Tuesday, January 18, 2011

WikiLeaks Heats Up; Swiss Fed Up With US Spying, BOA In Panic Cover Up Mode, Who’s Not In On Iran’s Sabotaged Nuclear Facilities and China Is No Cup Of Tea.

WikiLeaks Heats Up; Swiss Fed Up With US Spying, BOA In Panic Cover Up Mode, Who’s Not In On Iran’s Sabotaged Nuclear Facilities and China Is No Cup Of Tea.

(Do believe you have a right to privacy; if so read all the way to the bottom line of this post, and then answer that question for me?)

The arrival of Chinese President Hu Jintao in the United States brings him face to face with an Obama administration that has grown more hard-nosed about the course of what is arguably the most important relationship the United States maintains with a foreign power…

…The summit with Obama will probably be Hu's last asChina's president; he is set to retire in 2012 and be replaced by the vice president, Xi Jinping. One tangible outcome of the summit is expected to be an invitation to Vice President Biden to go to China, which would set the scene for Xi to visit the United States, a rite of passage for those about to rise the chairmanship of China's Communist Party.

Analysts say Hu is eager to burnish his legacy as a competent steward of China's ties with the United States. But he will find an administration that views his government with significant misgivings.

Obama entered office expressing a sense that together the United States and China had an opportunity to solve many of the world's problems. Indeed, unique among presidents dating to Richard M. Nixon, Obama entered office striking a gentle tone toward China.
Secretary of State Hillary Rodham Clinton said during a trip to China in February 2009 that pressing the country on human rights issues "can't interfere with the global economic crisis, the global climate change crisis and the security crises." In another sign of goodwill, Obama became the first president since the 1990s to fail to meet the Dalai Lama during one of the exiled Tibetan leader's trips to Washington.

But after a difficult summit in China that November, followed by clashes over climate change and a $6.4 billion weapons sales package to Taiwan in January 2010, the attitude among U.S. officials changed. Google's decision to pull out of China, along with its allegations that the Chinese government had hacked into one of its servers, added tension to the relationship. And Beijing's outraged opposition to the awarding of the Nobel Peace Prize to jailed dissident Liu Xiaobo further convinced U.S. officials that China was not interested in accommodating Western concerns over human rights….
…Tensions between the two countries also flared over how to handle the Korean Peninsula, with a senior Obama administration official accusing China of "enabling" North Korea's military brinksmanship. Over six months in 2010, North Korea launched two attacks on South Korea - killing 48 soldiers and two civilians.

"Despite the positive rhetoric surrounding the Hu visit, the Obama administration today has a greater sense of the limits of cooperation with China," said Daniel Kliman, a visiting fellow at the Center for a New American Security. "The administration will of necessity continue to engage China on global and regional issues, but with diminished expectations."

More broadly, Kliman said, the administration has changed its strategy with China. Obama began his administration apparently thinking he could win support in Beijing by doing China favors. That notion seems to have dissipated. "These officials have since realized that you can't bank goodwill in Beijing," he said. "Rather, standing firm is the more effective approach."

The new attitude was in evidence last week.

During the 2009 summit, as difficult as it was, the two sides released a long communique about U.S.-China relations. This time, it remains unclear whether there will be one - despite indications that Hu wants one.

In 2009, Obama played down human rights issues by postponing his meeting with the Dalai Lama. Last week, Obama met with Chinese dissidents and human rights advocates and discussed how he could use U.S. leverage to push China to improve its record.
It was also apparent in speeches by Clinton and Treasury Secretary Timothy F. Geithner, both of whom were blunt to the point of pugnacity. Near the end of his speech, Geithner put China on notice that if it wanted progress on its demands for a better investment climate in the United States and more access to U.S. technology, it had better bend to U.S. demands that China allow the value of its currency to rise and open its markets to U.S. firms. In the past, U.S. officials had avoided such threats…

WikiLeaks is getting ready to drop another mega-bomb, this one about high-profile tax evaders, which got us wondering: Where does WikiLeaks actually store all that info?
One place might be Pionen “White Mountain," a data center run by the Swedish broadband provider Bahnhof that looks like a SMERSHhideaway.
The center is a converted nuclear bomb shelter that hosts two "live and kicking" WikiLeaks servers, per Bahnhof spokesman Jon Karlung, 100 feet below the streets of downtown Stockholm. Designed by Albert France-Lanord Architects, the center is a testament to one of the big paradoxes of WikiLeaks: To go about doing good, it has to act like the cagey villain.
Everything about Pionen -- which hosts several other servers -- feels like it came straight out of the mind of Ian Fleming. It's got 1.64-inch thick metal entrance doors and backup generators from German submarines and granite walls thick enough to withstand a whole fleet of disgruntled diplomats (or bitter Swiss bankers).
The center is as humane as possible for something that's effectively a glorified dungeon; the architects added plants on the walls and some much-needed glass accents. But mostly, Pionen is faithful to its bomb-shelter roots. WikiLeaks is better off for it. At the same time that it's utterly transparent about the world, it's forced to be utterly opaque about itself.
See lots more images at ArchDaily.com.

Online whistle blowing site Wikileaks has cost the job of a chief executive at one of Germany's  leading space companies.

OHB-System's Berry Smutny has had to clean out his desk after he told
diplomats that he thought Europe's Galileo satellite-navigation project was a "stupid idea" and a waste of taxpayer's cash.

All that would be fair enough if your company was not part of the consortium that will build Galileo's first 14 operational spacecraft.

According to the Beeb Smutny denied he ever said anything like that to US diplomats but after reading the cable's contents, OHB's board has decided he had better go.

In a statement the OHB's supervisory board said it had "passed a unanimous resolution to revoke Smutny's appointment", adding that it disapproved of the conversations and the quotes attributed to Smutny.  We guess they did not believe him.

Smutny would be unlikely to tell the Americans that the Euro replacement for GPS was a good idea, particularly if he wanted to score any future lucrative defence contracts across the pond. But his other reported comments seemed to push this beyond an attempt to butter up the Americans.

The cable, which was published by the Norwegian daily Aftenposten had him saying that Galileo was a stupid idea that primarily serves French and, in particular, French military interests.

He then said that Galileo was "doomed for failure" or would "have to undergo drastic scale backs for survival".

Smutny might be right about this. Galileo's deployment is long overdue and significantly over-budget. But we guess if your outfit is making millions of euro on what might be a cock up it is best that no one finds out about it.

In a burst of wikipanic, Bank of America has dived into full-on counterespionage mode.

In an interview from October 2009, WikiLeaks director Julian Assange told Computer World that his organization was in possession of cache of information taken from a 5GB hard drive of a Bank of America executive. It apparently took until November of this year for the news to sink in at BofA, where, according to the New York Times, they have now launched a broad internal investigation, in an attempt to discover the content and source of the alleged leak.

"If something happens, we want to be ready," one bank official told the NYT. "You want to know what your options are before it comes out, rather than have to decide on the spot."

15 to 20 bank officials, along with consulting firm Booz Allen Hamilton, will be "scouring thousands of documents in the event that they become public, reviewing every case where a computer has gone missing and hunting for any sign that its systems might have been compromised."

So far, the team hasn't found the source of the leak. As for the content, the NYT reports that the counterespionage task force is focussing closely on BofA's acquisition of Merrill Lynch, which was investigated by the SEC in 2009 and 2010, along with the bank's acquisition of the ailing mortgage giant Countrywide Financial in 2008.

As Assange put it in a recent Forbes interview, his organization latest link will detail the "the ecosystem of corruption" in corporate America.

Wikileaks isn't the only site struggling to stay up these days because service providers are pulling their support. It appears that at least one person who wants to provide mirror access to Wikileaks documents is having the same trouble.

Recently we heard from a user who mirrored the Cablegate documents on his website. His hosting provider SiteGround suspended his account, claiming that he "severely" violated the SiteGround Terms of Use and Acceptable Use Policy. SiteGround explained that it had gotten a complaint from an upstream provider, SoftLayer, and had taken action "in order to prevent any further issues caused by the illegal activity."

SiteGround told the user that he would need to update his antivirus measures and get rid of the folder containing the Wikileaks cables to re-enable his account. When the user asked why it was necessary to remove the Wikileaks folder, SiteGround sent him to SoftLayer. 

The user asked SoftLayer about the problem, but the company refused to discuss it with him because he isn't a SoftLayer customer. Finally, SiteGround told the user that SoftLayer wanted the mirror taken down because it was worried about the potential for distributed denial of service (DDOS) attacks. When the user pointed out that no attack had actually happened, and that this rationale could let the company use hypothetical future events to take down any site, SiteGround said that it was suspending the account because a future DDOS attack might violate its terms of use.

If this sounds like a lame excuse, that's because it is a lame excuse. It's incredibly disappointing to see more service providers cutting off customers simply because they decide (or fear) that content is too volatile or unpopular to host. And the runaround that this user received from his host and its upstream provider demonstrates the broader problems with the lack of any real transparency or process around such important decisions.

Internet intermediaries — whether directly in contract with their users or further up the chain — need to stick up for their customers, not undermine their freedom to speak online. As we've said before, your speech online is only as free as the weakest intermediary.

This incident shows that censorship is a slippery slope. The first victim here was Wikileaks. Now it's a Wikileaks mirror. Will a news organization that posts cables and provides journalistic analysis be next? Or a blogger who posts links to news articles describing the cables? If intermediaries are willing to use the potential for future DDOS attacks as a reason to cut off users, they can cut off anyone for anything.

EFF urges SiteGround, SoftLayer and other service providers to champion user rights and say no to online censorship.

Related Issues: Free Speech

How Refreshing: Interrogating And Prosecuting Financial Rapists.

Halldór J. Kristjánsson, who used to be CEO of Icelandic bank Landsbanki along with Sigurjón Th. Árnason, is now under a travel ban until January 25. He arrived to Iceland from Canada, where he lives, yesterday to be interrogated by the Special Prosecutor.

“Everything I have been involved in has been in accordance with laws and regulations,” Kristjánsson told reporters when he arrived at the Special Prosecutor’s, Fréttabladid reports.

His lawyer Fridjón Örn Fridjónsson said Kristjánsson had always intended to cooperate with the Special Prosecutor and therefore the travel ban had been accepted.

The case concerns alleged market abuse of the bank’s executives in the five years preceding the banking collapse of 2008 concerning tens of billions of ISK.

Seven former employees of Landsbanki were interrogated in connection with this case on Thursday. Two of them were arrested, former CEO Árnason, who will be in custody until January 25, and Ívar Gudjónsson, former director of Landsbanki's inner trade, who will be in custody until January 20.

Árnason is accused of, among other issues, having granted Georg Tzvetanski, former vice-president of BalkanPharma and board member of Pharmaco, now Actavis, ISK 4.5 billion (USD 38 million, EUR 29 million) in overdraft for buying stock in Landsbanki on September 30, 2008, a day after Glitnir Bank was nationalized, which marked the beginning of the banking collapse.
Employees of the Special Prosecutor’s Office questioned people in relation to the Landsbanki case throughout the weekend.
Click here to read more about this story.

Ívar Gudjónsson, former director of Landsbanki’s own investments, was released from custody yesterday. His interrogation is finished for now and therefore Special Prosecutor Ólafur Th. Hauksson didn’t think it necessary to keep him locked up.  more

The American landscape is pockmarked by the wreckage left behind by angry, white male extremists. Read More

Blair 'misled MPs on legality of war' law chief who advised ex-PM tells Iraq inquiry 18 Jan 2011 Tony Blair misled Parliament and the public about the legality of the Iraq War, according to explosive documents released last night. Former Attorney General Lord Goldsmith said the then prime minister’s claims that Britain did not need a UN resolution explicitly authorizing force were not compatible with his legal advice. In secret testimony to the Chilcot Inquiry, declassified yesterday, Lord Goldsmith said Mr Blair based his case for invasion on grounds that 'did not have any application in international law'.

Tony Blair 'misled' Commons over legal advice on war in Iraq 17 Jan 2011 Tony Blair misled Parliament by claiming that Britain could legally attack Iraq in the face of United Nations opposition despite being given clear advice to the contrary, new evidence suggests. In evidence to the Iraq inquiry, Lord Goldsmith, who at the time was the government’s top legal adviser, disclosed that he was “uncomfortable” about statements made by the then-prime minister in the run up to the 2003 invasion.

WikiLeaks cables: Turkey let US use airbase for rendition flights --Turkey allowed use of Incirlik airbase as refuelling stop, US embassy cable reveals, after Turkish denials of involvement 17 Jan 2011 Turkey allowed the US to use its airbase at Incirlik in southern Turkey as part of the "extraordinary rendition" programme to take suspected terrorists to Guantánamo Bay, according to a US diplomatic cable. Turkey's involvement in the controversial programme was revealed in a cable dated 8 June 2006, written by the then US ambassador to Turkey, Ross Wilson.

Swiss lawmakers call for expulsions amid probe into possible US embassy surveillance program 17 Jan 2011 Angry Swiss lawmakers called Monday for the ouster of U.S. diplomats suspected of illegally spying on people around their diplomatic missions, in a standoff over the use of counterterrorism measures. The Swiss government said it has demanded a stop to any surveillance and is investigating the scale of what it calls an unauthorized spying program by the U.S. mission to the United Nations in Geneva and the U.S. embassy in Bern.

Switzerland reveals illegal US spying 17 Jan 2011 The government of Switzerland confirmed Sunday they have evidence that the United States has been conducting an illegal intelligence gathering in Swiss territory. In 2007, the United States had asked the Swiss government for permission to conduct a surveillance program in the country aimed at protecting their embassies in Bern and Geneva. This request was rejected by the Swiss, according to a statement released by the justice ministry. However, it was revealed in late 2010 that the US government was conducting similar programs in Norway and Denmark, with the permission of the Norwegian and Danish governments. The revelations prompted the Swiss government to conduct an investigation which found that "such a programme is ongoing at the US mission in Geneva", the ministry told the Agence France-Presse (AFP) Sunday.

Ex-CIA officer in defense leak case pleads not guilty 14 Jan 2011 A former CIA officer accused of disclosing confidential information to an American journalist, pleaded not guilty Friday in federal court, the Department of Justice announced. Jeffrey Sterling, 43, was arrested in St. Louis last week on a 10-count indictment that included handing over classified intelligence on another country's covert weapons program and revealing national defense information.

Web Host Go Daddy Shuts Down Pakistani Website over CIA Outing 17 Jan 2011 Web hosting provider Go Daddy ordered the removal of a controversial article that included the name of a former CIA agent in Pakistan. In the first week of January, Go Daddy presented PakNationalists with an ultimatum, threatening the webmasters that they "either remove the content" or they would move their website to another Web host in 48 hours. The article discussed the potential court case against former CIA Islamabad station chief Jonathan Banks, who was accused of being behind the allegedly illegal drone attacks on areas of Pakistan.

Afghanistan moves to tax U.S. contractors --U.S.-led coalition spends up to $10 billion a year on private contractors in Afghanistan [while letting U.S. infrastructure go to hell. Notice that GOP hypocrites never vote against the perpetual Afghanistan stimulus?] 17 Jan 2011 The Afghan government is ramping up efforts to tax U.S. contractors operating there - an effort that could raise millions for the cash-strapped government but could also provoke fresh confrontation with the United States, according to U.S. and Afghan officials. Taxation of U.S. government assistance is barred by U.S. law [!?!], as well as by a number of bilateral accords between Afghanistan and the United States. [Too bad the US government doesn't tax the contractors, but Bush/Obusha gave them a pass along with every other corpora-terrorist.]

Congressman launching probe into local 'Muslim radicalization' 16 Jan 2011 The new chairman of the House Committee on Homeland Security is preparing a controversial investigation next month into what he calls a "very real threat" -- the radicalization of young Muslims by local religious leaders. But Rep. Peter T. King (R-Insane-N.Y.) said he had heard an increasing number of stories from federal law enforcement officials that U.S. Islamic leaders have not cooperated with police or are fomenting young Muslims. "There's a systematic effort to radicalize young Muslim men," King said.

Previous lead stories: Tucson shooting victim involuntarily committed to undisclosed medical facility 15 Jan 2011 A Tucson mass shooting victim was taken into custody Saturday after yelling "you're dead" at a Tea Party spokesman during the taping of an ABC-TV town hall event. The Pima County Sheriff's Office said J. Eric Fuller, 63, was involuntarily committed to an undisclosed medical facility, NBC News reported. The Associated Press said he was undergoing a psychiatric evaluation. He faces charges of threats and intimidation and disorderly conduct, according to Tucson TV station KGUN.

Companies and government agencies anxious to better protect sensitive documents are eager to try the SmartCipher system developed by Israeli startup Covertix.

Aside from revealing diplomatic secrets, Wikileaks also showed the world just how vulnerable our secure data is.

Besides spilling the secrets of 100 empires, the Wikileaks scandal revealed to the world just how vulnerable "secure" data really is - and how ineffective traditional data protection methods, like firewalls, really are. After all, if an army officer armed only with a rewritable CD could manage to lift hundreds of thousands of sensitive and top-secret documents from a U.S. Defense Department server - which one would assume would enjoy full protection from intruders - what hope is there for the rest of us?
A great deal, says Alon Samia, CEO and co-founder of Covertix, an Israeli startup offering a product that might have prevented the mass revelations of diplomatic secrets by Julian Assange. The company's document technology prevents unauthorized individuals from opening and reading files, alerting managers when a document's security is compromised and automatically blocking usage if unauthorized use is suspected.
"With the growth of online information fencing, where it's easy to sell credit-card and other data, the incentive to steal information is greater than ever," says Samia. "The danger is just as great -- perhaps even greater -- from organization insiders as it is from outsiders."
Using the Covertix SmartCipher system, Samia says, lets organizations keep track of documents and data that are at risk, even from employees who have physical access to servers and can copy whatever they want by attaching a USB drive to a data port. With SmartCipher, they may get away with copying a document - but they won't be able to read it.
Playing by the rules
In a system protected by SmartCipher, documents get tagged with a small attachment containing a set of rules specifying who is authorized to access them. On servers where SmartCipher is installed, the systems keeps track of all document access - who read it, when, on what computer and whether any changes or copies were made. Outside the office, users authorized to read the document must first install a plug-in unique to the particular company. Samia likens this process to receiving a PDF and having to install a PDF reader.
In-house and out, the Covertix system can assign different rights to recipients. Beyond access, the Covertix rule-set can regulate just about any user action regarding the document, including whether it can be printed, copied or forwarded. And if those permits are in place, the Covertix plug-in will report back to the server that armed it with the rules exactly where the information went.
Those rights could vary by computer as well - for example, a rule could be implemented that would let laptop users view, but not edit, a document. The rules can also analyze content. For example, if a document contains one credit-card number, it could be assumed that the number belongs to an individual attempting to buy something online. But 10 numbers would indicate that the document is a record of company customers that has no business being in the hands of someone outside the organization, and the rules would prevent the file from being opened.
Document technology created by Covertix prevents unauthorized individuals from opening and reading files.
Depending on the level of security, the system could potentially even ban a recipient from accessing the document based on location. For instance, if the document rules expect a particular IP address on the recipient's computer and a different one shows up, the system could assume that it is being accessed by an unauthorized individual.
‘Like a GPS for documents'
Despite the extensive authentication process, the security handshake process is invisible to users. As far as document recipients are concerned, they're looking at a regular file.
"It's like a GPS for documents," says Samia. "Just like there are rules for network access, there are now rules for accessing documents, so you know that your information is being viewed by the right person, in the right place, at the right time."
Covertix, established in 2007, has about 10 employees, mostly in development, but already the company has snagged some high-profile clients in Israel and France, Samia says. Headquartered in Kfar Saba, the privately held company has raised several million dollars from the Office of the Chief Scientist of Israel, the Iris Ventures technology incubator and private investors in two rounds of financing.
Samia says the company has gotten a lot more inquiries in the past few months - mostly because of Wikileaks.

"The Wikileaks scandal has raised a lot of questions among company directors who not too long ago thought they were immune to this kind of thing. For a long time, executives believed they were protected if they had a firewall and anti-virus system - keeping the bad guys out of their systems. But the perimeters are crumbling - firewalls don't offer any defense from data theft by insiders. Covertix does," Samia says.
Growing need for document security
The market for document data protection is expected to grow substantially. "With new methods of data retrieval, such as the ability of users to upload, read and edit documents on cell phones, there are new challenges. In addition, there is the issue of cloud storage security, with documents on even secure servers accessible on computer screens around the world. Now more than ever, solutions are needed for data control," Samia says. Covertix is developing products for protection in those areas as well.
"Interest in our product has jumped in recent weeks, especially in traditional areas that require data protection, like finance and government security, but we are seeing interest from institutions in non-traditional industries, like education," Samia adds. "More companies understand the problem, and many have, for the first time, begun budgeting for document protection.
"Because of Wikileaks, everyone today has the same question: ‘Can this happen to me?' The answer is yes, but with Covertix, companies have a fighting chance," he asserts.

As Stuxnet cyber attack pinned on US and Israel, US embassy cable reveals advice to use undercover operations

The United States was advised to adopt a policy of "covert sabotage" ofIran's clandestine nuclear facilities, including computer hacking and "unexplained explosions", by an influential German thinktank, a leaked US embassy cable reveals.

Volker Perthes, director of Germany's government-funded Institute for Security and International Affairs, told US officials in Berlin that undercover operations would be "more effective than a military strike" in curtailing Iran's nuclear ambitions.

A sophisticated computer worm, Stuxnet, infiltrated the Natanz nuclear facility last year, delaying Iran's programme by some months. The New York Times said this week that Stuxnet was a joint US-Israeli operation.
On Monday, Iran's top nuclear negotiator blamed the US for the cyber-attack. Saeed Jalili told NBC News an investigation had found the US was involved in the attack that apparently shut down a fifth of Iran's nuclear centrifuges in November. "I have witnessed some documents that show [US participation]," he said.

A diplomatic cable sent by the US ambassador to Germany, Philip Murphy, in January 2010, records that Perthes said a policy of "covert sabotage (unexplained explosions, accidents, computer hacking etc) would be more effective than a military strike, whose effects in the region could be devastating".

Perthes is a leading western expert on Iran. An earlier diplomatic cable, sent by Murphy on 14 December 2009 showed that his advice was heeded by politicians and officials - including Condoleezza Rice, the former US secretary of state.

"The majority of the guests at the table distinctly deferred to Perthes for guidance on where the Iran issue might be headed or should be headed," Murphy wrote. "This was striking amongst such a high ranking group of people operationally involved with the Iran issue."

In an interview with the Guardian, Perthes said the ambassador accurately reflected his view "that 'unexplained accidents' or 'computer failures' etc are certainly better than military strikes. And that military strikes – a military escalation with Iran – must be avoided.

"Compared to military action, such acts have the advantage that the leadership of a country that is affected wouldn't need to respond – everybody can agree that there was a technical failure, no one needs to shoot or bomb. And at the same time, everybody has understood the message – about what developments are unacceptable to the other side.

"My sense at the beginning of 2010 was – without having any specific knowledge – that some countries were indeed preparing to slow down the Iranian nuclear programme by acts of sabotage, or computer hacking."

US and Israeli officials refused to comment on their reported involvement with Stuxnet yesterday. However, the leaked cables show that more covert methods of infiltrating Iran's nuclear programme – including powerful cyber attacks – was a proposal gaining traction inside US diplomatic circles last year.

President George Bush approved $300m (£189m) on joint covert projects aimed at Iran, understood to have included Stuxnet, before leaving office in 2009.

The chances of a military strike against Iran are now understood to be receding, in part because of the success of the Stuxnet cyberattack, but also due to the assassination last year of two Iranian nuclear scientists, which was attributed to Israel.

Stuxnet wiped out roughly a fifth of the centrifuges used to enrich uranium at Iran's Natanz base around August last year. Security experts told the Guardian at the time that Stuxnet was "the most refined piece of malware ever discovered", raising suspicion that it was a well-funded and potentially state-sponsored operation. According to the New York Times, the Stuxnet worm was tested at a secret Israeli bunker at Dimano, near the Negev desert.

Updated 2:30 pm near bottom of post, to clarify recipient of a letter from Yahoo's lawyers.

The tech world is abuzz with a remarkable display of backbone by Twitter in the Wikileaks case. It deserves wider notice.

Federal prosecutors want to indict Julian Assange for making public a great many classified documents. In December the feds obtained a secret order instructing Twitter to hand over private account contents for Assange and four Wikileaks associates, including network addresses, connection logs, credit card information and identities of everyone they talked to. The order forbade Twitter to notify those affected, among them Birgitta Jónsdóttir, a member of Iceland's parliament.

Twitter stalled, fighting and winning a motion to lift the gag order, which is how we know about the case. (If the judge had believed government claims that lifting the gag would blow the investigation, she could equally have rejected Twitter's motion.) Having obtained permission, Twitter notified its users and promised to hand over nothing if they filed a motion to quash within ten days. That is simply the gold standard of customer protection, enabling courts to balance the legitimate needs of prosecutors with the civil liberties of their targets. It almost never happens.

The Obama administration, like those before it, promotes a disturbingly narrow interpretation of the Fourth Amendment, misapplying the facts of old analog cases to a radically different digital world. I do not deny that there is a line of judicial precedents allowing government agents to search our emails, copy our hard drives and plant GPS trackers on our cars without anything close to probable cause. But there are also contrary cases, and the steady march toward a surveillance state would be unrecognizable to the Founders. Computer files and the contents of smartphones are indisputably the present-day equivalents of constitutionally protected "houses, papers, and effects." Surveillance-happy authorities define the problem away.

 The search-and-seizure provisions of the Fourth Amendment, they say, are irrelevant because you and I have no “reasonable expectation of privacy” in digital records that tell vastly more about us than our parents' file drawers.  This is not primarily a legal argument. It's an assertion of fact about what we think, and about the nature of our society. It says that, because we have entrusted our private data to Google or Sprint or Skype -- without which transactions we cannot function in today's economy or society -- we are affirming that we do not actually regard our secrets as private. Another version, equally circular, is that we know that high-tech surveillance tools exist, and therefore don't expect privacy for anything those tools can reach. (In case you haven't heard, thermal imagery can take pretty good pictures through your bedroom wall from the street.) Raise your hands, all you government lawyers, if you purport to believe your emails and personal files are not private. I'll be happy to link to them in my next column.

Companies that receive government information demands have to obey the law, but they often have room for maneuver. They scarcely ever use it. Digital security guru Christopher Soghoian, in a first-rate piece of reporting and analysis awaiting publication in the Minnesota Journal of Law, Science and Technology, describes the available legal and technical tools in rich detail. In general, the companies could keep fewer records that could be subpoenaed, insist that data requests be narrowly tailored to the asserted purpose and ask courts to lift restrictions on customer notice.

It is beyond reasonable doubt that authorities asked other companies to supply the same kinds of information sought from Twitter, but none of them admit it. Soghoian notes that standard procedure in this kind of forensic work is to assemble data from many sources to “draw the graph” of Wikileaks and its leadership -- who communicates with whom, and when, and who initiates the contact -- even if the contents of the conversations are encrypted. Twitter lived up handsomely to a policy of providing no private information without a binding order, and of notifying users unless legally barred from doing so. The other companies, with a few partial exceptions, will not say what their policies are. I sent carefully framed questions to Verizon Wireless, Sprint, AT&T, T-Mobile, Comcast, Time Warner Cable, Google, Yahoo, Microsoft, Facebook, MySpace and Skype. None replied to most of them. Partial answers, when I got them, were mostly homilies about how seriously they take privacy and how carefully they review each request.

Details are below, but here's the bottom line. As Paul Ohm, a former computer crime prosecutor, put it to me, there is a “classic tacit collusion problem” by companies that do not want to compete on privacy and agree among themselves that “the less you know the better.” Yahoo actually said as much when Soghoian filed a freedom of information request for 
helped disclose some of
its surveillance practices. Yahoo's lawyers asked the U.S. government to deny the request, saying disclosure would "shock [our] customers" and damage 
wrote him a threatening letter, saying he had damaged
the company's “reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies.”
If only. We know what's in our Cheerios and in our retirement accounts because the law requires disclosure. The market for privacy is broken. Suppliers don't let us comparison-shop and Congress is not disposed to oblige them. Attention state legislators: does anyone care?

Here's the fine print:

I asked the companies how many times in 2010 they were served with government demands for non-public information about their customers, and whether they (1) try to narrow those demands; (2) insist on compulsory legal orders before complying; (3) ask courts to allow them to notify their customers; (4) tell customers who inquire, if legally permitted, whether their private data has been obtained by authorities; (5) follow stronger or weaker interpretations of their customers' rights in areas of disputed law, such as the pro-privacy holdings in the Sixth Circuit and Ninth Circuit that do not bind other jurisdictions. I further asked them, if they declined to answer these questions, why they believed their customers did not deserve to know.

Here is what I got back (any italics are mine):

·         Verizon Wireless, AT&T, Time Warner Cable, Google and MySpace simply ignored the questions. No response at all.

·         Microsoft said "we take our responsibility to protect our customers' privacy very seriously, so have specific processes that we use when responding to law enforcement requests.” No hint on what those processes might be. As for the rest: "We appreciate your questions and, unfortunately, this statement is the extent of what Microsoft can provide at this time."

·         Skype “does not comment on law enforcement matters" but "cooperates with law enforcement agencies where legally required... Though we'd like to help you with your story, I'm afraid we're going to have to decline offering any further details." Skype's privacy policy is said to be "very transparent," although it answers exactly none of my questions. The closest it comes is to say Skype "may" disclose your personal information "to respond to legal requirements, to protect Skype's interests, to enforce our policies or to protect anyone's rights, property, or safety." That is the kind of language that lawyers write to justify almost any conceivable disclosure.

·         T-Mobile "complies with all relevant federal and state laws, including privacy laws. We take our customers' privacy very seriously, and carefully control the circumstances under which we disclose customer information to any governmental or non-governmental entity." How so? T-Mobile leaves itself even more wiggle room than Skype does. It hands over your private information "when compelled or permitted" by law," and this includes, but is not limited to, circumstances under which there is a declaration from law enforcement of an exigent circumstance, as well as other valid legal process, such as subpoenas, search warrants, and court orders."

·         Yahoo "responds to valid law enforcement demands." Its lawyers "carefully review all incoming legal demands," and "take very seriously our dual responsibilities to abide by US law and to protect our users' privacy." The company "is committed to protecting user data." The privacy policy says disclosures come in response to "subpoenas, court orders," or unspecified "legal process," or "to establish or exercise our legal rights or defend against legal claims," or when "we believe it is necessary to share information in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Yahoo!'s terms of use, or as otherwise required by law."

·         Sprint manages to be the most responsive and the least reassuring. It gets "thousands of record requests a year" from authorities -- other published hints have suggested tens of thousands -- and requires a "valid legal request," which is not the same thing as a compulsory request. “We act as good stewards of our customers' personal information while also meeting our obligations to law enforcement agencies." Sprint "usually" requires a subpoena or court order but in other cases "Sprint can provide information without requiring this supporting documentation." Sprint notifies its customers only when "ordered buy a judge to do so," which in practice is almost never, rather than as legally permitted, which would be often, because "we do not seek to interfere with the progress of law enforcement investigations." Then comes the boilerplate that "we are  ardent about addressing privacy in our products and services and then clearly communicating those policies and practices to our customers." On the whole, this answer is not terribly specific, but the company's priorities are pretty clear. It values cooperation with authorities more than the privacy of its customers, and notifies them only when compelled to do so.

·         Comcast makes "every reasonable effort to protect subscriber privacy," and the rest of the answers amount to "maybe." Disclosures of personal information "may be made with or without the subscriber's consent, and with or without notice, in compliance with the terms of valid legal process such as a subpoena, court order, or search warrant." It gives the greatest protection to customer's television viewing habits because the Cable Act requires notice and an opportunity for customers to contest release of their personal information. For internet customers, "we are usually prohibited from notifying the subscriber of any disclosure of personally identifiable information to a government entity by the terms of the subpoena, court order, or search warrant." There is no mention of contesting gag orders, or of notifying customers when permitted to do so.

·         Facebook: "We have no comment at this time" on Wikileaks. On the policy questions, "Will get back to you." I'm still waiting.

No comments: