One of the few positive things over the recent giant AOL data spill (which we have asked the FTC to look into) is it has hopefully taught a few lessons about just how hard it is to truly anonymize data. With luck, the lesson will be "don't be fooled into thinking you can do it" and not "Just avoid what AOL did."
You probably heard yesterday's good news that the ACLU prevailed in their petition for an injunction against the NSA warrentless wiretapping. (Our case against AT&T to hold them accountable for allegedly participating in this now-ruled-unlawful program continues in the courts.)
However, the ruling was appealed (no surprise) and the government also asked for, and was granted a stay of the injunction. So the wiretaps won't stop unless the appeal is won.
But this begs the question, "Why do you need a stay?"
The blogosphere is justifiably abuzz with the release by AOL of "anonymized" search query histories for over 500,000 AOL users, trying to be nice to the research community. After the fury, they pulled it and issued a decently strong apology, but the damage is done.
Many people have pointed out obvious risks, such as the fact that searches often contain text that reveal who you are. Who hasn't searched on their own name? (Alas, I'm now the #7 "brad" on Google, a shadow of my long stint at #1.)
Big news today. Judge Walker has denied the motions -- particularly the one by the federal government -- to dismiss our case against AT&T for cooperative with the NSA on warrantless surveillance of phone traffic and records.
The federal government, including the heads of the major spy agencies, had filed a brief demanding the case be dismissed on "state secrets" grounds. This common law doctrine, which is often frighteningly successful, allows cases to be dismissed, even if they are of great merit, if following through would reveal state secrets.
When you buy stuff with a credit card online these days, they always want your address, because they will plug it into their credit card verification system, even if they are not shipping you a physical product.
I'm trying to give my physical address out less and less these days, and would in the long term love something like the addresscrow system I proposed.
In recent times, we've seen a lot of debate about eroding the 4th amendment protections against surveillance in the interests of stopping terrorists and other criminals.
It's gotten so prevalent that it seems the debate has become only about how much to weaken the 4th. Nobody ever suggests the other direction, strengthening it.
Here's an interesting problem. In the movies we always see scenes where the good guy is fighting the Evil Conspiracy (EvilCon) and he tells them he's hidden the incriminating evidence with a friend who will release it to the papers if the good guy disappears under mysterious circumstances. Today EvilCon would just quickly mine your social networking platform to find all your friends and shake them down for the evidence.
So here's the challenge. Design a system so that if you want to escrow some evidence, you can do it quickly, reliably and not too expensively, at a brief stop at an internet terminal while on the run from EvilCon. Assume EvilCon is extremely powerful, like the NSA. Here are some of the challenges:
- You need to be able to pay those who do escrow, as this is risky work. At the same time there must be no way to trace the payment.
- You don't want the escrow agents to be able to read the data. Instead, you will split the encryption keys among several escrow agents in a way that some subset of them must declare you missing to assemble the key and publish the data.
- You need some way to vet escrow agents to assure they will do their job faithfully, but at the same time you must assume some of them work for EvilCon if there is a large pool.
- They must have some way to check if you are still alive. Regularly searching for you in Google or going to your web site regularly might be traced.
Some thoughts below...
April 1, 2006, San Francisco, CA: In a surprise move, Department of Justice (DoJ) attorneys filed a subpoena yesterday in federal court against the National Security Agency, requesting one million sample Google searches. They plan to use the searches as evidence in their defence of the constitutionality of the Child Online Protection Act.
For some time in my talks on CALEA and VoIP I've pointed out that because the U.S. government is mandating a wiretap backdoor into all telephony equipment, the vendors putting in these backdoors to sell to the U.S. market, and then selling the same backdoors all over the world. Even if you trust the USGov not to run around randomly wiretapping people without warrants, since that would never happen, there are a lot of governments and phone companies in other countries who can't be trusted but whom we're enabling.
You may be familiar with Stegonography, the technique for hiding messages in other messages so that not only can the black-hat not read the message, they aren't even aware it's there at all. It's arguably the most secure way to send secret data over an open channel. A classic form of "stego" involves encrypting a message and then hiding it in the low order "noise" bits of a digital photograph. An observer can't tell the noise from real noise. Only somebody with the key can extract the actual message.
Looking at printed wedding gift ribbon some time ago, Kathryn thought it would be amusing to put the 4th amendment on the ribbon, and tie it around our suitcases.
That turned out to be hard to make, but I did make a design for shipping tape which you can see below. The printed shipping tape has the text slant so that as the pattern repeats, the 4th amendment appears as a long continuous string, as well as a block.
Tom Selleck narrates:
Have you ever arranged a wiretap in Las Vegas without leaving your office in Fort Meade?
Or listened in on a mother tucking in her baby from a phone booth, all without the bother of a warrant?
Or data mined the call records of millions of Americans with no oversight?
And the company that will bring it to you... AT&T
A big announcement today from those of us at the EFF regarding the NSA illegal wiretap scandal. We have filed a class-action lawsuit against AT&T because we have reason to believe they have provided the NSA and possibly other agencies with access to not only their lines but also their "Daytona" database, which contains the call and internet records of AT&T customers, and probably the customers of other carriers who outsource database services to Daytona.
Last week I spoke at O'Reilly's Emerging Telephony (ETEL) conference about CALEA and other telecom regulations that are coming to VoIP. CALEA is a law requiring telecom equipment to have digital wiretap hooks, so police (with a warrant, in theory) can come and request a user's audio streams. It's their attempt to bring alligator clips into the digital world.
With too many people defending the new levels of surveillance, I thought I would introduce a new word: Panoptopia -- a world made wonderful by having so much surveillance that we can catch all the bad guys.
David Brin introduced the concept to many in The Transparent Society, though he doesn't claim it's a utopia, just better than the alternative as he sees it.
It used to be that "If you are innocent you have nothing to hide" was supposed to be a statement whose irony was obvious to all. Today, I see people saying it seriously.
We're always coming up with new technologies that affect privacy and surveillance. We've seen court cases over infrared heat detectors seeing people move inside a house. We've seen parabolic microphones and lasers that can measure the vibration of the windows from the sound in a room. We've seen massive computers that can scan a billion emails in a short time, and estimates of speech recognition tools that can listen to millions of phone calls.
Google is currently fighting a subpoena from the DoJ for their search logs. The DoJ experts in the COPA online porn case want to mine Google's logs, not for anybody's data in particular, but because they are such a great repository of statistics on internet activity. Google is fighting hard as they should. Apparently several Google competitors caved in.
How often does it happen? There's an important idea or action which is controversial. The bravest come out in support of it early, but others are wary. Will support for this idea hurt them in other circles? Is the idea against the "party line" of some group they belong to, even though a sizeable number of the group actually support it? How can you tell.
One particularly interesting argument seen in the Underwatergate scandal is the one that the NYT, by revealing the existence of warrantless wiretaps on international communications lines, compromised national security.
Reporters asked how that can be. After all, surely the bad guys knew the U.S. had the ability to perform surveillance on them, and has a secret intelligence court, and was presumably getting lots of secret warrants to watch them, and was furthermore watching them overseas without being subject to the 4th amendment.
A lot of new developments in the warrantless wiretap scandal. A FISA judge has resigned in disgust. A Reagan-appointed former DoJ official calls the President a clear and present danger. And the NSA admits they have on rare occasions tapped entirely domestic phone calls, because sometimes people calling to or from international cell phones while those phones are in the USA would see the traffic go overseas and come back again. I have made such calls to Europeans and Australians visiting the USA.