Category: Privacy (Electronic Surveillance)

0

NSA Metadata Surveillance and the Fourth Amendment

Phone NSA 01

 

A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama.

The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom they are made — i.e., not the content of the phone conversations but the phone numbers of the people having the conversations.

The key Fourth Amendment case at issue is Smith v. Maryland, 442 U.S. 745 (1979), which held that a pen register device capturing the phone numbers a person dialed wasn’t protected by the Fourth Amendment partly because the phone company had access to the phone numbers and partly because phone numbers weren’t viewed to be as sensitive as the phone conversations themselves.

The court in Klayman has an interesting view of why Smith v. Maryland is no longer applicable. Essentially, the court argues that the pen register information the government could gather when Smith was decided is much different from the very broad systematic gathering of phone records today.

The Klayman court relies on the U.S. Supreme Court’s fairly recent decision in United States v. Jones, 132 S.Ct. 945 (2012), where five justices in concurrences noted that wide-scale extensive surveillance technologies have different implications than there older more limited counterparts. Jones involved GPS, and the Court there distinguished an earlier case involving a beeper device that tracked a car. In a concurring opinion, Justice Alito wrote that “relatively short-term monitoring of a person’s movements on public streets accords with expectations of privacy that our society has recognized as reasonable. But the use of longer term GPS monitoring in investigations of most offenses impinges on expectations of privacy. For such offenses, society’s expectation has been that law enforcement agents and others would not—and indeed, in the main, simply could not—secretly monitor and catalogue every single movement of an individual’s car for a very long period.”

I find much merit to the Klayman court’s analysis. I have long argued that Smith was wrongly decided, and not too long ago, I wrote here about why there are strong privacy interests in metadata.

Read More

2

The NSA’s Santa Surveillance Program

I was able to obtain the latest National Security Agency (NSA) memo leaked by Edward Snowden.  I reprint it in full below.

TOP SECRET AND CLASSIFIED

THE NATIONAL SECURITY AGENCY

SANTA SURVEILLANCE PROGRAM (SSP)

 

Intelligence reports have indicated an alarming amount of chatter between citizens of the United States and a foreign organization with unknown whereabouts somewhere near the North Pole.  The organization is led by an elderly bearded cleric with the alias, “Santa.”

We have probable cause to believe that this “Santa” organization is providing material support to terrorist cells in the United States.  On numerous occasions, “Santa” has reportedly entered the country illegally by flying across the border in a stealth aircraft.  He delivers contraband to various enemy combatants who request weapons and other military vehicles and aircraft.

For example, the intercepted letter below is from an enemy combatant by the name of “Johnny Smith”:

NSA Santa 01

Another letter, written by enemy combatant “Mikey Brown” – an alias for Michael Brown – indicates a desire for a weapon of mass destruction called “the Death Star.”   Mikey is now being questioned at an unidentified secure location.

Santa has an army of followers who call themselves “elves” and who train in Santa’s camp.  We fear that these elves are highly radicalized.

Based upon a recent dramatic increase in chatter between the Santa organization and enemy combatants in the U.S., we will initiate a new surveillance program caked the “Santa Surveillance Program” (SSP).

We will monitor all communications by all people everywhere.  For minimization standards, we will limit our surveillance to human beings only and not include other life forms.

The SSP will be ongoing until “Santa” is terminated by a drone attack.

Cross-posted at LinkedIn

0

With Great Power Comes Great Responsibility

In a sentence, Anupam Chander’s The Electronic Silk Road contains the good, the bad and the ugly of the modern interconnected and globalized world.

How many times do we use terms like “network” and “global”? In Professor Chander’s book you may find not only the meanings, but also the possible legal, economical and ethical implications that these terms may include today.

It’s well known that we are facing a revolution, despite of recent Bill Gates’ words that “The internet is not going to save the world”. I partly agree with Mr. Gates. Probably the internet will not save the world, but for sure it has already changed the world as we know it, making possible the opportunities that are well described in The Electronic Silk Road.

However, I would like to use my spot in this Symposium not to write about the wonders of the Trade 2.0, but to share some concerns that , as a privacy scholar, I have.

The problem is well known and is connected to the risk of the big data companies, that base their business model on consumer-profiling for selling advertisement or additional services to the companies.

“[T]he more the network provider knows about you, the more it can earn” writes Chander, and as noted by V. Mayer-Schönberger and K. Cukier in their recent book Big Data, the risks that could be related with the “dark side” of the big data are not just about the privacy of individuals, but also about the processing of those data, with the “possibility of using big data predictions about people to judge and punish them even before they’ve acted.”.

This is, probably, the good and the bad of big data companies as modern caravans of the electronic silk road: they bring a lot of information, and the information can be used, or better processed, for so many different purposes that we can’t imagine what will happen tomorrow, and not only the risk of a global surveillance is around the corner (on this topic I suggest to read the great post by D. K. Citron and D. Gray Addressing the Harm of Total Surveillance: A Reply to Professor Neil Richards), but also the risk of a dictatorship of data.

This possible circumstance, as Professor Solove write in the book Nothing To Hide “[…] not only frustate the individual by creating a sense of helpness and powerlessness, they also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives.”

Thus, I guess that the privacy and data protection ground could be the real challenge for the electronic silk road.

Professor Chander’s book is full of examples about the misuse of data (see the Paragraph Yahoo! in China), the problem of protection of sensitive data shared across the world (see the Paragraph Boston Brahmins and Bangalore Doctors), the problem about users’ privacy posed by social networks (see Chapter 5 Facebookistan).

But Professor Chander was able also to see the possible benefits of big data analysis (see the Paragraph Predictions and Predilections), for example in healthcare, thus is important to find a way to regulate the unstoppable flowing of data across the world.

In a so complex debate about a right that is subject to different senses and definitions across the world (what is “privacy” or “personal data” is different between USA, Canada, Europe and China for example), I find very interesting the recipe suggested by Anupam Chander.

First of all, we have to embrace some ground principles that are good both for providers and for law and policy makers: 1) do no evil; 2) technology is neutral; 3) the cyberspace need a dematerialized architecture.

Using these principles, it will be easy to follow Professor Chander’s fundamental rule: “harmonization where possible, glocalization where necessary”.

A practical implementation of this rule, as described in Chapter 8, will satisfy the different view of data privacy in a highly liberal regimes and in a highly repressive regime, pushing the glocalization (global services adapt to local rules) against the deregulation in the highly liberal regimes and the “do no evil” principle against the oppression in the highly repressive regime.

This seems reasonable to me, and at the end of my “journey” in Professor Chander’s book, I want to thank him for giving us some fascinating, but above all usable, theories for the forthcoming international cyberlaw.

10

On the NSA and Media Bias: An Extended Analysis

By Albert Wong and Valerie Belair-Gagnon, Information Society Project at Yale Law School

In a recent article in the Columbia Journalism Review, we reported that major US newspapers exhibited a net pro-surveillance bias in their “post-Edward Snowden” coverage of the NSA. Our results ran counter to the general perception that major media outlets lean “traditionally liberal” on social issues. Given our findings, we decided to extend our analysis to see if the same bias was present in “traditionally conservative” and international newspapers.

Using the same methods described in our previous study, we examined total press coverage in the Washington Times, one of the top “traditionally conservative” newspapers in the US. We found that the Washington Times used pro-surveillance terms such as security or counterterrorism 45.5% more frequently than anti-surveillance terms like liberty or rights. This is comparable to USA Today‘s 36% bias and quantitatively greater than The New York Times‘ 14.1% or the Washington Post‘s 11.1%. The Washington Times, a “traditionally conservative” newspaper, had the same, if not stronger, pro-surveillance bias in its coverage as neutral/”traditionally liberal”-leaning newspapers.

In contrast, The Guardian, the major UK newspaper where Glenn Greenwald has reported most of Snowden’s disclosures, did not exhibit such a bias. Unlike any of the US newspapers we examined, The Guardian actually used anti-surveillance terms slightly (3.2%) more frequently than pro-surveillance terms. Despite the UK government’s pro-surveillance position (similar to and perhaps even more uncompromising than that of the US government), the Guardian‘s coverage has remained neutral overall. (Neutral as far as keyword frequency analysis goes, anyway; the use of other methods, such as qualitative analysis of article tone, may also be helpful in building a comprehensive picture.)

Our extended results provide additional context for our earlier report and demonstrate that our analysis is “capturing a meaningful divide.”

On a further note, as several commenters suggested in response to our original report, the US media’s pro-surveillance bias may be a manifestation of a broader “pro-state” bias. This theory may be correct, but it would be difficult to confirm conclusively. On many, even most, issues, the US government does not speak with one voice. Whose position should be taken as the “state” position? The opinion of the President? The Speaker of the House? The Chief Justice? Administration allies in Congress? In the context of the Affordable Care Act, is there no “pro-state” position at all, since the President, the Speaker, and the Chief Justice each have different, largely irreconcilable views?

0

Opportunities and Roadblocks Along the Electronic Silk Road

977574_288606077943048_524618202_oLast week, Foreign Affairs posted a note about my book, The Electronic Silk Road, on its Facebook page. In the comments, some clever wag asked, “Didn’t the FBI shut this down a few weeks ago?” In other venues as well, as I have shared portions of my book across the web, individuals across the world have written back, sometimes applauding and at other times challenging my claims. My writing itself has journed across the world–when I adapted part of a chapter as “How Censorship Hurts Chinese Internet Companies” for The Atlantic, the China Daily republished it. The Financial Times published its review of the book in both English and Chinese.

International trade was involved in even these posts. Much of this activity involved websites—from Facebook, to The Atlantic, and the Financial Times, each of them earning revenue in part from cross-border advertising (even the government-owned China Daily is apparently under pressure to increase advertising) . In the second quarter of 2013, for example, Facebook earned the majority of its revenues outside the United States–$995 million out of a total of $1,813 million, or 55 percent of revenues.

But this trade also brought communication—with ideas and critiques circulated around the world.  The old silk roads similarly were passages not only for goods, but knowledge. They helped shape our world, not only materially, but spiritually, just as the mix of commerce and communication on the Electronic Silk Road will reshape the world to come.

Read More

Coding Freedom: An Aesthetics of Decontrol

Gabriella Coleman’s Coding Freedom is a beautifully written book, offering deep insight into communities of hackers. By immersing herself in the culture of free and open source software devotees, she helps us understand the motivations, goals, frustrations, and aesthetics of a frequently misunderstood movement. The stakes are high, both for those inside and outside the hacker community. Some want the term hacker to primarily denote playful creativity; others emphasize subversion of oppressive power centers; still others embrace an identity of unreasoned disruption.

Outsiders stray into such debates at their peril, and Coleman took significant risks to write the book. As an academic, she defied conventional anthropological career paths by launching an investigation of a digitally connected enclave within an advanced society.* As an observer, she risked that sub-subcultures would try to exact revenge on her for saying something they disagreed with. (It’s not just the obvious targets who get hacked.) But the gambles have paid off, both within the academic community and in the broader ambit of Internet intellectuals.

Hackers are frequently misunderstood, both when praised and when damned. In the popular imagination, the computer hacker can pop up as a digital Bonnie or Clyde, fighting “the system” of opaque automation. On the other hand, former NSA Chief Michael Hayden wrote off hacker fans of Edward Snowden as “nihilists, anarchists, activists, Lulzsec, Anonymous, twentysomethings who haven’t talked to the opposite sex in five or six years.” The hero/villain narratives are easy to sell to Wired or Fox. Coleman gives us a much richer story.
Read More

Martin Luther King, Labor Day, and Surveillance

Interesting to see how the three topics converge. First, an excerpt from King’s December 1961 speech to the AFL-CIO Convention:

Less than a century ago, the laborer had no rights, little or no respect, and led a life that was socially submerged and barren. . . . American industry organized misery into sweatshops and proclaimed the right of capital to act without restraints and without conscience. . . . The children of workers had no childhood and no future. They, too, worked for pennies an hour and by the time they reached their teens they were worn-out old men, devoid of spirit, devoid of hope and devoid of self-respect.

Second, from Tom Geoghegan’s analysis of King as a labor leader: “It is said that just after this speech, J. Edgar Hoover was more determined to wiretap King.”

Treating someone working for the betterment of the many, as an enemy of the state, is a core harm of politicized surveillance.

0

Over-Parenting Goes International

The thought of hiring a private detective in this age of relatively accessible electronic surveillance seems a bit retro, like a black-and-white scene from a smoky film noire. But it has been enjoying a surprising comeback in recent years, with parents who hire private investigators to spy on their children.

In an article titled Over-Parenting, my co-author Gaia Bernstein and I identified a trend of legal adoption of intensive parenting norms. We cautioned against society legally sanctioning a single parenting style – namely, intensive parenting – while deeming potentially neglectful other parenting styles which could be perfectly legitimate. We also pointed out that involved parenting is class-biased, since it is costly, and not all parents can afford the technology that would enable them to be intensive parents, such as purchasing GPS enabled smartphones for their kids. We argued that when intensive parenting is used for children who do not need it, it becomes over-parenting. Not all children need the same level of involvement in their lives; one of the most important roles of parents is to prepare their children for independent life, and over-parenting might thwart that role. Finally, we speculated that the cultural model for intensive parenting originates in media depictions of upper-middle class families, and that how these families are portrayed in movies and TV shows influences real-life parents.

Well, I’m sad to report that over-parenting is not a unique American phenomenon. Last year, for example, a Chinese newspaper reported that parents in china are increasingly becoming more involved in their children’s lives by hiring private investigators to check whether the children use drugs, drink alcohol or have sex. In Israel some parents are doing the same, especially during the long summer break, during which bored teenagers, many parent fear, are prone to engage in such activities (if you read Hebrew, you can read the story here). I am sure that some American parents do the same.

Leaving aside the class question (are parents who cannot afford a private eye neglectful?), what does this say about parents’ role as educators? Or about the level of trust (or distrust) between those parents and their children? It used to be that a spouse would hire a private investigator because they thought that their partner was having an affair. Nowadays, a growing chunk of a private investigator’s work involved parents spying on their children. Can’t we say that the fact that parents feel that they need to spy on their children already testifies to their limited parental skills?

NSA Penalty Proposed

Readers suggested potential penalties for improper gathering or misuse of surveillance data last month.  As revelations continue, Congressmen have recently proposed some new ideas:

Rep. Mike Fitzpatrick (R-Pa.) proposed legislation . . .  that would cut National Security Agency (NSA) funding if it violates new surveillance rules aimed at preventing broad data collection on millions of people.

Fitzpatrick has also offered language to restrict the term “relevant” when it comes to data collection.  On the one hand, it seems odd for Congress to micromanage a spy agency.  On the other hand, no one has adequately explained how present safeguards keep the integrated Information Sharing Environment from engaging in the harms catalogued here and here. So we’re likely to see many blunt efforts to cut off its ability to collect and analyze data, even if data misuse is really the core problem.

0

The FTC and the New Common Law of Privacy

I recently posted a draft of my new article, The FTC and the New Common Law of Privacy (with Professor Woodrow Hartzog).

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite more than fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States – more so than nearly any privacy statute and any common law tort.

In this article, we contend that the FTC’s privacy jurisprudence is the functional equivalent to a body of common law, and we examine it as such. The article explores the following issues:

  • Why did the FTC, and not contract law, come to dominate the enforcement of privacy policies?
  • Why, despite more than 15 years of FTC enforcement, have there been hardly any resulting judicial decisions?
  • Why has FTC enforcement had such a profound effect on company behavior given the very small penalties?
  • Can FTC jurisprudence evolve into a comprehensive regulatory regime for privacy?

 

 

The claims we make in this article include:

  • The common view of FTC jurisprudence as thin — as merely enforcing privacy promises — is misguided. The FTC’s privacy jurisprudence is actually quite thick, and it has come to serve as the functional equivalent to a body of common law.
  • The foundations exist in FTC jurisprudence to develop a robust privacy regulatory regime, one that focuses on consumer expectations of privacy, that extends far beyond privacy policies, and that involves substantive rules that exist independently from a company’s privacy representations.

 

You can download the article draft here on SSRN.