Entries Tagged "transparency"

Page 4 of 5

Surveillance as Performance Art

Hasan Elahi has been making his every movement public, after being detained by the FBI (and then cleared) when entering the country:

For the next few months, every trip Elahi took, he’d call his FBI agent and give the routing, so he didn’t get detained along the way. He realized, after a point—why just tell the FBI—why not tell everyone?

So he hacked his cellphone into a tracking bracelet which he wears on his ankle, reporting his movements on a map—log onto his site and you can see that he’s in Camden. But he’s gone further, trying to document his life in a series of photos: the airports he passes through, the meals he eats, the bathrooms he uses. The result is a photographic record of his daily life which would be very hard to falsify. We all know photos can be digitally altered… but altering as many photos as Elahi puts online would require a whole team trying to build this alternative path through the world.

Elahi also puts other apsects of his life online, including his banking records. This gives a record of his purchases, which complements the photographs. He doesn’t put the phone records online, because it would compromise the privacy of the people he talks with, and some friends have asked him to stop visiting, but he views the self-surveillance both as an art form and as his perpetual alibi for the next time the FBI questions him.

At the same time, he’s stretching the limits of surveillance systems, taking advantage of non-places. He flew to Singapore for four days and never left the airport, never clearing customs. For four days, he was noplace—he’d fallen off the map, which is precisely what the FBI and others worry about. But he documented every noodle and every toilet along the way.

This is extreme, but the level of surveillance is likely to be the norm. It won’t be on a public website available to everyone, but it will be available to governments and corporations.

Posted on October 27, 2006 at 12:49 PMView Comments

Identity-Theft Disclosure Laws

California was the first state to pass a law requiring companies that keep personal data to disclose when that data is lost or stolen. Since then, many states have followed suit. Now Congress is debating federal legislation that would do the same thing nationwide.

Except that it won’t do the same thing: The federal bill has become so watered down that it won’t be very effective. I would still be in favor of it—a poor federal law is better than none—if it didn’t also pre-empt more-effective state laws, which makes it a net loss.

Identity theft is the fastest-growing area of crime. It’s badly named—your identity is the one thing that cannot be stolen—and is better thought of as fraud by impersonation. A criminal collects enough personal information about you to be able to impersonate you to banks, credit card companies, brokerage houses, etc. Posing as you, he steals your money, or takes a destructive joyride on your good credit.

Many companies keep large databases of personal data that is useful to these fraudsters. But because the companies don’t shoulder the cost of the fraud, they’re not economically motivated to secure those databases very well. In fact, if your personal data is stolen from their databases, they would much rather not even tell you: Why deal with the bad publicity?

Disclosure laws force companies to make these security breaches public. This is a good idea for three reasons. One, it is good security practice to notify potential identity theft victims that their personal information has been lost or stolen. Two, statistics on actual data thefts are valuable for research purposes. And three, the potential cost of the notification and the associated bad publicity naturally leads companies to spend more money on protecting personal information—or to refrain from collecting it in the first place.

Think of it as public shaming. Companies will spend money to avoid the PR costs of this shaming, and security will improve. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of these data breaches.

This public shaming needs the cooperation of the press and, unfortunately, there’s an attenuation effect going on. The first major breach after California passed its disclosure law—SB1386—was in February 2005, when ChoicePoint sold personal data on 145,000 people to criminals. The event was all over the news, and ChoicePoint was shamed into improving its security.

Then LexisNexis exposed personal data on 300,000 individuals. And Citigroup lost data on 3.9 million individuals. SB1386 worked; the only reason we knew about these security breaches was because of the law. But the breaches came in increasing numbers, and in larger quantities. After a while, it was no longer news. And when the press stopped reporting, the “cost” of these breaches to the companies declined.

Today, the only real cost that remains is the cost of notifying customers and issuing replacement cards. It costs banks about $10 to issue a new card, and that’s money they would much rather not have to spend. This is the agenda they brought to the federal bill, cleverly titled the Data Accountability and Trust Act, or DATA.

Lobbyists attacked the legislation in two ways. First, they went after the definition of personal information. Only the exposure of very specific information requires disclosure. For example, the theft of a database that contained people’s first initial, middle name, last name, Social Security number, bank account number, address, phone number, date of birth, mother’s maiden name and password would not have to be disclosed, because “personal information” is defined as “an individual’s first and last name in combination with …” certain other personal data.

Second, lobbyists went after the definition of “breach of security.” The latest version of the bill reads: “The term ‘breach of security’ means the unauthorized acquisition of data in electronic form containing personal information that establishes a reasonable basis to conclude that there is a significant risk of identity theft to the individuals to whom the personal information relates.”

Get that? If a company loses a backup tape containing millions of individuals’ personal information, it doesn’t have to disclose if it believes there is no “significant risk of identity theft.” If it leaves a database exposed, and has absolutely no audit logs of who accessed that database, it could claim it has no “reasonable basis” to conclude there is a significant risk. Actually, the company could point to a study that showed the probability of fraud to someone who has been the victim of this kind of data loss to be less than 1 in 1,000—which is not a “significant risk”—and then not disclose the data breach at all.

Even worse, this federal law pre-empts the 23 existing state laws—and others being considered—many of which contain stronger individual protections. So while DATA might look like a law protecting consumers nationwide, it is actually a law protecting companies with large databases from state laws protecting consumers.

So in its current form, this legislation would make things worse, not better.

Of course, things are in flux. They’re always in flux. The language of the bill has changed regularly over the past year, as various committees got their hands on it. There’s also another bill, HR3997, which is even worse. And even if something passes, it has to be reconciled with whatever the Senate passes, and then voted on again. So no one really knows what the final language will look like.

But the devil is in the details, and the only way to protect us from lobbyists tinkering with the details is to ensure that the federal bill does not pre-empt any state bills: that the federal law is a minimum, but that states can require more.

That said, disclosure is important, but it’s not going to solve identity theft. As I’ve written previously, the reason theft of personal information is so common is that the data is so valuable. The way to mitigate the risk of fraud due to impersonation is not to make personal information harder to steal, it’s to make it harder to use.

Disclosure laws only deal with the economic externality of data brokers protecting your personal information. What we really need are laws prohibiting credit card companies and other financial institutions from granting credit to someone using your name with only a minimum of authentication.

But until that happens, we can at least hope that Congress will refrain from passing bad bills that override good state laws—and helping criminals in the process.

This essay originally appeared on Wired.com.

EDITED TO ADD (4/20): Here’s a comparison of state disclosure laws.

Posted on April 20, 2006 at 8:11 AMView Comments

U.S. Port Security and Proxies

My twelfth essay for Wired.com is about U.S. port security, and more generally about trust and proxies:

Pull aside the rhetoric, and this is everyone’s point. There are those who don’t trust the Bush administration and believe its motivations are political. There are those who don’t trust the UAE because of its terrorist ties—two of the 9/11 terrorists and some of the funding for the attack came out of that country—and those who don’t trust it because of racial prejudices. There are those who don’t trust security at our nation’s ports generally and see this as just another example of the problem.

The solution is openness. The Bush administration needs to better explain how port security works, and the decision process by which the sale of P&O was approved. If this deal doesn’t compromise security, voters—at least the particular lawmakers we trust—need to understand that.

Regardless of the outcome of the Dubai deal, we need more transparency in how our government approaches counter-terrorism in general. Secrecy simply isn’t serving our nation well in this case. It’s not making us safer, and it’s properly reducing faith in our government.

Proxies are a natural outgrowth of society, an inevitable byproduct of specialization. But our proxies are not us and they have different motivations—they simply won’t make the same security decisions as we would. Whether a king is hiring mercenaries, an organization is hiring a network security company or a person is asking some guy to watch his bags while he gets a drink of water, successful security proxies are based on trust. And when it comes to government, trust comes through transparency and openness.

Posted on February 23, 2006 at 7:07 AMView Comments

The Doghouse: Privacy.li

This company has a heartwarming description on its website:

PRIVACY.LI – Privacy from the Principality of Liechtenstein, in the heart of the Alps, nestled between Switzerland and Austria. In times of turmoil and insecurity, witch hunt and suspicions, expropriations and diminishing credibility of our world leaders it’s always good to have a place you can turn to. This is the humble effort to provide a place to the privacy and freedom concerned world citizens to meet, discuss, help each other and foster ones desire for liberty and freedom.

But they have no intention of letting their customers know anything about themselves.

Company Profile

Actually, this is not to be published here:-) A privacy service like ours is best if not too many details are known, we hope you fully understand and support this. The makers of this page are veterans at the chosen subject, and will under no circumstances jeopardize your privacy.

Oh yeah, and their “DriveCrypt” product includes “real Time, 1344 bit – Military Strength encryption.”

Somehow, my heart is no longer warm.

Posted on July 8, 2005 at 8:36 AMView Comments

Should Terrorism be Reported in the News?

In the New York Times (read it here without registering), columnist John Tierney argues that the media is performing a public disservice by writing about all the suicide bombings in Iraq. This only serves to scare people, he claims, and serves the terrorists’ ends.

Some liberal bloggers have jumped on this op-ed as furthering the administration’s attempts to hide the horrors of the Iraqi war from the American people, but I think the argument is more subtle than that. Before you can figure out why Tierney is wrong, you need to understand that he has a point.

Terrorism is a crime against the mind. The real target of a terrorist is morale, and press coverage helps him achieve his goal. I wrote in Beyond Fear (pages 242-3):

Morale is the most significant terrorist target. By refusing to be scared, by refusing to overreact, and by refusing to publicize terrorist attacks endlessly in the media, we limit the effectiveness of terrorist attacks. Through the long spate of IRA bombings in England and Northern Ireland in the 1970s and 1980s, the press understood that the terrorists wanted the British government to overreact, and praised their restraint. The U.S. press demonstrated no such understanding in the months after 9/11 and made it easier for the U.S. government to overreact.

Consider this thought experiment. If the press did not report the 9/11 attacks, if most people in the U.S. didn’t know about them, then the attacks wouldn’t have been such a defining moment in our national politics. If we lived 100 years ago, and people only read newspaper articles and saw still photographs of the attacks, then people wouldn’t have had such an emotional reaction. If we lived 200 years ago and all we had to go on was the written word and oral accounts, the emotional reaction would be even less. Modern news coverage amplifies the terrorists’ actions by endlessly replaying them, with real video and sound, burning them into the psyche of every viewer.

Just as the media’s attention to 9/11 scared people into accepting government overreactions like the PATRIOT Act, the media’s attention to the suicide bombings in Iraq are convincing people that Iraq is more dangerous than it is.

Tiernan writes:

I’m not advocating official censorship, but there’s no reason the news media can’t reconsider their own fondness for covering suicide bombings. A little restraint would give the public a more realistic view of the world’s dangers.

Just as New Yorkers came to be guided by crime statistics instead of the mayhem on the evening news, people might begin to believe the statistics showing that their odds of being killed by a terrorist are minuscule in Iraq or anywhere else.

I pretty much said the same thing, albeit more generally, in Beyond Fear (page 29):

Modern mass media, specifically movies and TV news, has degraded our sense of natural risk. We learn about risks, or we think we are learning, not by directly experiencing the world around us and by seeing what happens to others, but increasingly by getting our view of things through the distorted lens of the media. Our experience is distilled for us, and it’s a skewed sample that plays havoc with our perceptions. Kids try stunts they’ve seen performed by professional stuntmen on TV, never recognizing the precautions the pros take. The five o’clock news doesn’t truly reflect the world we live in—only a very few small and special parts of it.

Slices of life with immediate visual impact get magnified; those with no visual component, or that can’t be immediately and viscerally comprehended, get downplayed. Rarities and anomalies, like terrorism, are endlessly discussed and debated, while common risks like heart disease, lung cancer, diabetes, and suicide are minimized.

The global reach of today’s news further exacerbates this problem. If a child is kidnapped in Salt Lake City during the summer, mothers all over the country suddenly worry about the risk to their children. If there are a few shark attacks in Florida—and a graphic movie—suddenly every swimmer is worried. (More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk.)

One of the things I routinely tell people is that if it’s in the news, don’t worry about it. By definition, “news” means that it hardly ever happens. If a risk is in the news, then it’s probably not worth worrying about. When something is no longer reported—automobile deaths, domestic violence—when it’s so common that it’s not news, then you should start worrying.

Tierney is arguing his position as someone who thinks that the Bush administration is doing a good job fighting terrorism, and that the media’s reporting of suicide bombings in Iraq are sapping Americans’ will to fight. I am looking at the same issue from the other side, as someone who thinks the media’s reporting of terrorist attacks and threats has increased public support for the Bush administration’s draconian counterterrorism laws and dangerous and damaging foreign and domestic policies. If the media didn’t report all of the administrations’s alerts and warnings and arrests, we would have a much more sensible counterterrorism policy in America and we would all be much safer.

So why is the argument wrong? It’s wrong because the danger of not reporting terrorist attacks is greater than the risk of continuing to report them. Freedom of the press is a security measure. The only tool we have to keep government honest is public disclosure. Once we start hiding pieces of reality from the public—either through legal censorship or self-imposed “restraint”—we end up with a government that acts based on secrets. We end up with some sort of system that decides what the public should or should not know.

Here’s one example. Last year I argued that the constant stream of terrorist alerts were a mechanism to keep Americans scared. This week, the media reported that the Bush administration repeatedly raised the terror threat level on flimsy evidence, against the recommendation of former DHS secretary Tom Ridge. If the media follows this story, we will learn—too late for the 2004 election, but not too late for the future—more about the Bush administration’s terrorist propaganda machine.

Freedom of the press—the unfettered publishing of all the bad news—isn’t without dangers. But anything else is even more dangerous. That’s why Tierney is wrong.

And honestly, if anyone thinks they can get an accurate picture of anyplace on the planet by reading news reports, they’re sadly mistaken.

Posted on May 12, 2005 at 9:49 AMView Comments

Brandeis Quote on Openness

Here is the definitive citation—and text—of this often-used Brandeis quote.

US Supreme Court Justice Louis Brandeis wrote in Harper’s Weekly, Dec 20 1913:

Publicity is justly commended as a remedy for social and industrial diseases. Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.

Edited to add:

Apparently the authoritative cite is to his book, not the magazine—in legal writing books are more authoritative than magazines.

Louis D. Brandeis, Other People’s Money and How the Bankers Use It 92 (1914): “Publicity is justly commended as a remedy for social and industrial diseases. Sunlight is said to be the best of disinfectants; electric light the most efficient policeman.”

Posted on April 18, 2005 at 8:40 AMView Comments

Secrecy and Security

Nice op-ed on the security problems with secrecy.

Some information that previously was open no doubt needs to be classified now. Terrorism alters perspectives. But the terrorist threat also has provided cover for bureaucrats who instinctively opt for secrecy and public officials who would prefer to keep the public in the dark to avoid accountability.

Posted on April 7, 2005 at 9:40 AMView Comments

1 2 3 4 5

Sidebar photo of Bruce Schneier by Joe MacInnis.