"Welcome to an Internet without privacy, and we've ended up here with hardly a fight." ~ Bruce Schneier
"Welcome to an Internet without privacy, and we've ended up here with hardly a fight." ~ Bruce Schneier
Let's say I'm tired of carrying around wads of cash. I consider applying for a credit card, perhaps at a bank, or at at some retail operation, like a department store. But I'm paranoid.
I'm worried that I might expose myself to identity theft by giving up my name, address, social security number, and other private information. Mistakes are made, after all. Someone within the company might misuse my information, or the company might inadvertently expose it to hackers.
I can of course go to a large department store, one that (hopefully) uses modern encryption techniques and has a modicum of data security enshrined as corporate policy and procedure. I can eschew the department store credit card entirely, and use a card from a bank. A large bank, in the hope they'll have their act sufficiently together to protect me from the Russian Internet Identity Thieves?
If I'm sufficiently paranoid, I can refuse to get a credit card at all, living "off the grid" and keeping my wad of cash. If all else fails, and my spotless credit rating is exposed, I can find a new bank, shop at new stores, and I can sue the bastards responsible.
But what if the government exposes my identity to theft and fraud? Can I refuse to deal with the government?
Or can I at least shift my business to a new government?
The Social Security numbers of dozens of New Hanover County [North Carolina] property owners were mistakenly published on the county website for anyone to see.
The lists containing the numbers were removed from the site Tuesday so county officials could scrub them from the data, said Chairman Jason Thompson, who learned that the numbers were published from a resident. The Social Security numbers were published in two lists containing property owners delinquent on their taxes.
County Manager Bruce Shell said the list contained 9,845 accounts, of which 163 Social Security numbers were included. The Social Security numbers should not have appeared in the data and weren’t caught before they were published. It's unclear how many people were affected because some numbers are linked to more than one account.
It was an isolated incident, Shell said.
Of course it was an isolated incident.
That's precisely what my bank would say if it published my social security number on the web. "It was an isolated incident, and we've adopted new safeguards to see that this sort of thing doesn't happen in the future. Although the information was exposed for only a limited time, we're offering free credit monitoring service to customers who are concerned about this isolated incident."
And I'd sure as hell sue them once the Chinese Identity Pirates of Wuhan started buying new cars using my name and credit.
Of course, since this is the government, irritated property owners are out of luck. So, for that matter, are injured property owners, those whose identities are stolen and who'll start getting "past due" notices from credit card companies they never dealt with, scammed merchants who will have to swallow some of the charges, and the scammed credit card issuers themselves who will have to swallow the rest.
All they're getting is a subscription to freecreditreport.com:
Shell said the county plans to provide these property owners with credit monitoring for a year to prevent fraud issues from developing.
“We’re on top of it,” Shell said. “We’re trying to do the right thing by them.”
"Doing the right thing by them" would mean indemnifying them for the costs of this fuckup. But if New Hanover County is sued, you can bet its attorneys will raise the doctrine of sovereign immunity ("The King Can Do No Wrong"), an absolute defense to liability in North Carolina. The individuals responsible would raise the qualified immunity doctrine as a defense. And the County would win.
Why shouldn't it? If damages were awarded, it would be the innocent taxpayers of New Hanover County who would have to pay, not the negligent Barney Fifes of the tax department.
That seems extreme. After all, we don't hang taxi cab drivers who paralyze the innocent through negligent driving. Why should we hang the nasty lady behind the counter at the DMV?
Why not just waive immunity for the negligent who work for the government, making them as responsible for their torts as you or I would be if we started publishing clients' social security numbers for all to see?
If they don't want to be responsible for their actions, perhaps they shouldn't be given sovereign power over others in the first place.
Here's a second thought: If past performance is any guide, it will be thirty minutes before one of the lickspittle government apologists (I had to stop calling them "willing serfs" because that upset them) who infest our readership shows up to point out that these victims were tax delinquents. "I have no sympathy!"
On the contrary. These people weren't tax delinquents at all. They were doing what any sensible consumer would do to a corporation that misuses customers' private information. They were boycotting the New Hanover County tax office, just as they'd boycott Wal -Mart if it published social security numbers on the web. Of course, one difference between Wal-Mart and the government is that the government destroys all competition, not with low low prices but with guns. The customer has nowhere else to go in a monopoly environment. Another difference is that Wal-Mart can't throw those who refuse to buy what it's selling in jail.
But given the level of service they've gotten from New Hanover County, can anyone blame these people for refusing to pay their taxes?
As long as Patrick is cheerfully bashing Facebook — that unrepentant bull in the china shop of our dwindling online privacy — I feel duty-bound to join in.
So, via Hit&Run, that government agents have been "friending" citizenship applicants, and other people of interest to the government, to monitor their status. And does the government understand the social networks it is using? Well, that depends on whom you ask:
First the memo engages in armchair psychology by assuming a large friend network indicates “narcissistic tendencies.” Second, and perhaps more disturbing, the memo assumes a user’s online profile always accurately reflects her offline life. While Facebook and MySpace would like their users’ profiles to always be current and accurate, users may have valid reasons for keeping some of their offline life out of their online profiles (for example, many users still feel their relationship status is private). Unfortunately, this memo suggests there’s nothing to prevent an exaggerated, harmless or even out-of-date off-hand comment in a status update from quickly becoming the subject of a full citizenship investigation.
I'll pass on the narcissism issue.
But it would certainly not be out of character for government agents to completely misunderstand hyperbole, sarcasm, and venting and take it as literal truth — they do it with real-world verbal comments all the time, so what are the chances they'll take a contextual view of the sort of nonsense we spout online?
If anything, the government is slow in picking up on this possibility. Lawyers already knew that Facebook is Walt Disney World for attacking credibility.
Chapman's extensive online presence, including more than 90 photographs posted to Facebook and an apparently glamorous lifestyle as a property millionaire, has made her the focus of much of the media coverage of the case. …
Chapman's CV also claimed that she worked for a hedge fund in London called Navigator. No record has yet emerged that such a fund existed, according to the specialist hedge-fund website, FINalternatives.
She is also said to have been married to a British citizen, but this has not been confirmed.
She probably wasn't. In fact, it appears that most of Chapman's life is an invention, one thoroughly documented online.
In its way, this is a brilliant idea on the part of Chapman and her masters in the FSB. Where Soviet agents in the cold war had to spend dull, dreary decades establishing an identity, it seems Chapman was able to invent herself out of whole cloth in a relatively short time.
But there's the rub. Past deep cover agents such as Whittaker Chambers, Kim Philby, and Richard Sorge (the greatest spy in history) spent years establishing roots. They were very difficult to uproot, and in some cases, such as Alger Hiss, to this day have gullible defenders despite overwhelming evidence of guilt.
Chapman appears to have unraveled in a very short time, in part because her online identity didn't check out. And she can never testify in her own defense, because the very internet she used will destroy her on impeachment.
I wonder how many of Chapman's Facebook friends, 167 strong as of this writing, have removed the association. And whether they know that their names are now forever in an FBI file as possible associates of a Russian agent, despite the removal.
Never write anything online that can be written on paper.
Never write anything on paper that can be spoken in private.
Never speak to two people if one will do.
If you do speak to two people, hunt down one and kill him in secret, to let the other know you're serious about your privacy.
I've been using Facebook for a couple of years now. I've had a substantial amount of fun with it. I've reconnected with people I'd lost touch with, grown closer to others, and followed events in the lives of family and friends that otherwise I wouldn't know about.
Despite that — and despite the fact that I haven't found a good alternative to Facebook — I'm quitting fairly soon. Here's why.
Remember Blake J. Robbins? He's the kid who sued the Lower Merion School District in Pennsylvania, asserting that district employees were spying on him and other kids through webcams installed on "free" laptops distributed by the district.
Subsequent developments are making it look worse than originally thought, not better. Via Radley Balko, I see that Robbins' lawyer now claims, based on documents produced in discovery, that the district captured more than 400 pictures from Robbins' laptop and thousands from others. The district's previous justification — that it only used the webcams to track stolen or missing laptops — turns out to be exaggerated. Robbins' own laptop webcam was repeatedly activated because his parents had not paid the $55 insurance fee, and the district repeatedly activated the webcams even when it knew exactly who had the laptops (when, for example, students did not return them in a timely fashion).
I've retrieved the recent motion Robbins filed from PACER and uploaded it here. The motion seeks sanctions against district administrator Carol Cafiero, one of two people who ran the webcam program, for refusing to produce her home computers for examination. The judge previously granted Robbins' motion to compel Cafiero to sit for deposition; in light of the pending federal grand jury investigation of the incident, she prudently took the Fifth. Quoting emails produced in discovery, the motion paints an ugly picture of Cafiero's attitude towards her ability to spy on kids through their webcams. The motion claims that an IT staffer wrote to Cafiero that using the webcams was like a window into "a little LMSD soap opera," and claims that Cafiero responded "I know, I love it."
Robbins' motion goes much further than that. It rather unfairly accuses Cafiero of being a voyeur, which I think is an irresponsible and baseless accusation — at least if "voyeur" is defined as someone who derives sexual pleasure from secretly viewing others. Robbins doesn't cite any evidence that Cafiero used the system for sexual gratification. The quote from her, however, suggests that she used it for bureaucratic gratification — the pleasure that petty officials take in nosing into the private lives of citizens. It may not be sexually perverse, but it is, in fact, sick and despicable. Robbins' motion asserts that the district had no written policy about how the spying function should be used (which, in itself, is astoundingly reckless), and circumstances suggest that the spying was the result of a petty official drunk on her own power and unrestrained by the distaste that decent, normal people would feel about spying on kids.
Patrick points out that the State of Pennsylvania has also recently produced prosecutors who charge sexting teens with child porn distribution and juvenile court judges who sent kids to juvie in exchange for kickbacks. As Patrick suggests, it's beginning to look as if Pennsylvania is to child welfare what England or Canada are to free speech.
I don't like the health care reform bill. I have a number of strong objections to it. I haven't blogged it because (1) I'm lazy and hope Patrick will do it, and (2) I'm lazy and stupid and I'm waiting for someone to do the definitive thoughtful analysis that I can link to.
There's a lot of fury out there about the bill. There should be outrage, I think. But leaving aside, for a moment, the question of whether the outrage is hypocritical and oddly selective, its predominant expression is counterproductive. Scary spittle-flecked rage from the Right may well be one of the best things the Left has going for it when we reach the mid-terms, particularly if the economy improves. The base can be energized by rage, but the wide middle is unlikely to be moved, except perhaps towards distaste.
Case in point: the latest instance of "let's harass and intimidate people by publishing their home address and suggesting that angry people should 'visit' them."
Mike Troxel writes for Virginia 6th, a self-described "tea party watchdogs weblog." Troxel was very angry about the health care vote. Troxel was particularly irritated at Rep. Tom Perriello, who represents a different district in Virginia, and who voted for the bill.
He accompanied that with what I submit is a smirking, barely veiled exhortation to harassment and violence:
Just in case any of his friends and neighbors want to drop by and say hi and express their thanks regarding his vote for healthcare. I personally believe it’s so important for representatives to remain fully grounded and to remember exactly what it is their constituents are saying and how they are telling them to vote. Nothing quite does that like a good face-to-face chat. It has a much more personal touch to it.
Leaving the moral issue aside, there was an immediate problem: Mike Troxel is a shitty researcher. He actually published the home address of Rep. Perriello's brother, who has four young children. Confronted with this error, Troxel refused to yield, uttering this deathless line:
Troxel, a 2005 graduate of Liberty University, added “I was a journalism major in college, so I have every reason to believe my research is accurate.”
Ten thousand monkeys could type for ten million years and never write anything that funny. Even if they did graduate monkey cum laude from Liberty University.
Anyway, this irritated me, for reasons I'll get into. I considered spending five minutes researching the right address for Rep. Perriello myself, to demonstrate that Troxel is sloppy as well as thuggish.
But as I said, I'm lazy.
[In doing so, I took into account Fark's consistent and admirable policy against posting the personal contact information of people criticized there. I also took into account that, as you'll see below, Troxel's address had already been published.]
It took Farkers minutes to research the issue and establish, by two different methods, that Troxel had the wrong address. As the Farker in question put it, "Done in by a farker who graduated with a C average and didn't go to college." Troxel beat an ignominious retreat and deleted the incorrect address, but is still soliciting the correct address to publish.
But Troxel sowed scummy thuggery, and now he's going to reap the whirlwind. I'm not, by far, the only one to notice this, and there are plenty of people eager to respond by finding and publishing Mike Troxel's home address and phone number. I learned of this at Doug Mataconis' consistently great blog Below the Beltway. A commenter quite quickly found Troxel's address and phone number and published it in the comments. Doug, being a decent human being more interested in issues and justice than spittle-flecked outrage and threats, immediately deleted it. Fark has also policed any such attempts. There's lots of people out there with no such scruples, though. I've already seen three of them on the internet. And several people have suggested feeding Troxel to 4chan. Mike Troxel, welcome to the consequences of your actions. Read your Heraclitus: "Character is destiny."
Publishing (or re-publishing) the home addresses and home contact information of political opponents is scummy and calculated to threaten and intimidate. Mike Troxel's smirking verbiage — "Nothing quite does that like a good face-to-face chat" — is clearly calculated to convey to Rep. Perriello that as a result of his vote, he now needs to watch out for people lurking in his shrubbery and assaulting him every time he enters or leaves his home. Fortunately Rep. Perriello doesn't have kids to be assaulted or followed to school; unfortunately, his brother (whose address was published by the inept Troxel) does. In-person and telephonic threats, obscenities, and harassment at best, and physical assaults at worst, are the predictable result of reacting to a controversial political event by publishing the participants' home addresses and telephone numbers to a like-minded angry audience. That's why when blogger Michelle Malkin republished the addresses and phone numbers of some asshole protesters, it was entirely predictable that her audience of flying monkeys would deluge them with threats and abuse, and when Michelle's detractors retaliated by publishing her personal contact information, it was entirely predictable that the flying monkeys of the left would respond with reciprocal threats and harassment of her and her family. Even if someone's address could be found somewhere by a dedicated searcher, republishing it to a angry like-minded crowd has predictable — and nasty — results.
And it's not just threats and harassment. In today's climate — particularly with pundits whipping up talk of "total war" — Troxel's actions make violence substantially more likely. This sort of thing is likely to lead to (1) a politician, or a politician's family member, or a politician's neighbor, getting hurt by an unbalanced protester who shows up at the politician's house, (2) some random person getting hurt by an unbalanced protester who shows up at the wrong address because he's stupid or crazy or because he's gotten the wrong address from some madrassa-educated dipshit, or (3) some unbalanced protester is going to wind up with a nice big hole in him because he showed up at an armed politician's home and threatened him or his family. I'm kind of rooting for #3, frankly. (And if the Tea Party movement is intellectually honest in their support of the Second Amendment, so should they.)
Can terrifying people by subjecting them to threats, harassment, and the likelihood of violence be effective? Of course it can. You can shut people up, drive them from public life, intimidate them into acting out of physical fear rather than based on their choices. You can do that not only to the target of the abuse, but to the people who observe it. Thugs like Troxel know this. That's why they do it. Decent people shouldn't. People who want a nation built on ideas and principles, not on threats and force, shouldn't.
Recognizing that does not require admiring, agreeing with, or condoning the actions of the people we are tempted to target for abuse. Asshattery is not a zero-sum game. If Perriello's vote was wrong — and I think it was — it was just as wrong if we recognize that he and his family should not be subjected to threats and violence for it. Recognizing that Troxel is an ass does not make Perriello less of an ass. Recognizing that Troxel is a noxious thug does not make the people who published his address and phone number any more admirable.
Some people are saying that Troxel should be investigated and prosecuted. Though the definition of a true threat is somewhat flexible, I think that Troxel probably didn't include enough exhortation to violence to make his post a true threat outside the scope of the First Amendment as defined by relevant precedents. But Mike Troxel, I think, will reap a whirlwind — just not a legal one.
Edited to add: I see that the Lynchburg Tea Party site has commented, saying that the organization had not "requested, sanctioned or endorsed" the action, but conspicuously failing to condemn it.
When the state — and its politicians — give you something, they generally want something in return. They want your vote. They want your obedience. They want your dependence, preferably dependence that will stretch out to multiple generations. And, occasionally, they want to know things they have no damned business knowing.
There ain't no such thing as a free lunch. That's what Blake J. Robbins learned. See, Blake is a student in the Lower Merion School District in Pennsylvania. Blake's high school has some bucks. They had the resources to issue free laptops to high school students. What a great opportunity, right? What a fantastic resource for learning! What could possibly go wrong? What could Lower Merion School District have wanted in return?
Well, according to Blake and his family, in return the district wanted to watch him on a webcam in his own home. According to Blake's lawsuit, school administrators didn't tell him that they had the ability – and the intention — of activating the webcam and checking out Blake's out-of-school activities without his knowledge or consent — or the knowledge and consent of his parents, into whose home Blake brought the laptop. This came to light when Assistant Principal Lindy Matsko accused Blake of "improper conduct" in his home based on a webcam photo taken remotely by school authorities using his laptop. Blake's family's lawsuit is available in pdf form through the BoingBoing link above.
Now, we don't have the response of the school or the district yet. But if Blake's allegations are true — that school administrators were activating webcams remotely to observe students without their knowledge or consent, or the knowledge or consent of their parents — then the district, and some of its administrators, are in a world of hurt. In addition to the civil violations set forth in Blake's complaint, such conduct is almost certainly criminal. Hopefully Blake's family will refer the matter to the U.S. Attorney's Office for their district. If school administrators sent home laptops and then spied on kids, someone — probably several people — should be going to jail. If they captured or observed kids in any state of undress, some of them need to wind up as registered sex offenders.
If this went down the way Blake claims, the stupidity of the Lower Merion School District officials is breathtaking. That they thought they could do this legally – and that they thought it was a good idea to blithely begin to discipline kids for conduct observed secretly in their homes — speaks volumes of the entrenched cretinism in modern American academia. But the entitlement isn't breathtaking. It's perfectly ordinary. When the government and its officials give you something, they always expect something in return. Sometimes that something is your privacy. That's the way it works.
Update: The school district is claiming that it only activates the remote system to find a laptop that has been reported lost or stolen. If that's the case — if Blake had someone else's laptop, and was only recorded because that someone else reported the laptop lost or stolen — it's obviously a very, very different case.
Meet Angela Epstein, the idiot who celebrates her status as the first person in the United Kingdom to be branded with the Mark of the Beast as a "historic moment for democracy."
Having been invited by the Home Office to be the first member of the public to receive a national identity card this week, I found myself being fingerprinted at Manchester`s passport offices as part of the process. …
[S]ome ventured that as a Jew I must be all too familiar with the sinister wartime echoes of having to prove identity. Why didn’t my skin prickle at the very thought of carrying an ID card?
Why didn't it indeed? Now, wherever Ms. Epstein goes, her government and all of the corporations with which she deals will know what Ms. Epstein is doing. Ms. Espstein is fine with that, because only the guilty have something to hide.
Personally, I cannot see what there is to lose — and there’s certainly everything to gain. An ID card is a portable, convenient way to prove your identity without having to carry something like a passport with you — which is murder to replace if you lose it.
I'm surprised Ms. Epstein's philo-semitic friends haven't told her that for millions of Jews outside Germany, a passport wasn't a document allowing international travel.
And if it’s another weapon in the fight against identity fraud, illegal workers and terrorism, then that can only be for the good.
And if it's another weapon in the fight against people who want to preserve some level of privacy, to be left alone, and not to be tracked 24 hours a day, expect willing serfs like Angela Epstein to agree that can only be for the good as well.
This is the problem with the western left: They can see a noose with perfect clarity when the hangman is a conservative. But when the noose is placed by their fellow leftists, they'll call it a necktie every time.
Is this a story about police overreaching? Or is it a story about the horny idiocy of young men, one in particular, who are so stupid that they can be taken in by an internet photo of a pretty girl? Could it be a story about the internet becoming a virtual Oceania, where Google and Facebook replace the Telescreen? Or more prosaically, is it a story about the incompetence of criminal defense lawyers? If I'd been Adam Bauer's lawyer, I'd have forced the state to try this case, though I'm not a criminal attorney. (My trial experience comes from insurance defense, but that would be enough to get the charges against Bauer dismissed.) Or is it a cautionary tale about the foolishness of laypeople who represent themselves in court?
Am I missing something? Could it be all of these, and more?
We've done our share of bashing the TSA. But no one should deny that they provide a very valuable service to America.
That service is entertainment.
With that in mind, enjoy Cracked on The Seven Dumbest Things Done By Airport Security. Laugh, so you won't cry.
Fortunately I have never had a serious run-in with TSA. I came close. Several years ago I flew to Oakland in order to appear in court in Santa Rosa, where my client was involved in a regrettable misunderstanding resulting from the government's hasty conclusion that he had improperly possessed a firearm of the sort characterized by some as a machinegun. On the way through security in catching my flight, I was pulled aside for a search — perhaps random, perhaps not. The TSA agent opened my brief bag and dropped my case binder on the table. It flopped open to a page showing a full-color photograph of the alleged machinegun.
The three TSA agents assisting with my search fell silent.
"This," I thought, "has long day written all over it."
Fortunately these particular agents, perhaps students of Magritte, recognized ceci n'est pas une machinegun.
Remember the TSA's breathless announcement of its behavior detection system, in which government-trained Behavior Detection Officers would identify and thwart potential terrorists based on them being so shifty?
TSA's BDO-trained security officers are screening travelers for involuntary physical and physiological reactions that people exhibit in response to a fear of being discovered.
Yeah, well, it turns out that Behavior Detection Officers — or BDOs, as they like to call themselves in an attempt to pose as serious and respectable law enforcement officers — have to detain or annoy more than 100 people to come up with one worth arresting:
A TSA program launched in early 2006 that looks for terrorists using a controversial surveillance method has led to more than 160,000 people in airports receiving scrutiny, such as a pat-down search or a brief interview. That has resulted in 1,266 arrests, often on charges of carrying drugs or fake IDs, the TSA said.
How does that lower-than-one-percent success rate compare with, say, just stopping people randomly, or stopping people wearing purple, or stopping people based on numerological or astrological principles? (I'm looking at you, you goddamn Pisceses!) Well, we don't know, because TSA doesn't conduct such inquiries. They just rely on the assessment of the guy in the poly-blend shirt whose Cracker Barrel assistant manager interview went poorly, based on his training by the people who make airport security run so smoothly. And meanwhile, subservience to government intrusion — including intrusion based on junk science incompetently applied — is further normalized among the populace.
The Transportation Safety Administration wants flyers who've registered for its "Clear" program, the one that lets them cut ahead of security lines in airports, to know that:
Current Clear® customers will not be affected by this action and will not experience any disruption when using Registered Traveler.
By "this action" the TSA means the suspension of TSA contractor Verified Identity Pass, Inc. from further government work. For losing an unencrypted laptop with the names and personal information, such as social security and driver's license numbers, of 33,000 people.
By "disruption" I guess TSA means something other than identity theft.
No worries. If you're one of those who paid to be first in line at the airport, you can certainly afford a few years of credit monitoring service. And if your name gets stolen by a terrorist or smuggler because you trusted your government, well this is what you get for trying to cut in line, so you have no cause for complaint.
Via Bruce Schneier.
Via BoingBoing, I see that the Department of Homeland Security asserts the right to search your tech-fetish geegaws and tell the world that you like Michael Bolton and, God help you, this blog. DHS asserts that as part of its broad border search authority, it can take your laptop and iPod and Blackberry, send them offsite for an indefinite period of time to be analyzed by third parties of its choosing, not to mention any other agency in our government's inquisitive alphabet-soup. The government, relying on border search authority more typically applied to drug interdiction efforts, asserts that it needs no reasonable suspicion or suspicion particularized to you to do this:
Customs Deputy Commissioner Jayson P. Ahern said the efforts "do not infringe on Americans' privacy." In a statement submitted to Feingold for a June hearing on the issue, he noted that the executive branch has long had "plenary authority to conduct routine searches and seizures at the border without probable cause or a warrant" to prevent drugs and other contraband from entering the country.
The new policy is here.
Regrettably, the Ninth Circuit recently ruled that the traditional rule permitting warrantless and suspicionless border searches for things like drugs extended to permit searches of data on a laptop. I think that's questionable based on the comparative reasonable expectation of privacy in one's person and luggage, on the one hand, and in one's writing and reading history, on the other hand. (Moreover, even if it were appropriate to search for, say, image files that might be child porn, I don't think that makes it reasonable to read non-image documents.) But for now, at least, the most liberal court in the nation will back DHS's play.