Monday, June 10, 2013

You get a terrorist alert from a trusted friend but you ignore it because... Wait. Why do you ignore it?
Sarah Young reports:
Britain must say if its spies acted illegally after revelations that they received data collected secretly by the United States from the the world’s biggest Internet companies, members of parliament said on Monday.
The Guardian newspaper has suggested that the United States may have handed over information on Britons gathered under a top secret programme codenamed PRISM which collated emails, Internet chat and files directly from the servers of companies such as Google, Facebook, Twitter and Skype.
Foreign Secretary William Hague, who is due to address parliament on Monday about the reports, has said Britain’s GCHQ eavesdropping agency broke no laws, though he refused to confirm or deny that Britain had received the secretly collected data.
Read more of this Reuters report on

(Related) I never understood this logic.
Kristina Wong reports:
News and social media websites have been blocked on some Pentagon workstations Friday to prevent employees and contractors from accessing classified information that was leaked Thursday about a federal program that gathers Internet users’ personal data from the computer servers of Web service providers.
U.S. Cyber Command recommended the blocking, which began about 11:30 a.m. Friday, a Defense Department source said.
Read more on Washington Times.
So once again, everyone else can read what our own government leaked, but government employees can’t. This is not the first time we’ve seen this approach to containing a leak of classified information – we saw this after WikiLeaks started publishing State Department cables leaked by Bradley Manning – but it still seems like futility personified.

(Related) I hadn't thought about these. Makes it hard to keep saying “it never happened” doesn't it?
Cindy Cohn and Mark Rumold of EFF write:
In light of the confirmation of NSA surveillance of millions of Americans’ communications records, and especially the decision by the government to declassify and publicly release descriptions of the program, the government today asked the courts handling two EFF surveillance cases for some additional time to consider their options.
The first notice comes in EFF’s Jewel v. NSA case (along with a companion case called Shubert v. Obama), which seeks to stop the spying and obtain an injunction prohibiting the mass collection of communications records by the government. While the Guardian importantly confirmed this with government documents on Wednesday and Thursday, we’ve been arguing for seven years in court that the NSA has been conducting the same type of dragnet surveillance. In the government’s motion, they ask the court to hold the case in abeyance and that the parties file a status report by July 12, 2013.
The second notice comes in EFF’s Freedom of Information Act (FOIA) case seeking the DOJ’s secret legal interpretations of Section 215 of the Patriot Act (50 U.S.C. section 1861), which was the statute cited in the leaked secret court order aimed at Verizon. Sen. Wyden and Sen. Udall have long said publicly that the American public would be “shocked” to know how the government is interpreting this statute. The leaked court order gives us an idea of what they were talking about. The government seeks a status report within 30 days of today, June 7, 2013.
In both of these cases, the government has long claimed broad secrecy. Obviously, now that the DNI and many members of Congress have confirmed those portions of the surveillance program, any claim of state secrets protection or the classified information privilege under FOIA would fail in the courts.
We look forward to discussing next steps in these cases with the government. As always, our goal is to have an adversarial proceeding in open court to evaluate the government’s actions in light of the longstanding protections in the Constitution—protections which prevent general warrants that scoop up our “papers” first and sort out whether there’s any basis for doing so after the fact.

(Related) It could have been worse. Apparently it isn't too difficult to record the entier conversation in addition to all that metadata.
Ben Grubb reports:
“This call may be recorded for training and quality purposes.”
And perhaps inadvertently uploaded to the internet if you’re a customer of a certain Australian telco.
Recorded voice contracts containing personally identifiable information between telco IF Telecom and its customers have been found online by an Australian security expert while performing a simple Google search.
The audio files found on the internet contain business managers confirming telephone contract agreements to an IF Telecom operator. Information read aloud during the calls by business customers includes their name and position, business name, date of birth, drivers’ licence number and expiry date, business street address and business telephone number.
Read more on The Age.

Interesting. If you believe that everything should be done by the government (because citizens are incompetent) this makes sense.
Will laws soon stop you from filming your neighbors?
I hate to bring up the subject of people spying on people, but it seems to be entering the realms of an epidemic.
Many no doubt nice human beings are installing closed circuit TV systems in order to protect their properties from marauding anarchists or burglars who want to enter their houses to browse Facebook.
Once they have these systems, they begin to realize that they can use them to snoop on their neighbors -- especially the ones where the husband wears a skirt to greet the mailman.
Now the place that has more cameras than steak and kidney pies, the United Kingdom, is considering the idea that CCTV systems might have to be regulated by law.

Think it will get better when the Feds take over?
There was some great reporting by Jordan Robertson of Bloomberg while I was away:
Hospitals in the U.S. pledge to keep a patient’s health background confidential. Yet states from Washington to New York are putting privacy at risk by selling records that can be used to link a person’s identity to medical conditions using public information.
Consider Ray Boylston, who went into diabetic shock while riding his motorcycle in rural Washington in 2011. He careened off the road and was thrown into the woods, an accident that was covered only briefly, in the local newspaper. Boylston disclosed his medical condition and history to a handful of loved ones and the hospital that treated him.
After Boylston’s discharge, Washington collected the paperwork of his week-long stay from Providence Sacred Heart Medical Center in Spokane and added it to a database of 650,000 hospitalizations for 2011 available for sale to researchers, companies and other members of the public. The data was supposed to remain anonymous. Yet because of state exemption from federal regulations governing discharge information, Boylston could be identified and his medical background exposed using only publicly available information.
Read more on Bloomberg News. As part of his investigative reporting, Jordan worked with Latanya Sweeney, who’s well-known for her research on re-identifying supposedly de-identified information. Hopefully his reporting will start some serious discussions in states that do sell data to researchers and others.

We gots rights?
Hanni Fakhoury writes:
In a landmark decision in Commonwealth v. Rousseau, the Massachusetts Supreme Judicial Court ruled this week that people “may reasonably expect not to be subjected to extended GPS electronic surveillance by the government” without a search warrant — whether they are driving the vehicle in question or not.
Read more about the case and the significance of the ruling on EFF.

Big Data at the market?
How supermarkets get your data – and what they do with it
… Sainsbury's discovered that a cereal brand called Grape-Nuts was worth stocking – despite weak sales – because the shoppers who bought it were extremely loyal to Sainsbury's and often big spenders.

A plea for Big Data?
Brief of Digital Humanities and Law Scholars as Amici Curiae in Authors Guild v. Hathitrust
Jockers, Matthew L., Sag, Matthew and Schultz, Jason, Brief of Digital Humanities and Law Scholars as Amici Curiae in Authors Guild v. Hathitrust (June 4, 2013). Available at SSRNThis Amicus Brief was filed in the United States Court of Appeal for the Second Circuit in the case of Authors Guild v. Hathitrust on June 4, 2013. The case is on Appeal from the United States District Court for the Southern District of New York, No. 11 CV 6351 (Baer, J.) Amici are over 100 professors and scholars who teach, write, and research in computer science, the digital humanities, linguistics or law, and two associations that represent Digital Humanities scholars generally. Mass digitization, especially by libraries, is a key enabler of socially valuable computational and statistical research (often called “data mining” or “text mining”). While the practice of data mining has been used for several decades in traditional scientific disciplines such as astrophysics and in social sciences like economics, it has only recently become technologically and economically feasible within the humanities. This has led to a revolution, dubbed “Digital Humanities,” ranging across subjects like literature and linguistics to history and philosophy. New scholarly endeavors enabled by Digital Humanities advancements are still in their infancy but have enormous potential to contribute to our collective understanding of the cultural, political, and economic relationships among various collections (or corpora) of works – including copyrighted works – and with society. The Court’s ruling in this case on the legality of mass digitization could dramatically affect the future of work in the Digital Humanities. The Amici argue that the Court should affirm the decision of the district court below that library digitization for the purpose of text mining and similar non-expressive uses present no legally cognizable conflict with the statutory rights or interests of the copyright holders. Where, as here, the output of a database – i.e., the data it produces and displays – is noninfringing, this Court should find that the creation and operation of the database itself is likewise noninfringing. The copying required to convert paper library books into a searchable digital database is properly considered a “non-expressive use” because the works are copied for reasons unrelated to their protectable expressive qualities – the copies are intermediate and, as far as is relevant here, unread. The mass digitization of books for text-mining purposes is a form of incidental or “intermediate” copying that enables ultimately non-expressive, non-infringing, and socially beneficial uses without unduly treading on any expressive – i.e., legally cognizable – uses of the works. The Court should find such copying to be fair use.”

No comments: