Author Archive | Stewart Baker

The Privies — Time to Vote

 The 2014 Privies — It’s Time to Vote!

Today we’re publishing the third set of nominees for our Dubious Achievements in Privacy Law awards.  And at last it’s time for the public to be heard.  Voting is now open, to privacy professionals and to members of the public.  The votes of privacy professionals will determine the winners in most cases, but in the event of a close contest, or a very strong showing in the public vote, the rankings will be adjusted.

So if you want to vote, now is the time, and this is the link for voters:  The 2014 Privies.  

And if you first need to review the full slate of nominees in each category, they are all listed here.

  [...]

Continue Reading 0

The Privies — Category Three — Dumbest Privacy Case of the Year

 The 2014 Privies —

Category Three

Dumbest Privacy Case of the Year

 

a.  Boston Police Department (Commissioner William Evans)

Record Your Talk with Boston Police, Face Felony Wiretap Charges

Boston police dept

When Taylor Harding called the Boston Police Department’s press spokesman about his case, he recorded the call and posted it to YouTube.  At which point the Boston police charged him with felony wiretapping.  Pretty stupid, but don’t blame the cops.  Blame privacy law.

Under Massachusetts law, it’s a righteous bust, thanks to the privacy advocates who persuaded the Massachusetts legislature that both participants in a call had to agree before the call could be recorded.  Spurred by a technological panic, the legislature couldn’t have been clearer about its intent:  “The uncontrolled development and unrestricted use of modern electronic surveillance devices pose grave dangers to the privacy of all citizens of the Commonwealth.  Therefore, the secret use of such devices by private individuals must be prohibited.”

Chalk up another unintended consequence for privacy advocates trying to stop the march of technology. As the tools for recording conversations and even video spread to everyone, the two-party consent law doesn’t make sense and is mostly enforced only on behalf of the rich and powerful.  So this case was almost nominated in the category “Worst Use of Privacy Law to Protect Power and Privilege.”  But in the end, the Boston Police Department was ridiculed into dropping the case.  Turns out that the police don’t quite have as much power and privilege as the technorati.  Which is really only comforting if you think the technorati lynch mob will never come for you.

b.  Joffe v. Google (Hon. Jay Bybee, Ninth Circuit)

“Radio Waves Aren’t Radio. Publicly Accessible Broadcasts Aren’t Publicly Accessible. And #$kjhi&#^- …” 

Bybee

When Google’s Street View car collected wi-fi signals from the [...]

Continue Reading 0

Is France Trying to Game the Privies?

FHollandeWhy else would the New York Times report today that France is expanding its legal mandate for intelligence surveillance [caution, paywall, more here]– all on the eve of voting for the Privies?

Francois Hollande is already in the running for Privacy Hypocrite of the Year for criticizing U.S. surveillance while France is doing much the same thing.  Now his government has adopted a law that underscores the hypocrisy of that complaint.

According to the Times, the law authorizes intellligence gathering with no judicial oversight and for purposes that go well beyond national security and counterterrorism to include “the protection of France’s scientific and economic potential.”  (Though the Times can’t resist showing its hostility to US intelligence, claiming that  French and US law provide  “similarly minimal oversight,” despite the heavy involvement of US courts in NSA surveillance and the narrow to nonexistent scope of US intelligence for commercial purposes.) [...]

Continue Reading

 The 2014 Privies —

Category Two

 “We All Got To Serve Someone”

Worst Use of Privacy Law to Protect Power and Privilege

 

a. Max Mosley, former president of the Fédération Internationale de l’Automobile

That Picture?  Forget it.  No, Really. I Insist.

Max_Mosley_during_a_interview

Max Mosley achieved fame and wealth as head of the Formula One racing association, FIA. His father was a well-connected politician who embraced fascism before World War II.  But Mosley himself achieved notoriety in 2009, when the media published pictures of him naked and engaged in a sado-masochistic orgy with five prostitutes.  In a move that seems to define self-defeating, Mosley went to court to establish that it was a naked, five-hour sado-masochistic orgy with five hookers, but it wasn’t a naked, five-hour sado-masochistic orgy with five hookers and a Nazi theme.  He won.

Now he wants us all to forget those unforgettable pictures of a naked, sixty-eight-year-old man being tied up and whipped. Actually, he doesn’t just want us to forget.  He insists.

And so do the French courts.  In 2013, the French Tribunal de Grande Instance ruled, more or less, that the privacy laws are nothing if not protective of wealthy and famous men who can afford a five-hour, five-hooker discipline session.  It ordered Google not to link to those unforgettable pictures , managing with one decision to discredit both itself and French privacy law.

b. China’s Privacy Law

“You Think He Insists? Have You Seen Our Prisons?”

China flag

In the midst of a highly charged bribery investigation of pharmaceutical companies operating in China, Peter Humphrey was arrested by Chinese authorities.  A respected corporate investigator who had represented Western pharmaceutical companies, he was known for investigating fraud.  He was not charged with participating in the bribery scandal.  Instead he was charged for investigating a little too enthusiastically [...]

Continue Reading

The 2014 Privy Nominations — “Privacy Hypocrite of the Year”

I’m pleased to post nominations in the hotly contested first category of Dubious Achievements in Privacy Law.  Take your time to make a choice.  Voting will not open until all nominations have been published — likely December 15.

Corrections and suggestions for additional nominees may be sent to vc.comments@gmail.com.  But for those who think a particular nomination is unfair, the best remedy is to vote for a nominee who deserves the award and encourage others to do the same.

 

The 2014 Privies —

Category One

 “Privacy Hypocrite of the Year”

 

a. Viviane Reding, European Commissioner for Justice, Fundamental Rights, and Citizenship

Why Regulate Ourselves When We Can Regulate the United States?

VReding

Commissioner Reding has led the charge to impose European restrictions on the way the National Security Agency gathers intelligence.  When asked by the Guardian why the European Commission didn’t start by imposing restrictions on the way European Union members like Great Britain gather intelligence, she said

[T]here was little she or Brussels could do …, since secret services in the EU were the strict remit of national governments. The commission has demanded but failed to obtain detailed information from the British government on how UK surveillance practices are affecting other EU citizens….  “I have direct competence in law enforcement but not in secret services. That remains with the member states. In general, secret services are national,” said the commissioner.

Unless those secret services are American, apparently.

 b.  Francois Hollande, President of France

Spying on Allies is “Totally Unacceptable” Except When We Do It

FHollande

President Hollande called President Obama to describe U.S. spying on its allies as “totally unacceptable,” language that was repeated by the Foreign Ministry when it castigated the U.S. ambassador over a story in Le Monde claiming that NSA had scooped up 70 million communications in [...]

Continue Reading

Dubious Achievements in Privacy Law — The 2014 Privies

Recognizing Stupid Privacy Laws 

It’s time to recognize just how stupid privacy law is getting.  And what better way than by acknowledging the most dubious achievements of the year in privacy law?

First I should explain why I think privacy law so often produces results that make no sense.  After all, most of us think  privacy is a good thing.  We teach our kids to respect the privacy of others, just as we teach them good manners and restraint in drinking alcohol.  At the same time, no one wants courts and legislators to punish us for rudeness or prohibit us from buying a drink.  We’ve already tried mandating abstinence from alcohol once.  It didn’t work out so well.  And it’s unlikely that Prohibition would have worked better if we’d made it illegal to drink to excess.

The problem is, some rules just don’t translate well into law.  We know rude behavior when we see it, but no one wants a Good Manners Protection Agency writing rudeness regulations — or setting broad principles of good manners and then punishing a few really rude people every year.  The detailed regulations would never capture the evolving nuances of manners, while selective prosecution of really rude people would soon become a tool for punishing the unpopular for their unpopularity.

All that seems obvious in the case of drinking and rudeness, but when it comes to privacy, proposals for new legal rules seem endless.  In fact, though, privacy is every bit as malleable and context-sensitive as good manners, and efforts to protect it in law are inevitably either so general that anyone can be prosecuted or so ham-handedly specific that they rapidly fall out of date.  Either way, instead of serving the public interest, privacy laws often end up encouraging official hypocrisy and protecting the [...]

Continue Reading

Export controls on surveillance and hacking tools?

The old Cold War export control alliance, now known as the Wassenaar Arrangement, hasn’t exactly been a hotbed of new controls since Russia joined the club.  But according to the Financial Times, the 41-nation group is preparing a broad new set of controls on complex surveillance and hacking software and cryptography.  I suspect that the move is a response to concerns about the use of  such tools — from deep packet inspection to zero-day attacks — by rogue states like Syria and Iran.

It’s an unusual step in several respects.  First, the European Union seems to be at least as enthusiastic as the United States about the controls. Usually, Europeans have let the US take the lead (and the economic hit) when it comes to controlling exports. Second, it is not clear that these controls will work.  Wassenaar doesn’t include China or Israel, both major producers of surveillance and hacking tools.  So the new control regime could turn out to be an exercise in moral preening, as Europe and the United States sacrifice technology sales to China and Israel for the sake of political correctness. [...]

Continue Reading 0

Understanding the Enemy

The latest Snowden leak story is in the Huffington Post.  It says that NSA thought about exposing the hypocrisy of Islamic extremist recruiters by revealing their financial greed or predatory sexual habits.  I’m quoted in support of considering such tactics, but the backstory of the interview may be more interesting.

When one of the authors, Ryan Grim, called me for comment, he said that while Glenn Greenwald was transitioning to his new Omidyar-funded venture he was temporarily publishing his Snowden leaks with HuffPo. So when he asked for my take on the NSA story, pretty much the first words out of my mouth were, “Why wouldn’t we consider doing to Islamic extremists what Glenn Greenwald does routinely to Republicans?”  The story quotes practically everything I said to Grim except that remark, even though I returned to the point a couple of times and emphasized that it summed up my view.

I don’t think HuffPo cut the quote because they ran out of electrons.  The article itself is so tediously long that I defy anyone to read every word in a single go.

Nor because my remark was inaccurate.  It turns out that Glenn Greenwald has written an entire book devoted to exposing the contradiction between Republicans’ ideology and their private lives.  In Greenwald’s words,  “While the right wing endlessly exploits claims of moral superiority … virtually its entire top leadership have lives characterized by the most decadent, hedonistic, and morally unrestrained behavior imaginable …[including] a string of shattered marriages, active out-of-wedlock sex lives, and highly ‘untraditional’ and ‘un-Christian’ personal lives [endless detail omitted].” His book certainly makes the NSA memo sound restrained and cautious, but both are motivated by the same idea.

Grim and Greenwald very likely cut the quote because it would have undermined the narrative of the [...]

Continue Reading

Hackback Backers’ Comeback?

The US-China Economic and Security Review Commission has issued its annual report. It reminds us that, while press and privacy campaigners have been hyperventilating over US intelligence programs, there are, you know, actual authoritarian governments at work in the United States — breaking into the networks of activists whom they dislike, newspapers whose sources they want to discover, and companies whose secrets they want to steal, all without (gasp!) court orders or Jim Sensenbrenner’s consent.China Trade Commission 2013 Report to Congress

Perhaps even more interesting, the Commission offers moral support and an open Overton window to those who advocate much more active defenses than the Justice Department has been willing to countenance under the Computer Fraud and Abuse Act.  Among the policy options it treats seriously are watermarking and beaconing of documents for evidentiary purposes as well as authorizing private victims to conduct a host of active responses to intrusions:

Encourage the U.S. government, military, and cleared defense contractors to implement measures to reduce the effectiveness of Chinese cyber operations and increase the risk of conducting such operations for Chinese organizations. For example, the IP Commission recommends measures such as ‘‘meta-tagging, watermarking, and beaconing,’’ because they can help identify sensitive information and code a digital signature within a file to better detect intrusion and removal. These tags also might be used as evidence in criminal, civil, or trade proceedings to prove data was stolen.

Clarify the legal rights of companies, and the types of action that are prohibited, regarding finding and recovering intellectual property that is stolen through cyber intrusions. Mr. Kamphausen said U.S. companies ‘‘need the right tools that afford them the protections, legal and otherwise, so that they can do what’s in their own interest.’’

Pass legislation permitting U.S. companies to conduct offensive cyber operations in retaliation against intrusions into their networks. Such

[...]
Continue Reading

Can We Crowd Audit Healthcare.gov?

The Administration has set a goal in its effort to fix the troubled Obamacare website, healthcare.gov. By November 30, according to the Washington Post, the government’s goal is that 80% of users will be able to buy healthcare policies online. The 80% target moves the goalposts back from the President’s more confident statement earlier this month: By the end of this month, we anticipate that it is going to be working the way it is supposed to.”

healthcare.gov (2)

But it is a concrete, measurable goal.

Unfortunately, everyone involved in that measurement, from the contractors to HHS to the White House, has a strong interest in reporting success. And a track record of handling data in a way that masks failure. The administration refused to provide any numbers about enrollments for more than a month and then released numbers that mix actual enrollments with a consumer’s decision to simply put a plan in an online “shopping cart.”

You don’t have to be very cynical to think that we’ll only hear about enrollment statistics on November 30 if the 80% goal is met, or can be spun.

Which leads me to the point of this post: We don’t actually have to wait for the administration to release the numbers. Because the government has chosen a target that can be measured by the public.

All we need is for a large enough group of consumers to go through the enrollment process on November 30  and report whether they succeeded or failed in choosing a plan and getting it into their shopping cart. Call it crowd auditing, or crowditing for short. In fact, done right, it’s a better measure of success or failure than anything accessible to site administrators.  And it will be available in something close to real time.

There are [...]

Continue Reading 0

When Separation of Powers is a Matter of Life and Death

The Leahy-Sensenbrenner USA FREEDOM Act puts the Foreign Intelligence Surveillance (FIS) court in charge of shaping, overseeing, and enforcing minimization guidelines in connection with section 215, pen/trap orders, and section 702, largely taking the Attorney General out of the process of writing minimization guidelines. I’m appalled, because the FIS court has taken control of minimization before, with disastrous consequences; it built a “wall” between intelligence and law enforcement without any legal basis for doing so, and enforced the wall so aggressively that the FBI couldn’t use its best counterterrorism assets to track down the hijackers in late August and early September 2001.  In a very real sense, it was the FIS court’s legal error combined with a self-righteous use of its contempt power that thwarted the country’s last, best chance to stop the attacks.

220px-E._Barrett_Prettyman_U.S._CourthouseThat the court made terrible errors in 2001 is perhaps understandable. Repeating those errors is not. But the more closely I observe the FIS court the more concerned I become that the peculiar role that we have created for the FIS court makes a repetition all too likely.  I’m testifying to the Judiciary Committee tomorrow on the USA FREEDOM Act, and I took the opportunity to do a bit more thinking in this post about why the FIS court seems to have learned so little from its discreditable performance in 2001.

It may be that the problem is best seen as a constitutional failure.  That is, practical politics  are pushing the FIS court out of an article III  role and into article I. And the FIS court’s failings may be best seen as a problem in separation of powers.

At the outset, the separation of powers issue isn’t obvious. The FIS court’s principal statutory role is to approve or deny intercept and discovery orders involving foreign [...]

Continue Reading

Treasury’s War

I reviewed Juan Zarate’s Treasury’s War for the Wall Street Journal.  If you have a subscription, here’s the paywalled link. For cheapskates, here’s the gist:

Treasury has attacked money laundering by big banks, imposing fines up to $2 billion on institutions around the world. As a result, banks have toughened their compliance regimes. Under the slogan “know your customer,” they now feel obliged to run checks on their customers’ reputations and to shun even faintly suspicious transactions.

In such a climate, it’s easy to become a customer no one wants to know. And the easiest way of all is to be officially labeled a “primary money laundering concern.” A bank that has been tarred with that brush quickly becomes a pariah to every bank with a compliance program. Because a pariah can’t perform normal financial transactions under such conditions, its solvency is immediately drawn into question. And, boom, within 24 hours, even a bank with no direct ties to the United States is effectively out of business, brought down by a Treasury-induced run. Treasury’s designation turns out to be a remarkably effective weapon—the Predator drone of financial sanctions—killing instantly, without warning, far from home.

In one of his better stories, Mr. Zarate shows how Treasury’s new weapon struck even North Korea, a veteran sanctions-buster that had sheltered comfortably in China’s lee for decades.

China’s diplomats stood by their client as usual, but not its banks. Rather than risk its access to world financial markets, even the state-owned Bank of China in Macau froze North Korean accounts. Later, after many ceremonial toasts at a session of the international talks on nuclear proliferation, one inebriated North Korean negotiator leaned in to his American counterparts and admitted: “You Americans have finally have found a way to hurt us.”

Mr. Zarate brings verve

[...]
Continue Reading

NSA’s international crisis, and what Congress should do about it

I’ll be testifying tomorrow before the House Intelligence Committee.  This post is an excerpt from that testimony.  The full document is here: Baker – HPSCI testimony – Oct. 29 2013.

NSA-BuildingI fear that the campaign by Glenn Greenwald and others who control the Snowden documents has forced the executive branch into a defensive crouch.  Other nations are taking advantage of the moment to demand concessions that the White House is already halfway to granting.  If so, we will regret them as a country long after the embarrassment of fielding angry phone calls from national leaders has faded into a short passage in President Obama’s memoirs.

European and other nations see the prospect for enormous gains at the expense of the U.S., in part because President Obama seems genuinely embarrassed and unwilling to defend the National Security Agency.  Instead, he is offering assurances to select world leaders that they are not targets, and his homeland security adviser is declaring that “the president has directed us to review our surveillance capabilities, including with respect to our foreign partners. We want to ensure we are collecting information because we need it and not just because we can [and that] we are balancing our security needs with the privacy concerns all people share.”

Administration sources have begun criticizing the NSA for putting the President in this bind, and they are hinting at the possibility of negotiating reciprocal deals with other countries that will bar espionage directed at each other while sharing intelligence….

In short, we face the prospect that foreign nations will capitalize on President Obama’s defensive crouch to extract diplomatic and intelligence concessions that would have been unthinkable a year ago.

At the same time, I note, these nations have asked China, which is subjecting them to the most notorious and noisy [...]

Continue Reading

Espionage and Allies

Angela_Merkel_(2008)-2I contributed a short piece today to the New York Times on the latest Snowden-generated flap over allegations that NSA targeted Angela Merkel’s mobile phone.  Excerpts:

To play the role it has played in the world for the last 70 years, the United States must be able to gather intelligence anywhere in the world with little or no notice. We never know where the next crisis will erupt, where the next unhappy surprise is coming from. It’s the intelligence community’s job to respond to today’s crises, but its agencies live in a world where intelligence operations take years to yield success. That makes it a little hard – and very dangerous — to create “intelligence-free zones.”

…Even the countries we usually see as friends sometimes take actions that quite deliberately harm the United States and its interests. Ten years ago, when the U.S. went to war with Iraq, France and Germany were not our allies. They were not even neutral. They actively worked with Russia and China to thwart the U.S. military’s mission. Could they act against U.S. interests again in the future – in trade or climate change negotiations, in Syria, Libya or Iran?

…That’s just life and international politics. As German Chancellor Angela Merkel too knows quite well. She visited China right after public disclosures that the Chinese had penetrated her computer network, yet she managed to be “all smiles” while praising relations between the two countries as “open and constructive.”

…The United States can’t stop gathering intelligence without running the risk of terrible surprises. So it won’t.

Note:  I welcome comments and may publish some of them as updates, with your name unless you ask me to leave it out. Send them to vc.comments@gmail.com.

UPDATE:  One commenter takes issue with the core of the piece:

It is

[...]
Continue Reading