I recently got an e-mail with this at the bottom – a low tech way to assert privacy and ownership. This email is: [ ] blogable [ ] ask first [X] private
This article was slashdotted today.
TSA had promised it would only use the limited information about passengers that it had obtained from airlines. Instead, the agency and its contractors compiled files on people using data from commercial brokers and then compared those files with the lists.
The GAO reported that about 100 million records were collected.
The 1974 Privacy Act requires the government to notify the public when it collects information about people. It must say who it’s gathering information about, what kinds of information, why it’s being collected and how the information is stored.
And to protect people from having misinformation about them in their files, the government must also disclose how they can access and correct the data it has collected.
Before it began testing Secure Flight, the TSA published notices in September and November saying that it would collect from airlines information about people who flew commercially in June 2004.
Instead, the agency actually took 43,000 names of passengers and used about 200,000 variations of those names – who turned out to be real people who may not have flown that month, the GAO said. A TSA contractor collected 100 million records on those names.
It brings up some serious concerns about how information collection and validation is done by the TSA for airline passengers. How can we trust governments to collect this much information about us just because we travel.
This week I wonder why care about airlines passengers because security is so tight that airlines do not seem to be a place where the next round of attacks will be. If London is any indication it will be on mass transit. Given the level of police/security presence on the transit systems in the Bay Area this week is certainly seems like there is some concern that mass transit will be attacked. They have started random searching of bags to get on the NYC subway. One wonders if they will start issuing ‘identity passes’ to get on such systems.
On the city subways, which are used by 4.5 million people on the average workday, the inspections started on a small scale Thursday afternoon and were expanded Friday.
The New York Civil Liberties Union opposed the searches, saying they violated the Fourth Amendment. Mayor Michael Bloomberg said he hoped the NYCLU would recognize that the city had struck the right balance between security and protecting constitutional rights. He said the bag-checking program is part of a policy to “constantly change tactics” and “may, or may not, be there tomorrow.”
This is a summary of Bob Blakley’s talk at Burton Catalyst:
Opening – Sermon on Laws
Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures
A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Identity is a collection of attributes by which a person or thing is generally recognized or known
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.
Because identity claims allocate risks, they will be disputed.
- Commercial Interest – Convenience
- Government Interest – Security
- Individual interest – Privacy
Privacy: is the ability to lie about yourself and get away with it.
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
The name that can be named is not enduring and unchanging name. All identity attributes change over time.
- Prince -> symbol
- Michael Jackson Black -> Plastified
Identity attributes can be
- what you know – you can lie
- what you have – loose / leave
- what you are – alter disguise
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information
Identity is in they eye of the beholder – subjectivity.
- You can’t control what other people think or say about you.
- You can’t even know who knows what about you.
- Can control what you tell people but not what people find out
Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.
In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.
Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.
IDENTIFICATION REQUIRES DUE PROCESS
But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.
They do it because they like costumer intimacy.
Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.
The business case fore identity service provider infringes privacy.
The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.
Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.
Fable about MARIA
Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.
Canada has some crazy laws too. I kind of was thinking of Canada where I was born as the ‘friendly’ nation to the north but it seems not to be true :(.
Before privacy laws or the Charter, there was little if anything to stop police or national security operatives from cajoling or coercing information from private sector organizations. A civic-minded government department or company could blab all it wanted about its customers or employees.
Our privacy laws changed this, although they didn’t really try to put a stop to it. In BC, our public sector privacy law gives public bodies discretion to disclose personal information for law enforcement purposes, without warrant, but there are (some would argue, weak) constraints on this. The same can be said for our private sector privacy law. Still, these laws, together with the Charter, have until recently insulated against over-enthusiastic private sector co-operation with all and sundry state inquiries. Is this still true? If it is, how long will this last?
After the 9/11 attacks, governments everywhere felt compelled to act, and to be seen to act. This was in an important sense responsible of government. It was also mandated by political Darwinism. But a profoundly important aspect of the post-9/11 changes is the blurring of lines between collection and use of personal information for law enforcement purposes under criminal and other penal laws and use for national security purposes. A defining characteristic of police states is the blurring of distinctions between law enforcement and national security functions, the danger being that the rule of law eventually gives way to arbitrary decision-making by law enforcement authorities and the rights of ordinary citizens lose meaning. Democracies depend on clear and effective rules suited to the state activities that the rules are intended to govern and that reflect the essential values of a free society.
In Canada, post-9/11 amendments to the Customs Act and regulations authorize officials to require private sector organizations to provide border officials with extensive advance information about arriving passengers. These changes expanded the federal government’s ability to use and share that information, not only for national security purposes, but also for ordinary law enforcement and other purposes, including (according to government statements in 2002) public health surveillance. The information-sharing authority includes a broad ability to share personal information about Canadians and others with foreign governments. The amendments don’t restrict information-sharing arrangements to national security uses they could easily include ordinary law enforcement or other purposes defined on a case-by-case basis or in an agreement with another nation.
Also, Public Safety Act amendments to the Aeronautics Act allow the RCMP Commissioner to require any air carrier or operator of an air reservation system to, for the purposes of transportation security, disclose specified information in its control to any person the Commissioner designates. Despite the Public Safety Act reference to transportation security, the amendments allow this data to be matched with other data and to be disclosed to assist in executing certain outstanding arrest warrants. This effectively compels the private sector to assist the state, in the absence of a warrant or court order, in surveillance of all air travellers for the broader general purposes of both national security and ordinary law enforcement.
Consistent with these powers to conscript the private sector into both national security and law enforcement activities, Public Safety Act amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) permit private sector organizations to collect personal information without an individual’s knowledge or consent in circumstances that amount to an invitation to, and in some cases compulsion of, the private sector to assist the state in surveillance for both general national security and ordinary law enforcement purposes.
The Public Safety Act also amended the Proceeds of Crime (Money Laundering) and Terrorist Financing Act to authorize the Financial Transactions and Reports Analysis Centre of Canada to collect information it considers relevant to money laundering or financing of terrorist activities from publicly available information, including commercially available databases. FINTRAC is also authorized to obtain, under information-sharing agreements, information maintained by federal or provincial governments for law enforcement or national security reasons.
FINTRAC expanded powers point to the fact that, when it comes to co-opting the private sector, 9/11 can’t be blamed for everything. Laundering of dirty money was of sufficient concern before 9/11 to lead to extensive transaction-reporting requirements for banks and others. You can easily find other examples of legislative responses to individually pressing policy challenges that draft private sector organizations into state service in the name of public safety or order. One example is the current federal government lawful access proposals, some of which would apparently require ISPs to hand over at least identifying customer information and perhaps more on simple request by state officials, and for a pretty broad range of uses.
Also, at the local level, at least in BC, we see more and more local government bylaws compelling businesses to hand customer information over to police for a variety of reasons. Pawnshop reporting requirements have been around for a long time, but now were seeing bylaws requiring businesses to regularly give police information, without request, in a variety of situations (such as information who’s been buying pepper spray, hydroponic supplies or chemicals that could be used to make drugs and who’s been renting mailboxes at commercial mailbox centres).
And governments are now large purchasers of personal information from the private sector. So far this is being seen mostly in the US think of Total Information Awareness, MATRIX, Secure Flight and so on but to think that our own governments will ignore the expanding private sector trove of electronic personal information much longer.
As databases proliferate, become more comprehensive and become lifelong, it’ll be harder and harder to resist those who say that, since the information is out there, the state should be able to use it. Time and time again over the last six years I’ve been told by middle-aged, middle class Caucasian males that they have nothing to hide, so why should anyone else feel differently? Let the government have the information it needs to protect us, they say.
Now, I don’t doubt the good faith of BC’s police agencies not for a minute. But, thinking thirty or fifty years down the road to a time when the lines between national security and law enforcement have blurred to vanishing, will there be any meaningful rules? If not, will our belief in the good faith of state officials, set adrift without guiding rules, be enough to sustain our privacy and other rights?