Friday, December 17, 2021

Something to quote from…

https://www.pogowasright.org/notable-privacy-and-security-books-2021/

Notable Privacy and Security Books 2021

Looking for good books to gift or read over the holidays? Privacy scholar Dan Solove has compiled a helpful list of notable books on privacy and security from 2021.

Want even more recommendations from all years? Professors Paul Schwartz and Solove maintain a resource page on Nonfiction Privacy + Security Books.



Is any update useful without a federal privacy law?

https://www.pogowasright.org/federal-study-acknowledges-failures-in-police-surveillance-oversight/

Federal Study Acknowledges Failures in Police Surveillance Oversight

For years researchers have called out the Wiretap Report for being outdated and incomplete

There are major flaws in how the federal government monitors police surveillance of Americans, a new government report found, representing the first time the federal court system has acknowledged its own failure to track things like wiretaps and electronic surveillance.

A study, conducted by the Federal Judicial Center, the research branch of the judicial branch of the U.S. government, says the federal court system’s annual Wiretap Report—which compiles information on local and federal law enforcement interceptions of people’s communications—is riddled with inaccuracies. Reporting requirements, the study found, fail to incorporate new technologies, further leaving the public and lawmakers in the dark as to how police use devices like stingrays and how often they collect things like text messages and cellphone data.

Privacy and civil liberties advocates have long criticized the system for overseeing law enforcement surveillance, but never before has the judicial agency publicly acknowledged its own failings.

Every year, federal and state judges are required by law to report all the wiretap orders they approved to the Administrative Office of the U.S. Courts, and prosecutors are also required to report wiretap orders they requested. The office uses that data to send Congress the annual Wiretap Report, which helps inform decisions about law enforcement, surveillance, and data privacy issues.

For at least the last 15 years, legal experts, judges, and lawmakers have criticized the Wiretap Report for under-reporting the amount of wiretap orders that are actually issued and for failing to keep up with modern technology and surveillance techniques.

Albert Gidari, a retired lawyer who served as the consulting director of privacy at the Stanford Center for Internet and Society, has long called out the Wiretap Report’s inaccuracies. He started in 2005 speaking out about the inefficacy of wiretaps at conferences, and then, in 2010, once companies started releasing transparency reports, he pointed out their inaccuracies. In 2017, Gidari published a blog post highlighting how the Wiretap Report under-reported law enforcement surveillance. He found that while the Wiretap Report identified 3,554 phone wiretaps in 2014, phone carriers that same year reported receiving 10,712 wiretap orders.

Gidari said that nothing has changed with the Wiretap Report since.

It’s not the sexiest issue that faces the country, but it’s still a really important one, especially in a world where everything is collected,” Gidari said. “Our very privacy foundations are really at risk.”

He said the Judicial Center acknowledging these flaws was essential to taking steps to fixing the problem.

Between 2019 and 2021, the center conducted a series of focus groups and surveys split into two groups, one judiciary stakeholders like prosecutors, and judges, and the other non-judiciary stakeholders like academics, lawyers, civil rights groups, and congressional staff.

The study came after a 2017 letter from Sen. Ron Wyden, a Democrat from Oregon, directed the Judicial Conference, the policy-making body for the federal courts, to implement transparency reforms for electronic surveillance, including an update to the Wiretap Report’s methodology.

Wyden said he plans to introduce legislation that will require similar reports on other surveillance methods.

The wiretap report is a relic from the last century that reports on surveillance of pagers and fax machines, instead of use of modern surveillance technology, like malware and stingrays,” Wyden said in an email to The Markup. “The courts deserve a lot of credit for taking on the process of updating the wiretap reports, but it is clear that Congress will also need to pass a new law requiring annual reports for other forms of surveillance, such as location tracking and demands for data stored in the cloud.”

While each focus group in the study had different concerns with the Wiretap Report, some common key issues surfaced. Both groups called for updates to the report to reflect surveillance on modern technology and for better enforcement against inaccuracies.

Outdated Technologies

The Wiretap Report became a legally required disclosure in 1968 with the Omnibus Crime Control and Safe Streets Act. At the time, the only device that wiretaps were really intended for were landline phones.

But now wiretaps are mostly conducted on cellphones, and often phone data is included. Prosecutors and judges in the study said they couldn’t accurately disclose their surveillance requests because the “technologies listed on the forms were not up to date,” according to the study.

While the Wiretap Report covers surveillance on phone calls, there’s no transparency on surveillance on phone data, device location, messaging through texts or messenger apps, or online voice calls.

It also doesn’t cover new methods of surveillance like geofence warrant requests or stingray devices that intercept phone data.

That type of surveillance is not being entered in a wiretap report, and it probably couldn’t be under current legal authorities,” Stephen Wm. Smith, a retired federal magistrate judge and a former director of Fourth Amendment and Open Courts at Stanford’s Center for Internet and Society, said. “We need to update our other surveillance laws to require reporting on the same level as wiretap reporting.”

Both Gidari and Smith participated in the study as non-judiciary stakeholders.

Prosecutors and judges said because the technologies covered were outdated, there was confusion over what they needed to report to the Wiretap Report. They recommended adding new technologies like communications apps and VoIP apps to the report.

All participants agreed that the statute (18 U.S.C. § 2519) is out of date with respect to modern communications technology, and that an update would resolve at least some of the confusion about what is to be reported and how,” the study said.

Inaccurate Reports

All participants in the study also said that the Wiretap Report was consistently inaccurate, even when it comes to more traditional wiretaps, raising further concerns that policymakers would make decisions based on flawed information.

Prosecutors and judges blamed a lack of standards for the inaccurate reports, noting that there is no central template to follow for these disclosures. For example, participants weren’t sure if there needed to be a new wiretap issued for each phone number or device added to an investigation or if only an extension for an existing wiretap order was necessary, according to the study.

State prosecutors also said that they lacked training on how to file reports. And the Administrative Office of the U.S. Courts has no way of requesting information or penalizing those who don’t adequately report it.

There is no feedback from the Administrative Office concerning errors or omissions on the submitted forms. Without feedback, there is no accountability, and the errors and omissions are likely to persist,” the study said.

Watchdogs who have scrutinized the Wiretap Report over the years have repeatedly raised concerns that some jurisdictions simply do not disclose their wiretaps, even when legally required to do so.

Smith, for example, found that many major cities had fewer wiretaps reported than small communities. He also found some of them just didn’t report at all.

They weren’t doing any wiretaps in Dallas? I mean, come on,” he said. He recommended that the Administrative Office call out the cities and states that were failing to report each year.

The study also noted that many participants weren’t aware that the Administrative Office doesn’t have enforcement capabilities.

Learning about the states that absolutely refused to report, that was new to us,” Gidari said. “It never occurred to me that the AO didn’t have the ability to pick up the phone and call a recalcitrant prosecutor and the chief judge of the district and say, ‘You’re not reporting. This is a law.’”

Because of this lack of enforcement capabilities, participants in the study recommend that Congress take action, calling for legislative changes that would give the Administrative Office enforcement powers or the ability to impose penalties for failure to report.

The more Congress becomes aware of this, the more likely it is that something will happen,” Smith said.

This article was originally published on The Markup and was republished under the Creative Commons Attribution-NonCommercial-NoDerivatives license.



I doubt they will switch to an ‘opt in’ strategy, so what will they do? Perhaps they will search databases owned by governments?

https://www.theverge.com/2021/12/16/22840179/france-cnil-clearview-ai-facial-recognition-privacy-gdpr

French regulator tells Clearview AI to delete its facial recognition data

France’s foremost privacy regulator has ordered Clearview AI to delete all its data relating to French citizens, as first reported by TechCrunch.

In its announcement, the French agency CNIL argued that Clearview had violated the GDPR in collecting the data and violated various other data access rights in its processing and storage. As a result, CNIL is calling on Clearview to purge the data from its systems or face escalating fines as laid out by European privacy law.



Figuring out AI.

https://www.quantamagazine.org/what-does-it-mean-for-ai-to-understand-20211216/

What Does It Mean for AI to Understand?

Remember IBM’s Watson, the AI Jeopardy! champion? A 2010 promotion proclaimed, “Watson understands natural language with all its ambiguity and complexity.” However, as we saw when Watson subsequently failed spectacularly in its quest to “revolutionize medicine with artificial intelligence,” a veneer of linguistic facility is not the same as actually comprehending human language.

Natural language understanding has long been a major goal of AI research. At first, researchers tried to manually program everything a machine would need to make sense of news stories, fiction or anything else humans might write. This approach, as Watson showed, was futile — it’s impossible to write down all the unwritten facts, rules and assumptions required for understanding text. More recently, a new paradigm has been established: Instead of building in explicit knowledge, we let machines learn to understand language on their own, simply by ingesting vast amounts of written text and learning to predict words. The result is what researchers call a language model. When based on large neural networks, like OpenAI’s GPT-3, such models can generate uncannily humanlike prose (and poetry!) and seemingly perform sophisticated linguistic reasoning.


No comments: