Privacy

According to the White House Visitors Log, provided here in searchable form by U.S. News and World Report, the president of the anti-Tea Party National Treasury Employees Union, Colleen Kelley, visited the White House at 12:30pm that Wednesday noon time of March 31st...

April 1-2, 2010: The new Acting Manager, Technical Unit, suggested the need for a Sensitive Case Report on the Tea Party cases. The Determinations Unit Program Manager Agreed.

In short: the very day after the president of the quite publicly anti-Tea Party labor union -- the union for IRS employees -- met with President Obama, the manager of the IRS "Determinations Unit Program agreed" to open a "Sensitive Case report on the Tea party cases." As stated by the IG report.

Read the whole thing.  It is the smoking gun.

UPDATE: Four Pinocchios to Lois Lerner from the Washington Post.

UPDATE: True The Vote hassled by IRS, FBI, ATF, and OSHA.  That spells systemic corruption to me.

UPDATE: Laying out the White House's shifting story.  So... the White House council was told about the scandal April 22nd, and some of her staff had been told the previous week, but she did not inform the President until he saw it on the news?  Even taken at face value, that's not exactly a President in charge of... anything, really.

"It starts to change the relationship between the citizen and state, you do have to get permission to do things," said Chris Calabrese, a congressional lobbyist with the American Civil Liberties Union. "More fundamentally, it could be the start of keeping a record of all things."

He's talking about provisions in the immigration bill that would require e-verify (government permission to work) and a biometric database for identification purposes. 

This isn't exactly news, but it's good to have a reminder that the government sees fit to demand access to your internet communications without a warrant every once in a while.  Just think of it as encouragement to use encryption.  And of course the existing status quo is not good enough for the government; the Obama administration is close to backing an FBI plan to wiretap the internet.

What's a stingray, you ask?  It's a government device that pretends to be a cell phone tower in order to trick your cellular network device (phone or computer) to access the fake tower instead of, or in addition to, the real one. 

Why would the FBI want to do that?  Well, when they do, they find out where you are.  And who you call.  And who calls you.  And what you say to them.  And what they say to you.  And what you are texting about.  And the pictures you send to your friends from your phone.  And the pictures your friends send to you on your phone.  And... you get the idea.

More details here, including the lovely tidbit that Verizon will happily reprogram your computer's wireless network access device to connect to the FBI's fake cell phone tower (stingray) whenever the FBI requests that it do so, thus revealing your location. 

You know what?

I think that's a pretty good analogy for planting a GPS tracking device on someone's car.  After all, you're modifying their device.

Stuff like this should require a warrant.  Keeping the methods secret avoids the judicial scrutiny that a free society requires to remain free.

The legislation, sponsored by Sen. Patrick Leahy (D-Vermont), the committee's chair, and Michael S. Lee (R-Utah) nullifies a provision of federal law allowing the authorities to acquire a suspect's e-mail or other stored content from an internet service provider without showing probable cause that a crime was committed if the content is 180 days or older.

That the Senate has to "consider legislation" about this is outrageous.  It should be judicially enforced under the 4th Amendment.  And no, it's not just terrorists.

It's like Facebook for cops.

Except Facebook doesn't track your credit cards or cell phones.

That is, it's "very common" for the FBI to do it.

FBI investigators for at least five years have routinely used a sophisticated cellphone tracking tool that can pinpoint callers' locations and listen to their conversations -- all without getting a warrant for it, a federal court was told this week.

Installed in an unmarked van, Stingray mimics a cellphone tower, so it can pinpoint the precise location of any mobile device in range and intercept conversations and data, said Linda Lye, staff attorney at the ACLU of Northern California in a blog post about the case.

You know the technical term for this sort of thing?

I understand that when it happens in other countries, they call it a "police state".

The President Barack Obama administration is claiming that authorities do not need court warrants to affix GPS devices to vehicles to monitor their every move.

The administration maintains that position despite the Supreme Court's infamous decision last year that concluded that attaching the GPS devices amounted to search protected by the Constitution.

The administration is set to make its argument Tuesday before a federal appeals court in a case testing the parameters of the high court's 2012 decision. If the government prevails, the high court's ruling would be virtually meaningless.

And worse, they are doing it in the face of Supreme Court rulings to the contrary.

Honestly, this isn't a hard question.  If you want to investigate someone, get a warrant.  If you want to follow them around, either pay for undercover police to follow them in public or get a warrant to attach a tracking device.  You don't get to sneak into someone's garage and use their vehicle against them without some sort of judicial approval.

That this is even in question following a Supreme Court decision is an indication of how far our society has fallen towards a totalitarian police state.

... also, I weep for our language when a published writer describes a Supreme Court decision upholding our Constitutional rights as "infamous".  Clearly he has no idea what the word means.

U.S. District Judge Susan Illston ordered the government to stop issuing so-called NSLs across the board, in a stunning defeat for the Obama administration's surveillance practices. She also ordered the government to cease enforcing the gag provision in any other cases. However, she stayed her order for 90 days to give the government a chance to appeal to the Ninth Circuit Court of Appeals.

This is, in my opinion, the correct ruling.  We cannot afford to give law enforcement a blank check on surveillance with no oversight, and that is the practical effect of these letters.  They are issued at the discretion of various intelligence agencies, usually forbid the recipient to discuss them with anyone including legal counsel, and need not be approved by a judge. 

That's simply unacceptable in a free society.  It's high time the courts started to rein this stuff in.

When the cops ask you if you have something to hide, you can point to articles like this for examples of what you have to fear even when you've done nothing wrong.

Most of the violations seem of the creepy but routine variety that you would expect of government officials who have too much power at their fingertips and little fear of consequences that, theoretically, include criminal charges, sanctions or ill-defined "disciplinary action." Among these was an Oviedo police officer who "made unauthorized searches in D.A.V.I.D. to look up a local bank teller he was reportedly flirting with."

Because cops shouldn't have to ask a pretty girl for her number, they can just look it up.  Right?

Potentially more troubling are the database incursions into the records of a state trooper who had the nerve to arrest a Miami police officer at gunpoint after she observed him swerving his car in and out of traffic at speeds up to 120 MPH -- his usual behavior, it emerged later. Police officers around the state apparently took umbrage at this breach of professional courtesy.

The information retrieved by those 88 snooping cops included Watts's "home address, picture, Social Security number, date of birth, and detailed vehicle description." After the data incursions, she received threatening phone calls, vehicles driving by or idling in front of her home on a cul-de-sac, prank pizza deliveries ...

Because cops should be above the laws they are employed to enforce, and anyone who says differently should be stalked and harassed until they shut up.  Right?

This isn't an isolated incident by any means. IRS data is a tempting target, given that money is involved. A former employee of the agency was sentenced to 105 months in prison for using tax data to craft $8 million in fraudulent returns. Then again, sometimes IRS agents just peruse the database for personal information about celebrities and neighbors. In that case, the nosy agent's targets included a Who's Who of Hollywood and professional sports.

Because privacy doesn't apply to the government.  Right?

See Orin Kerr's take on the Volokh Conspiracy.  One of the reasons I've been so quiet lately is that I'm spending a lot of time working on something that will fix this.

Of course, some would argue that we don't have any 4th Amendment protection left in our homes, either.

In addition to police-monitored cameras all over the country, the government of Britain has decided to track every single user's internet usage.  Data will be retained for a year and can be accessed without a warrant, simply by obtaining the authorization of a senior police officer or deputy head of department.  Over 600 different government agencies will have access to this information, including police, local councils, and tax authorities.

Sigh.  The death of privacy is complete.

AT&T's new GPS tracking service "FamilyMap" is just waiting for the government to start writing warrants.  Assuming that they bother writing warrants anymore; the latest fad under the Patriot Act is to demand business records without a warrant using a National Security Letter.  Once AT&T is tracking your location as a business service, the records are just normal business records like any other... and your movements are subject to government scrutiny.

Orin has an interesting discussion over at the Volokh Conspiracy about applying wiretapping rules on the Internet.  My contribution to the discussion is below.

Orin,

You have a bit of a problem in that it's not readily practical to access message header information without also accessing content information. Technically, there are three portions of a typical internet mail message:

1) The envelope information (typically exchanged as part of the SMTP protocol prior to content delivery and usually duplicated in the message headers)

2) The header information (information about the message intended to be read and processed by machines; this includes the subject line, information about when the message was written, where responses should be sent, and what type of content the message contains, etc)

3) The message body information (entered by the user directly, and displayed to the receipient; usually text paragraphs but also attached files and so on).

The problem is that both 2 and 3 reside in the same file when messages are stored in (standard) RFC822 format. To preserve access to 2 for law enforcement, you have to obtain access to the message content as well. This would normally involve looking on the user's computer, seizing it, since the ISP normally does not keep either parts 2 or 3 of the message once the user has retrieved it.

If you truly want only address information, then you only want the information in 1. That information is stored in SMTP logfiles and can probably be provided by the ISP without invading the user's home or setting up an ongoing monitoring process, simply by examining their existing log data. The burden to everyone involved is much lower, and the analogy to a pen trace on a telephone line (which, as I understand it, provides who-called-who data but no access to the content of the call) is clearer.

Bruce Schneier has some interesting thoughts. 

Some of the comments on Orin's original post have also brought up the fact that the content/addressing distinction is dependent on which network layer you look at.  If you are looking at the TCP/IP level, almost everything is content... however, for practical purposes, the number of criminals inventing their own network protocols or email applications in order to hide their activities is probably small and not useful for formulating general rules.

... look upon our future and despair:

Maybe Redding was a bad kid with a track record of disciplinary problems?  Well, no, she wasn?t.  In fact, before the strip search [for prescription-strength ibuprofen - ed], she had no record of disciplinary problems at all.  When her lawyers pointed this out in court documents, the district acknowledged the lack of a disciplinary record, but said that the inference should have been that she?d just been masterful at avoiding getting caught. They also defended themselves by claiming to have heard rumors that Redding had drunk alcohol at a party, but the court documents show that the person starting the rumor hadn?t attended the event.

This is the result of rule by bureaucrat. When misbehavior by government officials has no consequences, misbehavior becomes the norm.  And horrors like this are visited anywhere their writ extends.

It also sounds pretty benign, even useful. But unlike Weires, I'm a technology guy -- and I have a very acute sense of how seemingly harmless new technologies have a tendency to metastasize into something far nastier and, usually, end up invading our privacy or diminishing our freedoms. And, perhaps due to my own driving history, the story of Weires and his black box had sirens going off in my head.

Think of the worst possible scenarios, and whatever you come up with has a good chance of happening. For example, you know those random checkpoint stops that the police set up every year around the holidays to catch drunks. I've never been a big fan of them, mostly for civil liberties reasons, but like most people I endure this little inconvenience for the perceived larger good.

But what about a checkpoint where the cop walks up, plugs his laptop into your car and then tickets you for going over the speed limit three times last week? Put up some "smart" speed signs that send out signals to your car's black box and it would be simple to make the comparison. Like that one?

Even simpler to hook the black box up to a GPS receiver that the car probably already has. 

You may have heard of the TSA's new insta-porn device, which bounces low-energy x-rays off of your skin when you go through airport screening, producing an image of your body that looks remarkably like... a very detailed (but somewhat ghostlike and bluish) naked human body.   For a while now they've been trying to calm the objections by insisting that the images will have the sensitive areas of the image, breasts and genitals, blurred, plus using same-gender screeners to look at the images. 

However, now that they are actually deploying the system for a live trial, they admit that the images are not blurred.  Oh, and those separate screeners?  They will rely on human signals from other TSA agents to determine the gender of the person being screened.  I wonder how long it will take before no one bothers to signal for gender?

But it's OK, says the TSA.  The screeners won't be allowed to take cameras or cell phones into the screening booth.  How long will that rule last in an agency that can't keep even a single employee from stealing over a quarter-million dollars from luggage?  Including a $47,000 camera?

If they can get a professional-grade TV camera out of the secure area, they can get a cell phone camera in.

Oh, and the screeners will be watching the machine in a private booth, where you won't be able to see or object to their inevitable antics.

I wonder how much you could get on ebay for skin-radar pictures of a naked Angelina Jolie, for example?  I'm sure we'll find out soon enough.

I've posted (or at least thought about posting; I can't be bothered to actually find the post) about a welcome mat with the words "Come back with a warrant" on it.  As someone who values my own rights and privacy, that would be my natural and instinctive response to a police officer making inquiries about a search of my home -- because consenting to a search when you are under suspicion is never a good idea.

But Patterico, who actually works as a prosecutor in California in addition to blogging, thinks such a welcome mat would constitute probable cause for a warrant in and of itself.

That's why I'm a Libertarian, not a Republican.  Asserting one's constitutional rights should never be grounds for suspicion.  If the government didn't have probable cause for a search before being denied permission, the fact that it was denied doesn't give any additional evidentiary weight in favor of a warrant. 

To disregard this is to render Constitutional rights meaningless.  If any refusal can be considered evidence for a compulsory search, then there is no right to refuse a search.

It seems the press is pounding the streets with the story that the NSA is evesdropping on Americans.  Again.  Several bloggers have already pegged this story as being quite similar to one that dropped a few months ago, related to the NSA evesdropping on international calls to or from Al Qaeda members.  Others have explained the legal arguments used to convince judges it's legal.  Lots of panties are bunched. 

Those of you who have been reading this site for some time will not be surprised that I oppose such monitoring.  That we are at war with a terrorist organization does not materially change that fact; blanket surveillance is wrong regardless of justification.  I'm perfectly OK with evesdropping on conversations with terrorists so long as the letter of the law, including the Constitution, is followed; but blanket surveillance of Americans without probable cause is wrong.  So, sure, I don't like what the NSA is doing.

I just don't see why it's suddenly news, at least without the sudden intervention of political expediency.  You see, the NSA has been doing this for a long, long, long time.  I first learned about it under the Clinton administration.  I doubt it started there, or with Bush I before him.  There's an article on the subject from 1988.  It is the NSA's job to conduct traffic analysis and broad-scale surveillance, and the legal justifications to get around Constitutional limits were different then but the capabilities probably are not -- except that national technical means, as author Tom Clancy euphemized, have probably advanced significantly.

You'd think the reporters acting so outraged about this hadn't ever realized our intelligence apparatus had this capability.  Maybe they hadn't.  Ignorance or malice?  It's hardly a new question to be asking about the news media these days, and that's just sad.

So why aren't I worked up about it?  I recognize that nothing has really changed.  Sure, I'd like surveillance programs like this to be shut down.  Unfortunately I'm convinced this is a losing battle.  It's much simpler, not to mention technically better, to simply encrypt everything.  "Can't" trumps "not allowed to".

Not many people would volunteer to wear the classic prisoner's anklet that reports their location to a satellite monitoring system regularly.  It would be, rightly, considered an invasion of privacy -- something society imposes on convicted criminals who pose a demonstrated threat to innocent people.  But millions of people carry cell phones with them everyone and don't give it a second thought.

Perhaps they don't realize that their cell phone is a tracking technology almost as powerful as the monitoring devices used on prisoners.  Technology firms in the UK are already marketing this as a "service", one that covers not only where the cell phone is now but where it has been in the past.  While those services claim to require consent, the underlying technology does not, and that means governments (and private parties through the court system) will have access to the data with no consent required and most likely no opportunity to contest the release.

Brin's The Transparent Society is looking more prophetic by the day.

Colorado is considering legislation that would require ISPs to maintain records of the IP address provided to each customer for 180 days.  Presumably these records would be available to law enforcement upon request -- and the usual tendency for such things is to not require a warrant for the information, at least not in practice.  Corporations aren't exactly eager to refuse to provide data to law enforcement, unless it would somehow cost them money to do so.

There's some controversy over whether radiation sensors require warrants when used by police searches.  Volokh suggests that the standard should be based on precedents about heat sensors pointed at homes (warrants are required), combined with those that indicate serious crimes don't get exceptions for being serious crimes.  I agree with that principle, but I think radiation is distinguishable; among other things it poses an independent health hazard in high enough levels.

While, say, directing X-rays through a building to a receiver on the other side would clearly be an unconstitutional search, merely checking for excessive radiation levels outside a building is quite reasonable and should be admissible in court.

The precedents for heat sensors are also correct; heat sensors are substantially more invasive (because many normal and legal activities generate detectable heat), and the level of heat at which a public health hazard exists is generally quite visible to the naked eye in the form of smoke and flame.

Once you start stepping on to (public spaces of) private property in order to conduct such a search, however, things rapidly become more complex.  I would still be OK with people carrying detectors that can register hazardous-to-health levels of radiation, chemical agents, etc, so long as they remain in areas truly open to the public and don't need to make false representations in order to gain entry. 

I say this because, as a private citizen, I might well want to carry a radiation detector along with me as an early warning of radiation hazard, if I could do so cheaply, and if there was a perceived risk -- consider, for example, the laboratory facilities at many universities. 

Hat tip to Lay Lines for the story.

The FBI demanded Las Vegas hotels turn over their guest lists leading up to New Year's Eve to check against a U.S. master list of suspected terrorists, a law enforcement official said on Sunday.

The demand for "patron information" went to all major hotels in the Nevada casino and entertainment city, said the official who declined to be named.

Las Vegas was one of six or seven cities mentioned in intelligence reports as potential targets for a terrorist attack during the holiday period, Nevada Gov. Kenny Guinn said on New Year's Eve.

Why does this worry me? It's simple enough: the FBI has moved from taking its list of terrorists out to possible terrorist contact points and asking about the names on it... to demanding the complete customer lists and doing the search themselves. Once the FBI has that information, they can use it for whatever they want. If they use it to catch terrorists, that's a good thing. If they use it for other purposes, that's not such a good thing.

But the fact that they made this demand, and the manner in which they made it, is striking. It implies:

1. They don't have specific information about who might have been in Las Vegas.
2. They don't have specific information about where he or she might have stayed.
3. They don't have speciifc information about his or her appearance.

If they had these things, the obvious investigative technique would be to visit those hotels on the "short list" with a picture or a composite drawing and talk to the employees. That's not as fast as going down a list of names -- but it's a lot more effective at finding terrorists, who are damn well not going to use their real name when signing into a hotel.

So by my criteria, this little expedition is just fishing. They don't know who, what, or where -- at least not within any acceptable level of precision. In fact, I'm willing to bet they had just two pieces of information: "Las Vegas" and the approximate time of some allegedly-planned attack. And in response to this they want to trawl through the customer lists of every hotel in Vegas.

Next week the U.S. Supreme Court will hear a case to decide whether or not all Americans must have identification on them at all times. The case has been brought by a cowboy in Nevada who was asked to show ID while he was leaning against his pickup truck on the side of the road near his ranch. The police officer did not offer any specific reason why he demanded proof of identity. Having committed no crime, Dudley Hiibel, the cowboy, refused ? and was arrested. He was later convicted for "Delaying a Peace Officer." In America, still a free country, citizens should not be required to provide identification papers at any whim of the authorities.

The MPs suggested that loyalty cards could be used to identify customers who bought excessive amounts of foods high in fat, sugar and salt, and asked whether supermarkets could use this information to promote healthier alternatives to these customers.

They also called on supermarkets to feature more fruit and vegetables in their advertising and to replace shelves of sweets next to checkouts with healthier alternatives.

In the US, this is still more of a horror story than a real threat.