Big news today. Judge Walker has denied the motions -- particularly the one by the federal government -- to dismiss our case against AT&T for cooperative with the NSA on warrantless surveillance of phone traffic and records.

The federal government, including the heads of the major spy agencies, had filed a brief demanding the case be dismissed on "state secrets" grounds. This common law doctrine, which is often frighteningly successful, allows cases to be dismissed, even if they are of great merit, if following through would reveal state secrets.

When you buy stuff with a credit card online these days, they always want your address, because they will plug it into their credit card verification system, even if they are not shipping you a physical product.

I'm trying to give my physical address out less and less these days, and would in the long term love something like the addresscrow system I proposed.

In recent times, we've seen a lot of debate about eroding the 4th amendment protections against surveillance in the interests of stopping terrorists and other criminals.

It's gotten so prevalent that it seems the debate has become only about how much to weaken the 4th. Nobody ever suggests the other direction, strengthening it.

Here's an interesting problem. In the movies we always see scenes where the good guy is fighting the Evil Conspiracy (EvilCon) and he tells them he's hidden the incriminating evidence with a friend who will release it to the papers if the good guy disappears under mysterious circumstances. Today EvilCon would just quickly mine your social networking platform to find all your friends and shake them down for the evidence.

So here's the challenge. Design a system so that if you want to escrow some evidence, you can do it quickly, reliably and not too expensively, at a brief stop at an internet terminal while on the run from EvilCon. Assume EvilCon is extremely powerful, like the NSA. Here are some of the challenges:

• You need to be able to pay those who do escrow, as this is risky work. At the same time there must be no way to trace the payment.
• You don't want the escrow agents to be able to read the data. Instead, you will split the encryption keys among several escrow agents in a way that some subset of them must declare you missing to assemble the key and publish the data.
• You need some way to vet escrow agents to assure they will do their job faithfully, but at the same time you must assume some of them work for EvilCon if there is a large pool.
• They must have some way to check if you are still alive. Regularly searching for you in Google or going to your web site regularly might be traced.

Some thoughts below...

April 1, 2006, San Francisco, CA: In a surprise move, Department of Justice (DoJ) attorneys filed a subpoena yesterday in federal court against the National Security Agency, requesting one million sample Google searches. They plan to use the searches as evidence in their defence of the constitutionality of the Child Online Protection Act.

For some time in my talks on CALEA and VoIP I've pointed out that because the U.S. government is mandating a wiretap backdoor into all telephony equipment, the vendors putting in these backdoors to sell to the U.S. market, and then selling the same backdoors all over the world. Even if you trust the USGov not to run around randomly wiretapping people without warrants, since that would never happen, there are a lot of governments and phone companies in other countries who can't be trusted but whom we're enabling.

You may be familiar with Stegonography, the technique for hiding messages in other messages so that not only can the black-hat not read the message, they aren't even aware it's there at all. It's arguably the most secure way to send secret data over an open channel. A classic form of "stego" involves encrypting a message and then hiding it in the low order "noise" bits of a digital photograph. An observer can't tell the noise from real noise. Only somebody with the key can extract the actual message.

Looking at printed wedding gift ribbon some time ago, Kathryn thought it would be amusing to put the 4th amendment on the ribbon, and tie it around our suitcases.

That turned out to be hard to make, but I did make a design for shipping tape which you can see below. The printed shipping tape has the text slant so that as the pattern repeats, the 4th amendment appears as a long continuous string, as well as a block.

Tom Selleck narrates:

Have you ever arranged a wiretap in Las Vegas without leaving your office in Fort Meade?

Or listened in on a mother tucking in her baby from a phone booth, all without the bother of a warrant?

Or data mined the call records of millions of Americans with no oversight?

You will.

And the company that will bring it to you... AT&T

A big announcement today from those of us at the EFF regarding the NSA illegal wiretap scandal. We have filed a class-action lawsuit against AT&T because we have reason to believe they have provided the NSA and possibly other agencies with access to not only their lines but also their "Daytona" database, which contains the call and internet records of AT&T customers, and probably the customers of other carriers who outsource database services to Daytona.

Last week I spoke at O'Reilly's Emerging Telephony (ETEL) conference about CALEA and other telecom regulations that are coming to VoIP. CALEA is a law requiring telecom equipment to have digital wiretap hooks, so police (with a warrant, in theory) can come and request a user's audio streams. It's their attempt to bring alligator clips into the digital world.

With too many people defending the new levels of surveillance, I thought I would introduce a new word: Panoptopia -- a world made wonderful by having so much surveillance that we can catch all the bad guys.

David Brin introduced the concept to many in The Transparent Society, though he doesn't claim it's a utopia, just better than the alternative as he sees it.

It used to be that "If you are innocent you have nothing to hide" was supposed to be a statement whose irony was obvious to all. Today, I see people saying it seriously.

We're always coming up with new technologies that affect privacy and surveillance. We've seen court cases over infrared heat detectors seeing people move inside a house. We've seen parabolic microphones and lasers that can measure the vibration of the windows from the sound in a room. We've seen massive computers that can scan a billion emails in a short time, and estimates of speech recognition tools that can listen to millions of phone calls.

Google is currently fighting a subpoena from the DoJ for their search logs. The DoJ experts in the COPA online porn case want to mine Google's logs, not for anybody's data in particular, but because they are such a great repository of statistics on internet activity. Google is fighting hard as they should. Apparently several Google competitors caved in.

How often does it happen? There's an important idea or action which is controversial. The bravest come out in support of it early, but others are wary. Will support for this idea hurt them in other circles? Is the idea against the "party line" of some group they belong to, even though a sizeable number of the group actually support it? How can you tell.

One particularly interesting argument seen in the Underwatergate scandal is the one that the NYT, by revealing the existence of warrantless wiretaps on international communications lines, compromised national security.

Reporters asked how that can be. After all, surely the bad guys knew the U.S. had the ability to perform surveillance on them, and has a secret intelligence court, and was presumably getting lots of secret warrants to watch them, and was furthermore watching them overseas without being subject to the 4th amendment.

A lot of new developments in the warrantless wiretap scandal. A FISA judge has resigned in disgust. A Reagan-appointed former DoJ official calls the President a clear and present danger. And the NSA admits they have on rare occasions tapped entirely domestic phone calls, because sometimes people calling to or from international cell phones while those phones are in the USA would see the traffic go overseas and come back again. I have made such calls to Europeans and Australians visiting the USA.

Seeing as this scandal seems to be revolving around the tapping, without warrants, of signals over the undersea telecom cables, I propose we call it Underwatergate.

It's long, but I can strongly recommend the transcript of today's press briefing on the NSA warrentless wiretaps. It's rare to see the NSA speak about this topic.

One can read a fair bit between the lines. The reporters were really on the ball here, far more than one usually sees.

Particularly interesting notes include:

This is an idea from several years go I've never written up fully, but it's one of my favourites.

We've seen lots of pushes for online identity management -- Microsoft Passport, Liberty Alliance and more. But what I want is for the online world to help me manage my physical identity. That's much more valuable.

I propose a service I call "addrescrow" which holds and protects your physical address. It will give that address to any delivery company you specify when they have something to deliver, but has limits on how else it will give away info from you. It can also play a role in billing and online identity.

You would get one or more special ID names you could use in place of your address (and perhaps your name and everything else) when ordering stuff or otherwise giving an address. If my ID was "Brad Ideas" then somebody would be able to send a letter, fedex or UPS to me addressed simply to "Brad Ideas" and it would get to me, wherever I was.

(Read on...)