Latest

Page 6

Threats to Information Integrity

Every year, the Director of National Intelligence publishes an unclassified “Worldwide Threat Assessment.” This year’s report was published two weeks ago. “Cyber” is the first threat listed, and includes most of what you’d expect from a report like this.

More interesting is this comment about information integrity:

Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial-of-service operations and data-deletion attacks undermine availability. In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e. accuracy and reliability) instead of deleting it or disrupting access to it. Decisionmaking by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.

This speaks directly to the need for strong cryptography to protect the integrity of information.

Tags: , , , ,

Posted on March 13, 2015 at 6:05 AMView Comments

A Template for Reporting Government Surveillance News Stories

This is from 2006—I blogged it here—but it’s even more true today.

Under a top secret program initiated by the Bush Administration after the Sept. 11 attacks, the [name of agency (FBI, CIA, NSA, etc.)] have been gathering a vast database of [type of records] involving United States citizens.

“This program is a vital tool in the fight against terrorism,” [Bush Administration official] said. “Without it, we would be dangerously unsafe, and the terrorists would have probably killed you and every other American citizen.” The Bush Administration stated that the revelation of this program has severely compromised national security.

We’ve changed administrations—we’ve changed political parties—but nothing has changed.

Tags: , , , , , , , ,

Posted on November 1, 2013 at 2:26 PMView Comments

The Social Dynamics of Terror

Good essay:

Nineteenth-century anarchists promoted what they called the “propaganda of the deed,” that is, the use of violence as a symbolic action to make a larger point, such as inspiring the masses to undertake revolutionary action. In the late 1960s and early 1970s, modern terrorist organizations began to conduct operations designed to serve as terrorist theater, an undertaking greatly aided by the advent and spread of broadcast media. Examples of attacks designed to grab international media attention are the September 1972 kidnapping and murder of Israeli athletes at the Munich Olympics and the December 1975 raid on OPEC headquarters in Vienna. Aircraft hijackings followed suit, changing from relatively brief endeavors to long, drawn-out and dramatic media events often spanning multiple continents.

Today, the proliferation of 24-hour television news networks and the Internet have allowed the media to broadcast such attacks live and in their entirety. This development allowed vast numbers of people to watch live as the World Trade Center towers collapsed on Sept. 11, 2001, and as teams of gunmen ran amok in Mumbai in November 2008.

This exposure not only allows people to be informed about unfolding events, it also permits them to become secondary victims of the violence they have watched unfold before them. As the word indicates, the intent of “terrorism” is to create terror in a targeted audience, and the media allow that audience to become far larger than just those in the immediate vicinity of a terrorist attack. I am not a psychologist, but even I can understand that on 9/11, watching the second aircraft strike the South Tower, seeing people leap to their deaths from the windows of the World Trade Center Towers in order to escape the ensuing fire and then watching the towers collapse live on television had a profound impact on many people. A large portion of the United State was, in effect, victimized, as were a large number of people living abroad, judging from the statements of foreign citizens and leaders in the wake of 9/11 that “We are all Americans.”

Tags: , ,

Posted on January 7, 2011 at 6:30 AMView Comments

TSA Backscatter X-ray Backlash

Things are happening so fast that I don’t know if I should bother. But here are some links and observations.

The head of the Allied Pilots Association is telling its members to avoid both the full body scanners and the patdowns.

This first-hand report, from a man who refused to fly rather than subject himself to a full-body scan or an enhanced patdown, has been making the rounds. (The TSA is now investigating him.) It reminds me of Penn Jillette’s story from 2002.

A woman has a horrific story of opting-out of the full body scanners. More stories: this one about the TSA patting down a screaming toddler. And here’s Dave Barry’s encounter (also this NPR interview).

Sadly, I agree with this:

It is no accident that women have been complaining about being pulled out of line because of their big breasts, having their bodies commented on by TSA officials, and getting inappropriate touching when selected for pat-downs for nearly 10 years now, but just this week it went viral. It is no accident that CAIR identified Islamic head scarves (hijab) as an automatic trigger for extra screenings in January, but just this week it went viral. What was different?

Suddenly an able-bodied white man is the one who was complaining.

Seems that once you enter airport security, you need to be subjected to it—whether you decide to fly or not.

I experienced the enhanced patdown myself, at DCA, on Tuesday. It was invasive, but not as bad as these stories. It seems clear that TSA agents are inconsistent about these procedures. They’ve probably all had the same training, but individual agents put it into practice very differently.

Of course, airport security is an extra-Constitutional area, so there’s no clear redress mechanism for those subjected to too-intimate patdowns.

This video provides tips to parents flying with young children. Around 2:50 in, the reporter indicates that you can find out if your child has been pre-selected for secondary, and then recommends requesting “de-selection.” That doesn’t make sense.

Neither does this story, which says that the TSA will only touch Muslim women in the head and neck area.

Nor this story. The author convinces people on line to opt-out with him. After the first four opt-outs, the TSA just sent people through the metal detectors.

Yesterday, the TSA administrator John Pistole was grilled by the Senate Commerce, Science, and Transportation Committee on full-body scanners. Rep. Ron Paul introduced a bill to ban them. (His floor speech is here.) I’m one of the plaintiffs in a lawsuit to ban them.

Book for kids: My First Cavity Search. Cover seen at at TSA checkpoint.

T-shirts: one, two, and three and four. “Comply with Me” song parody. Political cartoons: one, two, three, and four. New TSA logo. Best TSA tweets, including “It’s not a grope. It’s a freedom pat.”

Good essay from a libertarian perspective. Two more. Marc Rotenberg’s essay. Ralph Nader’s essay. And the Los Angeles Times really screws up with this editorial: “Shut Up and Be Scanned.” Amitai Etzioni makes a better case for the machines.

Michael Chertoff, former Department of Homeland Security secretary, has been touting the full-body scanners, while at the same time maintaining a financial interest in the company that makes them.

There’s talk about the health risks of the machines, but I can’t believe you won’t get more radiation on the flight. Here’s some data:

A typical dental X-ray exposes the patient to about 2 millirems of radiation. According to one widely cited estimate, exposing each of 10,000 people to one rem (that is, 1,000 millirems) of radiation will likely lead to 8 excess cancer deaths. Using our assumption of linearity, that means that exposure to the 2 millirems of a typical dental X-ray would lead an individual to have an increased risk of dying from cancer of 16 hundred-thousandths of one percent. Given that very small risk, it is easy to see why most rational people would choose to undergo dental X-rays every few years to protect their teeth.

More importantly for our purposes, assuming that the radiation in a backscatter X-ray is about a hundredth the dose of a dental X-ray, we find that a backscatter X-ray increases the odds of dying from cancer by about 16 ten millionths of one percent. That suggests that for every billion passengers screened with backscatter radiation, about 16 will die from cancer as a result.

Given that there will be 600 million airplane passengers per year, that makes the machines deadlier than the terrorists.

Nate Silver on the hidden cost of these new airport security measures.

According to the Cornell study, roughly 130 inconvenienced travelers died every three months as a result of additional traffic fatalities brought on by substituting ground transit for air transit. That’s the equivalent of four fully-loaded Boeing 737s crashing each year.

Jeffrey Goldberg asked me which I would rather see for children: backscatter X-ray or enhanced pat down. After remarking what an icky choice it was, I opted for the X-ray; it’s less traumatic.

Here are a bunch of leaked body scans. They’re not from airports, but they should make you think twice before accepting the TSA’s assurances that the images will never be saved. RateMyBackscatter.com.

November 24 is National Opt Out Day. Doing this just before the Thanksgiving holiday is sure to clog up airports. Jeffrey Goldberg suggests that men wear kilts, commando style if possible.

At least one airport is opting out of the TSA entirely. I hadn’t known you could do that.

The New York Times on the protests.

Common sense from the Netherlands:

The security boss of Amsterdam’s Schiphol Airport is calling for an end to endless investment in new technology to improve airline security.

Marijn Ornstein said: “If you look at all the recent terrorist incidents, the bombs were detected because of human intelligence not because of screening … If even a fraction of what is spent on screening was invested in the intelligence services we would take a real step toward making air travel safer and more pleasant.”

And here’s Rafi Sela, former chief security officer of the Israel Airport Authority:

A leading Israeli airport security expert says the Canadian government has wasted millions of dollars to install “useless” imaging machines at airports across the country.

“I don’t know why everybody is running to buy these expensive and useless machines. I can overcome the body scanners with enough explosives to bring down a Boeing 747,” Rafi Sela told parliamentarians probing the state of aviation safety in Canada.

“That’s why we haven’t put them in our airport,” Sela said, referring to Tel Aviv’s Ben Gurion International Airport, which has some of the toughest security in the world.

They can be fooled by creased clothing. And remember this German video?

I’m quoted in the Los Angeles Times:

Some experts argue the new procedures could make passengers uncomfortable without providing a substantial increase in security. “Security measures that just force the bad guys to change tactics and targets are a waste of money,” said Bruce Schneier, a security expert who works for British Telecom. “It would be better to put that money into investigations and intelligence.”

I’m quoted in The Wall Street Journal twice—once as saying:

“All these machines require you to guess the plot correctly. If you don’t, then they are completely worthless,” said Bruce Schneier, a security expert.

Mr. Schneier and some other experts argue that assembling better intelligence on fliers is the key to making travel safer.

and once as saying:

Security guru Bruce Schneier, a plaintiff in the scanner suit, calls this “magical thinking . . . Descend on what the terrorists happened to do last time, and we’ll all be safe. As if they won’t think of something else.”

In 2005, I wrote:

I’m not impressed with this security trade-off. Yes, backscatter X-ray machines might be able to detect things that conventional screening might miss. But I already think we’re spending too much effort screening airplane passengers at the expense of screening luggage and airport employees…to say nothing of the money we should be spending on non-airport security.

On the other side, these machines are expensive and the technology is incredibly intrusive. I don’t think that people should be subjected to strip searches before they board airplanes. And I believe that most people would be appalled by the prospect of security screeners seeing them naked.

I believe that there will be a groundswell of popular opposition to this idea. Aside from the usual list of pro-privacy and pro-liberty groups, I expect fundamentalist Christian groups to be appalled by this technology. I think we can get a bevy of supermodels to speak out against the invasiveness of the search.

On the other hand, CBS News is reporting that 81% of Americans support full-body scans. Maybe they should only ask flying Americans.

I still stand by this, also from 2005:

Exactly two things have made airline travel safer since 9/11: reinforcement of cockpit doors, and passengers who now know that they may have to fight back. Everything else—Secure Flight and Trusted Traveler included—is security theater. We would all be a lot safer if, instead, we implemented enhanced baggage security—both ensuring that a passenger’s bags don’t fly unless he does, and explosives screening for all baggage—as well as background checks and increased screening for airport employees.

Then we could take all the money we save and apply it to intelligence, investigation and emergency response. These are security measures that pay dividends regardless of what the terrorists are planning next, whether it’s the movie plot threat of the moment, or something entirely different.

And this, written in 2010 after the Underwear Bomber failed:

Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

See these two essays of mine as well, from the same time.

More resources on the EPIC pages.

What else is going on?

EDITED TO ADD: (11/19): Lots more political cartoons.

Good summary of your legal rights and options from the ACLU. They also have a form you can fill out and send to your Congresscritter.

This has to win for DHS Quote of the Year, from Secretary Janet Napolitano on the issue:

I really want to say, look, let’s be realistic and use our common sense.

The TSA doesn’t train its screeners very well. A response to a letter-writer from Sen. Coburn. From Slate: "Does the TSA Ever Catch Terrorists?" A pilot’s story. The screeners’ point of view. Good essay from the National Post.

Fun with the Playmobil airline security screening playset.

Meg McLain, whose horrific story I linked to above, lied. Here’s an interview with her.

EDITED TO ADD (11/20): I was interviewed by Popular Mechanics.

Woman forced to remove prosthetic breast. TSO officer caught saying “heads up, got a cutie for you” into his headset to the other officers. Complication news video of TSA behavior.

Here’s an alert you can hand out to passengers at security checkpoints where there are backscatter machines.

EDITED TO ADD (11/21): Me in an Associated Press piece on the anti-TSA backlash:

“After 9/11 people were scared and when people are scared they’ll do anything for someone who will make them less scared,” said Bruce Schneier, a Minneapolis security technology expert who has long been critical of the TSA. “But … this is particularly invasive. It’s strip-searching. It’s body groping. As abhorrent goes, this pegs it.”

President Obama comments:

“I understand people’s frustrations, and what I’ve said to the TSA is that you have to constantly refine and measure whether what we’re doing is the only way to assure the American people’s safety. And you also have to think through are there other ways of doing it that are less intrusive,” Obama said.

“But at this point, TSA in consultation with counterterrorism experts have indicated to me that the procedures that they have been putting in place are the only ones right now that they consider to be effective against the kind of threat that we saw in the Christmas Day bombing.”

TSA sendup on Saturday Night Live yesterday.

EDITED TO ADD (11/22): The thing about Muslim women being exempt seems to be based on a misreading of this press release. What they seem to be saying is that if you’re selected because you could have something under your hijab, then they only need to just pat down the area the hijab covers. It’s not a special exemption.

TSA Administrator John Pistole comments:

We are constantly evaluating and adapting our security measures, and as we have said from the beginning, we are seeking to strike the right balance between privacy and security. In all such security programs, especially those that are applied nation-wide, there is a continual process of refinement and adjustment to ensure that best practices are applied and that feedback and comment from the traveling public is taken into account.

EDITED TO ADD (11/23): Fantastic infographic. Excellent poster image. This, too. And another political cartoon.

Yesterday I participated in a New York Times “Room for Debate” discussion on airline security. My contribution is nothing I haven’t said before, so I won’t reprint it here. The other participants are worth reading too.

More from Nate Silver, on public opinion and the likely TSA reaction:

It is perhaps foolish to predict how the T.S.A. will respond this time—when they have relaxed rules in the past, they have done so quietly, rather than in response to some acute public backlash. But caution aside, I would be surprised if the new procedures survived much past the New Year without significant modification.

CNN’s advice to the public.

Things are definitely strained out there:

Through a statement released by his attorney Sunday night, Wolanyk said “TSA needs to see that I’m not carrying any weapons, explosives, or other prohibited substances, I refuse to have images of my naked body viewed by perfect strangers, and having been felt up for the first time by TSA the week prior (I travel frequently) I was not willing to be molested again.”

Wolanyk’s attorney said that TSA requested his client put his clothes on so he could be patted down properly but his client refused to put his clothes back on. He never refused a pat down, according to his attorney. Wolanyk was arrested for refusing to complete the security process.

From the same article:

A woman, identified by Harbor police as Danielle Kelli Hayman,39, of San Diego was detained for recording the incident on a phone.

That’s much more worrying.

Interview with Brian Michael Jenkins, a senior advisor at the RAND Corp. and a former member of the White House Commission on Aviation Safety and Security.

Here’s someone who managed to avoid both the full-body scanners and the enhanced pat down. It took him two and a half hours. And here someone who got patted down, and managed to sneak two razor blades through security anyway.

How the TSA will deal with people with disabilities. How the pat downs affect survivors of sexual assault. (Read also the comments here.) Juan Cole on how airport security has shifted from looking for people with guns and traditional bombs to looking for people with PETN. And TSA-proof underwear.

EDITED TO ADD (11/24): Information on the health risks of the backscatter machines. And here’s a woman who stripped down to her underwear before going through airport security. This comes from a perspective I generally don’t buy, but it’s hard to dismiss his writing. I don’t think it’s a conspiracy, but I do think it’s a trend. “This Modern World” has a comic on the topic. Slate on the lack of guidelines. Why the TSA should be privatized.

EDITED TO ADD (11/25): I was on Keith Olbermann last night.

Tags: , , , , , , ,

Posted on November 19, 2010 at 5:37 AMView Comments

The Washington Post on the U.S. Intelligence Industry

The Washington Post has published a phenomenal piece of investigative journalism: a long, detailed, and very interesting expose on the U.S. intelligence industry (overall website; parts 1, 2, and 3; blog; Washington reactions; top 10 revelations; many many many blog comments and reactions; and so on).

It’s a truly excellent piece of investigative journalism. Pity people don’t care much about investigative journalism—or facts in politics, really—anymore.

EDITED TO ADD (7/25): More commentary.

EDITED TO ADD (7/26): Jay Rosen writes:

Last week, it was the Washington Post’s big series, Top Secret America, two years in the making. It reported on the massive security shadowland that has arisen since 09/11. The Post basically showed that there is no accountability, no knowledge at the center of what the system as a whole is doing, and too much “product” to make intelligent use of. We’re wasting billions upon billions of dollars on an intelligence system that does not work. It’s an explosive finding but the explosive reactions haven’t followed, not because the series didn’t do its job, but rather: the job of fixing what is broken would break the system responsible for such fixes.

The mental model on which most investigative journalism is based states that explosive revelations lead to public outcry; elites get the message and reform the system. But what if elites believe that reform is impossible because the problems are too big, the sacrifices too great, the public too distractible? What if cognitive dissonance has been insufficiently accounted for in our theories of how great journalism works…and often fails to work?

EDITED TO ADD (7/27): More.

Tags: , , , ,

Posted on July 23, 2010 at 12:46 PMView Comments

Data at Rest vs. Data in Motion

For a while now, I’ve pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.

Cryptography was invented to protect communications: data in motion. This is how cryptography was used throughout most of history, and this is how the militaries of the world developed the science. Alice was the sender, Bob the receiver, and Eve the eavesdropper. Even when cryptography was used to protect stored data—data at rest—it was viewed as a form of communication. In “Applied Cryptography,” I described encrypting stored data in this way: “a stored message is a way for someone to communicate with himself through time.” Data storage was just a subset of data communication.

In modern networks, the difference is much more profound. Communications are immediate and instantaneous. Encryption keys can be ephemeral, and systems like the STU-III telephone can be designed such that encryption keys are created at the beginning of a call and destroyed as soon as the call is completed. Data storage, on the other hand, occurs over time. Any encryption keys must exist as long as the encrypted data exists. And storing those keys becomes as important as storing the unencrypted data was. In a way, encryption doesn’t reduce the number of secrets that must be stored securely; it just makes them much smaller.

Historically, the reason key management worked for stored data was that the key could be stored in a secure location: the human brain. People would remember keys and, barring physical and emotional attacks on the people themselves, would not divulge them. In a sense, the keys were stored in a “computer” that was not attached to any network. And there they were safe.

This whole model falls apart on the Internet. Much of the data stored on the Internet is only peripherally intended for use by people; it’s primarily intended for use by other computers. And therein lies the problem. Keys can no longer be stored in people’s brains. They need to be stored on the same computer, or at least the network, that the data resides on. And that is much riskier.

Let’s take a concrete example: credit card databases associated with websites. Those databases are not encrypted because it doesn’t make any sense. The whole point of storing credit card numbers on a website is so it’s accessible—so each time I buy something, I don’t have to type it in again. The website needs to dynamically query the database and retrieve the numbers, millions of times a day. If the database were encrypted, the website would need the key. But if the key were on the same network as the data, what would be the point of encrypting it? Access to the website equals access to the database in either case. Security is achieved by good access control on the website and database, not by encrypting the data.

The same reasoning holds true elsewhere on the Internet as well. Much of the Internet’s infrastructure happens automatically, without human intervention. This means that any encryption keys need to reside in software on the network, making them vulnerable to attack. In many cases, the databases are queried so often that they are simply left in plaintext, because doing otherwise would cause significant performance degradation. Real security in these contexts comes from traditional computer security techniques, not from cryptography.

Cryptography has inherent mathematical properties that greatly favor the defender. Adding a single bit to the length of a key adds only a slight amount of work for the defender, but doubles the amount of work the attacker has to do. Doubling the key length doubles the amount of work the defender has to do (if that—I’m being approximate here), but increases the attacker’s workload exponentially. For many years, we have exploited that mathematical imbalance.

Computer security is much more balanced. There’ll be a new attack, and a new defense, and a new attack, and a new defense. It’s an arms race between attacker and defender. And it’s a very fast arms race. New vulnerabilities are discovered all the time. The balance can tip from defender to attacker overnight, and back again the night after. Computer security defenses are inherently very fragile.

Unfortunately, this is the model we’re stuck with. No matter how good the cryptography is, there is some other way to break into the system. Recall how the FBI read the PGP-encrypted email of a suspected Mafia boss several years ago. They didn’t try to break PGP; they simply installed a keyboard sniffer on the target’s computer. Notice that SSL- and TLS-encrypted web communications are increasingly irrelevant in protecting credit card numbers; criminals prefer to steal them by the hundreds of thousands from back-end databases.

On the Internet, communications security is much less important than the security of the endpoints. And increasingly, we can’t rely on cryptography to solve our security problems.

This essay originally appeared on DarkReading. I wrote it in 2006, but lost it on my computer for four years. I hate it when that happens.

EDITED TO ADD (7/14): As several readers pointed out, I overstated my case when I said that encrypting credit card databases, or any database in constant use, is useless. In fact, there is value in encrypting those databases, especially if the encryption appliance is separate from the database server. In this case, the attacker has to steal both the encryption key and the database. That’s a harder hacking problem, and this is why credit-card database encryption is mandated within the PCI security standard. Given how good encryption performance is these days, it’s a smart idea. But while encryption makes it harder to steal the data, it is only harder in a computer-security sense and not in a cryptography sense.

Tags: , , , , , , , , , , ,

Posted on June 30, 2010 at 12:53 PMView Comments

Terrorists Prohibited from Using iTunes

The iTunes Store Terms and Conditions prohibits it:

Notice, as I read this clause not only are terrorists—or at least those on terrorist watch lists—prohibited from using iTunes to manufacture WMD, they are also prohibited from even downloading and using iTunes. So all the Al-Qaeda operatives holed up in the Northwest Frontier Provinces of Pakistan, dodging drone attacks while listening to Britney Spears songs downloaded with iTunes are in violation of the terms and conditions, even if they paid for the music!

And you thought being harassed at airports was bad enough.

Tags: , , , ,

Posted on February 10, 2010 at 12:39 PMView Comments

Privacy and the Fourth Amendment

In the United States, the concept of “expectation of privacy” matters because it’s the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy.

Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government’s action can’t contravene an individual’s subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn’t based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government’s interest in public safety on the other.

The problem is, in today’s information society, that definition test will rapidly leave us with no privacy at all.

In Katz, the Court ruled that the police could not eavesdrop on a phone call without a warrant: Katz expected his phone conversations to be private and this expectation resulted from a reasonable balance between personal privacy and societal security. Given NSA’s large-scale warrantless eavesdropping, and the previous administration’s continual insistence that it was necessary to keep America safe from terrorism, is it still reasonable to expect that our phone conversations are private?

Between the NSA’s massive internet eavesdropping program and Gmail’s content-dependent advertising, does anyone actually expect their e-mail to be private? Between calls for ISPs to retain user data and companies serving content-dependent web ads, does anyone expect their web browsing to be private? Between the various computer-infecting malware, and world governments increasingly demanding to see laptop data at borders, hard drives are barely private. I certainly don’t believe that my SMSes, any of my telephone data, or anything I say on LiveJournal or Facebook—regardless of the privacy settings—is private.

Aerial surveillance, data mining, automatic face recognition, terahertz radar that can “see” through walls, wholesale surveillance, brain scans, RFID, “life recorders” that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses.

Clearly, something has to change if we are to be left with any privacy at all. Three legal scholars have written law review articles that wrestle with the problems of applying the Fourth Amendment to cyberspace and to our computer-mediated world in general.

George Washington University’s Daniel Solove, who blogs at Concurring Opinions, has tried to capture the byzantine complexities of modern privacy. He points out, for example, that the following privacy violations—all real—are very different: A company markets a list of 5 million elderly incontinent women; reporters deceitfully gain entry to a person’s home and secretly photograph and record the person; the government uses a thermal sensor device to detect heat patterns in a person’s home; and a newspaper reports the name of a rape victim. Going beyond simple definitions such as the divulging of a secret, Solove has developed a taxonomy of privacy, and the harms that result from their violation.

His 16 categories are: surveillance, interrogation, aggregation, identification, insecurity, secondary use, exclusion, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion and decisional interference. Solove’s goal is to provide a coherent and comprehensive understanding of what is traditionally an elusive and hard-to-explain concept: privacy violations. (This taxonomy is also discussed in Solove’s book, Understanding Privacy.)

Orin Kerr, also a law professor at George Washington University, and a blogger at Volokh Conspiracy, has attempted to lay out general principles for applying the Fourth Amendment to the internet. First, he points out that the traditional inside/outside distinction—the police can watch you in a public place without a warrant, but not in your home—doesn’t work very well with regard to cyberspace. Instead, he proposes a distinction between content and non-content information: the body of an e-mail versus the header information, for example. The police should be required to get a warrant for the former, but not for the latter. Second, he proposes that search warrants should be written for particular individuals and not for particular internet accounts.

Meanwhile, Jed Rubenfeld of Yale Law School has tried to reinterpret the Fourth Amendment not in terms of privacy, but in terms of security. Pointing out that the whole “expectations” test is circular—what the government does affects what the government can do—he redefines everything in terms of security: the security that our private affairs are private.

This security is violated when, for example, the government makes widespread use of informants, or engages in widespread eavesdropping—even if no one’s privacy is actually violated. This neatly bypasses the whole individual privacy versus societal security question—a balancing that the individual usually loses—by framing both sides in terms of personal security.

I have issues with all of these articles. Solove’s taxonomy is excellent, but the sense of outrage that accompanies a privacy violation—”How could they know/do/say that!?”—is an important part of the harm resulting from a privacy violation. The non-content information that Kerr believes should be collectible without a warrant can be very private and personal: URLs can be very personal, and it’s possible to figure out browsed content just from the size of encrypted SSL traffic. Also, the ease with which the government can collect all of it—the calling and called party of every phone call in the country—makes the balance very different. I believe these need to be protected with a warrant requirement. Rubenfeld’s reframing is interesting, but the devil is in the details. Reframing privacy in terms of security still results in a balancing of competing rights. I’d rather take the approach of stating the—obvious to me—individual and societal value of privacy, and giving privacy its rightful place as a fundamental human right. (There’s additional commentary on Rubenfeld’s thesis at ArsTechnica.)

The trick here is to realize that a normative definition of the expectation of privacy doesn’t need to depend on threats or technology, but rather on what we—as society—decide it should be. Sure, today’s technology make it easier than ever to violate privacy. But it doesn’t necessarily follow that we have to violate privacy. Today’s guns make it easier than ever to shoot virtually anyone for any reason. That doesn’t mean our laws have to change.

No one knows how this will shake out legally. These three articles are from law professors; they’re not judicial opinions. But clearly something has to change, and ideas like these may someday form the basis of new Supreme Court decisions that brings legal notions of privacy into the 21st century.

This essay originally appeared on Wired.com.

Tags: , , , , ,

Posted on March 31, 2009 at 6:30 AMView Comments

← Earlier EntriesLater Entries →

Sidebar photo of Bruce Schneier by Joe MacInnis.