--the ramifications of being incorrectly placed into such a category, and then to not even *know* about it for an extended period of time, could be extreme and very serious. To their credit, my argument apparently triggered a serious discussion within Secure Computing about these issues. I had numerous subsequent e-mail and some additional phone contacts with Mr. Montgomery and others in their firm concerning these matters. First off, they apologized for the miscategorization of vortex.com, and removed it from the "criminal skills" category (it was apparently never listed in any other of their categories). Secondly, they have agreed with my concerns about the dangers of such miscategorizations occurring without any mechanism being present for sites to learn of such problems or having a way to deal with them. So, they will shortly be announcing a web-based method for sites to interrogate the Secure Computing database to determine which categories (if any) they've been listed under, and will provide a means for sites to complain if they feel that they have been misclassified. They've also suggested that their hope is to provide a rapid turnaround on consideration of such complaints. While by no means perfect, this is a step forward. I would prefer a more active notification system, where sites would be notified directly when categorizations are made. This would avoid their having to check to see whether or not they've been listed, and needing to keep checking back to watch for any changes or new categorizations. If more filtering software companies adopt the Secure Computing approach, there would be a lot of checking for sites to do if they wanted to stay on top of these matters. Secure Computing feels that such notifications are not practical at this time. However, their move to provide some accountability to their filtering classifications is certainly preferable to the filtering systems which continue to provide no such facilities and operate in a completely closed environment. So, we make a little progress. The PRIVACY Forum and vortex.com are no longer miscategorized and have been removed from all Secure Computing block lists. Secure Computing was polite and responsive in their communications with me, and will establish the system discussed above in reaction to my concerns. Web filtering of course remains a highly controversial topic with many serious negative aspects, but we see that when it comes to dealing with the complex issues involved, it would be a mistake to assume that all such filters all created equal. --Lauren-- from http://www.dmssoft.com/wvu-ace/surveill.htm: SURVEILLANCE IN THE WORKPLACE By Victor Beattie The survey of 900 companies by the New York-based American Management Association (AMA) shows 35 percent of them monitor their employees by recording telephone calls, checking computer files and electronic mail or videotaping work. Slightly more actually record the phone numbers their employees call and log the length of the conversations. Eric Greenberg, director of the AMA's management studies, says while most firms tell their employees about the practices, some do not: "As many as 23 percent of companies that pursue these policies don't inform their employees that they're doing so. And, the American Management Association very strongly recommends employers do inform their employees that these are their policies and practices so the employees know that, at any given time, they are liable to be taped or monitored for review." Mr. Greenberg says the only exception should be in the case of an investigation of criminal, illegal or unethical activities. He says such corporate eavesdropping is a relatively-new phenomenon because the technology making it possible is relatively new: "It would have been impossible 10 years ago for any employer to say that anytime you use your typewriter we insist you make a carbon copy of everything that you write and file that carbon copy for our review. Couldn't have been done. Couldn't have been enforced. But, the fact that people today work on word-processing software that often is connected through their hardware to some centralized server makes it possible for all of these keystrokes and of the computer files to be stored and reviewed." Greenberg says such surveillance allows supervisors to review performance by listening to the actual sales presentation of an employee. He says it can be used as a training tool. The researcher says financial services-- such as brokerage houses, insurance companies and real estate firms -- use such techniques to ensure employees do not misrepresent products and services. He says the third major reason is to ensure employees are not wasting money or company time by making telephone calls or browsing on the Internet in non-work related activity. About one-third of surveyed firms use videotaping of employees to cut down on theft, violence or sabotage. Mr. Greenberg insists companies have a legal right to engage in such activity: "The employer has an undoubted right to trace what is being done with what is, after all, equipment owned by the employer, software owned by the employer and, in fact, the job itself doesn't belong to the person who occupies it. The job belongs to the employer." Greenberg says monitoring varies widely in scope and frequency, but rarely is an employee constantly watched. Most companies monitor selected employees using routine or occasional spot checks. Only one state -- Connecticut -- has a law protecting workplace privacy by forbidding monitoring in areas such as restrooms. The survey found that large corporations are more likely to engage in such activities than smaller companies. Source: Voice of America The following is the tip of a potential policy iceberg. from PDL 1999-Mar-1, from the FCC: Answers from FCC Chairman William E. Kennard to Questions Concerning the Action Taken by the FCC on February 25, 1999, Concerning Reciprocal Compensation for Dial-Up Internet Traffic Q: Has the FCC opened the door to Internet charges? A: Absolutely not. The FCC has reconfirmed the Internet's exemption. Consumers will see no new charges on their Internet or phone bills. Q: Are we going to see new long distance charges to connect to the Internet? A. No. Rumors have been spread by some people, but these rumors are false. The FCC will not impose long distance charges for dialing up the Internet. Q: Is there any way that local phone companies will be able to start imposing usage-sensitive access charges to Internet service providers? A. No. The exemption from long distance access charges is solid as a rock and has been upheld in court. Q: The FCC will not allow long distance charges for local calls to the internet. But has the FCC made it easier for states to impose long distance charges for local calls to the Internet? A: No. States have no power to impose long distance charges. Only the FCC can do that, and we declared our jurisdiction over this traffic. Q: What changes can consumers expect to see as the result of this decision -- in the short run, and in the long run? A: Consumers should see no changes in their Internet or phone bills, either in the short run or long run, as a result of this Order. The big picture in the long run is very positive -- our continued "hands off" policy towards the Internet will allow it to continue growing rapidly, unfettered by regulations. Q: How will Internet providers react to this Order? Will this be good for business or bad for business? A: It's good for business and consumers. We have clarified how companies pay each other for this traffic and we have done so in a way that prohibits the assessment of long distance charges. This can only help consumers. Q: Why were so many negative rumors spread around? A: The Internet has become extremely important to a lot of people in the last few years. We get letters every week from people for whom access to the Internet has opened up whole new possibilities for business, social service, and life. The very idea of paying long-distance-type charges for hours web surfing naturally produces great anxiety. Therefore these rumors tend to spring up anytime the FCC does anything related to long distance service. from PDL 1999-Mar-6, from USA Today: White House attacks growing Internet fraud WASHINGTON - Portraying the Internet as a growing playground for criminals, the chief of the Justice Department's criminal division said Friday the Clinton administration is readying a new program to curb fraud on the Web. General James K. Robinson said. ''Internet fraud ... is becoming a significant threat the tens of millions of people who use the Internet regularly.'' Stock trading by computer, online auctions and direct sales of products to businesses and consumers already account for billions of dollars in sales each year and may exceed $1 trillion early in the 21st Century, Robinson said. As a result, ''the administration in the near future will be launching a new initiative to address the problem of Internet fraud ... through both criminal and civil enforcement,'' he said. Concerned that instances of fraud and abuse may have been falling through the cracks, planners of the initiative are developing guidelines to increase cooperation between regulatory agencies, said an administration official, who requested anonymity. from MSNBC 1999-Jan-20, from WJAR TV10 Providence/New Bedford, from http://www.msnbc.com/local/WJAR/116751.asp: Murder spawns downtown surveillance camera proposal Mayor Vincent A. ``Buddy'' Cianci is downplaying the murder, but plans to install three video cameras to keep watch over downtown - a move the ACLU and others call ``Orwellian.'' Is this leadership on public safety, or the arrival of ``Big Buddy?'' ``These surveillance cameras have the capability to zoom in PROVIDENCE - Providence's first murder of on individuals and monitor the year last week has spawned plans by the activities in ways that truly are city to install surveillance cameras in areas of Orwellian.'' high crime downtown. -Steve Brown The move is not meeting with unanimous American Civil Liberties Union approval - in fact, some are calling up images of Big Brother, the omnipotent tyrant from George Orwell's novel 1984, a chilling vision of a totalitarian future. Mayor Vincent A. ``Buddy'' Cianci and the Providence Police Department are planning to purchase three high-resolution video surveillance cameras, at a cost of about $6000 per camera. The cameras are slated to be placed in so-called ``trouble spots,'' a move the American Civil Liberties Union calls ``troubling'' and ``a concern for potential damage.'' Is this leadership on public safety, or the arrival of ``Big Buddy?'' Reaction has been mixed. The move to purchase the cameras came in the aftermath of Providence's first murder, in which a Hyannis resident apparently resisted a robbery attempt and was shot to death. Detectives are investigating whether that murder can be connected to three holdups near the Ivy League campus of Brown University. Mayor Cianci, however, says that the city has not become more dangerous, and that the killing was an isolated incident. The video cameras could be used for simply monitoring the downtown area, or for videotaping as well. What's got the ACLU and other privacy advocates up in arms is that the cameras keep watch over everyone in the area - not just those suspected of engaging in illegal activity. The city believes the surveillance cameras will make the city a safer place. But are cameras effective in doing that? Surveillance cameras have been used in some other major American cities. In New York City, for instance, surveillance cameras were installed in Times Square for almost two years, with the net result being just ten addition arrests. Atlantic City, New Jersey had cameras in place for two months until they were taken down. Considerable debate over the cameras have erupted in virtually every city where surveillance cameras were being considered for use by the police. The ACLU says that a number of questions should be answered regarding the government's possible usage of video cameras: 1. Will the cameras be trained only on the streets - or are they able to peer people's into windows as well?

2. Will the cameras see, and possibly hear, more than the naked eye and ear could gather themselves? The ACLU says that such ``super-human'' surveillance devices are unconstitutional.

3. Will the cameras be used to monitor political groups and protest rallies?

4. Will any recordings made by the cameras be immediately entered into the public record? If so, for instance, a surveillance video could then be immediately broadcast on television.

from PRIVACY Forum Digest, Sunday, 1 November 1998, Volume 07 : Issue 18: Date: Sun, 1 Nov 98 10:31 PST From: [email protected] (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Privacy Briefs - Son of CDA - Cell Phone Location Tracking - New European Union Privacy Rules Son of CDA As expected, Congress passed new restrictions relating to children and the Internet, popularly being referred to as "Communications Decency Act II." Court challenges have already begun. Most attention has revolved around the requirements concerning verifying the age of persons accessing certain broad categories of information deemed "harmful to minors" (the precise rules apparently must be formulated by the Federal Trade Commission). Other aspects involve the collection of information from children by web sites (again, specifics apparently under the auspices of the FTC). However, a less noticed aspect of the bill with privacy implications could force ISPs to provide information regarding their subscribers to law enforcement, even without a search warrant. Under the new law, when an ISP "obtains knowledge of facts or circumstances" in which a child pornography law is thought to be violated, it must report the information to a law enforcement agency. There are fines of up to $50,000 for the first infraction and $100,000 for subsequent infractions. Since the law doesn't establish a standard of truth, and the fines are so severe, there are concerns that ISPs will "over-report," providing data on innocent subscribers upon any accusation, from nearly any source. The law reportedly does not limit the type of information ISPs can turn over to law enforcement or provide legal recourse for subscribers whose personal information is improperly disclosed, since ISPs are specifically protected from liability for actions they take under the act. Cell Phone Location Tracking The Federal Communications Commission (FCC) is apparently moving forward with plans to require cellular carriers to provide detailed user location data (originally implemented for 911 emergency use) to law enforcement, subject to a court order indicating that the person in question is "under investigation." This is a much lower standard than that required to obtain a search warrant. Such data could presumably be used in realtime or retrospectively. Of course, since cell phones can only be tracked when they are turned on (either awaiting a call or in a call) the continuity of such data can vary widely. Pre-paid cellular services, which can be obtained without verifiable identification, also would appear to present some additional complexities for such applications. [...] Date: Thu, 29 Oct 1998 17:32:13 +0000 From: Keith Parkins Subject: CCTV The CCTV in London that has built in pattern recognition has now gone live. The system can be pre-programmed to look for known people. When the target is 'framed' an alarm is sounded, the 'victim' highlighted, and the local police alerted. The police then take over the monitoring. Built into the system is the ability to override disguises. CCTV does not deter crime, it simply displaces it to another area. This area in turn then clamours for CCTV. Schools are installing CCTV. If nothing else this conditions the future generation to accept CCTV as the norm. In Aldershot, stationary CCTV affixed to buildings, lamp posts is not enough, they are now installing mobile cameras. The experiment in Newham, known as Mandrake, is to last for six months. Newham has already spent 1.6 million pounds on installing CCTV. Mandrake will cost a further 60,000 pounds and bring the number of cameras within the borough up to 240. There are an estimated 150,000 cameras on the streets of Britain. http://www.heureka.clara.net/sunrise/spooks2.htm http://www.heureka.clara.net/surrey-hants/ald-shot.htm Richard Thomas, Police switch on the candid camera that knows your face, The Observer, 11 October 1998 Bill Mouland, Big Brother is Watching You, Daily Mail, 15 October 1998 Keith Parkins from the Houston Chronicle: Paper: Houston Chronicle Date: SUN 11/22/98 Section: OUTLOOK Page: 6 Edition: 2 STAR

Arrest puts jury-selection form on trial

By JEFF MILLAR Staff

IT must be a lot of fun to be a Texas district court judge. Shoot, in Texas if a judge is in a mood to send somebody to jail, and if a jury hasn't convicted anybody recently, the judge can send the jury to jail. State District Judge W.R. Voigt didn't send a whole jury to jail. He didn't even send a juror to jail. What he did was send a prospective juror to jail. He is Harold Crouch , who walked into Voigt's courtroom Nov. 10 on a jury panel. Crouch declined to fill out a statewide-standard juror questionnaire used in capital murder cases. Voigt ordered him to so do. Crouch again declined and was walked out of Voigt's court with a bailiff's hand on his elbow, sentenced for contempt to 30 days in the county jail and a $500 fine. No bail. No due-process rights, other than to file a direct appeal with the Texas Court of Criminal Appeals. Six days later, Crouch was granted bail on appeal. So what is this 88-question form, and what bothered Crouch so much? For starters, there's no O.J.-trial, Juror No. 605 anonymity to it. The form wants your full name, any other name you might have used, your Social Security number, your driver's license information, name of employer, supervisor's name, and the names and current schools/current employers of your children. By the end of the questionnaire, you must: In question 28, reveal if you were dishonorably discharged from military service. In questions 32 and 35, detail those in your family - or who are acquaintances - who have been arrested or even accused of a crime, then state what the crime was. In question 40, list the magazines to which you subscribe or buy off the rack (presumably something like Sadists & Masochists Quarterly could be considered relevant if the defendant is a sadist or a masochist); In question 42, reveal the title of the last movie you saw, even if you are a high school phys ed teacher and you rented it from a video store that has a curtained door separating some titles from the others. In questions 53 and 57, you must detail all consultations you or any relative have had with psychologists or psychiatrists and list all medications prescribed. In question 64, detail how you happen to know anyone who's ever been in prison. Quite intriguing: Although you must give up yourself, your relatives and your acquaintances if they've been accused of a crime, arrested, been in prison, sought mental-health care or taken legally prescribed psychoactive drugs, question 74 allows you to describe the problems of anyone you've known who's had a serious problem with alcohol or illegal drugs "without naming any names." Voigt assures that what you write down is to be used solely "to give the prosecution and the defense an opportunity to select a fair and impartial jury" - that "all your answers will be held in the strictest confidence (and that only) the judge, lawyers, court reporter and clerk will have access" to them. (What's the court reporter doing in the loop if the information isn't going into the record?) Problem is, my legal advisers say there is no assurance that what a juror writes will not come up when the prosecution and defense question individual prospective jurors - audible throughout the courtroom - to satisfy themselves that the juror will be fair and impartial. It is not until question 87 that the prospective juror is asked, "Do you want to be on this jury?" Were I called into W.R. Voight's court, I would still check "yes," but I'd put an asterisk next to it, noting that I want to be represented by counsel during voir dire. Because it seems that for the offense of being eligible for jury duty, citizens are being hauled into court and required to rat information that could cost them jobs, reputations and relationships. Crouch might have a point. Paper: Houston Chronicle Date: FRI 11/27/98 Section: A Page: 37 MetFront Edition: 3 STAR

Voigt responds to contempt queries

By THOM MARSHALL Staff

OK, MAYBE the message to return a call to state District Judge W.R. Voigt caused a slight case of the heebie-jeebies. After all, I'd openly admitted here on the edge of the page that I am in contempt for having the same sort of sentiments that were behind Judge Voigt's tossing prospective juror Harold Leland Crouch in the pokey recently. Crouch had refused to complete a lengthy questionnaire that probed into many private and personal matters. As I dialed the judge's number, I was thinking that if he invited me to his chambers, maybe I'd stop by Walgreen's and pick up a new toothbrush, just in case. But he didn't. We simply chatted cordially on the phone for awhile, mostly about jury selection in capital murder cases in general, but also a little about Harold Crouch in particular. Harold is out on bond while appealing Judge Voigt's contempt sentence of 30 days in jail and a $500 fine. The judge said he thinks it is good the case is going to the Court of Criminal Appeals and is getting so much attention. He said that it involves an important question and maybe the higher court can give some opinion "that has more weight than just some judge holding somebody in contempt." Why are questionnaires used? He said those questionnaires that potential jurors are required to fill out in capital murder cases can result in tremendous savings, most recently cutting the amount of time needed to seat a jury from what likely would have been about six weeks to just two and a half weeks. And, by the way, the judge said that in lesser felony cases, jury selection may take only three hours. I mentioned getting several e-mail messages from folks who support Crouch and who also would not want to answer questions that delve so deeply into their personal lives, questions about religious and political beliefs, interests and hobbies, organization memberships, various family matters, psychological histories. "It seems to me," Judge Voigt said, "if you know more about the person and their family you have a better idea of how disinterested they might be, what their penchants are, and you might have a better chance at getting somebody that gives you a shot at life instead of death, or if you're a prosecutor, death instead of life." He said the questionnaire that Harold refused to complete was put together by the prosecuting and defense attorneys after the judge instructed them to combine their questions on a single form. I mentioned getting a message from one former prospective juror who filled out a similar questionnaire in another trial, and who became concerned upon seeing the completed forms on a table in front of the accused. "That may be so," Judge Voigt said. "Of course the defendant has a right to intelligently work with his lawyer to help his trial." Juror privacy vs. rule of law I couldn't keep from commenting on the irony: By studying questionnaires, a defendant may learn more personal details about jurors than the jurors will learn about the defendant. We've all watched enough TV courtroom dramas to figure many of those questions would be ruled irrelevant if a prosecutor tried to ask them of the accused. "What you're saying about the defense knowing more about the jurors than they (jurors) know about the defendant is the purpose of the law," Judge Voigt explained. "That's why you have the code and the rules of criminal evidence which limit the information that can be given about the defendant." He said we should "think of the stakes that this guy is playing for. He wants to know as much as he can about these people." When a group of folks is summoned for jury duty, he said, "You get some people that say, `Hang 'em high. All of 'em.' No defendant wants to have a person like this. Hopefully, you have some people that are disinterested or willing to coolly look at the facts." In the past week, a few folks expressed an interest in donating to a legal defense fund for Harold . (Interested people can call his attorney, Philip Hilder, at 713- 655-9111.) And some people want to know whether something might be done to change the system to provide more consideration for prospective jurors' privacy. I mentioned these things to Judge Voigt. "Maybe Mr. Crouch could make some money out of this and that would be fine," the judge said. "You never know, actually. There may be people so sympathetic that he might come up with a few thousand bucks." As for making changes in the system, Judge Voigt said "the place to complain is the Legislature, not the judges." Paper: Houston Chronicle Date: SUN 11/29/98 Section: OUTLOOK Page: 6 Edition: 2 STAR

Jury questions are necessary, judge counsels

By JEFF MILLAR Staff

THE case of the juror in the jug is throwing off a bit of heat. Last week we talked about Harold Crouch , a prospective juror in Judge W.R. Voigt's 248th Criminal District Court. The judge sent Crouch to jail for contempt because Crouch refused to fill out a standard juror questionnaire. The prosecution and defense attorneys employ the answers in the process of obtaining a fair and impartial jury. This issue brought an unusual amount of mail, most of it about other prospective jurors' discomfort at filling out forms and answering attorneys' oral questions during the step in juror selection called voir dire. Some said they simply would not tell the truth in answering some questions. Some suggested that attorneys, in reality, use the information from forms and questioning to assure that jurors will be partial - to their side. One letter was from Mary Lou Keel. She wrote that there is no standard juror questionnaire. She should know; she is judge of the 232nd Criminal District Court. "Each trial judge is in charge of the manner in which voir dire is conducted," said Keel, "including the kind of questionnaire used, if any. In the 232nd and, I suspect, most other courts, every effort is made to balance a juror's privacy interests with the interests of the litigants in seating an impartial jury. The judge has absolute discretion in designing questionnaires - or he may disallow their use altogether." She sent along the juror questionnaire used in the one death-penalty case she has heard. In comparison to Voigt's demands, hers seemed rather general. Still, if you had known anyone who had been in prison or was a victim of violent crime, Keel required details. "A trial court judge must allow attorneys to ask questions - orally or in writing - that are material to a potential juror's ability to be fair and impartial in the case on trial," she wrote. "The kind of questions that must be allowed depends in part on the evidence anticipated to be introduced at trial. If a trial judge errs too far on the side of the potential jurors' privacy rights, he runs a significant risk of having the case reversed." Keel cited the case of a murder conviction that was reversed on appeal because the victim was a nun and prospective jurors had not been asked how they felt about nuns. "It is inevitable that some potentially embarrassing questions will be asked," she wrote. "Just how many and how far-reaching depend on the exercise of the trial judge's discretion." Keel can't be very reassuring when it comes to confidentiality. She said that in her court, she allows a prospective juror who really doesn't want everybody in the courtroom to hear his answer to a voir dire question to approach her bench and answer it there. Just because it's whispered doesn't mean it stays secret. The court reporter takes down what you say. It becomes part of the trial's transcript, and that is a public document, available to anyone with the will and the money to obtain a copy. "Every judge is different," writes Keel, "and the judge makes a huge difference in the way trials are conducted." All the more reason, Keel says, for making careful choices in judicial races. The thousands of people who serve on juries the length of a trial in a Harris County courthouse constitute what is very difficult to find: an informed electorate. At the end of the trials, let's hand a report card to these jurors. Three months before the filing deadline for the next election, these report cards are to be averaged. Any judge who gets a D or worse from his or her jurors doesn't get to stand for re-election. I'd gladly cede my vote to those jurors who have had an intimate working experience with a judge while I experienced him only as a TV commercial, a yard sign and a political affiliation. from TPDL 1999-May-20, from USA Today, by Richard Willing: Electronic wiretaps tripled last year WASHINGTON - Wiretaps placed by state and federal police on cell phones, pagers, e-mail and other electronic communication devices nearly tripled last year, according to a report by the Administrative Office of the U.S. Courts. And for the first time, wiretaps on cellular phones and pagers outnumbered wiretaps on conventional telephones. "The world of surveillance has met the e-age and pronounced it good," says David Banisar, contributor to The Electronic Privacy Papers and a critic of most electronic surveillance. "Hopefully, this is the beginning of the debate (because) this is not going away." Altogether, state and federal judges authorized 1,329 wiretaps in 1998, a 12% increase over 1997, the report says. The increase was caused by an expansion in wiretaps sought for state and local drug investigations. About three-quarters of all wiretaps were requested in drug cases. The most listened-in on locales were New York City, New Jersey, Pennsylvania, California, Florida and Maryland. Taps on wireless communication, made easier by advances in technology, increased from 206 in 1997 to 576 last year, the report said. About half were placed on cell phones and half on pagers. And for the first time, judges authorized taps of e-mail: Five e-mail intercepts were installed. Under federal and many state laws, police must convince a judge that a wiretap will produce evidence of crimes that cannot be obtained in other ways. Nevertheless, only two requests were turned down last year. That, opponents say, suggests judges are neglecting their roles as overseers. But prosecutors say the expanding use of wiretaps is a critical part of their arsenal. Wiretap investigations concluded in 1998 led to 3,450 arrests and 897 convictions. from TPDL 1998-Oct-14, from Reuters 10-08-98 12:51 PMT, by Aaron Pressman: US lawmakers sneak through controversial wiretap law WASHINGTON (Reuters) - Without debate or notice, U.S. lawmakers were poised Thursday to approve a proposal long sought by the FBI that would dramatically expand wiretapping authority -- an idea Congress openly rejected many years ago. The provision, allowing law enforcement agencies more easily to tap any telephone used by or near a target individual instead of getting authorization to tap specific phones, was added to the Intelligence Authorization Conference report during a closed door meeting and filed with the House and Senate Monday. The conference report was easily adopted by the House on Wednesday, despite an objection to the wiretapping provision from Georgia Republican Bob Barr and is expected to be approved by the Senate later on Thursday. Neither the House nor the Senate had included the provision, known as roving wiretap authority, in their versions of the intelligence bill. But lawmakers drafting the conference report, essentially a reconciliation of the two versions, decided to include it. Civil liberties groups were outraged by the expanded wiretapping authority and the process of adding the provision in secret. ``Roving wiretaps are a major expansion of current government surveillance power,'' said Alan Davidson, staff counsel at the Center for Democracy and Technology in Washington. ``To take a controversial provision that affects the fundamental constitutional liberties of the people and pass it behind closed doors shows a shocking disregard for our democratic process.'' Under current rules, law enforcement agencies seeking roving wiretap authority from a judge must prove that an individual is switching telephones specifically for the purpose of evading a surveillance. The standard has been difficult to meet and kept the number of roving wiretaps approved to a minimum, a telephone industry official said. Without roving authority, police must get permission from a judge for each telephone line to be tapped. Under the change approved this week, the police would need show only that an individual's, ``actions could have the effect of thwarting interception from a specific facility.'' The change removed the need to consider the target's motive in using different telephones.

The charter of the CIA precludes their involvement in domestic law enforcement activities. Nonetheless, my web server logged the following queries: 198.81.129.193 - - [01/Dec/1997:11:27:36 -0500]\ "GET /cm/cm2.txt HTTP/1.0" 200 77007\ "http://altavista.digital.com/cgi-bin/query?\ pg=aq&what=web&kl=XX&q=calea+and+legislation%0D%0A&\ r=&d0=21%2FMar%2F86&d1=&search.x=61&\ search.y=6" "Mozilla/3.01 (WinNT; I)"

198.81.129.193 - - [01/Dec/1997:11:28:16 -0500]\ "GET /cm/cm4.txt HTTP/1.0" 200 32154\ "http://altavista.digital.com/cgi-bin/query?\ pg=aq&what=web&kl=XX&q=calea+and+legislation%0D%0A&\ r=&d0=21%2FMar%2F86&d1=&search.x=61&\ search.y=6" "Mozilla/3.01 (WinNT; I)" These are Altavista "advanced queries" from relay1.ucia.gov - the Central Intelligence Agency - on 1997-Dec-1 - for documents containing the words "calea" and "legislation." CALEA is the 1994 "Communications Assistance to Law Enforcement Act," also known as the Digital Telephony Act, which is meant to extend the Echelon infrastructure to the US domestic telephony infrastructure by requiring engineered-in centrally controlled and accessible wiretapping facilitation (the infamous "one percent of calls at once" sought by the FBI). The CIA, in performing this query, committed an Intelligence gaffe, by revealing their interest in CALEA - a purely domestic program publicly supported by the FBI, whose charter of course includes domestic law enforcement acitvities.

from TPDL 1998-Nov-13, from WorldNetDaily.com, by David M. Bresnahan: Governors push national ID plan Rewrite of executive order could be key The National Governors Association would like to have a national ID system, and plans to work with the White House to reinstate Executive Order 13083 to make that a reality. The bipartisan NGA is claiming much of the credit for stopping Executive Order 13083, but they also plan to help craft a revised version of the order that will alter the relationship between states and the federal government. An internal document used by the NGA to inform all governors of their goals and objectives was made available to WorldNetDaily, along with a "Fact Sheet on Federalism" used by the White House staff. Both documents were provided by a Republican source. Each document shows that both the White House, and the nation's Governors, plan to put the currently suspended executive order into effect. One of main reasons for the alteration of state and federal government relations is to provide for "preemption of state and local laws" by the federal government, according to the NGA document. "This is because of demands by citizens, businesses, and the federal government to make all government more accessible and open," claims the NGA. "Pressures for uniformity and simplification come from globalization in trade and telecommunications policy, regional environmental quality solutions, and a greater need for some type of personal identification mechanism to combat fraud, crime, illegal immigration, and mismanagement of funds. Congress passed the "Illegal Immigration Reform and Immigrant Responsibility Act of 1996," which authorized the National Highway Traffic Safety Administration of the Department of Transportation to establish a national ID system through the use of driver's licenses. Those guidelines are spelled out in Section 656 (b) of the act. They include the use of Social Security numbers on all licenses, and in all data bases beginning Oct. 1, 2000. The act also calls for digitized biometric information to be a part of each license, or "smart card." The biometric information will include fingerprints, retina scans, DNA prints, and other similar information. Thousands of letters of protest were received by the Department of Transportation during a public comment period, which concluded in October. The exposure of the plan in WorldNetDaily, and the outcry that followed, prompted Congress to place a moratorium on the national ID, as well as the medical ID law. "These new national ID regulations violate every notion of federalism, because they force states to comply with regulations issued by the federal government, without any constitutional authority to do so," said Patrick Poole of the Free Congress Foundation. "Nor are federal agencies empowered to force states to gather detailed information on every person in order to comply with federal mandates." The NGA document indicates that governors apparently would like to alter the concepts of federalism, mentioned by Poole, to facilitate the national ID system. The governors claim that the federal government must be able to preempt state and local laws, and pressure from "special interest groups" seem to be involved. "Preemption and standardization proposals are now common for international, business, environmental, health, and financial laws in Congress, and regulations by executive branch agencies with substantial support from selected special interest groups," states the NGA. The NGA claims that governors objected to the executive order on federalism because it was issued by President Clinton, without consulting governors. They also say they were concerned with the way the federal government would have supremacy over state laws. The NGA complained in their document that plans for negotiating with the White House for an acceptable executive order will be made more difficult because of a Congressional ban on funding. They say they expect to have discussions with Clinton in 1999 on the issue. Congress included three clauses in the omnibus appropriations bill to withhold funds for implementation of the national ID, medical ID and Executive Order 13083. Apparently the governors are not pleased with those actions, according to their document. The White House claims in their internal fact sheet that the executive order was necessitated by unnamed recent Supreme Court decisions and recent legislation. It states that Executive Order 13083 merely clarifies previous executive orders on federalism. Gov. Mike Leavitt, R-UT, disagrees. He was asked to testify to the U.S. House of Representatives Subcommittee on National Economic Growth, Natural Resources, and Regulatory Affairs in July. He asked Congress to demand that the executive order be withdrawn. Leavitt says the Clinton order does not clarify previous federalism executive orders -- it eliminates them. "This order represents a 180-degree turn from all previous federalism aimed to restrain federal action over states," said Leavitt in disagreement with the Clinton fact sheet statement of purpose. "The current version of this new order is written to justify federal supremacy." The White House fact sheet claims that President Clinton believes the executive order is necessary in order to "protect individual liberty." Critics claim he is taking liberty away. The fact sheet summarizes the executive order using language that copies the deceptiveness for which the order was criticized by the U.S. Senate, National Governor's Association, National Conference of State Legislatures, National League of Cities, National Conference of Mayors, and the National Association of Counties. All of those organizations demanded withdrawal of the executive order. "Given the secrecy surrounding this order and the complete turnabout of its language and scope, one can only conclude the Clinton administration deliberately set upon a course to expand the role of the federal government. Not exactly the end of the 'era of big government,'" said Leavitt when he testified, criticizing the deceptiveness of the order. Many who were first asked to comment on the executive order by WorldNetDaily, just after Clinton signed it, were initially unable to respond because the wording was so deceptive. It took some time for officials to have the order analyzed. The language and wording used has been termed by many as extremely "Clinton- like." Once the order was evaluated by legal advisors, the alarm bells went off and demands for withdrawal were made. "When I discovered President Clinton's executive order," said Rep. David M. McIntosh, R-IN, "I wrote President Clinton that I could not understand how (he), as a former governor, could willingly abandon the protections accorded the states since 1987 from unwarranted federal regulatory burdens. "The bottom line is that the new order would wreak havoc on the balance of power envisioned by the Constitution between the States and the federal government. I simply asked, 'Why?.'" McIntosh is chairman of the Subcommittee on National Economic Growth, Natural Resources, and Regulatory Affairs, which held hearings on the executive order. Leavitt pointed out that the wording of the "Executive Order on Federalism" was so broad that the federal government could come into a state for any reason and enact any regulations it wants -- with no recourse for the state. It also appeared to delegate that authority to government bureaucracies, permitting vast powers to individuals who are not responsible to the voters. "It is nothing short of ironic -- and I would assert very troubling -- that President Clinton, a former governor and a former leader among governors, would sign an executive order that undermines the very constitutional and political principle he says in the order he seeks to protect and promote," said Eugene Hickok, former special assistant in the U.S. Department of Justice, when he testified before the committee. The documents obtained by WorldNetDaily clearly show that the NGA would like to facilitate a national ID system, and the organization believes Executive Order 13083, with some revisions, is needed to facilitate that. David M. Bresnahan ([email protected]) is a contributing editor of WorldNetDaily.com, is the author of "Cover Up: The Art and Science of Political Deception," and offers a monthly newsletter "Talk USA Investigative Reports." from PRIVACY Forum Digest 08.07 1999-May-4, by Chris D'Arcy:

Date: Fri, 30 Apr 1999 14:10 +0100 (BST) From: [email protected] (Chris D'Arcy) Subject: Carrying a Laptop into the UK - Rights to Search In the June edition of Personal Computer World, under the headline "Travelers face filth check" there is an article about speculation (i.e. the company MD says he "has reason to believe") that UK Customs and Excise will start to use forensic software from Vogon International (www.authentec.co.uk) to scan travelers' laptops for child pornography. If this were to be true, it strikes me that it is an incredible infringement of a travelers rights. Customs should have the right to search property upon entry into the UK where they have reasonable grounds to believe there is a problem. But this development would allow the wholesale stop and search of anyone traveling with a laptop. If material were to be found, what rights would there be for a traveler who was using a laptop from a pool, or carrying one on behalf of a colleague? What is also not clear is if this technology would raise the alarm if it found something it couldn't read (for example, someone's encrypted e-mail) - would it assume it was dubious leading to delays and embarrassment for the traveler? And what would be the position if something out of the ordinary was detected, what guarantees would there be that the software would not false alarm? On the whole, it sounds like a very sinister twist. Chris D'Arcy, UK from PRIVACY Forum Digest 07.15 1998-Sept-4, by Vin McLellan:

Date: Fri, 28 Aug 1998 02:13:09 -0400 From: Monty Solomon Subject: Re: Computer hard disc scanning by HM Customs & Excise

Begin forwarded message:

Date: Sun, 23 Aug 1998 18:46:03 -0400 From: Vin McLellan Subject: Re: Computer hard disc scanning by HM Customs & Excise Reading the comments of the UK Customs and Excise spokesfolk about their new policy of routinely scanning the digital memories carried by travellers, one is struck by their apparent naivete, e.g.: Nothing bad could be happening since it is all done in the presence of the traveller. The traveller is allowed to watch. It's only a "scan" for appalling digital smut -- although the process, as described, involves copying the disk (and almost any "scan" allows that, overtly or covertly.) It makes me wonder if they had any idea of what kind of Pandora's Box they were opening. Two years ago, a gentleman at Hewett-Packard Labs in California -- the former head of R&D at Apple, as I recall -- mentioned on one of the Internet newsgroups that senior HP executives had been warned by US intelligence agencies that big- number cash bounties that had been posted (where and by whom, it was not clear) for anyone who could obtain the travel laptop of particular US computer industry executives. The targets were identified by name and position. I suspect that the UK bureaucrats who thought up this search for illicit images never considered that the digital soup they were straining for porn in this low- level bureaucratic process might be worth $100K or $500K or $1M on the black market. (They may not have thought about how useful and productive their data- trap might look to Her Majesty's own intel chaps either, although many suspect C&E's naivete in that regard was brief.) Such casually intrusive and randomized search procedures are used for low- value valuables. (I suspect DeBeer's couriers don't get their wares pawed by junior staff who can't tell a diamond from a rhinestone.) Information has always had potentially high value, of course -- but even the post-industrial societies are still adjusting to the way computers concentrate and create such value in data. HM C&E is not likely on the cutting edge here. C&E officials have probably been amazed at anger and passionate resentment many knowledge-workers have shown toward their new policy. The C&E baggage inspector who only barely computer-literate is not likely to realize how profoundly a traveller may feel violated by a process which, by it's nature, necessarily offers Her Majesty's government an opportunity to copy one or two Gigabytes of personal and professional memories -- with the traveller forced to open encrypted files as it they were just another "locked suitcase." At least until this UK initiative raised the possibility of routine data searches, many of us typically travelled with almost all our personal messages, diaries, as well as all our professional work for the past two or three years in a laptop hanging from a shoulder strap. (With my RSA SecurPC, it seemed safe, as well as readily accessible.) My outrage at the invasiveness and indignity of such a search would probably shock someone who doesn't live and work online, the way I and many others do. Corporate execs and couriers may have far more valuable files: business plans, negotiation options, strategic plans, industrial plans, prototype products, competitive analyses, corporate records of all types. (Old and deleted files -- even unsaved data like remote-access passwords and encryption keys dropped in swap or temp files on a PC -- are often retrievable from a copy of a hard disk.) A business traveller planning to negotiate a deal in the City, offer a contract to a British firm, or set up a plant or office in the UK, may now risk corporate treasure, as well as personal indignity, in subjecting himself to such a C&E search. For some of us, a strip search and sodium pentathol session at the C&E post would be less invasive -- but even the British bureaucrats who came up with this policy would probably consider routine truth-serum interrogations of travellers over the top: unreasonable, uncivil, disprespectful, and likely to drive off tourists, merchants, bankers, and traders who bring money and jobs to the UK. Most of us, of course, will immediately jump to Cyberspace, where ready access to encrypted files on a server or website anywhere in the world leaves them available, but largely secure from government eavesdroppers (even when the recipient of the data transfer is in a London hotel!) It only will be a very very stupid smut merchant who gets caught by C&E's memory trap. On the other hand, damage done to the British economy by C&E's routine searches of travellers' digital memories may be apparent rather quickly. I know of several large multinational corporations that have regular couriers who (daily or several times a week) carry sensitive material -- usually in digital form, on a laptop or Zip disks -- from their Paris offices to London, where it is encrypted and transmitted to their corporate offices around the world. These firms, and others with similar requirements, restrict the size of their French installations (and investments) too. This happens because French law forbids any firm, operating within France, from using strong encryption for either domestic or international data transfers... unless they give the French authorities the crypto keys that would allow the SCSSI to access, copy, and potentially exploit those messages or data files. (French intelligence agencies -- like their counterparts in most governments today -- are widely suspected of trying to steal commercial and industrial secrets from non-French businessmen, and using them to benefit French industrial and commercial interests. France, not being a beneficiary of the Echelon net like the US and UK, maybe has to try a little harder. In recent years, rumors have also led many international flyers to believe, rightly or wrongly, that the first class seats on Air France are wired by those same French agencies for commercial espionage.) Now, I wonder if those corporate couriers will be taking the Eurostar through the Chunnel next week? The couriers may lug briefcases full of paper (which C&E is unlikely to read, or Xerox) for a few days. I suspect, however, that many of those firms are even now urgently reviewing their telecom alternatives. As the recent GILC survey and the EC's Copenhagen Hearings make clear, more business-sensitive governments abound, even in Europe. For the past two years, the dominant policies of the OECD and the European Commission have been to foster electronic commerce by respecting the legitimate needs of consumers and businessmen for crypto-enabled confidentiality. Some correlations between policy and investment have been reported. Ireland recently announced what appears to be one of the most liberal national policies, allowing for the use and trade in crypto-enhanced software, among the Wassenaar signatories: At the time, a senior Irish official noted that his government believes that its progressive stance on corporate requirements for crypto-based confidentiality has led over 700 foreign firms to set up plants and offices in the Emerald Isle. It makes you wonder at the cost-benefits of this British government campaign to nail a few closet perverts? Suerte, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A Thinking Man's Creed for Crypto _vbm.

* Vin McLellan + The Privacy Guild + * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 excerpts from http://www.newtimesla.com/1998/081398/feature1-1.html by Marc Cooper (August 23, 1998 issue of newtimesla.com): Wired Thanks to D.A. Gil Garcetti and the LAPD, Los Angeles is the wiretap capital of America. But it's not just criminals who're being spied upon. With three decades of trial experience behind him, first as a prosecutor and later as a criminal defense attorney, Roger Rosen thought he'd seen everything. Until late last year, that is, after he hired on to defend Antonio Gastelum. In May 1996, Gastelum and two other men got popped by a squad of L.A. narcotics cops while allegedly in possession of 450 pounds of cocaine and $500,000 in cash. As the case snaked through the local courts, two questions tormented Rosen. First, the police reports gave no hint as to how the LAPD zeroed in on his client or the Hacienda Heights residence where the bust went down. "I've been doing this for 28 years," says the Beverly Hills lawyer. "And here I am reading one more police report saying that on X date surveillance began at X address. I said, 'no way.' L.A. is just too fucking big of a place for the cops to stumble onto this. There had to be an informant. Or some very delicate intelligence. Or maybe a wiretap." The last possibility he'd initially ruled out. " 'It can't be a wire' I said to myself," Rosen remembers. He knew the law was crystal clear on this matter: If there's a wiretap, the prosecution must disclose it. So Rosen and other defense attorneys on the case pushed on by filing a battery of discovery motions in an effort to force Los Angeles County Deputy D.A. Jason Lustig to reveal what evidence he was holding -- or maybe hiding. And that led to the second question that haunted Rosen. "Every time we would file another motion," he says, "the prosecutor would request an in camera ex- parte meeting." That means the prosecutor would huddle privately with the judge. "What really got me wondering," says Rosen, "is that after each of these meetings, the D.A. would make me this sort of last-train-out-of-Berlin offer to plea bargain. We said no because now we were convinced they were really hiding something." Hiding something, indeed. "When it finally came out, I got to tell you, it was something I could have never imagined," says Philip DeMassa, the San Diego attorney for Lauro Gaxiola, one of the other men arrested. Some tenacious lawyering by Rosen and DeMassa forced prosecutor Lustig into a discovery hearing he had resisted for months. And there the defense lawyers drew the noose tighter. Eventually, they squeezed out a truth that jolted L.A.'s legal community. They found that during all those private meetings with the judge, the D.A.'s office was pleading that the defense not be told of the existence of a secret wiretap in the case. To reveal the tap, the prosecution argued, would jeopardize other ongoing police investigations. At first, L.A. Superior Court Judge Gregory Alarcon, himself a former federal prosecutor, went along with the D.A.'s request. But as the defense pressed for more discovery, the judge tired of the prosecution's stonewalling. When Judge Alarcon finally allowed the defense to question narcotics officers involved in the arrests, the outcome shocked L.A.'s criminal defense bar. The cops revealed a previously hidden practice known among police and prosecutors as a "hand-off." A hand-off takes place when police tapping Person A pick up incriminating information about Person B and pass it on to other officers. These cops, who supposedly don't know the tip came from a wiretap, then begin investigating Person B. The cops develop "independent" evidence on B, arrest him or her, and never disclose the wiretap since, ostensibly, they don't know it exists. The cops can then continue to use the tap in secret. The hearings before Judge Alarcon revealed it was this practice -- a sort of information laundering -- that led to the Gastelum-Gaxiola drug bust. The arresting officers were handed-off a tip from other cops monitoring a tap aimed at a different target. Officers testified that hand-offs were used hundreds of times, and that county prosecutors had taught them the procedure. Attorneys Rosen and DeMassa couldn't believe their luck in uncovering a practice long suspected by defense lawyers but never proven. In March Judge Alarcon issued a ground-breaking ruling in favor of the defense. He ordered that hand-offs had to be disclosed, and that the defense had a right to transcripts of conversations that had been recorded. The ruling also meant that defense lawyers in the Gastelum-Gaxiola case had the right to challenge the legality of the original tap, as well as its use in the hand-off. Says Rosen: "This hand-off thing is basically a dirty, back-alley way to thumb your nose at the Constitution." That's a judgment shared by a number of legal scholars. "This so-called hand-off method is a sham, a charade," says Robert Pugsley, professor of criminal law at Southwestern University law school in L.A. "It's a very transparent way to get around the defendant's Fourth Amendment rights against illegal search and seizure. Indeed, the revelations in Judge Alarcon's courtroom -- and subsequent efforts by the L.A. County Public Defender's Office to uncover additional information -- opened a window on a tactic that appears to have mushroomed into wholesale LAPD spying on the community. This surveillance, conducted with the approval of L.A. County District Attorney Gil Garcetti's office, has serious implications not only for those convicted on the basis of undisclosed wiretaps but for large numbers of innocent citizens -- perhaps tens of thousands, perhaps more -- whose privacy has been compromised by unrestrained electronic eavesdropping. According to federal records, the national average for taps on individual phone lines is more than 2,000 intercepted conversations involving nearly 100 different people. D.A. Garcetti's office has reported that only 90 wiretaps have been used in L.A. County since 1993. But unbeknownst to the public, each of those taps often covers more than one phone line. Under the single wiretap authorization that produced the Gastelum-Gaxiola case, a mind-boggling 269 phone lines, including an entire retail cellular phone company, were monitored. Taps on just three pay phones at the L.A. County jail in Lynwood, for instance, yielded about 100,000 conversations in six months, according to the Public Defender's office. Recent FBI statistics indicate that on peak days, more than 1,000 phone lines in L.A. County are being tapped, traced, or otherwise electronically monitored by local, state, and federal authorities -- making L.A. the wiretap capital of America. (By contrast, second-place Dade County, Florida, registers only half as many lines intercepted.) L.A.-area taps also tend to run longer, cost more, and produce fewer arrests than the national average. Spurred by Judge Alarcon's ruling, the Public Defender's office -- which represents the accused in nearly three-quarters of all local felony cases -- has entered the legal fray and is trying to force the D.A. to release every scrap of information it has on undisclosed hand-offs and who might have gone to prison because of them. Depending on how that effort turns out, untold numbers of people convicted on primarily drug charges as a result of the hand-offs might get a chance to have their cases overturned. In the name of the war on drugs, it seems the LAPD and D.A.'s office have routinely violated both the letter and spirit of California's very strict electronic surveillance laws. Bound by statute to employ taps only as an investigative means of last resort, prosecutors and police seemingly use them as a first resort -- handing off tips to narcotics officers who open cases on suspects they otherwise would never have known about. In the process, the LAPD and D.A.'s office have systematically denied a still unknown number of defendants their constitutional rights and eavesdropped on countless local residents with no criminal involvement -- without bothering to notify them they were tapped, as required by law. The last time the police were caught in such widespread spying, in the early 80's, the resulting scandal led to the disbanding of the LAPD's Public Disorder Intelligence Division, which, among other things, had been feeding information to extreme right-wing political groups. "It's a crime to improperly disclose wiretap information," former federal prosecutor Marvin Rudnick said in a recent radio interview. "For the police to routinely hand- off and use [the information] like it came from nowhere seems to me like institutional crime. You can't abuse the wiretap law to use it for intelligence purposes. Some high official could go to jail for this." Adds L.A. County Public Defender Mike Judge: "Hundreds of thousands of innocent conversations may have been monitored as a result of this by police. That might be OK in a police state like the USSR...but this is the United States of America, where people understand that this sort of monitoring of their private conversations is both un- American and outrageous. It's also illegal." [...] In June 1997, L.A. Superior Court Judge Robert Perry started issuing a series of wiretap orders, which soon grew into the largest reported narcotics wiretap investigation in California history, according to the Criminal Practice Report newsletter. Public documents indicate that Orange County Superior Court Judge Richard Toohey joined the effort a month later, signing four separate wire intercept orders in a single day. The probe, which stretched over six months, eventually produced 17 separate taps, which together cost $623,110. The bugs were placed on five single family homes, four cellular phones, three digital pagers, and -- most alarmingly -- on five public pay telephones located somewhere in L.A. County. Reports filed with the attorney general indicate that as result of this operation, more than 158,000 individuals had their communications tapped. The pay phone taps eavesdropped on more than 131,000 conversations. But only 10 were believed to be incriminating, and no arrests were reported as a result. "The Fourth Amendment was intended as a move away from general [search] warrants," says Erwin Chemerinsky, the USC law professor. "It says the government has to say exactly who it is searching and why. You cannot legally search, say, a whole neighborhood. But when you listen in to 150,000 calls, then what can you say that is other than the wholesale search of an entire community?" Another unrestricted wiretap operation -- of public pay telephones at an L.A. County jail -- not only picked up large numbers of conversations among ordinary citizens but may have compromised numerous private discussions between criminal suspects and their lawyers. At a cost of more than $1 million, taps were placed on three pay phones inside the county jail in Lynwood. The taps, aimed at a prisoner who'd been arrested for murder, produced no new arrests but eavesdropped on an estimated 100,000 conversations over six months, according to the Public Defender's office. The phones monitored are used by arrestees and inmates to talk to their lawyers on the outside. "For a solid year I stood up in court and told the judge, who was a friend of mine, that I thought my phone conversations were being tapped," says Bellflower defense attorney Andrew Stein, who represented the inmate targeted by the taps. "The judge thought I was crazy. Now we know better. That's all I can say." He can't say more because even though his client has since committed suicide, the lawyer remains under a court-imposed gag order in the case. "Most of the Lynwood inmates are indigent, and they call our office for help," says public defender Quant. "And let's be clear: There is no other way for our clients in custody to call us except from those pay phones. We always identify ourselves with our names when we are called and so do our clients. Why haven't we ever received a single notice that we were overheard on the Lynwood taps? What confidential conversations between lawyer and clients have been intercepted?" In one case, a single wiretap order grew to encompass a whopping 269 phone lines, raising the possibility that police were using it in a wide-ranging fishing expedition. The case began in 1996 when Detective Keith Lewis, of LAPD's Major Narcotics unit, requested court permission to tap a Downey cellular phone retailer, Atel Cellular and Paging. Lewis alleged in a sworn affidavit that Atel was a "corrupt" company deeply involved in facilitating drug sales. He claimed its owners, John Lopez and Atil Nath, were "servicing major narcotics dealers" by providing them with untraceable phones and pagers. A wiretap, argued Lewis, "would afford law enforcement the tool needed to show the extent to which Atel Cellular and Paging participates in the narcotics trade." Lewis' request, backed by the D.A.'s office, was approved by Judge Ouderkirk in May 1996. As the judge's order was routinely renewed time and again, the original 12 Atel hard-wired and cellular phone lines tapped grew to 269 lines. An avalanche of arrests and drug seizures ensued -- 45 suspects, 345 kilos of cocaine, 308 pounds of marijuana, six pounds of meth, and almost $5 million in cash. Among those nailed were Gastelum and Gaxiola. The taps remained in place for the astonishingly long period of nearly two years, until Judge Alarcon ordered their disclosure in March. The number of noncriminal conversations listened in on remains unknown. But remarkably, the named targets of the Atel probe -- Lopez and Nath -- were never arrested. A sworn statement by a Gaxiola defense investigator says that when he interviewed Lopez and Nath in June -- three months after the Atel taps were unplugged -- they said they'd never been arrested, questioned by police, or informed they were investigative targets. A review of court records indicates that neither man has any criminal charges pending against him. And their company still operates today. In court papers, attorney Philip DeMassa, who represents Gaxiola, raises the possibility that the cops turned Lopez and Nath into informants during the investigation. That, he says, might explain why they were never arrested or charged with a crime even though they allegedly helped big-time dope dealers. If Lopez and Nath did become informants, DeMassa says, police statements to the judge saying the two men were engaged in criminal activities -- made to justify the original tap and subsequent expansion -- would have been lies. "If law enforcement truly knew that these 'targets' were actually innocent, then the continued representations of illegal activity would be false and in bad faith," DeMassa wrote in a brief filed last month in an effort to force the D.A.'s office to disclose whether Lopez and Nath were indeed informants. The defense attorney further speculates that Lopez and Nath may have been "stalking horses" for the LAPD to be used "as an excuse to expand narcotics investigations" by trolling more and more phone lines with wiretaps. "The named wiretap targets...most likely were never seriously viewed by law enforcement as targets of law enforcement," DeMassa says in an interview. "For the district attorney to argue otherwise would be to establish that it has knowingly allowed major corrupt phone retailers to continue to violate the law and aid and abet others in doing the same." (DeMassa notes that two years earlier, Lewis requested a tap on another ostensibly drug-connected cellular phone outfit, and again, the owner was never arrested or charged.) Prosecutors have not yet formally responded to DeMassa's motion. [...] from TPDL 1998-Aug-25, from USA Journal Online: Feds: AOL Messages Identify Story Sources WASHINGTON -- The sacred bond between a journalist and his source may be compromised more often in the future as writers rely more heavily on electronic mail [email] to communicate with those sources, because of the federal government's use of electronic eavesdropping. That is especially true if the writer has made certain elements within the government nervous, it seems. A story which appeared in Editor & Publisher last Friday detailed this nightmare scenario involving a writer who had written a controversial book about the TWA Flight 800 disaster. According to E&P, "the U.S. Justice Department's prosecutorial use of a collection of e-mail messages between an unpopular journalist and his sources" resulted from the government's acquisition of private email message files sent over America Online by "James Sanders, a retired Seal Beach, Calif., police officer turned journalist." Sanders has recently completed a new book, The Downing of TWA Flight 800: The Shocking Truth Behind the Worst Airline Disaster in U.S. History. In it, he relied on evidence he gathered from one of the seats, which was on board the plane, that allegedly tested positive for explosive residue found in surface-to-air missiles. The government's official explanation as to why the airliner exploded remains inconclusive, but at last count the National Traffic and Safety Board [NTSB] agreed with the FBI that a short in the wiring of an empty fuel tank likely caused the midair explosion which brought the airliner down. However, Sanders' book not only refutes that hypothesis, but claims to support the missile shootdown theory based his independent laboratory analysis of the plane seat. Upon hearing that Sanders obtained such evidence, the Justice Department embarked on an investigation of Sanders to find out where he had obtained the seat in the first place. They claim he improperly possesses evidence which was being examined in a criminal case. More at issue, though, is the alleged privacy of email files which pass through a number of junctions, called servers, while enroute from a sender's computer to the recipient. According to the law, the government cannot intercept email messages while they are in transit. But a loophole in the law allows government agencies to lift email messages once they reach the server, where they are stored until a recipient downloads the message to read. Larger Internet companies like AOL who store email messages on their servers after they have been downloaded by the recipient are inadvertantly putting their clients at risk for government eavesdroppers. In the Sanders case, the Reporters Committee for Freedom of the Press is concerned about what the FBI has done because they appear to have compromised Sanders' sources during the course of a legitimate journalistic investigation. Further, they believe it was done simply because Sanders was writing a book which debunked government explanations of the '800' disaster. The FBI says that Sanders was indicted in January on charges that he conspired to steal the seat samples from the Long Island, N.Y., hanger where the crashed TWA plane was being reassembled. The indictment resulted from a federal grand jury investigation of press leaks during that FBI probe. He became an FBI target after the Riverside, Calif., Press-Enterprise reported on March 10, 1997 that the seat samples Sanders possessed showed residue left by an anti-aircraft missile explosion. Sanders collaborated with Press-Enterprise reporter David Hendrix to produce the story. Most of the mainstream press, however, has shunned Sanders' research. To this day he continues to be refuted by both government and military experts who seem reluctant to even look at his evidence. Sanders was the subject of another records controversy in 1997 when the U.S. Justice Department admitted that it broke its own rules by failing to get Attorney General Janet Reno's approval before secretly subpoenaing Sanders' telephone account files. Section 28, CFR, 50.10 of federal regulations requires that U.S. attorneys follow that procedure when seeking records of journalists. The U.S. attorney's office later apologized to Sanders. "In the meantime, the Justice Department also went after and obtained -- in a manner whose details are not entirely clear -- significant numbers of the e-mail messages Sanders exchanged with his sources," according to E&P. Copies of those e-mail messages are part of a lengthy list of pretrial discovery material the Justice Department recently sent to Sanders' attorneys. That disclosure has prompted Jane Kirtley, executive director of the Reporters Committee For Freedom of the Press, to warn that the Justice Department often nibbles away at First Amendment rights by going after journalists espousing unpopular causes. "Justice tests the waters to see how things go down with the legal and media communities," Kirtley said, "but then the next time, they're subpoenaing Fox Butterfield of the New York Times. They figure, 'hey, if it didn't raise eyebrows before, why not do it there.'" Kirtley also said the case demonstrated why journalists must be concerned about using e-mail to communicate with sources for sensitive stories. "I always assume that someone is reading my e-mail," she said. E&P reported that the Justice Department has at least two batches of Sanders' e- mail -- one involving his attempts to find an organization to test the TWA seat covers and a second set involving his relationship with the laboratory that ultimately conducted the tests. Federal electronic laws prohibit law enforcement agencies from gaining access to private e-mail transmissions without a warrant. Justice maintains that it violated no federal laws in acquiring Sanders' e-mail correspondence, noting that some material was turned over to them voluntarily. However, while AOL's legal department acknowledged that the online service was served a subpoena by the Justice Department in April of 1997 it said the only information to DoJ was confirmation that Sanders had an AOL e-mail account. "We were asked for basic information," said John D. Ryan, an attorney who handles law-enforcement inquiries for AOL. "We never turned over any content- related material." E&P said "the first of the two sets of e-mail obtained by the Justice Department are messages exchanged between Sanders and Tom Cavallero, a California digital computer expert who works extensively with the police forensic experts. "Sanders asked Cavallero in his e-mail messages if he knew any agencies that might be willing to test for solid fuel rocket residue. "The clients for the tests, Sanders wrote to Cavallero, were a 'national TV newsmagazine (Inside Edition) and a national newsmagazine (Aviation Week).'" Cavallero told E&P in a telephone interview from his West Coast home that he voluntarily turned over all related e-mail records to the FBI. "I was working as a volunteer in the Placer County sheriff's office, which is near Lake Tahoe, when the story about Sanders first came out," Cavallero said. "Then one day I'm watching television (NBC's "Dateline") and I see him. I didn't know that the seats had been stolen. I didn't want to be a snitch, but I felt like I was in a bind. I asked my sergeant what to do. He suggested that I call up the FBI and I did. "I gave it to the FBI because I didn't want people to think they couldn't trust me," he explained. Sanders eventually had the samples analyzed at the West Coast Analytical Service, an independent laboratory in Santa Fe Springs, Calif., which he said concluded that the red residue on the seat material came from a missile.

By Claire Wolfe ( http://www.geocities.com/SoHo/Lofts/2110/Rants.html), reprinted from 'Freedom Network News' published by International Society for Individual Liberty (ISIL) ([email protected]), July/August 1998: AMERIKA, AMERIKA ("Land-Mine" Legislation) by Claire Wolfe [by permission; see notice at end] Let me run by you a brief list of items that are "the law" in America today. As you read, consider what all these have in common. 1. A national database of employed people. [See notes at end of article.] 2. 100 pages of new "health-care crimes", for which the penalty is (among other things) seizure of assets from both doctors and patients. 3. Confiscation of assets from any American who establishes foreign citizenship. 4. The largest gun confiscation act in US history -- which is also an unconstitutional ex-post-facto law and the first law ever to remove people's constitutional rights for committing a misdemeanor. 5. A law banning guns in ill-defined school zones; random roadblocks may be used for enforcement; gun-bearing residents could become federal criminals just by stepping outside their doors or getting into vehicles. 6. Increased funding for the Bureau of Alcohol, Tobacco, and Firearms, an agency infamous for its brutality, dishonesty, and ineptitude. 7. A law enabling the executive branch to declare various groups "terrorists" -- without stating any reason and without the possibility of appeal. Once a group has been so declared, its mailing and membership lists must be turned over to the government. 8. A law authorizing secret trials with secret evidence for certain classes of people. 9. A law requiring that all states begin issuing drivers licenses carrying Social Security numbers and "security features" (such as magnetically coded fingerprints and personal records) by October 1, 2000. By October 1, 2006, "Neither the Social Security Administration or the Passport Office or any other Federal agency or any State or local government agency may accept for any evidentiary purpose a State's license or identification document in a form other than [one issued vith a verified Social Security number and 'security features']." 10. And my personal favorite -- a national database, now being constructed, that will contain every exchange and observation that takes place in your doctor's office. This includes records of your prescriptions, your hemorrhoids, and your mental illness. It also includes -- by law -- any statements you make ("Doc, I'm worried my kid may be on drugs... Doc, I've been so stressed out lately I feel about ready to go postal...") and any observations your doctor makes about your mental or physical condition, whether accurate or not, whether made with you knowledge or not. For the time being, there will be zero (count 'em, zero) privacy safeguards on this data. But don't worry, your government will protect you with some undefined "privacy standards" in a few years. All of the above items are the law of the land. Federal law. What else do they have in common? Well, when I ask this question to audiences, I usually get the answer, "They're all unconstitutional." True. My favorite answer came from an eloquent college student who blurted, "They all SUUUCK!" Also true. But the saddest and most telling answer is: They were all the product of the 104th Congress. Every one of the horrors above was imposed upon you by the Congress of the Republican-Revulation -- the Congress that pledged to "get government off your back". BURYING TIME BOMBS All of the above became law by being buried in larger bills. In many cases, they are hidden sneak attacks upon individual liberties that were neither debated on the floor of Congress nor reported in the media. For instance, three of the most horrific items (the health care database, asset confiscation for foreign residency, and the 100 pages of health care crimes) were hidden in the Kennedy-Kassebaum Health Insurance Portability & Accountability Act of 1996 (HR 3103). You didn't hear about them at the time because the media was too busy celebrating this moderate, compromise bill that "simply" ensured that no American would ever lose insurance coverage due to a job change or a pre-existing condition. Your legislator may not have heard about them, either. Because he or she didn't care enough to do so. The fact is, most legislators don't even read the laws they inflict upon the public. They read to title of the bill (which may be something like "The Save the Sweet Widdle Babies From Gun Violence Act of 1984"). They read summaries, which are often prepared by the very agencies or groups pushing the bill. And they vote according to various deals or pressures. It also sometimes happens that the most horrible provisions are sneaked into bills during conference committee negotiations, after both House and Senate have voted on their separate versions of the bills. The conference committee process is supposed simply to reconcile differences between two versions of a bill. But power brokers use it for purposes of their own, adding what they wish. Then members of the House and Senate vote on the final, unified version of the bill, often in a great rush, and often without even having the amended text available for review. I have even heard (though I cannot verify) that stealth provisions were written into some bills after all the voting had taken place. Someone with a hidden agenda simply edits them to suit his or her own purposes. So these time bombs become "law" without ever having been voted on by anybody. And who's to know? If congress people don't even read legislation before they vote on it, why would they bother reading it afterward? Are power brokers capable of such chicanery? Do we even need to ask? Is the computer system in which bills are stored vulnerable to tampering by people within or outside of Congress? We certainly should ask. Whether your legislators were ignorant of the infamy they were perpetrating, or whether they knew, one thing is absolutely certain: the Constitution, your legislator's oath to it, and your inalienable rights (which precede the Constitution) never entered into anyone's consideration. Ironically, you may recall that one of the early pledges of Newt Gingrich & Company was to stop these stealth attacks. Very early in the 104th Congress, the Republican leadership declared that henceforth all bills would deal only with the subject matter named in the title of the bill. When, at the beginning of the first session of the 104th, pro-gun Republicans attempted to attach a repeal of the "assault weapons" ban to another bill, House leaders dismissed their amendment as not being "germane". After that self-righteous and successful attempt to prevent pro-freedom stealth legislation, Congress people turned right around and got back to the dirty old business of practicing all the anti-freedom stealth they were capable of. STEALTH ATTACKS IN BROAD DAYLIGHT Three other items on my list (BATF funding, gun confiscation, and school-zone roadblocks) were also buried in a big bill: HR 3610, the budget appropriation passed near the end of the second session of the 104th Congress. No legislator can claim to have been unaware of these three because they were brought to public attention by gun-rights groups and hotly debated in both Congress and the media. Yet some 90% of all congress people voted for them, including many who claim to be ardent protectors of the rights guaranteed by the Second Amendment. Why? Well, in the case of my wrapped-in-the-flag, allegedly pro-gun, Republican congress person: "Bill Clinto made me do it!" Okay, I paraphrased. What she actually said was more like, "It was part of a budget appropriations package. The public got mad at us for shutting the government in 1994. If we hadn't voted for this budget bill, they might have elected a Democratic legislature in 1996 -- and you wouldn't want THAT, would you?" Oh heavens, no; I'd much rather be enslaved by people who spell their name with an "R" than people who spell their name with a "D". Makes all the difference in the world! HOW SNEAK ATTACKS ARE JUSTIFIED The Republicans are fond of claiming that Bill Clinton "forced" them to pass certain legislation by threatening to veto anything they sent to the White House that didn't meet his specs. In other cases (as with the Kennedy-Kassebaum bill), they proudly proclaim their misdeeds in the name of bipartisanship -- while carefully forgetting to mention the true nature of what theyt are doing. In still others, they trumpet their triumph over the evil Democrats and claim the mantle of limited government while sticking it to us and to the Constitution. The national database of workers was in the welfare-reform bill they "forced" Clinton to accept. The requirement for SS numbers and ominous "security" devices on drivers licenses originated in their very own Immigration Control & Financial Responsibility Act of 1996, HR 2202. Another common trick, called to my attention by Redmon Barbry, publisher of the electronic magazine 'Fratricide', is to hide duplicate or near-duplicate provisions in several bills. Then, when the Supreme Court declares Section A of Law Z to be unconstitutional, its kissing cousin, Section B of Law Y, remains to rule us. Sometimes this particular form of trickery is done even more brazenly: when the Supreme Court, in its Lopez decision, declared federal-level school zone gun bans unconstitutional because Congress demonstrated no jurisdiction, Congress brassily changed a few words. They claimed that school zones fell under the heading of "interstate commerce". Then they sneaked the provision into HR 3610, where it became "law" once again. When angry voters upbraid congress people about some Big Brotherish horror they've inflicted upon the country by stealth, they claim lack of knowledge, lack of time, party pressure, public pressure, or they justify themselves by claiming that the rest of the bill was "good". The simple fact is that, regardless of what reasons legislators may claim, the US Congress has passed more Big Brother legislation in the last two years -- more laws to enable tracking, spying, and controlling -- than any Democratic Congress ever passed. And they have done it, in large part, in secret. Redmon Barbry put it best: "We the people have the right to expect our elected representatives to read, comprehend, and master the bills they vote on. If this means Congress passes only 50 bills per session instead of 5000, so be it. As far as I am concerned, whoever subverts this process is committing treason." By whatever means the deed is done, there is no acceptable excuse for voting against the Constitution, voting for tyranny. And I would add to Redmon's comments: Those who do read the bills, then knowingly vote to ravage our liberties, are doubly guilty. But when do the treason trials begin? BILLS AS WINDOW DRESSING FOR AN UGLY AGENDA The truth is that these tiny, buried provisions are often the real intent of the law, and that the hundreds, perhaps thousands, of pages that surround them are sometimes nothing more than elaborate window dressing. These tiny time bombs are placed there at the behest of federal police agencies or other power groups whose agenda is not clearly visible to us. And their impact is felt long after the outward intent of the bill has been forgotten. Civil forfeiture -- now one of the plagues of the nation, was first introduced in the 1970s as one of those buried, almost unnoticed provisions of a larger law. One wonders why on earth a "health care bill" carried a provision to confiscate the assets of people who became frightened or discouraged enough to leave the country. (In fact, the entire bill was an amendment to the Internal Revenue Code. Go figure.) I think we all realize by now that the database of employed people will still be around enabling the government to track our locations (and heaven knows what else, about us, as the database is enhanced and expanded) long after the touted benefits of "welfare reform" have failed to materialize. And most grimly of all, our drivers licenses will be our de facto national ID card long after immigrants have ceased to want to come to this Land Of The Once Free. CONTROL REIGNS It matters not one whit whether the people controlling you call themselves R's or D's, liberals or conservatives, socialists or even (I hate to admit it) libertarians. It doesn't matter whether they vote for these horrors because they're not paying attention, or because they actually like such things. What matters is that the pace of totalitarianism is increasing. And it is coming closer to our daily lives all the time. Once your state passes the enabling legislation (under threat of losing "federal welfare dollars"), it is YOUR name and Social Security Number that will be entered in that employee database the moment you go to work for a new employer. It is YOU who will be unable to cash a check, board an airplane, get a passport or be allowed any dealings with any government agency if you refuse to give your SS number to the drivers license bureau. It is YOU who will be endangered by driving "illegally" if you refuse to submit to Big Brother's procedures. It is YOU whose psoriasis, manic depression, or prostate troubles will soon be the reading matter of any bureaucrat with a computer. It is YOU who could be declared a member of a "foreign terrorist" organization just because you bought a book or concert tickets from some group the government doesn't like. It is YOU who could lose your home, bank account, and reputation because you made a mistake on a health-insurance form. Finally, when you become truly desperate for freedom, it is YOU whose assets will be seized if you try to flee this increasingly insane country. As Ayn Rand said in 'Atlas Shrugged', "There's no way to rule innocent men. The only power government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws." It's time to drop any pretense. We are no longer law- abiding citizens. We have lost our law-abiding status. There are simply too many laws to abide. And because of increasingly draconian penalties and electronic tracking mechanisms, our "law-breaking" places us and our families in greater jeopardy every day. STOPPING RUNAWAY GOVERNMENT The question is: What are we going to do about it? Write a nice polite letter [to our congress person? If you think] that'll help, I've got a bridge you might be interested in buying. (And it isn't your "bridge to the future", either.) Vote "better people" into office. Oh yeah, that's what you thought we were doing in 1994. Work to fight one bad bill or another? Okay. What will you do about the 10 or 20 or 100 equally horrible bills that will be passed behind your back while you were fighting that little battle? And let's say you defeat a nightmare bill this year. What are you going to do when they sneak it back in, at the very last minute, in some "omnibus legislation" next year? And what about the horrors you don't even hear about until two or three years after they become law? Should you try fighting these laws in the courts? Where do you find the resources? Where do you find a judge who doesn't have a vested interest in bigger, more powerful government? And again, for every one case decided in favor of freedom, what do you do about the 10, 20 or 100 in which the courts decide against the Bill of Rights? Perhaps you'd consider trying to stop the onrush of these horrors with a constitutional amendment -- maybe one that bans "omnibus" bills, requires that every law meet a constitutional test, or requires all congress people to sign statements that they've read and understood every aspect of every bill on which they vote. Good luck! Good luck, first, on getting such an amendment passed. Then good luck getting our Constitution-scorning "leaders" to obey it. It is true that the price of liberty is eternal vigilance, and part of that vigilance has been, traditionally, keeping a watchful eye on laws and on lawbreaking lawmakers. But given the current pace of law-spewing and unconstitutional regulation-writing, you could watch, plead, and struggle "within the system" 24 hours a day for your entire life and end up infinitely less free that when you begin. Why throw your life away on a futile effort? Face it. If "working within the system" could halt tyranny, the tyrants would outlaw it. Why do you think they encourage you to vote, to write letters, to talk to them in public forums? It's to divert your energies. To keep you tame. "The system", as it presently exists, is nothing but a rat maze. You run around thinking you're getting somewhere. Your masters occasionally reward you with a little pellet that encouages you to believe you're accomplishing something. And in the meantime, you are as much their property and their pawn as if you were a slave. In the effort of fighting them on their terms and with their authorized and approved tools, you have given your life's energy to them as surely as if you were toiling in their cotton fields,under the lash of their overseer. The only way we're going to get off this road to Hell is if we jump off. If we, personally, ass individuals, refuse to cooperate with evil. How we do that is up to each of us. I can't decide for you, nor you for me. (Unlike congress people, who think they can decide for everybody.) But this totalitarian runaway truck is never going to stop unless we stop it, in any way we can. Stopping it might include any number of things: tax resistance; public civil disobedience; wide-scale, silent non-cooperation; highly noisy non-cooperation; boycotts; secession efforts; monkey wrenching; computer hacking; dirty tricks against government agents; public shunning of employees of abusive government agencies; alternative, self-sufficient communities that provide their own medical care and utilities. There are thousands of avenues to take, and this is something most of us still need to give more thought to before we can build an effective resistance. We will each choose the courses that are right for our own circumstances, personalities, and beliefs. Whatever we do, though, we must remember that we are all, already, outlaws. Not one of us can be certain of going through a single day without violating some law or regulation we've never even heard of. We are all guilty in the eyes of today's law. If someone in power chooses to target us, we can all, already be prosecuted for something. And I'm sure you know that your claims of "good intentions" won't protect you, as the similar claims of politicians protect them. Politicians are above the law. YOU are under it. Crushed under it. When you look at it that way, we have very little left to lose by breaking laws creatively and purposefully. Yes, some of us will suffer horrible consequences for our lawbreaking. It is very risky to actively resist unbridled power. It is especially risky to go public with resistance (unless hundreds of thousands publicly join us), and it becomes riskier the closer we get to tyranny. For that reason, among many others, I would never recommend any particular course of action to anyone -- and I hope you'll think twice before taking "advice" from anybody about things that could jeopardize your life or well-being. But if we don't resist in the best ways we know how and if a good number of us don't resist loudly and publicly -- all of us will suffer the much worse consequences of living under total oppression. And whatever courses of action we choose, we must remember that this legislative "revolution" against "We the People" will not be stopped by politeness. It will not be stopped by requests. It will not be stopped by "working within a system" governed by those whe regard us as nothing but cattle. It will not be stopped by pleading for justice from those who will resort to any degree of trickery or violence to rule us. It will not be stopped unless we are willing to risk our lives, our fortunes, and our sacred honors to stop it. I think of the words of Winston Churchill: "If you will not fight for the right when you can easily win without bloodshed, if you will not fight when your victory will be sure and not so costly, you may come to the moment when you will have to fight with all the odds against you and only a precarious chance for survival. There may be a worse case. You may have to fight when there is no chance for victory, because it is better to perish than to live as slaves." NOTES on the laws listed above 1. (Employee database) Welfare Reform Bill, HR 3734; became Public Law 104- 193 on 8/22/96; see Section 453A. 2. (Health care crimes) Health Insurance Portability & Accountability Act of 1996, HR 3103; became Public Law 104-191 on 8/21/96. 3. (Asset confiscation for citizenship change) Same law as #2; see Sections 511- 513. 4, 5, 6. (Anti-gun laws) Omnibus Appropriations Act, HR 3610; became Public Law 104-208 on 9/30/96. 7, 8. (Terrorism and secret trials) Antiterrorism & Effective Death Penalty Act of 1996, S735; became Public Law 104-132 on 4/24/96; see all of Title III, specifically Sections 302 and 219, also see all of Title IV, specifically Sections 401, 501, 502, and 503. 9. (De facto national ID card) Began life in the Immigration Control & Financial Responsibility Act of 1996; was eventually folded into the Omnibus Appropriations Act, HR 3610 (which was formerly called the Defense Appropriations Act -- but we wouldn't want to confuse anyone, here, would we?); became Public Law 104-208 on 9/30/96; see Sections 656 and 657, among others. 10. (Health care database) Health Insurance Portability & Accountability Act of 1996, HR 3103; became Public Law 104-191 on 8/21/96; see Sections 262, 263, and 264, among others. The various provisions that make up the full horror of this database are scattered throughout the bill and may take hours to track down; this one is stealth legislation at its utmost sneakiest.

And one final, final note: Although I spent aggravating hours verifying the specifics of these bills (a task I swear I will never waste my life on again!), the original list of bills at the top of this article was NOT the result of extensive research. It was simply what came off the top of my head when I thought of Big Brotherish bills from the 104th Congress. For all I know, Congress has passed 10 times more of that sort of thing. In fact, the worst "law" in the list -- #9, the de facto national ID card -- just came to my attention as I was writing this essay, thanks to the enormous efforts of Jackie Juntti and Ed Lyon and others, who researched the law. Think of it: thanks to congressional stealth tactics, we had the long-dreaded national ID card for five months, without a whisper of discussion, before freedom activists began to find out about it. Makes you wonder what else might be lurking out there, doesn't it? And on that cheery note -- THE END. (C) Copyrighted by Claire Wolfe. Permission to reprint freely granted, provided the article is reprinted in full and that any reprint is accompanied by this announcement.

Next Chapter: The Web of Foundations

Previous Chapter: Enslaving Speech