Subscribe: Privacy
http://www.reason.com/topics/topic/198.xml
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
access  act  cloud act  court  data  facebook  government  information  law enforcement  people  privacy  security  social  users 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Privacy

Privacy



All Reason.com articles with the "Privacy" tag.



Published: Mon, 23 Apr 2018 00:00:00 -0400

Last Build Date: Mon, 23 Apr 2018 20:55:34 -0400

 



Public Transit Becomes Another Tool for Total Government Surveillance

Mon, 23 Apr 2018 11:05:00 -0400

Richmond, Virginia's new bus-rapid-transit system, the Pulse, has been beset with controversy. The original price tag of $49 million has risen to around $65 million. Some community leaders and City Council members thought its footprint didn't go far enough. The system was supposed to be up and running months ago, and businesses along the affected Broad Street corridor have complained about the way the drawn-out construction has kept customers away. City marketers like to say Richmond is "easy to love," but loving the Pulse takes more effort. Now there's another reason to harbor a resentment against it: surveillance. Last week Style Weekly's Brad Kutner reported that the system's 26 stops will have around four security cameras each—"making for more than 100 new surveillance devices on the roughly 7.5-mile stretch." Moreover: "These stationary cameras will always be on, day and night, and their live feeds will be viewable from 911 headquarters, through the city's Department of Emergency Communications, as well as at GRTC's radio room." The Pulse buses also come with several surveillance cameras. City and law-enforcement officials promote the cameras' benefits. A spokesman for the State Police says cameras help find "missing children, abducted persons and wanted offenders." A spokesman for the Greater Richmond Transit Company offers a different rationale. She says by email that the cameras serve "the safety of our patrons. ... If there is a need at a station, we can immediately see the need and respond accordingly. This ensures we are able to provide exceptional customer service for GRTC riders." Responding immediately to a need, however, suggests the cameras will not only operate around the clock, but be monitored around the clock as well. Which means Pulse patrons could be under surveillance whether they have a need or not—and despite the fact that the stations also come equipped with emergency call boxes. That would be troubling enough in its own right. It seems all the more troubling given the widespread understanding that one purpose of the Pulse is to help people of modest means—in particular the majority-black population of Richmond. The Pulse is considered a "literal lifeline to jobs, services, and opportunities" for "households without a car." The relief that comes from having better transportation opportunities might be tempered by the oppressive sense that you're constantly being watched, just in case. True, people have become accustomed to surveillance cameras. They dot the ceilings of big-box retailers like measles. They peer down at customers in banks, and those using ATMs and self-checkout lines. They stand guard at the entrances to apartment buildings and tony subdivisions. And they keep watch for cheaters at toll-road collection plazas. But most of those cameras reside on private property, and they generally are used to look out for specific offenses, such as shoplifting. Cameras that proliferate in public spaces watch everyone, for no particular reason. Just in case. Granted: Nobody has a right to privacy in a public place. But there's a big difference between occasional, incidental observation and constant, intentional scrutiny. It's the difference between driving past a police car at an intersection and being followed by a police car for miles. The Supreme Court has recognized that distinction too, in a series of cases about law-enforcement monitoring. It has ruled that placing a GPS monitor on a suspect's car without a warrant violates the Fourth Amendment, that having a dog sniff around your front porch constitutes a search, and that a convicted sex offender cannot be forced to wear a GPS tracking device so authorities can monitor his movements. Each of those cases involved known criminals or suspected criminal activity, and the court still imposed limits on government action. Omnipresent security cameras lack such a rationale: They monitor everybody. But even setting aside the concern about creeping Big Brotherism, there's another reason to question the cameras: Will they do any good? London is [...]



In Defense of Cash

Sun, 22 Apr 2018 06:00:00 -0400

On the evening of November 2016, Indian Prime Minister Narendra Modi announced that 500-rupee notes (valued at about $8) and 1,000-rupee notes would become "worthless pieces of paper" at midnight, no longer recognized as legal tender. The stated goal of his demonetization plan: to catch criminals. The government offered a brief window in which old notes could be swapped for new ones, with the idea that everyone from human traffickers to tax cheats would have to show up at banks with vast sums of money and confess their sins or lose the value of their cash holdings altogether. The costs of this scheme were large. At the time of the announcement, demonetized notes accounted for 86 percent of all currency in circulation. As George Mason economist Lawrence H. White has written, "A serious currency shortage immediately arose, with predictable consequences. Honest wage laborers in the huge cash economy went unpaid, honest construction projects came to a standstill, honest shopkeepers saw sales dry up, and honest businesses failed. Honest people wasted billions of hours waiting in queues to exchange old notes for the trickle of new notes." Growth in the country's gross domestic product fell from an annualized rate of 7.37 percent in the quarter prior to the announcement to an average annualized rate of 6.06 percent in the first three quarters of 2017. What's more, the program utterly failed to impose a levy on those conducting business in the underground economy. Lawbreakers did not find themselves stuck with worthless notes. Instead, the Reserve Bank of India reports that 98.96 percent of all demonetized notes were turned in during the months following the announcement. That is on par with redemption rates in Italy (99.15 percent) and France (98.77 percent) following the introduction of the euro—and in those cases users were given 10 years to convert their old money. The Indian experiment was a failure. Yet a group of politicians, academics, and do-gooders continues to dream about a cashless world where black markets would shrink and tax coffers would grow. Cash Is for Criminals In his 2016 book The Curse of Cash (Princeton University Press), Harvard economist Kenneth S. Rogoff makes what is arguably the best case for demonetization in America. He estimates that more than a third of all U.S. currency in circulation is used by criminals and tax cheats in the domestic economy and suggests the proportion is even higher for large denomination notes. Rogoff concedes that "crime will continue with or without cash, but for very good reasons, cash is a medium of exchange highly favored by the underground economy, and the underground economy accounts for a significant share of the demand for cash." Rogoff proposes eliminating $100 and $50 bills immediately. He claims few people use such large denominations in the domestic legal economy. As long as those who do are able to switch to lower denominations at little cost—and he says they would be—such a policy would be minimally disruptive. But it doesn't stop there: In Rogoff's scheme, most lower denomination notes also must go. This would take place over a much longer period, a decade or more. To promote the transition, the government might subsidize deposit accounts—perhaps through rebates to customers or direct payments to financial institutions—or require all paychecks to come via direct deposits. The smallest denomination notes could be left in circulation or, better still, replaced with coins—which are much heavier and hence less convenient for large transactions—to leave some limited scope for financial privacy. This proposal promises to deliver significant gains from reducing crime and tax evasion while imposing few costs on those operating in the legal domestic economy. Who wouldn't want that? Indeed, the idea has launched a formidable coalition in the Better Than Cash Alliance, with the United Nations Capital Development Fund, the U.S. Agency for International Development, the Bill and Melinda Gates Foundation, Omidyar Network, Citi, Visa[...]



How We Lost Privacy

Thu, 19 Apr 2018 06:00:00 -0400

The Known Citizen: A History of Privacy in Modern America, by Sarah E. Igo, Harvard University Press, 540 pages, $35 A couple of years ago, I went to dinner at the Seattle Space Needle. To my surprise—I was over 30—the waiter asked to see ID when I ordered wine. I hadn't brought my purse from the hotel, so I had nothing with which to prove my age. In retrospect, this probably saved me from a $100 bar tab at their prices, but at the time I was annoyed. Although we aren't officially required by law to carry identification, in practice it is necessary to get through many interactions. This has become increasingly true over time. As a teenager I bought booze without problems. I can also recall being able to fly domestically without showing ID. I still often go out with nothing but some cash in my pocket. Nonetheless, like all of you, I leave a paper trail of account numbers, credit scores, and biometric photos wherever I go. In The Known Citizen, a highly readable new history of privacy in America, the Vanderbilt historian and legal scholar Sarah Igo offers insight into the ways attitudes have evolved as different forms of identification, and different expectations of privacy, have emerged. When future Supreme Court justice Louis Brandeis conceived of privacy as a "right to be left alone" in the Harvard Law Review in 1890, he meant a right to be free from intrusive media attention. The state's attentions were less of a concern to him. The inflection point, the time when privacy advocates focused their attention on the federal government, was the New Deal. Social Security numbers presented a major issue for anyone who saw government registration as an infringement of civil liberties. But as Igo shows, linking Social Security clearly with the benefits to be garnered from registration turned most citizens in favor of the idea. Being enrolled in Social Security showed that one was gainfully employed, an upright citizen. In the early days of the system, some people even chose to have themselves tattooed with their number. The government promised that the numbers would be used only for Social Security purposes, but they soon crept into different federal agencies' files, becoming, just as skeptics had feared, a general means of identifying citizens. Since the 1980s, Social Security numbers have been widely issued at birth; an entire generation of Americans have now lived their entire lives with open federal files. As the public became more relaxed about Social Security numbers, privacy concerns shifted elsewhere. After the Second World War, Americans pursued privacy in the form of the single-family home in the suburbs. Children would have their own bedrooms; the nuclear family would be free from extended relations and lodgers. But to some people's disappointment, the suburban ideal didn't free everyone from snooping neighbors. Away from the anonymity of cities, residents sometimes found themselves under more surveillance, subject to social censure for transgressing community norms. Expectations of privacy in the home are also culturally freighted, to a degree Igo doesn't fully cover. Northwestern European architecture (which was imported to the U.S.) tends to have houses with windows facing the street, allowing others to see in as the occupants see out. In much of Holland, it was traditional not even to have curtains, such was the literal transparency of good Protestant living. This is very different from the cloistered, courtyard-based styles of southern Europe and parts of Asia, where passers-by can see nothing of a house's interior. Adjusting to American norms of domestic privacy was part of an immigrant's assimilation. Anxiety in this space ran high in the 1960s with concerns about wiretapping and eavesdropping. Popular magazines described how tiny transmitters could be concealed, and high-profile court cases tested the police's right to listen in on phone conversations. Some of the fascination with spy gadgets probably bled over from popular culture—this was the era [...]



Russia Bans Telegram, a Popular Encrypted Messaging App

Tue, 17 Apr 2018 15:30:00 -0400

(image)

A Russian court has banned Telegram, a popular encrypted messaging app, because of the company's refusal to give its encryption keys to the state. The move has disrupted millions of users' communications channels.

The Federal Security Service (FSB) has been after Telegram's user data, labeling the organization a first-choice platform for "international terrorists organizations in Russia" after a suicide bomber reportedly used it to communicate with accomplices.

When the FBS demanded that Telegram decrypt its user data, Telegram attempted to fight the action in court. Last month, it lost the bid to appeal, was slapped with a $14,000 fine, and had a 15-day window to comply with the order. After Telegram continued to defy the court, the government prohibited it entirely.

"The power that local governments have over IT corporations is based on money," said Telegram founder Pavel Durov in a statement. "At any given moment, a government can crash their stocks by threatening to block revenue streams from its markets and thus force these companies to do strange things."

Durov's statement also referenced Apple's choice to bow to the Chinese authorities by relocating its iCloud services and cryptographic keys to China, in order to secure market access. Some fear that this may make it easier for Beijing to abuse users' rights.

"At Telegram, we have the luxury of not caring about revenue streams or ad sales," Durov said in his statement. "Privacy is not for sale, and human rights should not be compromised out of fear or greed."

Telegram and Durov are no strangers to nationwide bans. Durov has lived in exile since 2014, after the Russian government pressured him to resign from his position at the social networking site Vkontake—often described as the Facebook of Russia—largely because he refused to give encryption access to allies of President Vladimir Putin.

Iran wants Telegram banned by the end of April. Officials there are upset that Telegram gives Iranians access to foreign sources the government does not support. In Indonesia, the company faced temporary bans after it emerged that ISIL groups used Telegram to promote its content. And here in the U.S., Congress, the FBI, and the Justice Department have all expressed an increasing interest in bills that would allow the government to compel individuals or companies, such as Telegram, Apple, and Facebook, to decrypt their data.

Telegram currently has 200 million users worldwide. According to Bloomberg, roughly 9.5 million of those live in Russia.




Supreme Court Punts on Data Privacy Case, Thanks to the Terrible CLOUD Act

Tue, 17 Apr 2018 11:45:00 -0400

(image) Thanks to a broad new law granting the feds access to American data stored in foreign countries, the Supreme Court just punted a case that was supposed to address the question.

In United States v. Microsoft, federal drug-trafficking investigators were trying to force Microsoft to comply with a warrant demanding access to a customer's emails and other private data. But the data they wanted were stored on a server in Ireland. Microsoft fought the warrant, arguing that the government's demands couldn't reach that far under the Stored Communications Act.

The Supreme Court agreed to take on the case last fall and heard arguments in February. But in March, legislation buried deep in the federal omnibus spending bill granted the feds access to data and communications from Americans being held on servers in foreign countries. So today the Supreme Court ruled that the case was moot and kicked it back down to the lower courts for dismissal.

That bill, the Clarifying Lawful Overseas Use of Data (CLOUD) Act, did not get much attention outside of privacy and civil liberties quarters. (We covered it here at Reason.) The CLOUD Act not only gives the feds access to Americans' data being held overseas, but also allows other countries to demand access to their citizens' private data when it's stored here in America. The American Civil Liberties Union warned that poor and limited oversight of the cooperation system could have significant human rights consequences in countries with despotic leaders:

The bill would give the attorney general and the secretary of State the authority to enter into data exchange agreements with foreign governments without congressional approval. The country they enter into agreements with need not meet strict human rights standards—the bill only stipulates that the executive branch consider as a factor whether a government "demonstrates respect" for human rights and is similarly vague as to what practices would exclude a particular country from consideration. In addition, the bill requires that countries adopt procedures to protect Americans' information, but provides little specificity as to what these standards must include. Moreover, it would allow countries to wiretap on U.S. soil for the first time, including conversations that foreign targets may have with people in the U.S., without complying with Wiretap Act requirements.

But none of that was connected to the case the Supreme Court was considering. They were just examining the limits of what the feds could request. The CLOUD Act was passed specifically for the purpose of making it clear that the feds could demand American tech companies pass along data no matter where it was stored. So the case is indeed moot, even if the underlying concerns and fears are still very relevant.




Facebook’s Use of Data May Annoy You, But IRS Handling of Your Sensitive Information Is Truly Chilling

Tue, 17 Apr 2018 10:10:00 -0400

As we argue over the propriety of Facebook hoovering up personal (but not especially sensitive) information that users voluntarily gave to the social media company, it's a good time to remember that many of us are right now surrendering delicate details of our life to an even less trustworthy entity—the Internal Revenue Service (IRS)—and we have no choice. Using a feature of Facebook that was abandoned in 2015, third-party apps were, for several years, able to compile fairly detailed profiles on users who installed them. Among other destinations, the information made it to political campaigns for use in targeted electioneering (variously characterized as innovative when the Obama campaign bragged about its tech savvy, and nefarious when it benefited Trump). This info-siphoning struck many people as creepy as hell (almost certainly why Facebook killed the feature three years ago), but it was based on freely surrendered data through a service that nobody was compelled to use. Anybody uncomfortable with Facebook's policies can just close their account (or creatively populate it with bogus info). By contrast, you can't just walk away from IRS demands for the details of your finances, your business, your property, and your family. The tax agency gets very pissy, indeed, if you turn up your nose at demands for information, warning that "the IRS may assess penalties to taxpayers for both failing to file a tax return and for failing to pay taxes they owe by the deadline." Boris Johnson, when he was mayor of London (you, know, in the U.K.), was slapped with an enormous tax bill by the United States IRS because he was born in this country, though he left by the age of 5. The only way he was able to escape threats of arrest should he ever return to the land of his dimly remembered childhood was to pay the tab and then renounce his American citizenship. The purposes to which the IRS turns that extracted data are more chilling, too—and that's just if we're talking about the intentional funding of an ever-metastasizing state that exists to push you around and turn out your pockets to fund its efforts to become yet pushier. By comparison, targeted political messages at which you roll your eyes before scrolling by are nothing but minor annoyances. You have nobody to blame but yourself if you actually pay attention to those ads. But the IRS has a pretty impressive history of not just putting coercively extracted information to questionable uses, but also of storing it carelessly, leaking data through every possible conduit, and hiring employees who appear to only marginally prefer a career in tax collection over knocking over liquor stores. That is, it might be fun to see Mark Zuckerberg field a battery of ill-informed and frankly stupid questions from those members of our society diagnosed as senators. But it would be much more productive if a long line of IRS employees stood behind him, awaiting their turn. Ryan Payne, for instance could have taken a few moments to field some questions about the course of events that led the former IRS agent to plead guilty earlier this year to using other people's Social Security numbers—information acquired during business audits—while applying for a loan and a bank account. For their part, Della Ornelas and Randall Ruff could have delved into their long and mutual interest in combining tax collection with fraud—shared tastes that led them first to multi-decade careers at the IRS, to marriage, and then prison. Maybe senators could have pressed representatives of The Treasury Inspector General for Tax Administration about their puzzlement, expressed in a February report, as to why "the IRS issued more than $1.7 million in awards to 1,962 employees who had a disciplinary or adverse action… Some of these employees had serious misconduct such as unauthorized access to tax return information, substance abuse, and sexual misconduct." And then there are the o[...]



A Bunch of Senators Just Showed They Have No Idea How Facebook Works. They Want to Regulate It Anyway.

Tue, 10 Apr 2018 18:35:00 -0400

On Tuesday, the Senate Judiciary and Commerce, Science, and Transportation committees grilled Facebook CEO Mark Zuckerberg about the company's insufficient efforts to protect users' personal data. In doing so, many of the senators betrayed a general lack of knowledge about how Facebook operates. Imagine trying to explain social media to your grandparents—this was essentially Zuckerberg's task. Sen. Roy Blunt, (R–Mo.), for instance, didn't seem to understand that Facebook lacks a means of accessing information from other apps unless users specifically opt in. The same was true of Sen. Roger Wicker (R–Miss.), who needed a lot of clarification on how Facebook Messenger interacts with cellular service. Zuckerberg had to carefully explain to Sen. Brian Schatz (D–Hawaii) that WhatsApp is encrypted, and Facebook can't read, let alone monetize, the information people exchange using that service. Zuckerberg had to explain to multiple senators, including Dean Heller (R–Nev.), that Facebook doesn't technically sell its data: The ad companies don't get to see the raw information. Sen. Patrick Leahy (D–Vt.) brought along a poster on which his office had printed out images of various Facebook pages. Leahy asked whether these were Russian propaganda groups. "Senator, are you asking about those specifically?" Zuckerberg asked. He of course had no way of knowing what was going on with those specific pages, just from looking at pictures of them. "I'm not familiar with those pieces of content," Zuckerberg finally conceded. Sen. Amy Klobuchar (D–Minn.) offered this metaphor to explain Facebook's recent troubles: "the way I explain it to my constituents is that if someone breaks into my apartment with a crowbar and takes my stuff, it's just like if the manager gave them the keys." But that metaphor doesn't quite work—Facebook didn't willfully assist in a crime. Meanwhile, Sen. Debbie Fischer (R–Neb.) didn't understand, at a fundamental level, that if you're using Facebook, you have agreed to let Facebook know a lot of information about you. Sen. Lindsey Graham (R–S.C.) asked whether Facebook had any major competitors. Zuckerberg tried to explain that the company competes across different categories related to Facebook's several main functions—as a tech giant, against Google, as a social media site, against Twitter, and so on—which led Graham to fret about Facebook being a monopoly and thus incapable of self-regulation. Nevertheless, Graham asked Zuckerberg whether the CEO would be willing to propose regulations that Facebook might like the government to impose on it. Some senators, including Sen. John Cornyn (R–Texas) and Richard Blumenthal (D–Conn.), asked perceptive questions about Facebook's data collection practices. Even so, Blumenthal also asked whether users should be able to access all the information Facebook has on them—prompting Zuckerberg to point out that Facebook already lets users download their data. Throughout the hearing, Zuckerberg maintained that he wasn't against regulation, "if it's the right regulation." However, he expressed concern that regulations aimed at preventing Facebook from functioning as a monopoly might backfire and simply make it more difficult for smaller firms to compete. But senators on both sides of the political aisle were clear about their concerns—and more than willing to step in. "If Facebook and other online companies will not or cannot fix their privacy invasions, then we are going to have to," said Sen. Bill Nelson (D–Fla.). "We, the Congress." What Nelson and his colleagues largely failed to do was demonstrate that "we, the Congress" possess the requisite knowledge to regulate Facebook, or that those regulations would improve upon the policies Facebook would like to implement on its own. Ignorance breeds bad policy: consider the terrible Fight Online Sex Trafficking Act (FOSTA), passed by "we the Con[...]



Cops Will Use Drones to Monitor Traffic at Coachella

Thu, 05 Apr 2018 10:25:00 -0400

(image)

In response to the mass casualty shootings at the Route 91 music festival in Las Vegas and the Bataclan in Paris, law enforcement and event organizers across the U.S. are considering new steps to secure mass events. As part of that, the 2018 Coachella Valley Music and Arts Festival will use drones as part of the event's security protocol.

The drones will not be used to track people or monitor crowds, says Indio Police Sergeant Dan Marshall. Rather the drones will be used to briefly monitor traffic, a top concern of police.

"This year Coachella is so big and expansive that we have outlying intersections that we can't get to rapidly," Marshall told Reason. Drones may help police more easily locate and address traffic backup, but they will not be used to "hover over crowds," he said.

Alex Netto, marketing director of Dronefly, told Reason the company is seeing an "increase in using drones for monitoring public events."

While the secruity precautions at Coachella might not be as Orwellian as TMZ originally reported, security at the event is expected to be strong. According to Marshall, there will be a "large law enforcement presence on the ground," and visual demonstrations will be used to educate concert goers about their surroundings.

"We want people to come here and have a good time and to feel safe," Marshall said. "We want people to get to know the venue and know where the emergency exits are—to know where to go and know how to get out."Coachella is one of the largest music festivals in the U.S. Roughly 198,000 people attended last year.

Police forces across the U.S. have added drones, or unmanned aerial vehicles (UAVs), to their surveillance arsenals. According to a report by The Center for Study of the Drone by Bard College, at least 347 state and local police, sheriff, fire, and emergency units in the U.S. have acquired drones. Out of the 347 units, 121 are sheriffs offices and 96 are police departments. According to data Bard gathered from the National Conference of State Legislatures, only 18 states require law enforcement to obtain a search warrant before using a drone for surveillance or a search. North Dakota is the only state that allows its police force to use weaponized drones.




Hey, Beltway Denizens: Spies Are Tracking Your Phones, So Maybe Don't Ruin Encryption

Wed, 04 Apr 2018 16:25:00 -0400

(image) The Department of Homeland Security has acknowledged that there are unauthorized devices in our nation's capital that crooks or foreign governments may be using to track and possibly even access the contents of people's phones.

They're talking about "Stingray" devices, cell site simulators that law enforcement agencies have used to secretly track location data of cell phones in the possession of crime suspects.

The news that there are devices in the U.S. not under domestic government control came in the form of a letter to Sen. Ron Wyden (D-Ore.), who sent a bunch of questions to Homeland Security to find out what the agency knows.

You'd have to be an idiot to work in D.C. and not assume that this is going on, and the Associated Press coverage does not assume people are idiots. The letter confirms what everybody knows is happening. But it's good to see this information publicly acknowledged as the media report that the Department of Justice is once again trying to require tech and communication companies to provide them with ways to work around encryption.

From The New York Times:

Justice Department officials are convinced that mechanisms allowing access to the data can be engineered without intolerably weakening the devices' security against hacking.

Against that backdrop, law enforcement officials have revived talks inside the executive branch over whether to ask Congress to enact legislation mandating the access mechanisms. The Trump White House circulated a memo last month among security and economic agencies outlining ways to think about solving the problem, officials said.

Even those solutions that don't utterly destroy our cybersecurity altogether come fraught with risks. One approach involves a separate key in the phone itself that only the manufacturer would be able to access and use with a court order. But employees at each of these companies would be able to access the keys, increasing the potential for theft or abuse or just getting your out into the public somehow. (We've already seen this happen with Microsoft.)

This push to force access into phones comes at odds with the cybersecurity needs of everyone in D.C. who works in politics. You'd think their own sense of self-preservation would put a damper on these efforts, but no.

In fact, the Associated Press notes that the feds don't seem that interested even in doing something about the cell tower simulators being operated in their own backyard by people or governments unknown. Why? Because "there was no political will to tackle the issue against opposition from the intelligence community and local police forces that were using the devices 'willy-nilly.'"

That's the encryption fight in a nutshell. Cops and spies don't care about your data security if it makes it harder for them to access whatever they want. And that position seems implacable, even if it increases the likelihood that Americans will become victims of criminal hacking.




Banning 'Assault Weapons' Makes As Much Sense As Banning Opaque Backpacks

Wed, 04 Apr 2018 13:30:00 -0400

Cameron Kasky is one of the most prominent student activists calling for gun control in response to the February 14 attack that killed 17 people at Marjory Stoneman Douglas High School in Parkland, Florida. Yesterday Kasky, a junior at the school, mocked the transparent backpacks now required there by filling one of them with tampons and posting a picture of it on Twitter, along with the tag #MSDStrong. Like "many Marjory Stoneman Douglas students behind the #NeverAgain movement" (per USA Today), Kasky seems to think the backpack policy is a dubious imposition that creates the appearance of doing something about gun violence without actually making people any safer. But as Robby Soave noted the other day, the policies favored by Kasky and his fellow activists are open to the same criticism. "We are demanding an assault weapons ban," Kasky explained on Face the Nation after last month's "March for Our Lives" rally in Washington, D.C. "We are demanding the prohibition of sales of high-capacity magazines, and we are demanding universal background checks, which is something you'll see from the polls pretty much the entire country is behind and yet we've seen nothing of it." If the aim is reducing the frequency or lethality of mass shootings, these measures do not hold much more promise than MSD's see-through backpacks. Assault weapons. The ban proposed by Sen. Dianne Feinstein (D-Calif.), which presumably is the legislation that Kasky has in mind, would not actually eliminate the guns it targets, since it exempts firearms legally owned prior to the bill's passage. (The alternative would be a mass confiscation campaign that would be practically and politically problematic, to put it mildly.) Based on data for production and imports since 1990, the National Shooting Sports Foundation estimates that Americans own more than 16 million rifles that would qualify as "assault weapons" (which the industry prefers to call "modern sporting rifles"). If grandfathered firearms undermined the effectiveness of the federal "assault weapon" ban that expired in 2004, that problem is more than 10 times as big today. More to the point, the features that define so-called assault weapons—things like folding stocks and barrel shrouds—have little or nothing to do with their effectiveness in the hands of mass shooters. Contrary to popular belief, the guns that Feinstein wants to ban do not fire faster, fire more rounds, or fire larger-caliber bullets than the ones that would remain legal. Even if she could make all "assault weapons" magically disappear, would-be mass shooters would have plenty of equally lethal choices left. High-capacity magazines. As with "assault weapons" (but more so), many millions of these are already in circulation and therefore would remain available to violent criminals. And given how quickly magazines can be switched, it is not clear that, say, forcing assailants to use magazines holding 10 rounds rather than 30, even if it were possible, would make a significant difference in attacks on unarmed people. Consider the 2007 Virginia Tech attack, which killed almost twice as many people as the Parkland massacre. The perpetrator used ordinary handguns, as opposed to "assault weapons," and he had 19 magazines, some holding 10 rounds and some holding 15. He emptied 17 magazines before ending the rampage by shooting himself in the head. Universal background checks. The Parkland shooter passed a background check because he did not have a disqualifying criminal or psychiatric record, as is typically true of mass shooters. In such cases, requiring background checks for all gun transfers (as opposed to sales by federally licensed dealers, as under current law) obviously would not stop murderers from obtaining weapons. Even when someone planning an attack is not legally allowed to buy guns,[...]



Foreign Servers No Longer Safe From Justice Department Snooping, Trade War With China Heats Up, Kremlin Says Trump Has Requested White House Summit With Putin: Reason Roundup

Mon, 02 Apr 2018 09:30:00 -0400

The Justice Department's digital reach now extends worldwide, thanks to the CLOUD Act. The Department of Justice (DOJ) has been quick to flex its new authority since President Trump signed the "CLOUD Act" into law in late March. On Friday, DOJ asked the Supreme Court to rule moot a case involving Microsoft's refusal to turn over emails stored on an Irish server. The emails concerned a suspect in a federal drug case. The CLOUD Act says that a "provider of electronic communication service" must turn over court-ordered data "regardless of whether such communication, record or other information is located within or outside of the United States." The Supreme Court had heard arguments in February in the Microsoft case, which revolved around whether a U.S. search warrant covers digital data stored on an overseas server by a U.S. company. But in light of the new law, the Court's services might not be necessary. DOJ has already obtained a new search warrant demanding Microsoft to turn over the drug suspect's emails that are stored on a server in Dublin. "Microsoft no longer has any basis for suggesting that such a warrant is impermissibly extraterritorial," Solicitor General Noel J. Francisco wrote to the court. "There is thus no longer any live dispute between the parties, and the case is now moot." This demand of Microsoft is one of the first visible, and chilling, effects of the CLOUD Act. In conjunction with FOSTA, the CLOUD Act marks March as a really terrible month for privacy, free speech, and an open internet in America, and it may signal some dark days ahead for anyone who values those things. In the wake of Congress passing FOSTA (which makes facilitating or promoting prostitution a federal crime for which websites can be held legally liable for), some people have discussed the importance of foreign servers for shielding digital platforms and their users from prying prosecutors and legal liability. But even if the server is abroad, it's now also important that the company running the server have no U.S. ties, or else they could still be compelled under the CLOUD Act to fork over user data. As the Electronic Frontier Foundation noted when the CLOUD Act passed, this measure "was never reviewed or marked up by any committee in either the House or the Senate. It never received a hearing. It was robbed of a stand-alone floor vote because Congressional leadership decided, behind closed doors, to attach this un-vetted, unrelated data bill to the $1.3 trillion government spending bill." FREE MINDS Judge sides with Metro over Milo. The D.C. Metro doesn't have to repost ads for Milo Yiannopoulos' book, or at least not yet, according to a weekend ruling from U. S. District Judge Tanya Chutkan. The public transit system (officially known as the Washington Metropolitan Area Transit Authority, or WMATA) had initially accepted and ran Yiannopoulous' ads but quickly pulled them down, citing customer complaints. Yiannopoulos sued. Now Chutkan's ruling (the first since the case was filed in August 2017) rejects Yiannopoulos' request for a preliminary injunction. From the decision: WMATA reasonably concluded that Milo Worldwide's advertisements violated WMATA's prohibition on advertisements intended to influence public policy. WMATA therefore acted reasonably in excluding those advertisements, in view of its stated objective to reduce community and employee opposition, to diminish security risks, and to avoid vandalism and the burdens of administrative review. No matter your opinion on Milo, Chutkan's decision—while preliminary—should be a disappointing one if you value the First Amendment. The WMATA's rules regarding issue-based advertising are confusing, vague, and selectively applied—more a matter of which ads garner controversy, or could, than a blanket ban [...]



Mozilla's New Firefox Extension Will Try to Stop Facebook from Tracking You

Thu, 29 Mar 2018 11:35:00 -0400

(image)

Mozilla Firefox has a new extension to prevent Facebook from tracking your online habits.

Capitalizing on the fears surrounding Facebook privacy, Mozilla has designed the "Facebook Container," a Firefox add-on that blocks Facebook from tracking users when they click on ads or links that take them off the site.

Facebook currently uses a program called Pixel to collect information on how users engage with the site. When users click on links, they visit external sites but are still logged in to Facebook's platform. These outside sites will contain "share" or "like" buttons, and when users engage with these functions, this activity is connected to their Facebook identity. That's how Facebook is able to fine-tune its advertisements to its users. While this is a well-known practice, many aren't aware that their behaviors outside the core function of Facebook are tracked.

But when people using Facebook Container click a link on Facebook, it loads in a seperate blue tab that isolates users' activities from the core site. In these blue tabs, users will not be logged into Facebook, which prevents further data collection. Users do have the option to continue to use the "share" and "like" buttons, but Mozilla notes that these activities may still be tracked. The extension doesn't prevent data collection, but it offers users more control over their privacy.

"Facebook can continue to deliver their service to you and send you advertising," Mozilla explained in its announcement about the extension. "The difference is that it will be much harder for Facebook to use your activity collected off Facebook to send you ads and other targeted messages." The company acknowledges that the "type of data in the recent Cambridge Analytica incident would not have been prevented by Facebook Container. But troves of data are being collected on your behavior on the internet, and so giving users a choice to limit what they share in a way that is under their control is important."

While other people pound their fists and clamor for more regulations, Mozilla reminds us that sometimes the quickest way to address a technological problem in the private sector is with a technological solution in the private sector.




The Facebook-Cambridge Analytica 'Scandal' Is a Nothingburger

Fri, 23 Mar 2018 00:15:00 -0400

What the Facebook-Cambridge Analytica scandal lacks in relevance it sure makes up for in melodramatic rhetoric. Take Bloomberg, for instance, which reported, "The revelations of the apparent skulduggery that helped Donald Trump win the 2016 presidential election keep sending shock waves across the political landscape." Well, it's partially true. Everyone is talking about it. The story has consumed most of the mainstream media. The theory goes something like this: Facebook obtained information on users who took a personality quiz with their online friends. Another outlet, the advertising firm Cambridge Analytica, harvested that information, brainwashed a bunch of rubes and then yada, yada, yada...Russia! Former Cambridge Analytica contractor Christopher Wylie told CNN that while at the company, he helped build a "psychological warfare weapon" to "exploit mental vulnerabilities that our algorithms showed that (Facebook users) had." So, in other words, he worked in the advertising business. Those who have covered politics for more than a single Trump cycle should know better than to use this kind of unnerving rhetoric for what amounts to nothing more than average microtargeting, which has been used by hundreds, if not thousands, of firms. Yet now, when it serves to bolster convoluted theories about an election having been overthrown, terms like "psychographics" and "breach" are being thrown around to make it sound like someone hacked into voter rolls after boring into the deepest recesses of our collective soul. Here's a thought: If you're uncomfortable with data mining and your information being shared, don't take surveys. Because, guess what, you don't have to be on Facebook. You don't have to use Twitter. You don't have a constitutional right to play FarmVille without answering a survey. You don't get free stuff. The very existence of social media and tech companies is predicated on mining data so that they, or third parties, can sell you things. That has always been the deal. Cambridge Analytica is a shady company owned by the British firm SCL Group—and, reportedly, in part by the right-wing-funding Mercer family—which claimed it could build models that identify persuadable voters by using six key personality types. Now it looks like Cambridge Analytica kept data it shouldn't have. Yet the effectiveness of Cambridge Analytica's targeting was as questionable as its business practices. As others have pointed out, most Republicans used the firm to open to door to the Mercers' checkbook. By constantly using the word "breach," reporters are trying to insinuate that someone stole voter data that typically was off-limits. Cambridge Analytica was allowed to pull that profile data. Facebook only changed its policy in early 2015. But before the general election, the Trump campaign dropped Cambridge Analytica for the Republican National Committee data, reportedly never using the any of the "psychographic" information. According to CBS News, in September 2016, it had "tested the RNC data, and it proved to be vastly more accurate." Even if the campaign hadn't, however, its efforts would have been akin to those being heralded as revolutionary when serving the interests of Democrats. In fact, Facebook allowed the Obama campaign to harvest data in the same way that is now generating headlines and handwringing. Do you remember any outrage and trepidation over the privacy and manipulation of your thoughts in 2012? The only consistent position the left seems to take these days is that the mechanisms it uses to keep power automatically transform into something nefarious and undemocratic when the opposition uses them. If anything, there should be concerned about the ideological double standards of yet another tech [...]



Omnibus Bill Chips Away at Citizens’ Abilities to Protect Data from Government Snoops Across the World

Thu, 22 Mar 2018 11:35:00 -0400

The omnibus spending bill Congress is considering right now isn't just about spending money we don't have and saddling future generations with debt. It's also about chipping away at their data privacy, too. Buried deep in the omnibus bill—we're talking 2,200 pages in—is legislation intended to give the feds access to data held by American companies overseas. It also will have the effect of making it easier for foreign countries to gain access to data being stored here in America, and that makes human rights and privacy groups very, very concerned. The Clarifying Lawful Overseas Use of Data Act, acronymed the CLOUD Act, seeks, in part, to resolve a current dispute between the Department of Justice and Microsoft that is before the Supreme Court. The feds want access to data connected to a drug trafficking suspect. This data is being stored in Dublin, Ireland, not on American soil, and therefore Microsoft has been resisting. The CLOUD Act would require that communication providers cough up this information even if the data is stored outside the United States, provided it's about an American citizen. That's not all the act does, and the rest of it has human rights groups worried about the implications. The act also changes and apparently simplifies the process for foreign governments to also request data about their citizens when that data is stored on American soil. It reduces the amount of bureaucratic oversight in the process and reduces the ability of Congress or the judicial branch to step in to potentially block data sharing with countries that have reputations for using this private information for oppressive purposes. As such, groups like the American Civil Liberties Union, Amnesty International, the Electronic Frontier Foundation, and Campaign for Liberty oppose the CLOUD Act. Over at The Hill, Neema Singh Guliani of the ACLU warned about the consequences of giving only a couple of high-ranking people in the executive branch the authority to determine which governments the United States would cooperate with: The bill would give the attorney general and the secretary of State the authority to enter into data exchange agreements with foreign governments without congressional approval. The country they enter into agreements with need not meet strict human rights standards – the bill only stipulates that the executive branch consider as a factor whether a government "demonstrates respect" for human rights and is similarly vague as to what practices would exclude a particular country from consideration. In addition, the bill requires that countries adopt procedures to protect Americans' information, but provides little specificity as to what these standards must include. Moreover, it would allow countries to wiretap on U.S. soil for the first time, including conversations that foreign targets may have with people in the U.S., without complying with Wiretap Act requirements. In a letter sent by the groups to lawmakers, they also warn that CLOUD Act doesn't include a warrant requirement for communications over 180 days old, meaning that it doesn't guarantee constitutional standards are followed, or require law enforcement to alert people when the government gets access to their data. Sen. Rand Paul (R-Kentucky) complained last night on Twitter about the CLOUD Act getting shoved into the omnibus bill so that there will be no debate about what it does. He clearly doesn't like it, nor does his bipartisan partner in online privacy, Sen. Ron Wyden (D-Oregon). Microsoft's president, however, supports it, because no doubt with this process in place, the company can point to it and not have to take responsibility (or legal liability) when a government violates somebody's rig[...]



University of Virginia Hires 'Social Sentinel' to Monitor Students' Social Media Posts

Thu, 22 Mar 2018 11:05:00 -0400

In response to the torch-lit marches in Charlottesville last August, the University of Virginia signed an $18,500 annual contract with Social Sentinel, a private security firm, to monitor the social media accounts of its students and others. UVA began working with Social Sentinel in September to keep an eye on potentially dangerous campus activity. University officials and the UVA police force have assured the community this step is necessary for campus security, yet students and others are concerned about their privacy rights. "Enhanced technology is just one piece of the University's safety and preparedness efforts," Officer Ben Rexrode, the Crime Prevention Coordinator for the University Of Virginia Police Department, told Reason via email. "As the University grows and new standards for best in class operations evolve, we take steps to improve when prudent and appropriate." Using an algorithm, Social Sentinel scans social media accounts and targets threatening words, images and phrases included in Sentinel's "library of harm." When these terms or images are used in context with the university's name, location, or events, a report is sent to the police, who determine if the content merits further investigation. While officials consider the context of posts that are flagged, algorithms may fail to distinguish between dangerous phrases and phrases like "You're the bomb!" or "Nice shot!," leading to unnecessary tagging. It's also difficult to expect someone who is so far removed from a conversation to fully grasp what a student meant by a particular choice of words. Neither the algorithm nor the officers reading the material may understand what is said. "It's not so much that they're looking at your Twitter or your Instagram, it's casting a very wide net and getting metadata and producing a report," UVA Spokesperson Anthony de Bruyn told The Cavalier Daily. Yet once a report is drawn up about a particular post, officers are able to read and view students posts, be they on Twitter or Instagram. So while Big Brother is not actively scrolling through students' feeds, officers have records of conversations that students or other persons may have preferred to keep from the government. Social Sentinel told The Daily Progress it does not archive the data it scans, but university police officials said the department would record and store any alerts that prompted police action. "The University has not confined the scanning to any particular group," said Rexrode."The service can only view publicly viewable sources; it cannot see private or direct messages, or accounts set to private. The service merely aggregates publicly available information." This betrays a serious limitation: Persons who wish to do harm often plot and exchange information in private chat groups, via text message, or in other online forms that wouldn't be accessed by this technology. UVA officials say Social Sentinel's mass data collection has allowed authorities to prevent some campus events, including instances of self-harm, but Social Sentinel is scanning everyone's data in order to do so. This raises obvious concerns for civil libertarians. "We see a trend in law enforcement in general to want to employ new technology before we really understand all of the implications of that technology," Bill Farrar, the Director of Strategic Communications for ACLU of Virginia, told Reason. "While we don't object to use of technology in law enforcement, we do object to usage policies and practices that violate people's expectation of privacy and other civil liberties. We are opposed to any sort of mass government surveillance for any future law enforcement services. "Law enforcement is essentia[...]