CNet On Online Freedom

jonnythan writes: "CNet apparently had a talk with Ari Schwartz of the Center for Democracy and Technology. The result is this story, which paints a terribly frightening picture of what Your Rights Online really are. It's a very informative story nonetheless, and puts the fiascos with Real Networks et al in a somewhat different light." Covers a wide variety of online situations, and how you have little to no recourse against corporate or government snooping. Not very in-depth, but maybe it will start people thinking.

Re:Public needs to stop pretending there is no iss

[orpheus]

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide.

Here are some facts and cases that every American citizen should know. I was pretty horrified that this entire area was not mentioned in yesterday's discussion of Federal monitoring (alas, I didn't have time to read it or post yesterday)

1) Since 1978, US Intelligence agencies have a special court (FISA: Foreign Intelligence Surveillance Act) to turn to for domestic wiretaps. Each decision is reached in secret, with no published orders, opinions, or public record. Only one of the tens of thousands of requests was ever turned down. When Clinton signed Executive Order 12949 on February 9, the powers of the FISA court was greatly expanded: It now has legal authority to approve black-bag operations to authorize Department of Justice (DoJ) requests to conduct physical as well as electronic searches, without obtaining a warrant in open court, without notifying the subject, without providing an inventory of items seized. The targets need not be under suspicion of committing a crime. Here's what Federal Judge Robert W. Warren from Wisconsin, (senior panelist on the second tier FISA Court of Review) said about his duties...

On the first tier are seven federal judges, appointed to staggered seven-year terms by the chief justice of the Supreme Court. Each judge takes a turn reviewing applications submitted by the attorney general. He or she sits in a sealed, vault-like chamber on the top floor of the Justice Department headquarters, where the door is always locked and guarded and the room is regularly inspected for bugs.

In the unlikely event that the first tier rejects an application, the Department of Justice can appeal to the FISA Court of Review. Should this three-member panel of judges also deny the request, it could then be heard by the Supreme Court. Those last two progressions up the judicial hierarchy have proved strictly unnecessary,
however. Federal Judge Robert W. Warren from Wisconsin, senior panelist on the second tier FISA Court of Review, joked that he has not exactly been overwhelmed by the workload since his appointment in 1989.

We've never met since I've been on it, said Warren. I was sent a designation by the Chief Justice, and I asked a couple of people what in the world the court did because I had not even heard of it before I got that designation. I also had some correspondence with my brethren on the court and we've talked to each other and said, `What are we supposed to do?' and, `When is something going to happen?' Nothing ever has happened. It's an empty title as far as I am concerned at this point.

Based on the remarkable record of servility the first-string spy court has achieved on surveillance requests 15 years with only one rejection, and that one on technical grounds new requests for physical searches are unlikely to cut into the Review Court's happy schedule.

2) going down from the Federal level, wiretap abuse on landlines and wireless by state and local authorities is extremely widespread today. These wiretaps are applied without court order, with very deliberate lies on affadavits, and every other imaginable abuse of the system. A search for "illegal wiretap" will turn up links to articles listing thousands of cases Here are a few.

• The LA County Public Defender's Office is appealing over 500 cases where the real or circumstantial evidence was primarily due to illegal wiretaps. The LAPD conducted thousands of illegal wiretaps each year (acknowledged in numerous state and federal reports) but get les than 100 legal wrrants every year (except 1998, when they got 328, vs 24 in first 6 mos of 1999). The corruption went all the way up to the elected District Attorney of Los Angeles, Gil Garcetti, and judge were 'informally aware' of the practice, but signed anyway. For details, see Deputy Public Defender Kathy Quant's summary article or the W.I.R.E.D Project (Wiretapping Investigation, Research, Education, and Defense), both at the LA County Public Defender's Office website.
• An unnamed officer hears an unknown Hispanic man mentioning that he will be recieving a wire transfer of a substantial amount of money that day. There is no mention of drugs, even in code, as the investigators later admit. His colleagues (not linked to the illegal wiretap) invent a confidential informant ("CRI") who claims the money is drug-related, and notify local banks. When the Hispanic man goes to the bank to make a a withdrawal for the amount mentioned, the money is seized. It takes him years to get it back, though he demonstrates early on that the money is from his grandmother's estate, and was being wired so he could buy a house. This case, euphoniously named U.S. v. $265,260.32 in US currency US CV 97-4442 AHM (CWX) (A federal case - money is often 'arrested' under RICO and other laws, because money does not have civil rights) cites several other cases where equally blatant abuses have taken place (including US v $39,000 in Canadian Currency, to be fair to our northern neighbor).
• Agencies even illegally bug themselves and each other, as this recent case in CT illustrates.

3)Legal wiretaps are usually not very cost-effective.

• Judge Perry authorized the San Bernadino District Attorney to wiretap public pay phones in drug traffic areas for 4 months. The results:
  • 131,202 individuals' conversations intercepted, taped, and will be kept by the DA for 10 years...
  • 10 - Incriminating Conversations were obtained as result of violating the privacy of 131,202 people.
  • 0 - Arrests Made. NOT ONE ARREST.
  • Oh, it cost San Bernadino Taxpayers over $625,000.
• A similar order by Judge Czueleger ordering blanket wiretapping of LA jail pay phones for the first 6 mos of 1997 also resulted in no convictions, and cost $1,119,422.
• In '98 ot '97 (don't have the Fed report with me), the states ordered roughly 1200 legal wiretaps, resulting in three arrests per wiretap, on average. Only one arrest in four was convicted, however.

These items are just the tip of the iceberg! Do a few Google searches, and you find case after case of officers and agencies wiretapping for personal gain and institutional chicanery, of forged or fraudulently obtained warrants, and massive illegal campaigns that don't even pursue current crimes, but where the recordings are stored (as in the LA cases) for possible future use.

It's uncomfortable to think about. I don't enjoy it myself. However, before we believe "1984 has come and gone, and we're safe", we have to ask ourselves... who says we're safe? The Government?

Re:National security isn't just a myth

[Kaa]

Even now that the Cold War has finished there are any number of threats to people in every country that are dealt with by intelligence services all the time without people even realising it. And if these agencies cannot access information when it is required then they cannot do their jobs, and the chances of say, a terrorist bomb attack, goes up dramatically.

This is, basically, an argument for a police state.

Your point is that part of the government's job is to protect its citizens from threats and that taking away individual liberties makes this job easier. The problem, of course, is that historically governments were very, very consistent is abusing the advantages they have over individuals.

Consider that forcing everybody to carry at all times an internal passport with fingerprint/retina/DNA information would make law enforcement a lot easier. Consider that forcing everybody to wear and electronic anklet/bracelet which monitors their location (a la house-arrest devices) will make it even more easier. Consider that allowing to use torture and/or psychoactive drugs on suspects will considerably increase the percentage of crimes solved. So?

The problem is finding an acceptable trade-off between personal freedom and government needs and your post seems to be quite one-sided in this regard.


Kaa

Re:Public needs to stop pretending there is no iss

[dsplat]

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide.

Far too many people have a model of privacy that only assumes that the government will spy on you and that only criminals need to fear that. It is trivial to find other examples of a need for security. Consider a regular family vacation. You and your spouse have been going out of town every year to spend New Year's Eve with your parents and New Year's Day with your in-laws. Do you want a burglar to know that you aren't home? Any of the following could reveal that:

• Unencrypted e-mail to your families
• Phone calls over cordless phones or analog cell phones
• Poorly protected credit card records showing yor purchase of plane tickets
• A poor web site for your newspaper allowing you to sspend home delivery while you are gone that reveals that to someone else
• A security hole in the airline's frequent flier program web site that revealed which flights you have already received mileage for

You haven't done anything wrong. You are a law-abiding citizen visiting family. Unfortunately, the two guys who are filling a truck with every valuable in your home aren't such upstanding people.

How about some privacy assistance, Slashdot?

[Tau+Zero]

If Slashdot was truly concerned about their users' privacy from snooping, every Slashdot service would be available by https as well as http. As far as I can tell, https://slashdot.org doesn't work.

This goes double for services like Hotmail and Yahoo. You can protect your password on Yahoo mail via https, but your actual mail goes back and forth in the clear. They need to do something about this too.
--
Ancient Goth: Someone who overthrew the Roman Empire.

If We Can't Do it At Work Where Can We Do It

[Carnage4Life]

A little while ago when confronted with articles like this I always felt that most of these stories were situations where the employees were at fault but simply were refusing to claim responsibility. But working in a corporate environment in the past month has made me realize that some of my opinions were that of a naive college student. To put it simply, there are many times when one has to make personal calls, write personal emails or do personal web browsing especially since most of use spend the majority of the daylight hours at work.

Already in the short span of one month that I have been working I've made long distance calls to my girlfriend to confirm her flight, I've called credit agencies about a misunderstanding in my credit report, emailed friends about a software project for school we're working on, made long distance calls to pay bills for my old apartment (I relocated for this job) and more. From what I read in the C|Net article, and a few others in Fortune as well as other places, I put my job in jeopardy by performing any of the above actions. If I had a choice I would still do them again because there's no other time for me to do these things. I'm at work eight to nine hours a day, before I leave the house most offices and agencies are not yet open and by the time I get home they are closed.

My purpose in posting this is to let the people who feel that you deserve to be stung for doing personal things at work realize that there are many situations where you have no choice but to do these things from work. Of course, the alternative is to come into work late or leave work simply to browse the web, make a phonecall or shoot off an email.

PS: I considered posting this as an AC, but decided that if I actually do get nailed for these things, I'd have a suit on my hands since I'm posting this from home.

PPS: All the things I did on the phone I also did online (i.e. surfing credit agency sites, emailing my GF, etc).

Public needs to stop pretending there is no issue

[Netsnipe]

What if everyone believed that law-abiding citizens should use postcards for their mail? If a nonconformist tried to assert his privacy by using an envelope for his mail, it would draw suspicion. Perhaps the authorities would open his mail to see what he's hiding. Fortunately, we don't live in that kind of world, because everyone protects most of their mail with envelopes. So no one draws suspicion by asserting their privacy with an envelope. There's safety in numbers. Analogously, it would be nice if everyone routinely used encryption for all their email, innocent or not, so that no one drew suspicion by asserting their email privacy with encryption. Think of it as a form of solidarity.

---From "An Introduction to Cryptography" by Phil Zimmermann, the programmer of PGP himself.

This is an analogy I remind myself each time one of my friends at high school ridicules me for being a paranoid "conspiracy nut". It concerns me greatly that most of the general public of my country, Australia seems to take a laissez-faire approach to their online Internet rights. For example, Australians have already lost their right to unmonitored and uncensored (but not yet implemented) Internet usage and our intelligence agency, ASIO now has the legal right to actually crack our computers and monitor communications without a warrant all for the sake of so-called "national security".

What is just as worrying is that the general population accepts the face value of our politicians. The government in power, the conservative Liberals claim that they are acting in the best national security and moral interests of the silent majority, but to me, it would seem like they acting to silence the majority. The general public needs to be made aware of how insecure the Internet really is, and how governments are seeking to gain a legal right to infringe upon their basic human rights to freedom of expression and press. There seems to be an accepted dogma by the public here that the online world is different and that their human rights are automatically guaranteed by the nation's law instead of being restricted in reality.

Even my own high school, Sydney Technical High was planning student email access; a proposal to ban students using encryption to circumvent monitoring was considered. The majority of the student seemed unconcerned with this, except for a few others and myself as we saw this as a blatant attempt to impose the school's authority upon us while they were claiming legal responsibility over our moral wellbeing! The school told me that this email service was to be a "privilege and not a right" and thus if I was upset, I should use my own email. I was mainly concerned with those without access to encryption outside of school having their civil liberties breached. Luckily the school abandoned this scheme altogether after discovering free email services provided by services such as Hotmail. However, the mere fact that the school was willing to impose such draconian measures upon its students is a sad reflection of Australia's stance towards online civil liberties.

I am dismayed when my friends exclaim that the CIA will never read my email, because I am not important, nor have I done anything wrong or have something to hide. I wish that they could see that if they we don't start fighting for our rights online now, such as the right to uncensored access, encryption, and online self-security then a time will come when it will be too late for everyone to start voicing their opinions without fear from those seeking to impose their wills upon us.