The panel this morning consists of members of the FTC, Google, and Microsoft and the subject is profiling people online.

There are so many questions I want to ask such as why Google stores data for so long (which they've avoided answering before) and why the FTC doesn't promote credit freezes (which they've avoided answering before).

In the meantime, there's talk about the different types of data collection each group does and the standard rigamarole about customizing and targeting advertisements as if that's helpful to the end user. Granted having ads that are more appropriate are more useful than less, but I see that as the same as having a neighbor down the street that you hardly know bring you a box of your favorite beef jerky. It's nice, but damned creepy when someone knows that much about you when you don't know who they are, what their intentions are, and how much else they know about you.

I stood up to lecture the panel on the fact that personalized ads aren't necessary for small sites to exist if they use the product recommendation method versus random ad policy like me, opt-out is an unfair business practice since it requires that people become very knowledgeable about ads and how to stop them which is near impossible for regular people, and opt-in is not only necessary, it's easy.

I doubt the information I shared will have any positive effect on the industry, but it was still worth a try.

In a direct slap across the face to the barely legal Freecreditreport.com, the FTC has released a spoof video of the pirate restaurant ad to highlight that there's only ONE place to get free credit reports and the rest are all pay services in disguise.

The original ad

The FTC version

Beware of the others,

There's always a catch,

They claim to be free,

But there are strings attached,

Brilliant!

It's so very rare that regulatory agencies actually get it right! Send this link to everyone you know and make sure they see it too.

If you've ever wondered what the Department of Homeland Security knows about you, try filing a Freedom of Information Act request like this guy did.

Legal experts and environmental advocates say the practice of "sanitizing," or blacking out, this information not only strips vital information from the public, it violates the agency's own law.

Thus the EPA is broken. Is there any government agency that's actually doing its job and doing it well?

Bruce Schneier explains that because screeners take no action with liquids other than to throw them away, there's no reason a terrorist won't keep trying until they succeed.

Check it out.

DNA might not be as strong evidence as you've been led to believe. Of course, if you can understand the math in this article, you're probably too smart to survive the jury selection process anyway.

(H/T to Schneier's Blog for the link)

Y.R. Tap - The reject Cryptokid

But that's not what I'm posting about.

I ran across this interesting comic about the unpopular little-know cryptokid, Y.R. Tap, the NSA domestic spying fly. The fly shows the Cryptokids what can happen when civil liberties are violated.

Bruce Schneier explains how easy it is to get past security and fly on a plane even if you're on the supposed "no fly list"

Buy a ticket in some innocent person's name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

His article on why the no-fly-list and photo ID checks are useless against terrorists here.

Now here's a state with a Attorney General worth his salt! Richard Blumenthal is suing Countrywide and Bank of America for deceptive lending and is looking for some serious monetary damages to be paid out to the victims. This single move could save thousands of people from forclosures and distress. That's some serious protecting of the innocent. Way to go!

The TSA's CLEAR program where people can spend $100 to be "pre-screened" at airports and bypass security had a security hit recently when a laptop (doesn't this get old) with customer data was stolen.

Well gosh, how could they ever have seen that coming?

Anyway, Schneier covers the story and links to the TSA's response as well as taking a moment to denounce the program again along with most of what the TSA is doing for airport security. Since I've met the privacy officer for the TSA and know he knows what he's doing, the only reason I can come up with for this is that they're not listening to him when he's telling them not to put this kind of data on laptops unencrypted.

Some DNA lab workers have found that, while DNA is truly unique, the process of looking at only a small set of "loci" to make a match between people has flaws. In one case, a match was made in DNA testing between one person who was black and one who was white.

Not surprisingly, the FBI has been hard at work to cover up these finding:

In July 2006, after Chicago-area defense attorneys sought a database search on behalf of a murder suspect, the FBI's Callaghan held a telephone conference with Illinois crime lab officials.

The topic was "how to fight this," according to lab officials' summary of the conversation, which later became part of the court record.

Callaghan suggested they tell the judge that Illinois could be disconnected from the national database system, the summary shows. Callaghan then told the lab officials that "it would in fact be unlikely that IL would be disconnected," according to the summary.

(H/T to Slashdot for the link)

Breaking news, Congress is full of quarter-witted imbeciles and corrupt sychophants. Wait… we knew that already. What is new is that now we have a roster of the members of the House who either have no clue about what's going on or have gone to the dark side (cue Darth Vader-like breathing).

Yesterday the House passed a FISA amendment act which includes a provision shielding telecommunications companies from any liability. In the coverage of the situation by Ars Technica, they were able to quote Nacy Pelosi as being an idiot:

The most extended apologia came from House Speaker Nancy Pelosi (D-CA), who urged that the compromise be judged by comparison with the Senate bill, which she characterized as the only realistic alternative (So we can't ask for a good law, only a less bad one? That's a great standard to live to). She outlined several ways in which the current legislation is preferable to the Senate's version. First, the compromise bill reasserts that FISA is the "exclusive means" for conducting electronic surveillance, which would require the president to ignore such language twice in order to launch an extralegal surveillance program, rather than only once, as under traditional FISA rules (So if the President breaks the law, now it would violate two laws instead of just one. The next time someone breaks a law, I wonder if it will result in jail time if it only breaks the law "once"). Second, it preserves prior judicial review of surveillance authorizations, except in "very, very rare" circumstances, such as when the attorney general asserts that waiting for a judge would entail delay (I think that recent history has shown how much we can trust to the "rarity" of the Attorney General approving anything a president might ask. Has she even been awake in the last decade?). Third, it contains specific provisions barring the use of authorizations targeting parties abroad as a pretext for targeting U.S. persons, presumably to be enforced by a board of psychics. Finally, it provides for an internal investigation of the extent of past surveillance, which Congress will act upon with the same legendary zeal for civil liberties it has displayed over the past seven years (Brilliantly summarized. Ars has some great writers.).

So in one day, the House voted to expand powers of the Judicial branch that they didn't need and shield their conspirators from liability against justice.

Don't get me wrong, if I got a letter from the Attorney General of the United states that required my company to do something and my lawyers said to do it, I would have and maybe that's what happened to the telcos. But if there is no accountability for the Attorney General, the President, and the involved Agencies, then the whole things tastes like Congress cooked us up some chili made of poo.

I ended up sitting next to Peter Pietra, the head of the privacy department at the TSA. This gave me an interesting opportunity to talk about issues of privacy when dealing with their agency and the first thing I asked was about the pornographic backscatter x-ray devices.

He was clearly frustrated (and I don't blame him) as I'm sure this is a topic that assaults him regularly. The issue is that backscatter CAN see through your clothes, but the TSA orders the devices preconfigured at a level that prevents them from seeing pictures such as these one on the Internet. They are also unable to modify the configuration. In fact what they actually see, as shown on their site, is smeared blob that highlights objects, but not skin.

The issue that I have here is that if the TSA's claims of how they use the technology are true, then what the hell was all the hype about?

Images will be deleted immediately once viewed and will never be stored, transmitted or printed (the passenger imaging units have zero storage capability)

Metallic and non-metallic objects are displayed, including all items that a passenger may be carrying on his/her person

Also, according to the website, you can always choose to have a pat-down instead.

I asked Peter about this because it seems to me most people aren't going to know to go to the website and read about Backscatter before being faced with it at an airport, but he said that the sample picture on the web is printed right on the machine and people are supposed to be shown the picture and told of the option for pat down prior to being scanned.

Final Thoughts

I notice that the picture on the TSA site is from behind so probably doesn't fairly show how much frontal detail they would see so for full disclosure, they should show a frontal picture. However, I can understand why someone wouldn't want to show what amounts to nudity on these machines for propriety reasons and don't necessarily consider that evasive.

What more can you ask for than clear disclosure and a reasonable choice? Granted the technology can be used for worse things, but the devices is about as small and conspicuous as a casket so you'll never be scanned without your knowledge. If they are configured correctly, store nothing, and you can opt for a pat down, then perhaps some have been too harsh on both the technology and the agency.

Speaking of, EPIC's article that led me to write about backscatter in the first place unfairly show the capabilities of backscatter ignoring the actual use of the technology by the TSA. I'm sure there's someone from EPIC around the conference somewhere and I'll be sure to ask them about it.

What TSA Sees

What EPIC Shows

National Security Letters (NSLs) have been a huge issue since the FBI and has abused them terribly since gaining the power. The worst part is that they include a gag order that prevents you from complaining about it or seeking help.

Well at least one individual has challenged an NSL and won.

I got this e-mail from a member of congress who I must have contacted at some point because I'm on his mailing list. Anyway, I think the point that he makes is valid. By the own words of the director of the FBI, if the CIA were torturing prisoners, the FBI would have a responsibility to investigate, but they didn't. Congressman Wexler pressured him to answer why and he evaded it.

Here's the email:

Could we get a little accountability over here?! Please?

The FBI, which is proving to to be the worst thing to happen to America since dubya, is pushing for laws that will require your Internet Service Providers to record all that you do and make it available for police review.

"Records retention by ISPs would be tremendously helpful in giving us a historic basis to make a case on a number of child pornographers who use the Internet to push their pornography" or lure children, Mueller said.

Yes it would. But it would also allow them to many other things that might not be so justified. If we've learned anything, its that the FBI can't be trusted with unchecked snooping powers.

(H/T to Slashdot for the link)

The U.S. government will soon begin collecting DNA samples from all citizens arrested in connection with any federal crime and from many immigrants detained by federal authorities, adding genetic identifiers from more than 1 million individuals a year to the swiftly growing federal law enforcement DNA database.

If you are found innocent, you can't be treated like a criminal. Duh.

What is happening at the FBI that they can violate our privacy and rights over and over and over?

(H/T to Privacy.org for the link)

The FBI has been doing a lot of illegal and immoral things recently haven't they?

Counterterrorism officials in FBI headquarters slowed an investigation into a possible conspirator in the 2005 London bombings by forcing a field agent to return documents acquired from a U.S. university. Why? Because the agent received the documents through a lawful subpoena, while headquarters wanted him to demand the records under the USA Patriot Act, using a power the FBI did not have, but desperately wanted.

And when they got the power, they horribly abused it. Nice huh?

(H/T to Slashdot for the link)

I'm skeptical of the Federal Trade Commission's ability to deal with spyware or Spam, but the crack-down on fake blogging and unlabeled DRM is interesting.

Fake blogs (flogs), like the ones set up by Sony to promote the PSP, also try to gain authenticity by masquerading as homegrown labors of love. And while most established media sites have policies designed to keep editorial and advertising separate, blogs may have no such rules in place.

And…

Case in point: the Sony BMG rootkit fiasco, a case in which the Commission actually did charge the company with deception for not informing consumers that certain CDs contained DRM that limited their usefulness.

While this is all true and pays great lip service to those of us who are against these practices, based on how they handled , I don't really expect much from the FTC.

From the, maybe things really are starting to look up, department, Public Citizen reports that Michael Baroody, the worst possible choice for the Consumer Product Safety Commission, has withdrawn from consideration.

Of course, the White House defended him:

"Obviously we feel that he was a strong candidate who would have done a wonderful job at the Consumer Product Safety Commission,"? said Emily Lawrimore, a White House spokeswoman. "After some in the Senate rushed to judgment about Mr. Baroody and his qualifications, it became evident to Mr. Baroody that he would not be confirmed."?

And as always, it's a load of hooey. For the complete list of new articles in this story, head to the Consumerist.