Virginia apparently is a state made up of moronic legislators. When Betty Ostergren, otherwise known as the "Virginia Watchdog" and on of my personal heroes, started posting social security numbers and other private data about state senators, she turned a few heads.

She got the information from the state's own public records websites where the senators were quick to pull some strings to get their information off the sites, but Betty refused to pull it off hers until they fixed the system that left all the other less-connected people vulnerable.

Their response was to draft a law for her specifically (what an honor!) that would make it illegal to disseminate any public records that contained Social Security numbers. Facing tens of thousands of dollars in fines, she was fortunately rescued by the Virginia ACLU who filed a lawsuit on her behalf.

And the good news is that the right decision was reached and the state of Virginia was told to eat crow.

The saddest and sickest part of the whole situation is that they violently attacked the person who publicized what they were doing wrong while they made no effort to fix the wrong she exposed. Reminds me of certain other disgusting people…

(H/T to Slashdot for the link)

Today before the first panel at the conference, I heard a presenter who had to be in his 70's or close to it say, "I feel so naked without my laptop".

And that has been today's CFP conference highlight

I was given the opportunity to give a five minute talk on any topic of my choice relating to computers, freedom, or privacy preceding the conference dinner on Wednesday. Narrowing down all the things I would want to say was difficult at first, but of course had to be nothing other than credit freezes.

It drives me nuts that there's still so few people that know about this very important tool and I made sure that at least my fellow computer, freedom, and privacy advocates and peers would know. It turns out that there were many who hadn't heard of it before. After my talk, I had many people come to ask me about more details or to tell me that they spread the word to their friends and family. One even invited me to come speak at his church at a large event he's hosting in the fall!

It's a good start.

I ended up sitting next to Peter Pietra, the head of the privacy department at the TSA. This gave me an interesting opportunity to talk about issues of privacy when dealing with their agency and the first thing I asked was about the pornographic backscatter x-ray devices.

He was clearly frustrated (and I don't blame him) as I'm sure this is a topic that assaults him regularly. The issue is that backscatter CAN see through your clothes, but the TSA orders the devices preconfigured at a level that prevents them from seeing pictures such as these one on the Internet. They are also unable to modify the configuration. In fact what they actually see, as shown on their site, is smeared blob that highlights objects, but not skin.

The issue that I have here is that if the TSA's claims of how they use the technology are true, then what the hell was all the hype about?

Images will be deleted immediately once viewed and will never be stored, transmitted or printed (the passenger imaging units have zero storage capability)

Metallic and non-metallic objects are displayed, including all items that a passenger may be carrying on his/her person

Also, according to the website, you can always choose to have a pat-down instead.

I asked Peter about this because it seems to me most people aren't going to know to go to the website and read about Backscatter before being faced with it at an airport, but he said that the sample picture on the web is printed right on the machine and people are supposed to be shown the picture and told of the option for pat down prior to being scanned.

Final Thoughts

I notice that the picture on the TSA site is from behind so probably doesn't fairly show how much frontal detail they would see so for full disclosure, they should show a frontal picture. However, I can understand why someone wouldn't want to show what amounts to nudity on these machines for propriety reasons and don't necessarily consider that evasive.

What more can you ask for than clear disclosure and a reasonable choice? Granted the technology can be used for worse things, but the devices is about as small and conspicuous as a casket so you'll never be scanned without your knowledge. If they are configured correctly, store nothing, and you can opt for a pat down, then perhaps some have been too harsh on both the technology and the agency.

Speaking of, EPIC's article that led me to write about backscatter in the first place unfairly show the capabilities of backscatter ignoring the actual use of the technology by the TSA. I'm sure there's someone from EPIC around the conference somewhere and I'll be sure to ask them about it.

What TSA Sees

What EPIC Shows

Today at the Computers, Freedom and Privacy Conference, we opened with statements from representatives from the Obama and McCain campaigns (Clinton declined to attend).

Obama

Daniel Weitzner from MIT represented Obama's campaign. He opened by talking about Obama's major views as they relate to privacy and technology.

Obama believes in:

• Greater accountability in government
• Keeping government information and operations open and transparent
• Citizen participation in decision making
• The appointment of a government Chief Technology Officer to oversee these types of issues

McCain

Chuck Fish, a Patent Lawyer and part of McCain's legal team came to represent his campaign.

McCain believes in:

• Promoting American innovation
• Taxing the rich is a popular idea, but it's the pursuit of riches that drives innovation
• The system should reward the behaviors that we want to reward
• We need to develop a skilled workforce
• We should very lightly regulate the market and let it take care of itself until such point as they fail
• Market regulation should focus on anti-competitive behavior

Open Questions

Next were questions asked by the moderators of the panel:

Q: "What do you see as the role of government in providing access to our basic communications infrastructure (the Internet)"

(McCain) Chuck – Can't understand his answer. Very politicalese. I'm fairly certain that he didn't answer the question, but it's hard to tell.

(Obama) Dan – Rather than focus on the infrastructure, it's important to protect the openness of the Internet. Even if we were to stay on dial-up or were years behind other countries on bringing broadband to our people, that's really secondary to protecting the nature of the Internet. He also noted that McCain's view of a self-regulating market will maintain open Internet (and I agree).

Q: "NSA Wiretapping – what would their position be on liability of carriers. What changes to Fisa"

(McCain) Chuck – "Immunity is a tough question because there's competing values. We're not talking about granting indulgences…" Again, hard to follow. Many words come out, but not much is said. The only thing he said of substance in his several minute non-answer to the question was "There needs to be hearings to find out what actually happened and what harm was actually done" which is to say that he will "look into it".

(Obama) Daniel – Obama's history and future view is to strengthen judicial review of administrative subpeonas, National Security Letters and the gag orders that accompany them. When surveillance is used, there must be real, meaningful oversight. Obama voted AGAINST retroactive immunity. McCain did not vote against them (which Dan feels is tacit approval).

Obama realizes that advanced surveillance and data mining can be important tools for national security, and they should be available, but with appropriate oversight. It's important to guard against mission creep! Woo! Someone gets it!

Q: "American companies are assisting China in censoring it's citizens. What would a given candiate do about that?"

(Obama) Dan – No official position, but if Dan had to offer advice to the campain, it would be that the lesson of the efforts in the US in the mid-90's to persuade countries to adopt an open Internet should be continued. We should open a dialogue and encourage and persuade countries to realize the benefits while using our influence to lead them towards more openness.

(McCain) Chuck – No explicit policy either. But the values that the campaign holds that would apply is to go slowly and carefully. It's always wrong to believe that you can legislate the behavior of people in other countries. Show the repressive regimes the benefits that openness provides, we will lead by example.

Open Questions

Next were open questions from the audience.

Q: "Email use by President – Will your candidate use e-mail. Does McCain know how? Will they avoid requirements to save e-mails by using other services outside of the Whitehouse?"

(McCain) Chuck – McCain does know how to use e-mail. As for avoiding requirements, you can tell from the tenor of his career that any perceived impropriety is anathema. Very little is more important for himself and country than acting honorably and keeping himself clean.

(Obama) Dan – There's a real commitment in Obama tech policy to keep government open and keep the flow of information open. Hiding e-mail wouldn't meet his commitment to open government.

Q: "Bush doesn't want to use e-mail because it becomes public record, but both of these candidates have records of believing in open government. But what will they do to keep government open?"

(McCain) Chuck – Answered by listing the example of require reporting of all data about sex offenders. He seems to have misunderstood that open government is about reporting what the GOVERNMENT is doing, not citizens.

(Obama) Dan – Bush administration has gone way overboard in classifying information. Obama called for national declassification center.

Q: "Clinton administration mandate cell companies to track users for 911. Companies are tracking all the time when powered. No legal limitations for what use can be made. Should this be protected by judicial oversight?"

(Obama) Dan – No position on that, but clear position of looking at tech capabilities that are not being addressed from a privacy perspective.

(McCain) Chuck – First ask, is there a problem and does the law already deal with it? If there was a possibility of current harm or future harm, then perhaps regulation would be appropriate, but otherwise, just trust but verify.

Q: "Net Nuetrality – How far would either of you go to live up to the view that the Internet is a tool for Democracy?"

(Obama) Dan – Obama wants to maintain openness of the Internet. Before we fight what the Internet may become, we should ask if we want to go where it's going. Do we like what it's evolving too. Either way, currently the regulatory agencies lack the power to get involved.

(McCain) Chuck – Understand Internet is important. But adverse to regulation, must have real evidence of harm. Don't want to stifle innovation.

Q: "Where do you think the burden lies for protecting information. American's must show harm? Or burden on Government that there's a justification for accessing my private information"

(McCain) Chuck – Companies always have known more about us than the government. We shouldn't have solutions seeking problems, but the opposite. Show the problem before acting.

(Obama) Dan – Increase FTC enforcement authority and budget. Too much burden on individuals to negotiate their privacy rights with whoever they deal with. Though our privacy laws are more modest than others, we've seen progress in our regulation. It's not up to normal people to protect their personal security. That's unreasonable. We don't have the time, energy, or (sometimes) capability.

Q: [my question] "Does your candidate realize the problem of Congress creating laws that over-rule stronger state laws that protect our privacy and freedom and would they have the balls to veto such a law?"

(McCain) Chuck – Clearly recognizes the importance of federalism. Always the rub whether what you have is well intentioned preemption or something else. Not the campaign's policy to over-turn what approaches of 3 centuries of preemption law. In other words, leave it to congress to make the determination of what is an appropriate level of preemption.

(Obama) Dan – No general position on preemption, but it's a right thing to keep an eye on. In other areas the benefit of some mount of federalism, but preemptive will come up. Depends on context.

Summary

This affirms in my mind that Obama is far beyond McCain in understanding privacy and technology issues. Obama wants to undo some of the damage Bush has done to us in recent years and is aware that regulatory agencies are valuable. He even believes in passing laws BEFORE there's a critical breakdown.

McCain is a fool that believes the market can regulate itself. With that alone, he's dead to me.

I'm really jazzed about going to this conference. They've got some really cool events lined up like:

Hate Speech and Oppression in Cyberspace

Kids taunting classmates (with resulting emotional scars and even suicide); harassment, stalking, and death threats; and organized and race-, gender-, religion-based hate groups; prominent bloggers like Kathy Sierra and Blackamazon have take their blogs down after death threats or attacks … along with all its promise and power of cyberspace, the Internet also distributes words and images of hate that often lead to real-world violence.

And

Activism and Education Using Social Network

We plan on examining several different types of social networks. Some of these networks are geared toward sending out 'news blasts' to your network of friends, while others support having a much deeper conversation about the topic at hand. Protest groups on Facebook can quickly grow to over a million people– and lead to millions demonstrating in the real world. New technology such as "causes," now available both on Facebook and MySpace, allows for fundraising and eases recruiting. Easy sharing can increase the viral spread of videos and web pages. Innovative mashups like those promoted by Netsquared with their Mashup Challenge make information and calls to action more easily available to more people. We'll survey the available functionality and describe how to use the different variants for education and activism activities, as well as giving tips on how to become part of the particlar social network community that the participant is interested in.

The program is here, but you only have a few more days to sign up so get on it!

The EFF has an excellent article about how to avoid being searched at the border. Specifically, how to protect your laptop data that courts recently ruled could be searched without warrant.

The CFP2008 conference is coming up in late May. They're not taking registrations yet, but their information page is up at least. I wasn't able to attend last year, but the 2006 session was very cool.

The conference is the perfect place for paranoid anti-government/business privacy invasion types to congregate and complain as a group. Besides that, there are useful technical sessions about privacy technologies and such. I particularly liked the session hosted by Public Citizen where they described the ways they protect people against companies trying to stifle their free speech online. In cases where a blogger was issued take-down notices by big companies that didn't like what the blogger was saying, Public Citizen took their case for free and defended them. Very cool.

Also of note was the session about RFID where an industry crony "debated" the author of the book Spychips (though to call it a debate is laughable). When the crony was challenged about his company's use of privacy protections and he didn't have any good answers for the crowd, he bacame flustered and accused us of being "technophobes" (HA!). What an idiot. But it was very entertaining

Anyway, if you'd like to meet some of the people in all the various consumer groups who are protecting your rights every day, this is an awesome way to do it.

I've been holding back on covernig this because it's just so damned depressing. But the story is that Bush managed to shove a "FISA modernization" bill down congress's throats and the witless saps passed it. Understandibly, this has a lot of privacy and consumer advocates in a tizzy.

I've heard some people say that this could legalize the illegal spying program. My question is, how many times do people have to openly agree that the program is and has been illegal before someone puts Bush in jail for this? So it's (allegedly) legal now, but "Sure I was speeding, but I'm going the speed limit NOW officer" has never been a defense.

So there's a new website that allows people to exchange their loyalty cards with strangers so you "defeat" the tracking an profiling that stores do on you. Unless I'm missing something, this is a pretty dumb idea. Here's the e-mail I sent to them:

Why not just ask for an anonymous card? Exchanging means that you'll get a bunch of ads for stuff that has no relation to you. What if you exchange with a guy who buys ingredients for a bomb or a meth lab? that might come back on you.

Even if the store won't give you an anonymous card, just use fake data.

If you're curious why store value cards and such are a bad idea, see Nocards.org for details.

(H/T to Consumerist.com for the link)

I feel pretty dumb for not noticing this new law, but now Maryland residents will get credit freeze protection! It doesn't go into effect until Jan 1st, 2008, but as soon as it does, people in Maryland will no longer have to worry about most ID theft or data breaches.

Here's a link to the PDF describing the process for implementing the freeze: Consumer's Union Writeup of Maryland Credit Freeze procedures.

Public Citizen with it's ever-watchful eye on congress, brings us news of a bill to try and kill mandatory arbitration in clauses in employment, consumer, franchise, and civil disputes. Mandatory arbitration is used to preemptively prevent you from ever suing the company by forcing you to agree to let a "nuetral" third party decide and and all disputes between you and them.

Being that it completely prevents you from utilizing the court system for redress of wrongs, I'd say that this bill is a pretty good thing.

Privacy International has released a report of privacy scores for top Internet companies and Google was notably the only one to recieve the lowest ranking.

Not everyone agrees with this assessment, but I personally tend to side with Privacy International.

I like Google and use it constantly because of it's clean, simple interface and solid dependable results. However, when it comes to privacy, I don't think they're where they should be. They recently announced they'd annonymize all search records after 2 years, but that only announced to the world that they track searches to individual people and store that information for 2 years!

They say they need it for optimization, but I still haven't heard of anything they do that actually needs personally identifiable information to be optimized other than revenue streams from selling the data.

For a friend, we aren't being price gouged says at least one consumer group:

In a past life we were asked to prove that local gas stations were price gouging New York City residents. We knew this to be false, and found the proof we needed in a meticulously researched report from the Senate Permanent Subcommittee on Investigations.

And more importantly:

Despite popular misconceptions, price gouging almost never occurs as prices rise. Instead, price gouging occurs when dealers keep prices artificially high in order to gain a little extra profit or recoup costs, even though the DTW price has declined.

Which means that a fairly good sign that you're not being gouged is when the prices are going up.

The Consumerist has a large list of "executive service" contact information.

Executive customer service is a firewall team that keeps your complaints from disturbing busy executives golf games. Very often, they do this by actually solving your problems, possessing superhuman powers to command all parts of the company to action, from billing to technical.

If the company you need isn't on the list, they have a method for finding the executive customer service contact information for just about anyone as well.

It's stuff like this that makes me a fan of the Consumerist. They have a certain amount of clout and companies take notice when they are blogged about negatively on their site. If you have a complaint of some kind, maybe you should try talking to the guys at the consumerist for help.

A lot of the newsletters I subscribe to and groups that I follow are making more noise about this. The main point, from Defective by Design's e-newsletter:

The Department of Justice has drafted this outrageous legislative proposal that threatens ordinary Americans with jail time and the sort of property forfeiture penalties applied in drug busts for P2P users, mixtape makers, and mash-up artists. The law would stiffen penalties for "attempted infringement", basically removing the requirement that the government or Big Media companies actually prove that infringement occurred. The IPPA would also authorize massive wiretapping to investigate copyright infringement by individuals. The government has plenty of tools to investigate and prosecute large scale criminal enterprises engaging in bootlegging, the IPPA will target every citizen.

The main point here is that it makes copy right infringement a criminal offense and that it only has to be attempted! Think of all the people who've already been served with lawsuits (many who were clearly innocent). Now imagine that they no longer have to prove infringement, only attempted infringement. This makes their case far easier to fight. But now it's a crime so the punishment would be stiffer as well.

I see a vast trail of destruction with the RIAA leading the march in the future if this passes.

The people over at CASPIAN have warned about how companies are trying hard to get RFID tags into all their products without people knowing. Well, now they will. The anti-theft tags that nearly every product currently has will be combined with RFID technology so that nearly every item you walk out of the store with will also transmit a unique identifying number to any reader nearby. Theives, marketers and big brother are salivating.

You don't believe that companies are desperately interested in what you do every waking moment? Then you haven't been paying attention.

Why they don't do this for other issues, I don't know, but several organizations have banded together to fight the implementation of REAL ID.

The DHS apparently has backed off of the requirement to use RFID in the National ID card. It's a start.

They're U-verse service is doing far more poorly than they hoped. Of course, I wonder why anyone would use any AT&T product or service anyway.