Вы находитесь на странице: 1из 461

Erosion of Individual Privacy

Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons. . . . This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is important to individual autonomy as well. -Kim L. Scheppele, Legal Secrets 302 (1988) Knowledge is Power -Sir Francis Bacon The technotronic era involves the gradual appearance of a more controlled society. Such a society would be dominated by an elite, unrestrained by traditional values. [...] [T]he capacity to assert social and political control over the individual will vastly increase. It will soon be possible to assert almost continuous surveillance over every citizen and to maintain up-to-date, complete files, containing even most personal information about the health or personal behavior of the citizen in addition to more customary data. These files will be subject to instantaneous retrieval by the authorities. -Zbigniew Brzezinski, proteg of David Rockefeller, cofounder of the Trilateral Commission, and NSA to Jimmy Carter, from his 1971 book Between Two Ages Individual privacy rights are an impediment to the oligarchy of power brokers. They increase the self-respect and mutual respect of those who would be ruled, and they decrease the thoroughness with which their compliance with the dictates of the oligarchy can be evaluated. In particular, individual privacy rights make it harder for the oligarchy to detect and snub in the crib cultural and technological innovations that threaten their hegemony. This archive of Guy Polis's Cryptography Manifesto details many of the techniques and strategies intelligence agencies (and other organizations) use in mining personal information, including a treatment of the infamous Echelon network. Something to consider: a representative of the National Security Agency visits the Altavista site in Palo Alto once a week to collect data on site traffic. In 1996, the CFO of the facility personally confessed this to me, when prodded. The other major search engines probably have similar arrangements.

The Echelon articles are mostly in a dedicated subchapter on Echelon. That subchapter contains most of the coverage of the signals intelligence establishment. EFF's list of printers that rat out their owners from the New York Times, 2009-Jan-17, by Robert Pear: Privacy Issue Complicates Push to Link Medical Data WASHINGTON President-elect Barack Obama's plan to link up doctors and hospitals with new information technology, as part of an ambitious job-creation program, is imperiled by a bitter, seemingly intractable dispute over how to protect the privacy of electronic medical records. Rahm Emanuel, the White House chief of staff-designate, said it was essential to protect personal health information. Lawmakers, caught in a crossfire of lobbying by the health care industry and consumer groups, have been unable to agree on privacy safeguards that would allow patients to control the use of their medical records. Congressional leaders plan to provide $20 billion for such technology in an economic stimulus bill whose cost could top $825 billion. In a speech outlining his economic recovery plan, Mr. Obama said, We will make the immediate investments necessary to ensure that within five years all of America's medical records are computerized. Digital medical records could prevent medical errors, save lives and create hundreds of thousands of jobs, Mr. Obama has said. So far, the only jobs created have been for a small army of lobbyists trying to secure money for health information technology. They say doctors, hospitals, drugstores and insurance companies would be much more efficient if they could exchange data instantaneously through electronic health information networks. Consumer groups and some members of Congress insist that the new spending must be accompanied by stronger privacy protections in an era when digital data can be sent around the world or posted on the Web with the click of a mouse. Lawmakers leading the campaign for such safeguards include Representatives Edward J. Markey of Massachusetts and Pete Stark of California, both Democrats; Senator Patrick J. Leahy, Democrat of Vermont; and Senator Olympia J. Snowe, Republican of Maine. Without strong safeguards, Mr. Markey said, the dream of electronic health information networks could turn into a nightmare for consumers.

In the last few years, personal health information on hundreds of thousands of people has been compromised because of security lapses at hospitals, insurance companies and government agencies. These breaches occurred despite federal privacy rules issued under a 1996 law. Congress is trying to strengthen those privacy protections and make sure they apply to computer records. Lobbyists for insurers, drug benefit managers and others in the health industry are mobilizing a campaign to persuade Congress that overly stringent privacy protections would frustrate the potential benefits of digital records. One of the proposed safeguards would outlaw the sale of any personal health information in an electronic medical record, except with the patient's permission. Another would allow patients to impose additional controls on certain particularly sensitive information, like records of psychotherapy, abortions and tests for the virus that causes AIDS. Patients could demand that such information be segregated from the rest of their medical records. Under other proposals being seriously considered in Congress, health care providers and insurers would have to use encryption technology to protect personal health information stored in or sent by computers. Patients would have a right to an accounting of any disclosures of their electronic data. Health care providers and insurers would have to notify patients whenever such information was lost, stolen or used for an unauthorized purpose. And patients or state officials acting on their behalf could recover damages from an entity that improperly used or disclosed personal health information. Rahm Emanuel, who will be the White House chief of staff for Mr. Obama, advocated such safeguards when he was a House member from Illinois. As we move forward on health information technology, Mr. Emanuel said, it is absolutely essential that an individual's most personal and vulnerable information is protected. Advisers to Mr. Obama say he favors strong privacy protections but does not want the dispute to slow down the bill. Mary R. Grealy, president of the Health Care Leadership Council, which represents large health care corporations, said the proposed safeguards could be an impediment to the widespread adoption of health information technology and counteract any economic stimulus effect. In a letter to Congressional leaders, Karen M. Ignagni, president of America's Health Insurance Plans, a trade group for insurers, expressed serious concern about privacy provisions being considered for inclusion in the economic stimulus bill. She criticized, in particular, a proposal that would require health care providers to obtain the consent of patients before disclosing personal health information for treatment, payment or health care operations.

Such a requirement, she said, could cripple efforts to manage chronic diseases like diabetes, which often require coordination of care among many specialists. At the moment, senior House Democrats are determined to include privacy safeguards in the economic recovery bill. But some insurance lobbyists said they hoped Congress would punt on the issue, leaving privacy standards to be developed by the Health and Human Services Department, where they believe they can make their case more effectively. Microsoft has joined many consumer groups in supporting stronger safeguards. The software giant has developed products that allow consumers and providers to store and share medical data in a secure format. Health information technology will succeed only if privacy is protected, said Frank C. Torres, director of consumer affairs at Microsoft. For the presidentelect to achieve his vision, he has to protect privacy. Senator Sheldon Whitehouse, Democrat of Rhode Island, and Peter R. Orszag, director-designate of the White House Office of Management and Budget, said electronic medical records could be more secure than paper records. If the files are electronic, Mr. Whitehouse said, computers can record every time someone has access to your medical information. But, he said, the challenge is political as well as technical. Until people are more confident about the security of electronic medical records, Mr. Whitehouse said, it's vitally important that we err on the side of privacy. The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives. Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers, said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members. from Investor's Business Daily, 2008-Oct-29: Obama's Plumbers Election '08: Ohio Democrats refused to act on ACORN's massive vote fraud. Yet they have time to scour the private records of Joe the Plumber. No wonder Barack Obama finds the Constitution an inconvenience. Joe Wurzelbacher (also known as Joe the Plumber) has learned there's a price to pay for being the one to get Obama to admit that he has a socialist dream to "spread the wealth." Not only are you thrust into the public eye, you get the

privilege of having government officials who support Obama rifle through private files looking for dirt on you. Helen Jones-Kelley, director of the Ohio Department of Job and Family Services and a maxed-out contributor to the Obama campaign, has confirmed that she approved the check on Samuel Joseph Wurzelbacher after the Oct. 15 presidential debate. Jones-Kelley explained her governmental prying by saying, "Our practice is when someone is thrust quickly into the public spotlight, we often take a look" at them. For example, she cited the case of a lottery winner who was found to owe back child support. But Wurzelbacher didn't win the lottery; he merely asked how much more of his hard-earned money was going to be taxed away under the Obama plan. According to the Columbus-Dispatch, at least four state computer checks on Wurzelbacher were conducted shortly after Republican John McCain frequently brought up "Joe the Plumber" during the final presidential debate. In addition to the Department of Job and Family Services, driver's license and vehicle registration information on "Joe" was pulled from Bureau of Motor Vehicles computers. BMV information on Wurzelbacher also was obtained through accounts assigned to the Cuyahoga County Child Support Enforcement Agency and the Toledo Police Department. In a 2001 radio interview in which Obama again expressed belief in the "redistribution of wealth," the Illinois senator regretted that the Supreme Court "didn't break free from the essential constraints that were placed by the Founding Fathers in the Constitution." Will Obama, through his appointments to the court, remove those constraints? Is "Joe" only the first on an Obama's enemies list? Contrast this investigative frenzy with the refusal of Ohio's Democratic Secretary of State, Jennifer Bruner, to use government records to check the thousands of new voters registered by ACORN and others for registration fraud. She also refused notify local election officials when fraud was discovered. This isn't the first time team Obama has sought to stifle dissent, threatening to use the powers of government to intimidate and punish its opponents. A recent report on KMOV-TV in St. Louis said: "The Barack Obama campaign is asking Missouri law enforcement to target anyone who lies or runs a misleading TV ad during the presidential campaign." The Obama campaign will target anyone who says this emperor has no clothes. It wasn't long ago that a team of 30 lawyers, investigators and Democratic party operatives trekked up to Alaska to find dirt on Sarah Palin. Now they're after Joe the Plumber.

Should Obama, Sen. Harry Reid and House Speaker Nancy Pelosi gain unfettered control of the powers of government and the Supreme Court and reinstate the so-called Fairness Doctrine, they might come after you. from IDG via the New York Times, 2008-Oct-28, by Jaikumar Vijayan: Contractor suspected in 'Joe the Plumber' privacy breach The Ohio State Highway Patrol has identified a suspect in a criminal case involving illegal access to information in a state government database about Joseph Wurzelbacher, the plumber made famous by Sen. John McCain, R-Ariz., during the Oct. 15 presidential debate. Sgt. Tim Karwatske, a spokesman for the state highway patrol, Tuesday said that the investigation is focusing on a contractor working for the Ohio Department of Insurance in Columbus. A Hewlett-Packard computer belonging to the agency has been seized as evidence, Karwatske said. He did not name the person because the investigation is still under way and no formal charges have been filed in the case, he said. The criminal investigation came at the behest of Ohio State Attorney General Nancy Rogers' office after it was discovered that someone had surreptitiously used an old test account created by the attorney general's IT team to access Wurzelbacher's records. This is not the first time that illegal access to records of high-profile individuals by insiders with privileged access has surfaced during this election. Earlier this year, U.S. Department of State officials disclosed that private contract employees working for the agency had repeatedly accessed passport records belonging to Sen. Barack Obama, D-Ill., Sen. Hillary Clinton, D-N.Y., McCain and others. Jennifer Brindisi, a spokeswoman at the Ohio attorney general's office, Tuesday said that the test account used to access Wurzelbacher's data was created four years ago during the development of Ohio's Local Law Enforcement Information Sharing Network (OLLEISN). The test account was shared with several unidentified contractors when OLLEISN was being built, Brindisi said. When the illegal use of the account was discovered, the matter was turned over the Highway Patrol, which launched a criminal investigation into the unauthorized access, Brindisi said. "No one from the Attorney General's Office was involved in the unauthorized inquiry into Joe Wurzelbacher's records," Brindisi said via email. The attorney general's office has changed the security codes and taken other "appropriate measures" to tighten access to OLLEISN data, Brindisi said. OLLESIN was created by the Ohio Association of Chiefs of Police as a tool to help local law enforcement agencies in the state share multi-jurisdictional information on suspects, wanted individuals, warrants, incident data and field interview notes, according to an official description of OLLESIN.

The data behind OLLESIN is part of the state attorney general's Ohio Law Enforcement Gateway (OHLEG) Web portal and can be accessed either via a Web interface or through the Computer Aided Dispatch and Records Management Systems used by law enforcement officers. Users need individual accounts issued directly from the Rogers' office to access the records and all access is logged. The illegal access case is just one of four similar incidents involving Wurzelbacher's information after the plumber shot into the news following McCain's repeated use of his name to highlight a point about Obama's tax plans. The data checks were initially uncovered by the The Columbus Dispatch, which on Saturday reported that Wurzelbacher's file at the Ohio Bureau of Motor Vehicles (BMV) had been accessed at least three times by unknown individuals using state government computers in the days immediately following the debate. According to the paper, the information in the BMV computers was accessed from accounts assigned to at least two state government agencies in addition to the one in Rogers' office. In a follow-up report Tuesday morning, the paper noted that Ohio's inspector general is also investigating why the director of the Ohio Department of Job and Family Services had approved a check of Wurzelbacher's background in the agency's child-support computer system. It is not clear yet what exactly motivated these searches. McCain's camp has accused Obama's team of being somehow involved in the matter, while the latter's campaign has flatly dismissed such suggestions. Such incidents highlight the relative absence of proper access controls and measures for enforcing them, said Brian Cleary, a vice president of marketing at Aveksa, a Waltham, Mass.-based security vendor. Organizations that want to mitigate the risk for such incidents need to implement controls to ensure that privileged insiders have access to critical information only on an as-needed basis and then only when it is needed, he said. from the New York Times, 2008-Nov-12, by Jackie Calmes: For a Washington Job, Be Prepared to Tell All WASHINGTON Want a top job in the Obama administration? Only pack rats need apply, preferably those not packing controversy. A seven-page questionnaire being sent by the office of President-elect Barack Obama to those seeking cabinet and other high-ranking posts may be the most extensive some say invasive application ever. The questionnaire includes 63 requests for personal and professional records, some covering applicants' spouses and grown children as well, that are forcing job-seekers to rummage from basements to attics, in shoe boxes, diaries and computer archives to document both their achievements and missteps.

Only the smallest details are excluded; traffic tickets carrying fines of less than $50 need not be reported, the application says. Applicants are asked whether they or anyone in their family owns a gun. They must include any e-mail that might embarrass the president-elect, along with any blog posts and links to their Facebook pages. The application also asks applicants to please list all aliases or `handles' you have used to communicate on the Internet. The vetting process for executive branch jobs has been onerous for decades, with each incoming administration erecting new barriers in an effort to avoid the mistakes of the past, or the controversies of the present. It is typically updated to reflect technological change (there was no Facebook the last time a new president came to town). But Mr. Obama has elevated the vetting even beyond what might have been expected, especially when it comes to applicants' family members, in a reflection of his campaign rhetoric against lobbying and the back-scratching, self-serving ways of Washington. President-elect Obama made a commitment to change the way Washington does business, and the vetting process exemplifies that, said Stephanie Cutter, chief spokeswoman for the Obama transition office. Jobs with the mortgage-finance giants Fannie Mae and Freddie Mac have served as lucrative incubators for Democratic and Republican administration officials. But those affiliations have become potentially toxic since the government seized both companies after years of financial irregularities that have stoked the economic crisis. Not surprisingly, then, Question 18 of the Obama application asks whether you, your spouse or any member of your immediate family have been affiliated with Fannie, Freddie, American International Group, Washington Mutual and any other institution getting a government bailout. Under Domestic Help, the questionnaire asks the immigration status of applicants' housekeepers, nannies, chauffeurs and yard-workers, and whether applicants have paid the required taxes for household employees. (Those questions reflect controversies that tripped up President Bill Clinton's first two nominees for attorney general in 1993.) Every transition is cumulative, said Michael Berman, a lawyer and lobbyist who worked in the transitions of both Mr. Clinton and President Jimmy Carter. After reviewing the Obama application, Mr. Berman added, I am very happy I am not seeking a job in the federal government. A former Clinton White House official who insisted on anonymity said in an e-mail message, I believe it is considerably more detailed than we had to fill out in '93. Interesting that they want spouse information on everything means lots of

folks are going to have to list the very prominent and controversial companies that their spouses work/lobby for. The first question asks applicants not just for a rsum, but for every rsum and biographical statement issued by them or others for the past 10 years a likely safeguard against rsum falsehoods, one Clinton administration veteran said. Most information must cover at least the past decade, including the names of anyone applicants lived with; a chronological list of activities for which applicants were paid; real estate and loans over $10,000, and their terms, for applicants and spouses; net worth statements submitted for loans, and organization memberships in particular, memberships in groups that have discriminated on the basis of race, sex, disability, ethnicity, religion or sexual orientation. There are no time limits for some information, including liens, tax audits, lawsuits, legal charges, bankruptcies or arrests. Applicants must report all businesses with which they and their spouses have been affiliated or in which they have had a financial stake of more than 5 percent. All gifts over $50 that they and their spouses have received from anyone other than close friends or relatives must be identified. Just in case the previous 62 questions do not ferret out any potential controversy, the 63rd is all-encompassing: Please provide any other information, including information about other members of your family, that could suggest a conflict of interest or be a possible source of embarrassment to you, your family, or the president-elect. The answer could duplicate the response to Question 8: Briefly describe the most controversial matters you have been involved with during the course of your career. For those who clear all the hurdles, the reward could be the job they wanted. But first there will be more forms, for security and ethics clearances from the Federal Bureau of Investigation and the Office of Government Ethics. from the Times of London, 2008-Oct-19, by David Leppard: Government faces fight from within for spy database A Home Office revolt is stalling a plan to store our e-mails and calls but a more sinister one may take its place Jacqui Smith, the home secretary, faces a revolt from her senior officials over plans to build a central database holding information on every telephone call, email and internet visit made in the UK. A significant body of Home Office officials dealing with serious and organised crime are privately lobbying against the plans, a leaked memo has revealed.

They believe the proposals are impractical, disproportionate, politically unattractive and possibly unlawful from a human rights perspective, the memo says. Their stance puts them at loggerheads with the spy-masters at GCHQ, the government's eavesdropping centre in Cheltenham, who have been driving through the plans. The Home Office rebels appear to have forced Smith to stall plans to announce a bill in the Queen's speech authorising the database. She has instead ordered her officials to review the proposals. This weekend a top law enforcement body further dented the government's case for the database. Jack Wraith, of the data communications group of the Association of Chief Police Officers, described the plans as mission creep. He said there was an inherent fear of the data falling into the wrong hands. If someone's got enough personal data on you and they don't afford it the right protection and that data falls into the wrong hands, then it becomes a threat to you, he said. Smith is already studying less explosive but equally effective alternatives. One option involves a system based on sending automated requests to databases already held by telephone and internet firms. Privacy campaigners believe the proposals form part of a pentagon of five huge databases, all linked together in real time to create the ultimate surveillance society. This would include compulsory registration of all Britain's 72m mobile phones, more than 40m of which are prepaid. Terrorists and criminals prefer to hide behind the anonymity of prepaid phones, so a communications database needs to include accurate details of prepaid subscriber details. The Home Office yesterday declined to comment on the plans. But the office of Richard Thomas, the information commissioner, said it expects this register to be included in the database proposed in the draft communications data bill. Vodafone is believed to be one of the mobile phone firms now drawing up plans for compulsory customer registration. Such a system, already used in Europe, would require a passport or ID to register a phone. Phones can be located to within a few yards using cell site analysis which tracks mobile phone users as they move from one signalling area to the next. The system would then link with the automatic number plate recognition (ANPR) system of traffic cameras, which provides live coverage of motor-ways and main roads. It, in turn, is linked to the DVLA in Swansea which holds the records of all registered vehicles in the country.

By monitoring a single telephone call it would be possible to identify exactly where its user was and the registration number of the car in which he or she was travelling. This car could then be found within seconds by the ANPR cameras and tracked along its journey. Simon Davies, of Privacy International, said: If you can do this in real time, with all the databases being interoperable, you have absolute perfect surveillance. The plans for a communications database are equally intrusive. At their heart is a massive extension in an existing network of black boxes plugged into the internet. They intercept data on the web and extract information to be routed into computers held by MI5 and GCHQ, if required. Little is known about the extent of the system, but sources say that last year GCHQ was given 1 billion to extend it. Total costs for the project are estimated to be as high as 12 billion. Advocates of the database say terrorists are stateless and highly mobile and their communications are hard to detect among the billions of pieces of data on the internet. Last year about 14% of all calls were made over the internet, prompting police to complain that they are losing the ability to track calls. Unlike telephone companies, which must keep data for billing, internet call firms such as Skype have no reason to keep the records. A European Union directive introduced after the London and Madrid terror attacks compels service providers to keep all telephone and e-mail data for two years.This requirement will be extended to cover websites in March. But it does not include calls via the internet. Anyway, call and e-mail data is held separately in hundreds of company databases. Opponents fear the cost and ethical implications of a central database are too great. Liberty, the civil rights group, has said that it will mount a legal challenge. Lord Carlile, the independent reviewer of terrorist legislation, said the idea was awful. from the Times of London, 2008-Oct-19, by David Leppard: Passports will be needed to buy mobile phones Everyone who buys a mobile telephone will be forced to register their identity on a national database under government plans to extend massively the powers of state surveillance. Phone buyers would have to present a passport or other official form of identification at the point of purchase. Privacy campaigners fear it marks the latest government move to create a surveillance society.

A compulsory national register for the owners of all 72m mobile phones in Britain would be part of a much bigger database to combat terrorism and crime. Whitehall officials have raised the idea of a register containing the names and addresses of everyone who buys a phone in recent talks with Vodafone and other telephone companies, insiders say. The move is targeted at monitoring the owners of Britain's estimated 40m prepaid mobile phones. They can be purchased with cash by customers who do not wish to give their names, addresses or credit card details. The pay-as-you-go phones are popular with criminals and terrorists because their anonymity shields their activities from the authorities. But they are also used by thousands of law-abiding citizens who wish to communicate in private. The move aims to close a loophole in plans being drawn up by GCHQ, the government's eavesdropping centre in Cheltenham, to create a huge database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain. The Big Brother database would have limited value to police and MI5 if it did not store details of the ownership of more than half the mobile phones in the country. Contingency planning for such a move is already thought to be under way at Vodafone, where 72% of its 18.5m UK customers use pay-as-you-go. The office of Richard Thomas, the information commissioner, said it anticipated that a compulsory mobile phone register would be unveiled as part of a law which ministers would announce next year. With regards to the database that would contain details of all mobile users, including pay-as-you-go, we would expect that this information would be included in the database proposed in the draft Communications Data Bill, a spokeswoman said. Simon Davies, of Privacy International, said he understood that several mobile phone firms had discussed the proposed database in talks with government officials. As The Sunday Times revealed earlier this month, GCHQ has already been provided with up to 1 billion to work on the pilot stage of the Big Brother database, which will see thousands of black boxes installed on communications lines provided by Vodafone and BT as part of a pilot interception programme. The proposals have sparked a fierce backlash inside Whitehall. Senior officials in the Home Office have privately warned that the database scheme is impractical, disproportionate and potentially unlawful. The revolt last week forced Jacqui Smith, the home secretary, to delay announcing plans for the database until next year. from the Washington Post, 2008-Aug-1, p.A1, by Ellen Nakashima:

Travelers' Laptops May Be Detained At Border No Suspicion Required Under DHS Policies Federal agents may take a traveler's laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Also, officials may share copies of the laptop's contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement. "The policies . . . are truly alarming," said Sen. Russell Feingold (D-Wis.), who is probing the government's border search practices. He said he intends to introduce legislation soon that would require reasonable suspicion for border searches, as well as prohibit profiling on race, religion or national origin. DHS officials said the newly disclosed policies -- which apply to anyone entering the country, including U.S. citizens -- are reasonable and necessary to prevent terrorism. Officials said such procedures have long been in place but were disclosed last month because of public interest in the matter. Civil liberties and business travel groups have pressed the government to disclose its procedures as an increasing number of international travelers have reported that their laptops, cellphones and other digital devices had been taken -for months, in at least one case -- and their contents examined. The policies state that officers may "detain" laptops "for a reasonable period of time" to "review and analyze information." This may take place "absent individualized suspicion." The policies cover "any device capable of storing information in digital or analog form," including hard drives, flash drives, cellphones, iPods, pagers, beepers, and video and audio tapes. They also cover "all papers and other written documentation," including books, pamphlets and "written materials commonly referred to as 'pocket trash' or 'pocket litter.' " Reasonable measures must be taken to protect business information and attorney-client privileged material, the policies say, but there is no specific mention of the handling of personal data such as medical and financial records. When a review is completed and no probable cause exists to keep the information, any copies of the data must be destroyed. Copies sent to nonfederal entities must be returned to DHS. But the documents specify that there is no limitation on authorities keeping written notes or reports about the materials.

"They're saying they can rifle through all the information in a traveler's laptop without having a smidgen of evidence that the traveler is breaking the law," said Greg Nojeim, senior counsel at the Center for Democracy and Technology. Notably, he said, the policies "don't establish any criteria for whose computer can be searched." Customs Deputy Commissioner Jayson P. Ahern said the efforts "do not infringe on Americans' privacy." In a statement submitted to Feingold for a June hearing on the issue, he noted that the executive branch has long had "plenary authority to conduct routine searches and seizures at the border without probable cause or a warrant" to prevent drugs and other contraband from entering the country. Homeland Security Secretary Michael Chertoff wrote in an opinion piece published last month in USA Today that "the most dangerous contraband is often contained in laptop computers or other electronic devices." Searches have uncovered "violent jihadist materials" as well as images of child pornography, he wrote. With about 400 million travelers entering the country each year, "as a practical matter, travelers only go to secondary [for a more thorough examination] when there is some level of suspicion," Chertoff wrote. "Yet legislation locking in a particular standard for searches would have a dangerous, chilling effect as officers' often split-second assessments are second-guessed." In April, the U.S. Court of Appeals for the 9th Circuit in San Francisco upheld the government's power to conduct searches of an international traveler's laptop without suspicion of wrongdoing. The Customs policy can be viewed at: http://www.cbp.gov/linkhandler/cgov/travel/admissability/search_authority.ctt/sear ch_authority.pdf. from the Wall Street Journal, 2008-Mar-10, p.A1, by Siobhan Gorman: NSA's Domestic Spying Grows As Agency Sweeps Up Data Terror Fight Blurs Line Over Domain; Tracking Email WASHINGTON, D.C. -- Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks. But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system. The central role the NSA has come to occupy in domestic intelligence gathering has never been publicly disclosed. But an inquiry reveals that its efforts have evolved to reach more broadly into data about people's communications, travel and finances in the U.S. than the domestic surveillance programs brought to light since the 2001 terrorist attacks.

Congress now is hotly debating domestic spying powers under the main law governing U.S. surveillance aimed at foreign threats. An expansion of those powers expired last month and awaits renewal, which could be voted on in the House of Representatives this week. The biggest point of contention over the law, the Foreign Intelligence Surveillance Act, is whether telecommunications and other companies should be made immune from liability for assisting government surveillance. Largely missing from the public discussion is the role of the highly secretive NSA in analyzing that data, collected through little-known arrangements that can blur the lines between domestic and foreign intelligence gathering. Supporters say the NSA is serving as a key bulwark against foreign terrorists and that it would be reckless to constrain the agency's mission. The NSA says it is scrupulously following all applicable laws and that it keeps Congress fully informed of its activities. According to current and former intelligence officials, the spy agency now monitors huge volumes of records of domestic emails and Internet searches as well as bank transfers, credit-card transactions, travel and telephone records. The NSA receives this so-called "transactional" data from other agencies or private companies, and its sophisticated software programs analyze the various transactions for suspicious patterns. Then they spit out leads to be explored by counterterrorism programs across the U.S. government, such as the NSA's own Terrorist Surveillance Program, formed to intercept phone calls and emails between the U.S. and overseas without a judge's approval when a link to al Qaeda is suspected. The NSA's enterprise involves a cluster of powerful intelligence-gathering programs, all of which sparked civil-liberties complaints when they came to light. They include a Federal Bureau of Investigation program to track telecommunications data once known as Carnivore, now called the Digital Collection System, and a U.S. arrangement with the world's main international banking clearinghouse to track money movements. The effort also ties into data from an ad-hoc collection of so-called "black programs" whose existence is undisclosed, the current and former officials say. Many of the programs in various agencies began years before the 9/11 attacks but have since been given greater reach. Among them, current and former intelligence officials say, is a longstanding Treasury Department program to collect individual financial data including wire transfers and credit-card transactions. It isn't clear how many of the different kinds of data are combined and analyzed together in one database by the NSA. An intelligence official said the agency's work links to about a dozen antiterror programs in all. A number of NSA employees have expressed concerns that the agency may be overstepping its authority by veering into domestic surveillance. And the

constitutional question of whether the government can examine such a large array of information without violating an individual's reasonable expectation of privacy "has never really been resolved," said Suzanne Spaulding, a nationalsecurity lawyer who has worked for both parties on Capitol Hill. NSA officials say the agency's own investigations remain focused only on foreign threats, but it's increasingly difficult to distinguish between domestic and international communications in a digital era, so they need to sweep up more information. The Fourth Amendment In response to the Sept. 11 attacks, then NSA-chief Gen. Michael Hayden has said he used his authority to expand the NSA's capabilities under a 1981 executive order governing the agency. Another presidential order issued shortly after the attacks, the text of which is classified, opened the door for the NSA to incorporate more domestic data in its searches, one senior intelligence official said. The NSA "strictly follows laws and regulations designed to preserve every American's privacy rights under the Fourth Amendment to the U.S. Constitution," agency spokeswoman Judith Emmel said in a statement, referring to the protection against unreasonable searches and seizures. The Office of the Director of National Intelligence, which oversees the NSA in conjunction with the Pentagon, added in a statement that intelligence agencies operate "within an extensive legal and policy framework" and inform Congress of their activities "as required by the law." It pointed out that the 9/11 Commission recommended in 2004 that intelligence agencies analyze "all relevant sources of information" and share their databases. Two former officials familiar with the data-sifting efforts said they work by starting with some sort of lead, like a phone number or Internet address. In partnership with the FBI, the systems then can track all domestic and foreign transactions of people associated with that item -- and then the people who associated with them, and so on, casting a gradually wider net. An intelligence official described more of a rapid-response effect: If a person suspected of terrorist connections is believed to be in a U.S. city -- for instance, Detroit, a community with a high concentration of Muslim Americans -- the government's spy systems may be directed to collect and analyze all electronic communications into and out of the city. The haul can include records of phone calls, email headers and destinations, data on financial transactions and records of Internet browsing. The system also would collect information about other people, including those in the U.S., who communicated with people in Detroit. The information doesn't generally include the contents of conversations or emails. But it can give such transactional information as a cellphone's location,

whom a person is calling, and what Web sites he or she is visiting. For an email, the data haul can include the identities of the sender and recipient and the subject line, but not the content of the message. Intelligence agencies have used administrative subpoenas issued by the FBI -which don't need a judge's signature -- to collect and analyze such data, current and former intelligence officials said. If that data provided "reasonable suspicion" that a person, whether foreign or from the U.S., was linked to al Qaeda, intelligence officers could eavesdrop under the NSA's Terrorist Surveillance Program. The White House wants to give companies that assist government surveillance immunity from lawsuits alleging an invasion of privacy, but Democrats in Congress have been blocking it. The Terrorist Surveillance Program has spurred 38 lawsuits against companies. Current and former intelligence officials say telecom companies' concern comes chiefly because they are giving the government unlimited access to a copy of the flow of communications, through a network of switches at U.S. telecommunications hubs that duplicate all the data running through it. It isn't clear whether the government or telecom companies control the switches, but companies process some of the data for the NSA, the current and former officials say. On Friday, the House Energy and Commerce Committee released a letter warning colleagues to look more deeply into how telecommunications data are being accessed, citing an allegation by the head of a New York-based computer security firm that a wireless carrier that hired him was giving unfettered access to data to an entity called "Quantico Circuit." Quantico is a Marine base that houses the FBI Academy; senior FBI official Anthony DiClemente said the bureau "does not have 'unfettered access' to any communication provider's network." The political debate over the telecom information comes as intelligence agencies seek to change traditional definitions of how to balance privacy rights against investigative needs. Donald Kerr, the deputy director of national intelligence, told a conference of intelligence officials in October that the government needs new rules. Since many people routinely post details of their lives on social-networking sites such as MySpace, he said, their identity shouldn't need the same protection as in the past. Instead, only their "essential privacy," or "what they would wish to protect about their lives and affairs," should be veiled, he said, without providing examples. Social-Network Analysis The NSA uses its own high-powered version of social-network analysis to search for possible new patterns and links to terrorism. The Pentagon's experimental Total Information Awareness program, later renamed Terrorism Information Awareness, was an early research effort on the same concept, designed to bring together and analyze as much and as many varied kinds of data as possible. Congress eliminated funding for the program in 2003 before it began operating.

But it permitted some of the research to continue and TIA technology to be used for foreign surveillance. Some of it was shifted to the NSA -- which also is funded by the Pentagon -- and put in the so-called black budget, where it would receive less scrutiny and bolster other data-sifting efforts, current and former intelligence officials said. "When it got taken apart, it didn't get thrown away," says a former top government official familiar with the TIA program. Two current officials also said the NSA's current combination of programs now largely mirrors the former TIA project. But the NSA offers less privacy protection. TIA developers researched ways to limit the use of the system for broad searches of individuals' data, such as requiring intelligence officers to get leads from other sources first. The NSA effort lacks those controls, as well as controls that it developed in the 1990s for an earlier data-sweeping attempt. Sen. Ron Wyden, an Oregon Democrat and member of the Senate Intelligence Committee who led the charge to kill TIA, says "the administration is trying to bring as much of the philosophy of operation Total Information Awareness as it can into the programs they're using today." The issue has been overshadowed by the fight over telecoms' immunity, he said. "There's not been as much discussion in the Congress as there ought to be." Opportunity for Debate But Sen. Kit Bond of Missouri, the ranking Republican on the committee, said by email his committee colleagues have had "ample opportunity for debate" behind closed doors and that each intelligence program has specific legal authorization and oversight. He cautioned against seeing a group of intelligence programs as "a mythical 'big brother' program," adding, "that's not what is happening today." The legality of data-sweeping relies largely on the government's interpretation of a 1979 Supreme Court ruling allowing records of phone calls -- but not actual conversations -- to be collected without a judge issuing a warrant. Multiple laws require a court order for so-called "transactional'" records of electronic communications, but the 2001 Patriot Act lowered the standard for such an order in some cases, and in others made records accessible using FBI administrative subpoenas called "national security letters." (Read the ruling.) A debate is brewing among legal and technology scholars over whether there should be privacy protections when a wide variety of transactional data are brought together to paint what is essentially a profile of an individual's behavior. "You know everything I'm doing, you know what happened, and you haven't listened to any of the contents" of the communications, said Susan Landau, coauthor of a book on electronic privacy and a senior engineer at Sun Microsystems Laboratories. "Transactional information is remarkably revelatory." Ms. Spaulding, the national-security lawyer, said it's "extremely questionable" to assume Americans don't have a reasonable expectation of privacy for data such

as the subject-header of an email or a Web address from an Internet search, because those are more like the content of a communication than a phone number. "These are questions that require discussion and debate," she said. "This is one of the problems with doing it all in secret." Gen. Hayden, the former NSA chief and now Central Intelligence Agency director, in January 2006 publicly defended the activities of the Terrorist Surveillance Program after it was disclosed by the New York Times. He said it was "not a driftnet over Lackawanna or Fremont or Dearborn, grabbing all communications and then sifting them out." Rather, he said, it was carefully targeted at terrorists. However, some intelligence officials now say the broader NSA effort amounts to a driftnet. A portion of the activity, the NSA's access to domestic phone records, was disclosed by a USA Today article in 2006. The NSA, which President Truman created in 1952 through a classified presidential order to be America's ears abroad, has for decades been the country's largest and most secretive intelligence agency. The order confined NSA spying to "foreign governments," and during the Cold War the NSA developed a reputation as the world's premier code-breaking operation. But in the 1970s, the NSA and other intelligence agencies were found to be using their spy tools to monitor Americans for political purposes. That led to the original FISA legislation in 1978, which included an explicit ban on the NSA eavesdropping in the U.S. without a warrant. Big advances in telecommunications and database technology led to unprecedented data-collection efforts in the 1990s. One was the FBI's Carnivore program, which raised fears when it was in disclosed in 2000 that it might collect telecommunications information about law-abiding individuals. But the ground shifted after 9/11. Requests for analysis of any data that might hint at terrorist activity flooded from the White House and other agencies into NSA's Fort Meade, Md., headquarters outside Washington, D.C., one former NSA official recalls. At the time, "We're scrambling, trying to find any piece of data we can to find the answers," the official said. The 2002 congressional inquiry into the 9/11 attacks criticized the NSA for holding back information, which NSA officials said they were doing to protect the privacy of U.S. citizens. "NSA did not want to be perceived as targeting individuals in the United States" and considered such surveillance the FBI's job, the inquiry concluded. FBI-NSA Projects The NSA quietly redefined its role. Joint FBI-NSA projects "expanded exponentially," said Jack Cloonan, a longtime FBI veteran who investigated al Qaeda. He pointed to national-security letter requests: They rose from 8,500 in 2000 to 47,000 in 2005, according to a Justice Department inspector general's report last year. It also said the letters permitted the potentially illegal collection of

thousands of records of people in the U.S. from 2003-05. Last Wednesday, FBI Director Robert Mueller said the bureau had found additional instances in 2006. It isn't known how many Americans' data have been swept into the NSA's systems. The Treasury, for instance, built its database "to look at all the world's financial transactions" and gave the NSA access to it about 15 years ago, said a former NSA official. The data include domestic and international money flows between bank accounts and credit-card information, according to current and former intelligence officials. The NSA receives from Treasury weekly batches of this data and adds it to a database at its headquarters. Prior to 9/11, the database was used to pursue specific leads, but afterward, the effort was expanded to hunt for suspicious patterns. Through the Treasury, the NSA also can access the database of the Society for Worldwide Interbank Financial Telecommunication, or Swift, the Belgium-based clearinghouse for records of international transactions between financial institutions, current and former officials said. The U.S. acknowledged in 2006 that the CIA and Treasury had access to Swift's database, but said the NSA's Terrorism Surveillance Program was separate and that the NSA provided only "technical assistance." A Treasury spokesman said the agency had no comment. Through the Department of Homeland Security, airline passenger data also are accessed and analyzed for suspicious patterns, such as five unrelated people who repeatedly fly together, current and former intelligence officials said. Homeland Security shares information with other agencies only "on a limited basis," spokesman Russ Knocke said. NSA gets access to the flow of data from telecommunications switches through the FBI, according to current and former officials. It also has a partnership with FBI's Digital Collection system, providing access to Internet providers and other companies. The existence of a shadow hub to copy information about AT&T Corp. telecommunications in San Francisco is alleged in a lawsuit against AT&T filed by the civil-liberties group Electronic Frontier Foundation, based on documents provided by a former AT&T official. In that lawsuit, a former technology adviser to the Federal Communications Commission says in a sworn declaration that there could be 15 to 20 such operations around the country. Current and former intelligence officials confirmed a domestic network of hubs, but didn't know the number. "As a matter of policy and law, we can not discuss matters that are classified," said FBI spokesman John Miller. The budget for the NSA's data-sifting effort is classified, but one official estimated it surpasses $1 billion. The FBI is requesting to nearly double the budget for the Digital Collection System in 2009, compared with last year, requesting $42 million. "Not only do demands for information continue to increase, but also the requirement to facilitate information sharing does," says a budget justification

document, noting an "expansion of electronic surveillance activity in frequency, sophistication, and linguistic needs." from the Telegraph of London, 2008-Sep-6, by Martin Beckford, Sarah Graham and Betsy Mead: Children aged eight enlisted as council snoopers Children as young as eight have been recruited by councils to "snoop" on their neighbours and report petty offences such as littering, the Daily Telegraph can disclose. The youngsters are among almost 5,000 residents who in some cases are being offered 500 rewards if they provide evidence of minor infractions. One in six councils contacted by the Telegraph said they had signed up teams of "environment volunteers" who are being encouraged to photograph or video neighbours guilty of dog fouling, littering or "bin crimes". The "covert human intelligence sources", as some local authorities describe them, are also being asked to pass on the names of neighbours they believe to be responsible, or take down their number-plates. Ealing Council in West London said: "There are hundreds of Junior Streetwatchers, aged 8-10 years old, who are trained to identify and report enviro-crime issues such as graffiti and fly-tipping." Harlow Council in Essex said: "We currently have 25 Street Scene Champions who work with the council. They are all aged between 11 to 14. They are encouraged to report the aftermath of enviro-crimes such as vandalism to bus shelters, graffiti, abandoned vehicles, fly-tipping etc. They do this via telephone or email direct to the council." Other local authorities recruit adult volunteers through advertisements in local newspapers, with at least 4,841 people already patrolling the streets in their spare time. Some are assigned James Bond-style code numbers, which they use instead of their real names when they ring a special informer's hotline. This escalation in Britain's growing surveillance state follows an outcry about the way councils are using powers originally designed to combat terrorism and organised crime to spy on residents. In one case, a family was followed by council staff for almost three weeks after being wrongly accused of breaking rules on school catchment areas. It also emerged last month that around 1,400 security guards, car park attendants and town hall staff have been given police-style powers including the right to issue on-the-spot fines for littering, cycling on the pavement and other offences.

Matthew Sinclair, of the TaxPayers' Alliance, described the recruitment of children as "downright sinister". He said: "We are deeply troubled by these developments - they are straight out of the Stasi copybook. There is a combination of ever-stricter rules and ever more Draconian attempts to control people. "Councils are using anti-terrorist legislation for the tiniest of things, like the people who put out their bins early, and the threats of fines and prosecutions combine to constitute fleecing the people the councils are meant to be serving." The increase in surveillance comes at a time when an estimated 169 councils have dropped weekly rubbish collections. Some local authorities are refusing to collect bins which are placed too far from the kerb, while others are issuing 100 fines to people who fail to comply with recycling rules. Critics have claimed that councils have stopped prosecuting people for flytipping in favour of pursuing easy targets such as fining people for dropping bits of food and cigarette butts. In April, Hull council officials fined a young mother 75 for dropping a piece of sausage roll while trying to feed her four-year-old daughter. Sarah Davies, 20, refused to pay and the matter when to magistrates court where it was dismissed. Doretta Cocks, founder of the Campaign for Weekly Waste Collection, said the use of children by councils was "shocking". She said: "What sort of world are we bringing them up in? I think it's dreadful for neighbour to spy upon neighbour in that way." The Daily Telegraph contacted more than 240 councils across England and Wales to ask if they had recruited environmental volunteers. Of those, 36 or just under one in six, said they had. They included Luton, with 600 volunteers, the highest of any council; Southwark, south London (400) Birmingham (370) Blaenau Gwent (300) and Congleton in Cheshire (300). Among the "environmental crimes" which the snoopers are asked to report, which vary from council to council, are failure to recycle rubbish, vandalism, graffiti, dog fouling, fly-tipping and abandoned vehicles. Some councils merely ask recruits to keep an eye out for problems, while others are sent out on patrols. Several of the councils which do not yet use volunteers said they were considering doing so in future. Many of the town halls said they did not encourage their volunteers to confront offenders or collect evidence, for their own safety.

But Bromley Council in Kent offers up to 500 for information that leads to a conviction. Crawley Borough Council in West Sussex said its 150 Streetcare Champions were asked to "report on individuals if known". Bolton Council said its Green Inspectors must "note any relevant information such as registration numbers" if they see criminal activity. Others, including Fareham in Hampshire and Waltham Forest in east London encourage their volunteers to take photographs of rubbish to help investigations. Liz Henthorn, 66, a retired nurse who is one of 120 "Street Hawk" volunteers in Enfield, north London, openly describes herself as a "curtain twitcher" but insists she is not snooping on anyone. She said: "If there is a problem with fly-tipping, general bad behaviour, graffiti etcetera then I ring the Street Hawk person and when I do it is cleared. Enfield has become a lot cleaner because of us curtain twitchers having a look around. "If you can you report an individual but nobody is going to give their name and address. If you know where that person lives you can say you know who it is but other than that you don't." A spokesman for the Local Government Association, which represents town halls across the country, insisted: "Environment volunteers are people who care passionately about their local area and want to protect it from vandals, graffitists and fly tippers. "These residents are not snoopers. They will help councils cut crime and make places cleaner, greener and safer." Dominic Grieve, the shadow home secretary, said: "In any civilised society the community will engage with the police but it would be plain wrong for young children to be recruited and trained for reward. People want to see the police and other appropriate agencies on our streets catching and deterring offenders." Councillor Sue Emment, Ealing Council's cabinet member for environment and street services, said: "Ealing Council works with participating schools so Junior Streetwatchers can learn how to help our local environment, take pride in their community and have a sense of civic responsibility. "Organisations like the TaxPayers' Alliance are fast becoming parodies of themselves and ought to find out about Council schemes before making comments. We feel it is sad that the valuable time these young people are spending on improving the community should be criticised in any way." A spokesman for Harlow Council said: "We need to encourage more people to care for their community. If we can encourage people at a young age to do this then they will grow up to respect the environment. Our Street Champions, which

is an entirely voluntary scheme naturally, has the backing and support of parents for children to take part in the scheme. The scheme is highly regarded. "The scheme isn't just about them reporting environmental problems, they also take part in projects to help them learn new skills and in a wider context, about citizenship." from Reuters, 2008-Oct-2, by Sinead Carew with Savio D'Souza in Bangalore and editing by Gerald E. McCormick: Skype admits to storing China text messages NEW YORK - Skype, eBay Inc's Web communications unit, admitted on Thursday that TOM-Skype, its China venture with TOM Online Inc, had been monitoring and storing some of its users' text messages without Skype's knowledge. Skype apologized after a report revealed that the Web service monitors text chats with politically sensitive keywords and stores them along with millions of personal user records on computers that could be easily accessed by anybody -including the Chinese government. Jennifer Caukin, a spokeswoman for Skype, minority owner of TOM-Skype, admitted to the privacy breach in the servers and said it had now been fixed. However, she said that Skype needed to have further discussions with TOM after it found out that the venture had changed privacy policies without Skype's consent or knowledge in order to store certain user messages. Caukin said it is not a surprise that "the Chinese government might be monitoring communication in and out of the country." "Nevertheless we are concerned to hear about security issues brought to our attention and confirm that TOM was able to fix the flaw." she said adding that "changes in storing and uploading chats will be further discussed with TOM." Caukin said in an e-mailed statement that Skype had publicly acknowledged in 2006 that in order to meet Chinese regulations, TOM was operating a text filter that blocked certain words on TOM-Skype chat messages without compromising customer privacy. But she said that policy had changed. "Last night, we learned that this practice was changed without our knowledge or consent and we are extremely concerned." Caukin said. TOM Group, the parent company of TOM-Skype's majority owner TOM Online, said in an e-mailed statement that it follows Chinese regulations. "As a Chinese company, we adhere to rules and regulations in China where we operate our businesses. We have no other comment," it said in the statement.

The comments follow a University of Toronto Citizen Lab report that said text messages sent between TOM-Skype users and between Skype users and T0MSkype users, are scanned for phrases like "Taiwan independence" or "Falun Gong" or for opposition to the Communist Party of China. When these keywords are found, the messages and information, such as usernames of subscribers, are stored on publicly accessible Web servers along with an encryption key that could be used to unlock the data, according to the report. from the New York Times, 2008-Oct-1, by John Markoff: Surveillance of Skype Messages Found in China SAN FRANCISCO A group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words. The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service. The discovery draws more attention to the Chinese government's Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more Internet police monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China. The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words. The list includes words related to the religious group Falun Gong, Taiwan independence and the Chinese Communist Party, according to the researchers. It includes not only words like democracy, but also earthquake and milk powder. (Chinese officials are facing criticism over the handling of earthquake relief and chemicals tainting milk powder.) The list also serves as a filter to restrict text conversations. The encrypted list of words inside the Tom-Skype software blocks the transmission of those words and a copy of the message is sent to a server. The Chinese servers retained personal information about the customers who sent the messages. They also recorded chat conversations between Tom-Skype users and Skype users outside China. The system recorded text messages and Skype caller identification, but did not record the content of Skype voice calls.

In just two months, the servers archived more than 166,000 censored messages from 44,000 users, according to a report that was published on the Information Warfare Monitor Web site at the university. The researchers were able to download and analyze copies of the surveillance data because the Chinese computers were improperly configured, leaving them accessible. The researchers said they did not know who was operating the surveillance system, but they said they suspected that it was the Chinese wireless firm, possibly with cooperation from Chinese police. Independent executives from the instant message industry say the discovery is an indication of a spiraling computer war that is tracking the introduction of new communications technologies. I can see an arms race going on, said Pat Peterson, vice president for technology at Cisco's Ironport group, which provides messaging security systems. China is one of the more wired places of the world and they are fighting a war with their populace. The Chinese government is not alone in its Internet surveillance efforts. In 2005, The New York Times reported that the National Security Agency was monitoring large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program, intended to hunt for evidence of terrorist activity, that President Bush approved after the Sept. 11 attacks. [As James Taranto points out, this is a gratuitous comparison, since the PRC is monitoring the political communications of its own reform-minded citizens with a view to thwarting reform, whereas the USG is monitoring the communications of foreigners planning terrorist attacks, with a view to protecting citizens from terrorist violence. -AMPP Ed.] The researchers said their discovery contradicted a public statement made by Skype executives in 2006 after the content filtering of the Skype conversations was reported. At the time the company said that the conversations were protected and private. The Citizen Lab researchers issued a report on Wednesday, which details an analysis of data on the servers. We were able to download millions of messages that identify users, said Ronald J. Deibert, an associate professor of political science at the University of Toronto. This is the worst nightmares of the conspiracy theorists around surveillance coming true. It's `X-Files' without the aliens. Jennifer Caukin, an eBay spokeswoman, said, The security and privacy of our users is very important to Skype. But the company spoke to the accessibility of the messages, not their monitoring. The security breach does not affect Skype's core technology or functionality, she said. It exists within an administrative layer on Tom Online servers. We have expressed our concern to Tom Online about

the security issue and they have informed us that a fix to the problem will be completed within 24 hours. EBay had no comment on the monitoring. Other American companies have been caught in controversy after cooperating with Chinese officials. In 2005, Yahoo supplied information to the Chinese authorities, who then sentenced a reporter, Shi Tao, to 10 years in prison for leaking what the government considered state secrets. The company said it was following Chinese law. EBay created the joint venture with the Tom Group, which holds the majority stake, in September 2005. The Tom Group itself was founded in October 1999 as a joint venture among Hutchison Whampoa, Cheung Kong Holdings and other investors. In its annual report this year, the Tom Group, based in Hong Kong, said that the number of Tom-Skype registered users had reached 69 million in the first half of 2008 and revenue had increased tenfold in the last year. The researchers stumbled upon the surveillance system when Nart Villeneuve, a senior research fellow at Citizen Lab, began using an analysis tool to monitor data that was generated by the Tom-Skype software, which is meant to permit voice and text conversations from a personal computer. By observing the data generated by the program, he determined that each time he typed a particular swear word into the text messaging program an encrypted message was sent to an unidentified Internet address. To his surprise, the coded messages were being stored on Tom Online computers. When he examined the machines over the Internet, he discovered that they had been misconfigured and that the computer directories were readable with a simple Web browser. One directory on each machine contained a series of files in which the messages, in encrypted form, were being deposited. Hunting further, Mr. Villeneuve soon found a file that contained the numerical key that permitted him to decode the encrypted log files. What he uncovered were hundreds of files, each containing thousands of records of messages that had been captured and then stored by the filtering software. The records revealed Internet addresses and user names as well as message content. Also stored on the computers were calling records for Skype voice conversations containing names and in some cases phone numbers of the calling parties. Mr. Villeneuve downloaded the messages, decrypted them and used machine translation software to convert the Chinese messages to English. He then used word frequency counts to identify the key words that were flagging the messages. The exact criteria used by the filtering software is still unclear, he said, because some messages on the servers contained no known key word. He said that in addition to capturing the Skype messages sent between Tom-Skype users, international conversations were recorded as well, meaning that users of

standard Skype software outside China were also vulnerable to the surveillance system when they had text conversations with Chinese users. from the Washington Post, 2008-Jul-4, p.D1, by Ellen Nakashima with Peter Whoriskey contributing: YouTube Ordered To Release User Data Viacom Had Sought Access to Database In Copyright Battle A federal judge in New York this week ordered the video-sharing site YouTube, the world's third-most-visited Web site, to release data on the viewing habits of its tens of millions of worldwide viewers. Tuesday's ruling, which amounted to only seven paragraphs in a 25-page opinion that was mostly about programming code and other matters, alarmed privacy advocates, who said it ignored laws meant to protect peoples' viewing habits. The order comes as part of a $1 billion copyright infringement lawsuit brought against YouTube's owner, Google, by Viacom, the media company that owns large cable networks such as MTV, VH1 and Nickelodeon. Viacom alleges that YouTube encourages people to upload significant amounts of pirated copyrighted programs and that users do so by the thousands, profiting YouTube and Google. It wants to prove that pirated videos uploaded to the site -- video clips of Jon Stewart's "The Daily Show," for instance -- are more heavily viewed than amateur content. On Tuesday, U.S. District Judge Louis L. Stanton granted Viacom's request that YouTube release its 12-terabyte "logging" database -- a database that is larger than the Library of Congress's collection of about 10 million books, to Viacom. Every minute, 13 hours of video are uploaded to YouTube servers. The site logs hundreds of millions of views a week. The database contains the unique login ID of the viewer, the time he began watching, the Internet Protocol, or IP, address of the user's computer and the identification of the video. That database is the only existing record of how often each video has been viewed during various time periods, the opinion said. Its data can recreate the number of views of a video for any particular day. In ordering the data release, Stanton said that YouTube's privacy concerns were "speculative," that Google cited "no authority barring them from disclosing such information in civil discovery proceedings" and that Google itself has noted that an IP address without additional information cannot in most cases identify a person. Privacy advocates said the ruling disregarded the 1988 Video Privacy Protection Act passed by Congress to protect people's video-viewing habits from being disclosed. The law says that records may not be turned over unless the consumer is given the opportunity to object.

"People recognize that what videos you watch is deeply private information that can tell a lot about you," said Kurt Opsahl, senior staff attorney for the Electronic Frontier Foundation. "And that might be information you might not want revealed." Viacom General Counsel Michael Fricklas said yesterday that Viacom has no intention of going after individual users. "Even if they uploaded pirated clips, we're not going to use the data to find them. We're not going to use it to sue them. We're not going to use it to look at who they are." Rather, the company has argued, the data could be used to measure the popularity of copyrighted video against non-copyrighted video. Yesterday, lawyers for Google said they would not appeal the ruling. They sent Viacom a letter requesting that the company allow YouTube to redact user names and IP addresses from the data. "We are pleased the court put some limits on discovery, including refusing to allow Viacom to access users' private videos and our search technology," Google senior litigation counsel Catherine Lacavera said in a statement. "We are disappointed the court granted Viacom's overreaching demand for viewing history. We will ask Viacom to respect users' privacy and allow us to anonymize the logs before producing them under the court's order." Fricklas said Viacom is open to the anonymity request and has consulted with the Electronic Frontier Foundation on possible approaches. "Any information that we or our outside advisers obtain -- which will not include personally identifiable information -- will be used exclusively for the purpose of proving our case against YouTube and Google, and will be handled subject to a court protective order and in a highly confidential manner," Fricklas said. But making the records anonymous is not fail-safe. In 2006, an AOL researcher inadvertently posted three months' worth of searches typed in by 650,000 anonymous AOL users. Although their identities were masked -- each user was given a randomly generated unique identification number -- the search terms, which included names, home towns and interests, could be collated and used to identify a person, as an enterprising New York Times reporter showed. The ruling and the response to it underscores the concerns about data collection and Web surfers' lack of control over the use of their personal data. Jennifer Urban, a law professor at the University of Southern California, said that even if Viacom does not use the information to sue users, "a future litigant may not keep the information private." What videos people view, what books they read, have long been considered sensitive information, she said, "intensely personal pieces of information we expect people to be able to keep private."

The lawsuit was paired with a similar suit filed as a class action by a British soccer league that broadcasts soccer matches internationally. from the New York Times, 2007-Nov-7, by James Risen and Eric Lichtblau: Ex-Worker at AT&T Fights Immunity Bill WASHINGTON, Nov. 6 When Mark Klein, then an AT&T technician in San Francisco, stumbled on a secret room apparently reserved for the National Security Agency inside an AT&T switching center, he hardly expected to be caught up in a national debate over the proper balance between American civil liberties and national security. But four years later, Mr. Klein's discovery has led to a spate of class-action lawsuits against the nation's largest telephone companies. The threat posed to the telecommunications industry by those suits has prompted the Bush administration to push Congress to grant companies legal immunity for their secret cooperation in the N.S.A.'s program of eavesdropping without warrants. With many Democrats in Congress seemingly willing to grant the legal protection, Mr. Klein has come to Washington to fight back. Mr. Klein, 62 and now retired, will begin meeting Wednesday with staff members on the Senate and House Judiciary Committees to try to persuade them to put a brake on the immunity legislation. He says the phone companies do not deserve the legal protection. I think they committed a massive violation not only of the law but of the Constitution, he said. That's not the way the Fourth Amendment is supposed to work. The administration and other supporters of immunity say the companies should get it because they were acting under what they believed to be lawful orders from the government. The administration also argues that if the lawsuits, coordinated by the Electronic Frontier Foundation, a privacy group know as EEF, are allowed to proceed, they could reveal national security secrets, and so the Justice Department has sought to block them by using the state secrets privilege. A spokesman for Mike McConnell, director of national intelligence, declined to comment on Tuesday. In 2002, Mr. Klein was working as a technician in AT&T's Geary Street facility in San Francisco when he was told that an N.S.A. agent would be visiting the office to interview another AT&T employee for a special job. He later learned that the job was at an AT&T facility on Folsom Street. In early 2003, Mr. Klein took a tour of the Folsom Street office, where he saw a secret room under construction. By October 2003, he was transferred to that office, and he said he learned that only employees cleared by the security agency were allowed to enter the room.

Mr. Klein was responsible for maintaining Internet switching equipment near the secret room, and said he was stunned to discover that special splitter equipment had been installed in his area to route copies of all Internet traffic diverted through his lines into the secret room. What I saw is that everything's flowing across the Internet to this governmentcontrolled room, he said. Later, Mr. Klein obtained three AT&T documents that he said revealed the computer and equipment design for the room documents that the company maintains he kept improperly after leaving AT&T in 2004. Those designs, according to Mr. Klein and other telecommunications specialists who have reviewed them, would give the security agency. the ability to sift and reroute international and domestic communications and data from the AT&T lines to another site. The physical apparatus gives them everything, Mr. Klein said, adding, A lot of this was domestic. Ever since the N.S.A. eavesdropping program was publicly disclosed in December 2005, the administration has said that it was limited to intercepting, without seeking court orders, the international calls and e-mail messages of people inside the United States suspected of terrorist ties. EFF, which brought Mr. Klein to Washington to plead his case, is fearful that Congress will pass an immunity bill just as its class-action lawsuit has made some progress in a federal court in California. A judge there has refused to throw out the lawsuits, and an appellate court is now weighing a government appeal. In a ruling released Tuesday, the district judge hearing the case, Vaughn Walker, ordered that no documents or evidence in it be altered or destroyed. The government had opposed that motion. Administration officials have insisted that the lawsuits, if allowed to proceed, threatens to bankrupt the phone carriers. But Cindy Cohn, staff lawyer for EFF, said its main objective was to get the courts to rule on the legality of the eavesdropping program, which the group maintains violates the Constitution. I don't want to bankrupt the phone companies, Ms. Cohn said. That's not what this is about. from the Boston Globe, 2007-Nov-17, by Maria Cramer: Police to search for guns in homes City program depends on parental consent Boston police are launching a program that will call upon parents in high-crime neighborhoods to allow detectives into their homes, without a warrant, to search for guns in their children's bedrooms.

The program, which is already raising questions about civil liberties, is based on the premise that parents are so fearful of gun violence and the possibility that their own teenagers will be caught up in it that they will turn to police for help, even in their own households. In the next two weeks, Boston police officers who are assigned to schools will begin going to homes where they believe teenagers might have guns. The officers will travel in groups of three, dress in plainclothes to avoid attracting negative attention, and ask the teenager's parent or legal guardian for permission to search. If the parents say no, police said, the officers will leave. If officers find a gun, police said, they will not charge the teenager with unlawful gun possession, unless the firearm is linked to a shooting or homicide. The program was unveiled yesterday by Police Commissioner Edward F. Davis in a meeting with several community leaders. "I just have a queasy feeling anytime the police try to do an end run around the Constitution," said Thomas Nolan, a former Boston police lieutenant who now teaches criminology at Boston University. "The police have restrictions on their authority and ability to conduct searches. The Constitution was written with a very specific intent, and that was to keep the law out of private homes unless there is a written document signed by a judge and based on probable cause. Here, you don't have that." Critics said they worry that some residents will be too intimidated by a police presence on their doorstep to say no to a search. "Our biggest concern is the notion of informed consent," said Amy Reichbach, a racial justice advocate at the American Civil Liberties Union. "People might not understand the implications of weapons being tested or any contraband being found." But Davis said the point of the program, dubbed Safe Homes, is to make streets safer, not to incarcerate people. "This isn't evidence that we're going to present in a criminal case," said Davis, who met with community leaders yesterday to get feedback on the program. "This is a seizing of a very dangerous object. . . . "I understand people's concerns about this, but the mothers of the young men who have been arrested with firearms that I've talked to are in a quandary," he said. "They don't know what to do when faced with the problem of dealing with a teenage boy in possession of a firearm. We're giving them an option in that case." But some activists questioned whether the program would reduce the number of weapons on the street.

A criminal whose gun is seized can quickly obtain another, said Jorge Martinez, executive director of Project Right, who Davis briefed on the program earlier this week. "There is still an individual who is an impact player who is not going to change because you've taken the gun from the household," he said. The program will focus on juveniles 17 and younger and is modeled on an effort started in 1994 by the St. Louis Police Department, which stopped the program in 1999 partly because funding ran out. Police said they will not search the homes of teenagers they suspect have been involved in shootings or homicides and who investigators are trying to prosecute. "In a case where we have investigative leads or there is an impact player that we know has been involved in serious criminal activity, we will pursue investigative leads against them and attempt to get into that house with a search warrant, so we can hold them accountable," Davis said. Police will rely primarily on tips from neighbors. They will also follow tips from the department's anonymous hot line and investigators' own intelligence to decide what doors to knock on. A team of about 12 officers will visit homes in four Dorchester and Roxbury neighborhoods: Grove Hall, Bowdoin Street and Geneva Avenue, Franklin Hill and Franklin Field, and Egleston Square. If drugs are found, it will be up to the officers' discretion whether to make an arrest, but police said modest amounts of drugs like marijuana will simply be confiscated and will not lead to charges. "A kilo of cocaine would not be considered modest," said Elaine Driscoll, Davis's spokeswoman. "The officers that have been trained have been taught discretion." The program will target young people whose parents are either afraid to confront them or unaware that they might be stashing weapons, said Davis, who has been trying to gain support from community leaders for the past several weeks. One of the first to back him was the Rev. Jeffrey L. Brown, cofounder of the Boston TenPoint Coalition, who attended yesterday's meeting. "What I like about this program is it really is a tool to empower the parent," he said. "It's a way in which they can get a hold of the household and say, 'I don't want that in my house.' " Suffolk District Attorney Daniel F. Conley, whose support was crucial for police to guarantee there would be no prosecution, also agreed to back the initiative. "To me it's a preventive tool," he said. Boston police officials touted the success of the St. Louis program's first year, when 98 percent of people approached gave consent and St. Louis police seized guns from about half of the homes they searched.

St. Louis police reassured skeptics by letting them observe searches, said Robert Heimberger, a retired St. Louis police sergeant who was part of the program. "We had parents that invited us back, and a couple of them nearly insisted that we take keys to their house and come back anytime we wanted," he said. But the number of people who gave consent plunged in the next four years, as the police chief who spearheaded the effort left and department support fell, according to a report published by the National Institute of Justice. Support might also have flagged because over time police began to rely more on their own intelligence than on neighborhood tips, the report said. Heimberger said the program also suffered after clergy leaders who were supposed to offer help to parents never appeared. "I became frustrated when I'd get the second, or third, or fourth phone call from someone who said, 'No one has come to talk to me,' " he said. Residents "lost faith in the program and that hurt us." Boston police plan to hold neighborhood meetings to inform the public about the program. Police are also promising follow-up visits from clergy or social workers, and they plan to allow the same scrutiny that St. Louis did. "We want the community to know what we're doing," Driscoll said. Ronald Odom - whose son, Steven, 13, was fatally shot last month as he walked home from basketball practice - was at yesterday's meeting and said the program is a step in the right direction. "Everyone talks about curbing violence," he said, following the meeting. ". . . This is definitely a head start." from the Washington Post, 2008-Jan-12, p.D1, by Del Quentin Wilber: Fliers' Data Left Exposed, Report Says Official Overseeing TSA Site Had Worked for Contractor A government Web site designed to help travelers remove their names from aviation watch lists was so riddled with security holes that hackers could easily have stolen personal information from scores of passengers, a congressional report concluded yesterday. Thousands of people used the Web site, and as many as 247 submitted detailed personal information between October 2006 and last February, the report says. A spokesman for the Transportation Security Administration, which established the site, said the agency was not aware of any travelers who used the site and became victims of identity theft. Congressional investigators raised concerns about a conflict of interest in how the no-bid contract to create the Web site was awarded. The TSA employee who framed many of the contract's requirements and was in charge of overseeing the

site was once employed by the firm that was awarded the contract -- Desyne Web Services, a small firm in Boston, Va. -- and socialized with members of the company, according to the report by the Democratic staff of the House Oversight and Government Reform Committee. The TSA continues to use Desyne on various projects, the report said, and has awarded the company no-bid contracts worth about $500,000. The report also found that the TSA conducted little oversight of the Web site. "It is mindboggling that TSA would launch a Web site with so many security vulnerabilities," Rep. Henry A. Waxman (D-Calif.), chairman of the committee, said in a statement. "The handling of this Web site goes against all good government contracting standards, reveals serious flaws in oversight, and potentially exposed travelers to identity theft." Telephone messages left at Desyne were not returned yesterday. A TSA official said that the issues raised by the report were "old news" and that the problems had been addressed. "Things could and should have been done differently," said Christopher White, a TSA spokesman. "We have learned from those issues." The government provides airlines with security watch lists that give the names of suspected terrorists, fugitives and others considered a "threat to aviation." The lists have been frequently criticized, particularly since the terrorist attacks of Sept. 11, 2001, heightened security concerns. Prominent Americans, including members of Congress, have been singled out for questioning and searches at airports because their names were similar to names on the lists. TSA officials said they had taken steps to reduce the number of people whose names are on the no-fly list, who are not allowed to board planes. They took the same steps, they said, to reduce their "selectee" list. Passengers with names similar to those on the selectee list are subjected to extra screening and questioning at checkpoints. The TSA created a redress procedure three years ago for innocent passengers ensnared by the lists. A flood of requests quickly swamped officials, and by 2006, the TSA began seeking bids from contractors to build, host and maintain "a secure Web-based system" to handle the requests, the committee report says. TSA investigators later determined that the bid request was written in such a way that only one firm -- Desyne -- could win the contract, according to the report. According to the report, the primary author of the contract's requirements was Nicholas Panuzio, a TSA official who also was assigned an oversight role of the Web site. Panuzio "had a prior relationship with Desyne" that included having worked for the company for eight months several years earlier, the report says.

Panuzio had also known the company's owner since high school and "still met regularly with Desyne's owner and others for drinks and dinner," according to the report. Panuzio could not be reached for comment yesterday. The report said Panuzio reported the conflict of interest to the agency's chief counsel but not to the project's managers. The report did not say when the disclosure was made, and a TSA spokesman was unable to pinpoint a time. TSA officials said that Panuzio did not profit from the contract, which was valued at $48,816. "A thorough review determined that no disciplinary action was necessary," said White, the spokesman. A few months after the site was launched, Chris Soghoian, a graduate student at Indiana University discovered that it was not secure. Soghoian told investigators that the site's appearance "was so poor that he first suspected it was a 'phishing' site," or one set up by hackers to imitate official sites to lure people into giving personal information that could then be stolen, the report found. Soghoian posted his concerns in February on a blog then picked up by news outlets, including a http://washingtonpost.com security blog. The TSA quickly moved the site to a more secure government domain, at http://https://trip.dhs.gov. from the Taipei Times, 2007-Nov-11, p.2, by Yang Kuo-wen, Lin Ching-chuan and Rich Chang: Bureau warns on tainted discs FOCUSED ATTACK: Large-capacity hard disks often used by government agencies were found to contain Trojan horse viruses, Investigation Bureau officials warned Portable hard discs sold locally and produced by US disk-drive manufacturer Seagate Technology have been found to carry Trojan horse viruses that automatically upload to Beijing Web sites anything the computer user saves on the hard disc, the Investigation Bureau said. Around 1,800 of the portable Maxtor hard discs, produced in Thailand, carried two Trojan horse viruses: autorun.inf and ghost.pif, the bureau under the Ministry of Justice said. The tainted portable hard disc uploads any information saved on the computer automatically and without the owner's knowledge to www.nice8.org and www.we168.org, the bureau said. The affected hard discs are Maxtor Basics 500G discs.

The bureau said that hard discs with such a large capacity are usually used by government agencies to store databases and other information. Sensitive information may have already been intercepted by Beijing through the two Web sites, the bureau said. The bureau said that the method of attack was unusual, adding that it suspected Chinese authorities were involved. In recent years, the Chinese government has run an aggressive spying program relying on information technology and the Internet, the bureau said. The bureau said this was the first time it had found that Trojan horse viruses had been placed on hard discs before they even reach the market. The bureau said that it had instructed the product's Taiwanese distributor, Xander International, to remove the products from shelves immediately. The bureau said that it first received complaints from consumers last month, saying they had detected Trojan horse viruses on brand new hard discs purchased in Taiwan. Agents began examining hard discs on the market and found the viruses linked to the two Web sites. Anyone who has purchased this kind of hard disc should return it to the place of purchase, the bureau said. The distributor told the Chinese-language Liberty Times (the Taipei Times' sister newspaper) that the company had sold 1,800 tainted discs to stores last month. It said it had pulled 1,500 discs from shelves, while the remaining 300 had been sold by the stores to consumers. Seagate's Asian Pacific branch said it was looking into the matter. from the Telegraph blogs, 2007-Nov-2, by Peter Foster: Butt-naked at Heathrow Just back from England and before I move onto a more serious subject I urgently need to share an experience I had at the Heathrow's Terminal 4. After check-in I found myself in the usual interminable queue for security screening - in my view one of al Qa'eda's greatest successes in their attempts to undermine Western living - when along came a young man to tap me on the shoulder. "Sir, you have been randomly selected for body scanning. This is entirely voluntary. It will take only a few moments and you'll go straight to the front of the queue on completion."

That was all the convincing I needed, so I agreed with the single pre-condition that I get to see the pictures/images after the scan. "No problem," said the official, who looked about 22. I was directed to remove my shoes and then enter a booth where, at the instruction of the official, I placed my feet on the patches indicated on the floor. One after the other I struck three rather awkward poses, hands reaching for the sky as if trying save a Beckham free-kick curling its way first into the top right corner, and then the top left corner. The whole procedure took a minute at most and it was with some curiosity that I skipped round to the back of the booth to where a technician was reviewing my scan behind a small curtain. Well. There's no polite way of putting this. There I was, on screen, absolutely butt-naked. Everything - and I mean everything - was on display in more detail than I care to recall. I'm really not the bashful type - one of the many strange side-effects of an English public school education - but it was, to say the least, a decidedly odd sensation to find myself standing next to a complete stranger reviewing my naked form on screen. I did think (before I saw them!) of taking my pictures away on a pen-drive to show you all, but you'll be delighted to hear that wasn't possible - not that they were in the least bit publishable in a family newspaper. The scan is voluntary and the British Airports Authority say they are only 'testing' out the equipment, but to be honest if the revealing nature of the pictures becomes common knowledge, I can't imagine many people volunteering. I can see the machine could be used as a less intrusive way of strip-searching people - but I think I'm right in saying that there has to be "reasonable grounds" for a strip search. But if this scanning thing becomes routine, my guess there would be a revolution. Westerners might - just - put up with it in certain circumstances, but for travellers from Asian countries, for example, where the culture is far more modest, it would simply just be unacceptable. from TheInquirer.net, 2007-Oct-2, by Nick Farrell: UK coppers empowered to demand your encryption keys All you data is now belong to the plod FROM today it is a crime to refuse to decrypt data for coppers investigating a crime.

Under part three, Section 49 of the Regulation of Investigatory Powers Act (RIPA) if Inspector Knacker of the Yard knocks on your door and wants to have a snuffle on your hard drive and finds a blob of encrypted code he can make you decode it. If you refuse, and the copper is investigating acts of terrorism, you could be eating five years of porridge at her Majesty's Pleasure. If it just happens to be an ordinary crime that the copper is investigating you could be up for two years jailtime. There are a few loopholes. The data must be stored on a UK server or a Johnny Foreigner server which happens to be in the country, perhaps soaking up a bit of sun. If foreign data is passing down down the Interent, the coppers are not allowed to intercept it. The main problem is not that the law forces people to decrypt stuff, but rather the coppers have the right to demand encryption keys if their investigation requires it. This could really put the wind up all the financial institutions. International bankers would be unlikely to want to bring master keys to Blighty if they could be seized as part of legitimate police operations. One bent copper means they could lose shedloads of cash. The Home Office claims that not only will the law help catch terrorists and criminals so hard they can bounce bullets off their chests, it will also help catch pedophiles. However if you are a pedophile and you have shedloads of encrypted nastiness on your hard drive it would be better to do two years in chokey and be done under a computer crime rather than a sex offence. from the Associated Press via ap.google.com, 2007-Sep-3, by Amy Lorentzen: Edwards Backs Mandatory Preventive Care TIPTON, Iowa Democratic presidential hopeful John Edwards said on Sunday that his universal health care proposal would require that Americans go to the doctor for preventive care. "It requires that everybody be covered. It requires that everybody get preventive care," he told a crowd sitting in lawn chairs in front of the Cedar County Courthouse. "If you are going to be in the system, you can't choose not to go to the doctor for 20 years. You have to go in and be checked and make sure that you are OK." He noted, for example, that women would be required to have regular mammograms in an effort to find and treat "the first trace of problem." Edwards

and his wife, Elizabeth, announced earlier this year that her breast cancer had returned and spread. Edwards said his mandatory health care plan would cover preventive, chronic and long-term health care. The plan would include mental health care as well as dental and vision coverage for all Americans. "The whole idea is a continuum of care, basically from birth to death," he said. The former North Carolina senator said all presidential candidates talking about health care "ought to be asked one question: Does your plan cover every single American?" "Because if it doesn't they should be made to explain what child, what woman, what man in America is not worthy of health care," he said. "Because in my view, everybody is worth health care." Edwards said his plan would cost up to $120 billion a year, a cost he proposes covering by ending President Bush's tax cuts to people who make more than $200,000 per year. Edwards, who has been criticized by some for calling on Americans to be willing to give up their SUVs while driving one, acknowledged Sunday that he owns a Ford Escape hybrid SUV, purchased within the year, and a Chrysler Pacifica, which he said he has had for years. "I think all of us have to move, have to make progress," he said. "I'm not holierthan-thou about this. ... I'm like a lot of Americans, I see how serious this issue is and I want to address it myself and I want to help lead the nation in the right direction." He said he would not buy another SUV in the future. The Ford Escape, the first hybrid SUV on the market, gets an estimated 36 mpg in the city and 31 mpg on the highway. from Gun Owners of America, 2007-Apr-26: Congressional Leaders Moving To Pass Gun Control Without A Vote! McCarthy bill would treat gun owners even worse than terrorists Gun Owners of America E-Mail Alert 8001 Forbes Place, Suite 102, Springfield, VA 22151 Phone: 703-321-8585 / FAX: 703-321-8408 http://www.gunowners.org/ordergoamem.htm "Another gun rights group, the Gun Owners of America, is adamantly opposed to the [McCarthy-Dingell] legislation. It said the measure would allow the government to trample privacy rights by compiling reams of personal information and potentially bar mentally stable people from buying guns." -- Associated Press, April 24, 2007

Thursday, April 26, 2007 This is going to be a knock-down, drag-out fight. GOA continues to stand alone in the trenches, defending the rights of gun owners around the country. It's not going to be easy. Gun control supporters want to pass gun control within the next couple of weeks. And that's why, even if you took action earlier this week, you need to do so once again. All the gun haters (who have been keeping silent for a while) are now coming out of the closet and into the open. Take the notoriously anti-gun senator from New York -- Chuck Schumer. He has been very, very excited this week. Recent events have given him a platform, and the excuse, to push legislation that he had sponsored years ago -- legislation that never got through Congress. You see, Senator Chuck Schumer has been, in past years, the Senate sponsor of the McCarthy bill (HR 297). And the recent murders at Virginia Tech have given Senator Schumer the pretext he has been looking for. Appearing on the Bill O'Reilly show earlier this week, Schumer did his best to make a reasonablesounding pitch for more gun control. He told O'Reilly on Monday that while he and Rep. McCarthy had previously worked together on this legislation, he now wants Congress to take up HR 297 quickly. "The Brady Law is a reasonable limitation," Schumer said. "Some might disagree with me, but I think certain kinds of licensing and registration is a reasonable limitation. We do it for cars." Get the picture? First, he wants the Brady Law strengthened with the McCarthyDingell-Schumer legislation. Then it's off to pass more gun control -- treating guns like cars, where all gun owners are licensed and where bureaucrats will have a wonderful confiscation list. In the O'Reilly interview, Schumer showed his hand when he revealed the strategy for this bill. Because it could become such a hot potato -- thanks to your efforts -- Senator Schumer is pushing to get this bill passed by Unanimous Consent in the Senate, which basically means that the bill would get passed WITHOUT A VOTE. This is a perfect way to pass gun control without anyone getting blamed... or so they think. We need to tell every Senator that if this bill passes without a vote, then we hold ALL OF THEM responsible. (Be looking for a future GOA alert aimed at your Senators.) On the House side, the Associated Press reported this past Monday that "House Democratic leaders are working with the National Rifle Association to bolster existing laws blocking" certain prohibited persons from buying guns. Of course, there are at least three problems with this approach:

1. It's morally and constitutionally wrong to require law-abiding citizens to first prove their innocence to the government before they can exercise their rights -whether it's Second Amendment rights, First Amendment rights, or any other right. Doing that gives bureaucrats the opportunity to abuse their power and illegitimately prevent honest gun owners from buying guns. 2. Bureaucrats have already used the Brady Law to illegitimately deny the Second Amendment rights of innocent Americans. Americans have been prevented from buying guns because of outstanding traffic tickets, because of errors, because the NICS computer system has crashed -- and don't forget returning veterans because of combat-related stress. You give an anti-gun bureaucrat an inch, he'll take a mile -- which we have already seen as GOA has documented numerous instances of the abuses mentioned above. 3. Finally, all the background checks in the world will NOT stop bad guys from getting firearms. As we mentioned in the previous alert, severe restrictions in Washington, DC, England, Canada, Germany and other places have not stopped evil people from using guns to commit murder. (Correction: In our previous alert, we incorrectly identified Ireland as the location of the infamous schoolyard massacre. In fact, it took place in Dunblane, Scotland in 1996 -- a country which at the time had even more stringent laws than we have here.) McCARTHY BILL TREATING GUN OWNERS WORSE THAN TERRORISTS HR 297 would require the states to turn over mountains of personal data (on people like you) to the FBI -- any information which according to the Attorney General, in his or her unilateral discretion, would be useful in ascertaining who is or is not a "prohibited person." Liberal support for this bill points out an interesting hypocrisy in their loyalties: For six years, congressional Democrats have complained about the Bush administration's efforts to obtain personal information on suspected terrorists WITHOUT A COURT ORDER. And yet, this bill would allow the FBI to obtain massive amounts of information -information which dwarfs any records obtained from warrantless searches (or wiretaps) that have been conducted by the Bush Administration on known or suspected terrorists operating in the country. In fact, HR 297 would allow the FBI to get this information on honest Americans (like you) even though the required data is much more private and personal than any information obtained thus far by the Bush administration on terrorists. And all of these personal records would be obtained by the FBI with no warrant or judicial or Congressional oversight whatsoever!!! Get the picture? Spying on terrorists is bad... but spying on honest gun owners is good. After all, this horrific intrusion on the private lives of all Americans is

presumed to be "okay" because it's only being used to bash guns, not to go after terrorists and criminals who are trying to kill us. As indicated in earlier alerts, this information could include your medical, psychological, financial, education, employment, traffic, state tax records and more. We don't even know the full extent of what could be included because HR 297 -- which can be viewed at http://thomas.loc.gov by typing in the bill number -is so open-ended. It requires states to provide the NICS system with ALL RECORDS that the Attorney General believes will help the FBI determine who is and who is not a prohibited person. Certainly, an anti-gun AG like Janet Reno would want as many types of records in the system as possible. The provision that would probably lead to the greatest number of 'fishing expeditions' is that related to illegal aliens. Federal law prohibits illegal aliens from owning guns. The bill requires all "relevant" data related to who is in this country illegally. But what records pertaining to illegal aliens from the states would be relevant? Perhaps a better question would be, what records are not relevant? ACTION: 1. Please take a moment to communicate your opposition to HR 297 -- even if you already sent your Representative a note earlier this week. We have provided a new letter (below) which provides updated information relating to the battle we are fighting. House leaders are talking about bringing up this bill soon. And Sen. Schumer (in his interview with O'Reilly) even hinted at the fact that the bill could come up WITHOUT the ability to offer pro-gun amendments -- such as a repeal of the DC gun ban or reciprocity for concealed carry holders -- provisions that could potentially serve as killer amendments. Also -- oh yeah, this is going to upset you -- Senator Schumer told O'Reilly, "I got to tell you, a lot of NRA people, they support this." Can you believe that? Senator Schumer is claiming to speak for you! That's why it's so important that you once again tell your congressman that Schumer is wrong... that you're a supporter of gun rights who OPPOSES the anti-gun McCarthy-Dingell bill. 2. Please circulate this e-mail and forward it to as many gun owners as you can. CONTACT INFORMATION: You can visit the Gun Owners Legislative Action Center at http://www.gunowners.org/activism.htm to send your Representative the pre-written e-mail message below. And, you can call your Representative tollfree at 1-877-762-8762. ----- Pre-written letter ----Dear Representative:

As a supporter of Second Amendment rights, I do NOT support HR 297, the NICS Improvement Act. I hope that you will OPPOSE this bill and urge your party leadership to either kill it outright or to allow other pro-gun amendments to be offered (repeal of the DC gun ban, reciprocity for concealed carry holders, etc.). In its current form, HR 297 will treat gun owners even worse than terrorists, giving the FBI a mountain of private information on law-abiding Americans like me. How is it that, despite all the criticism over the Bush administration's attempts to obtain personal information on suspected terrorists without a court order, this bill would allow the FBI to obtain massive amounts of information on ME -information which dwarfs any warrantless searches (or wiretaps) that have been conducted by the Bush Administration on known or suspected terrorists operating in the country. And all of this personal information would be obtained by the FBI with no warrant or judicial or Congressional oversight whatsoever!!! How is it that spying on terrorists is bad, but spying on honest gun owners is good? Again, I hope that you will oppose HR 297. Gun Owners of America will continue to keep me informed on the progress of this bill. Thank you. Sincerely, **************************** Streaming Video Update It's an ongoing process of getting permissions, obtaining source discs, and formatting files, but we are continuing to post videos of GOA spokesmen on television as they become available. Please stop by our streaming video section at http://www.gunowners.org/svtb.htm to see what's new this week. from CNET News.com via USA Today, 2007-Jun-1, by Elinor Mills: Google's street-level maps raising privacy concerns SAN JOSE, Calif. Kevin Bankston, staff attorney at the Electronic Frontier Foundation, was surprised to see his face in a street-level image on a now defunct online map a few years ago. Worse, he was photographed smoking outside the EFF offices in San Francisco, and he had been trying to hide his habit from his family. That's a relatively benign incident, but it illustrates how easy it is for the technology to threaten an individual's privacy, Bankston said at the Where 2.0 conference here, where Google on Tuesday announced its new street-level map

view. Google's feature allows users viewing San Francisco to zoom in close enough to read street signs and even see inside front windows. "It is irresponsible for Google to debut a product like this without also debuting technological measures that would obscure the identities of people photographed by this product," he said. "If the Google van happened by your house at the right moment it could even capture you in an embarrassing state of undress, as you close your blinds, for example." Personal indiscretions aside, the larger concern is for people entering and leaving places like domestic violence shelters, Alcoholics Anonymous meetings, fertility clinics and controversial religious or political events, Bankston said. The Google map feature offers a way to request the removal of photos and will take down identifiable images if a person requests. "Street View only features imagery taken on public property. This imagery is no different from what any person can readily capture or see walking down the street," a Google spokeswoman said in a statement. "We provide easily accessible tools for flagging inappropriate or sensitive imagery for review and removal...We routinely review takedown requests and act quickly to remove objectionable imagery." However, removing images of people after the fact doesn't entirely solve the problem, Bankston said. "That is of limited use if you don't know the image is on the site and by the time you find out, whatever privacy harm may already have occurred," he said. Google removed photos of women's shelters before launching the feature, said Cindy Southworth, director of technology at the Washington, D.C.-based National Network to End Domestic Violence, which is the umbrella group for state shelters. "We don't want to call attention to the shelters," Southworth said. "We would rather it look like a choppy horizon line as you pan by. Our hope is that other companies will do a similar thing and reach out to us in advance." Removing the shelters from the map greatly diminishes the privacy threat to battered women, said Ashley Tan, volunteer coordinator at Woman Inc., a San Francisco-based 24-hour domestic violence crisis line. However, there is still a slim chance a stalker could see a victim's whereabouts. "If someone is obsessed with their victim it could be used as another tool, and it will be something we have to consider in safety planning," Tan said. The block view that Amazon.com's A9 map showed is gone, along with A9 maps in general. One of those maps outed Bankston as a smoker. Microsoft offers a bird's-eye view on its maps that doesn't show faces and other ground-level details. The company does have a preview of a street-level

technology in San Francisco and Seattle, but it won't likely be launching that product publicly and is, in fact, looking at ways to obscure identifiable images like faces and license plates, according to several Microsoft executives. "I don't think you'll ever see us do what Google is doing," said Erik Jorgensen, general manager for search and mapping at Microsoft. Such up-close imagery on maps might make sense for applications related to travel and real estate, but users don't need and don't necessarily want a picture-perfect world on the map, he said. "The feedback we got was that people like visuals as cues integrated into driving directions," rather than the "exploratory mode" that street-level offers, he said. AOL's MapQuest offers only a satellite aerial view. Yahoo hasn't gone I-Spy on its maps either, and it doesn't sound like it will. "It's a different approach to developing applications. Google puts out the technology and it's not clear what the use-case is," said Jeremy Kreitler, director of product management at Yahoo Maps. "Now that (map images) can see in your windows and not just your roof, there are privacy concerns." As technology gets more advanced it gets harder for individuals to remain invisible, said Greg Sterling, online maps expert and founder of consultancy Sterling Market Intelligence. "In this world of ubiquitous imagery it's hard to avoid privacy issues," he said. "Relatively speaking, privacy has been eroded by all this readily discoverable information." from the Times of London, 2007-Jun-2, by Rhys Blakely: Information hidden in iTunes music files sparks privacy fears Fresh privacy fears have been sparked after it emerged that Apple has embedded personal details into music files bought from its iTunes music store. Technology websites examining iTunes products discovered that personal data, including the names and e-mail addresses of purchasers, are inserted into the AAC files that Apple uses to distribute music tracks. The information is also included in tracks sold under Apple's iTunes Plus system, launched this week, where users pay a premium for music that is free from the controversial digital rights management (DRM) intended to protect against piracy. The Electronic Freedom Foundation, the online consumer rights group, added that it had identified a large amount of additional unaccounted-for information in iTunes files. The foundation said it was possible that the data could be used to watermark tracks so that the original purchaser could be tracked down if a track appeared on a file-sharing network, although experts said that it would be relatively easy to spoof such data.

Ars Technica, one of the first websites to unveil the hidden information, said: Everyone should be aware that while DRM-free files may lift a lot of restrictions on our personal usage habits, it doesn't mean we can just start sharing the love, so to speak. Sharer beware. An Apple spokeswoman was unable to comment. The discovery of the data, of which most iTunes users will have been unaware, underscores the reluctance of music groups to allow music to circulate freely over the web. With estimates suggesting that 40 tracks are digitally boot-legged for every legally down-loaded track, piracy remains a massive problem for the industry and music groups have largely proven reluctant to withdraw the controversial DRM technologies. Apple had sought to present itself as a consumer champion, with the group's chief executive, Steve Jobs, insisting earlier this year that his company would drop DRM in a heartbeat if allowed to by the labels. Previously, Apple's DRM system had been criticised by European regulators for being anticompetitive because it allowed tracks to be played only on Apple's iPod music players. Apple's iTunes Plus service offers DRM-free music of a higher quality than standard iTunes tracks for 99p a song, compared with 79p for a standard track. Users who opt to pay extra for iTunes Plus tracks will be able to play the music without limitations on the type of music player or number of computers that purchased songs can be played on. The discovery comes amid fears of a creeping culture of consumer surveillance by technology companies. Google also gave rise to fears yesterday when it unveiled thousands of street-level photographs of major American cities as part of its online maps service. Within hours, bloggers picked out images of people, their faces visible, being arrested, sunbathing and urinating in public. from CNET News.com, 2007-Feb-7, by Declan McCullagh: Senator to propose surveillance of illegal images Proposal from Sen. John McCain would force Internet providers to report illegal images, even "cartoons." A forthcoming bill in the U.S. Senate lays the groundwork for a national database of illegal images that Internet service providers would use to automatically flag and report suspicious content to police. The proposal, which Sen. John McCain is planning to introduce on Wednesday, also would require ISPs and perhaps some Web sites to alert the government of any illegal images of real or "cartoon" minors. Failure to do would be punished by criminal penalties including fines of up to $300,000.

The Arizona Republican claims that his proposal, a draft of which was obtained by CNET News.com, will aid in investigations of child pornographers. It will "enhance the current system for Internet service providers to report online child pornography on their systems, making the failure to report child pornography a federal crime," a statement from his office said. To announce his proposal, McCain has scheduled an afternoon press conference on Capitol Hill with Sen. Chuck Schumer, a New York Democrat; John Walsh, host of America's Most Wanted; and Lauren Nelson, who holds the title of Miss America 2007. Civil libertarians worry that the proposed legislation goes too far and could impose unreasonable burdens on anyone subject to the new regulations. And Internet companies worry about the compliance costs and argue that an existing law that requires reporting of illicit images is sufficient. The Securing Adolescents from Exploitation-Online Act (PDF) states ISPs that obtain "actual knowledge" of illegal images must make an exhaustive report including the date, time, offending content, any personal information about the user, and his Internet Protocol address. That report is sent to local or federal police by way of the National Center for Missing and Exploited Children. The center received $32.6 million in tax dollars in 2005, according to its financial disclosure documents. Afterward, the center is authorized to compile that information into a form that can be sent back to ISPs and used to assemble a database of "unique identification numbers generated from the data contained in the image file." That could be a unique ID created by a hash function, which yields something akin to a digital fingerprint of a file. Details on how the system would work are missing from McCain's legislation and are left to the center and ISPs. But one method would include ISPs automatically scanning e-mail and instant messaging attachments and flagging any matches. The so-called SAFE Act is revised from an earlier version (PDF) that McCain introduced in December. Instead of specifying that all commercial Web sites and personal blogs must report illegal images, the requirement has been narrowed. Now, anyone offering a "service which provides to users thereof the ability to send or receive wire or electronic communications" must comply. Most courts have interpreted that language to apply only to ISPs. But it could be interpreted as sweeping in instant messaging providers and Web-based e-mail systems like Microsoft's Hotmail and Yahoo Mail. A 9th U.S. Circuit Court of Appeals opinion that dealt with an airline reservation system, for instance, concluded that "American, through Sabre, is a provider of wire or electronic communication service."

The list of offenses that must be reported includes child exploitation, selling a minor for sexual purposes and using "misleading" domain names to trick someone into viewing illegal material. It also covers obscene images of minors including ones in a "drawing, cartoon, sculpture, or painting." (The language warns that it is not necessary "that the minor depicted actually exist.") ISPs are already required under federal law to report child pornography sightings. Current law includes fines of up to $300,000 but no criminal liability. Another section of the draft bill says that anyone convicted of certain child exploitation-related offenses who also used the "Internet to commit the violation" will get an extra 10 years in prison. That would dramatically raise sentences for a whole swath of crimes that do not involve adults having sex with minors. The Justice Department, for instance, indicted an Alabama man in November on child pornography charges because he took modeling photographs of clothed minors with their parents' consent and posted them online. The images were overly "provocative" and therefore illegal, a federal prosecutor asserted. Marv Johnson, a legislative counsel with the American Civil Liberties Union, said the extra 10 years in prison was an odd requirement because the Internet is not inherently dangerous like a firearm. Rather, he said, the bill proposes to punish someone for using a perfectly legal item or service in an illegal way. "It would be like punishing someone additionally for driving a car in the commission of an offense," Johnson said. The proposed SAFE Act is not related to the 2003 SAFE Act, which stood for Security and Freedom Ensured Act, the 1997 SAFE Act, which stood for Security and Freedom Through Encryption, or the 1998 SAFE Act, which stood for Safety Advancement for Employees. March 30, 2007 Confirmed: The U.S. Census Bureau Gave Up Names of Japanese-Americans in WW II Government documents show that the agency handed over names and addresses to the Secret Service Despite decades of denials, government records confirm that the U.S. Census Bureau provided the U.S. Secret Service with names and addresses of Japanese-Americans during World War II. The Census Bureau surveys the population every decade with detailed questionnaires but is barred by law from revealing data that could be linked to specific individuals. The Second War Powers Act of 1942 temporarily repealed that protection to assist in the roundup of Japanese-Americans for imprisonment in internment camps in California and six other states during the war. The Bureau previously has acknowledged that it provided neighborhood information on Japanese-Americans for that purpose, but it has maintained that it never provided "microdata," meaning names and specific information about them, to other agencies. A new study of U.S. Department of Commerce documents now shows that the Census Bureau complied with an August 4, 1943, request by Treasury Secretary Henry Morgenthau for the names and locations of

all people of Japanese ancestry in the Washington, D.C., area, according to historian Margo Anderson of the University of WisconsinMilwaukee and statistician William Seltzer of Fordham University in New York City. The records, however, do not indicate that the Bureau was asked for or divulged such information for Japanese-Americans in other parts of the country. Anderson and Seltzer discovered in 2000 that the Census Bureau released block-by-block data during WW II that alerted officials to neighborhoods in California, Arizona, Wyoming, Colorado, Utah, Idaho and Arkansas where Japanese-Americans were living. "We had suggestive but not very conclusive evidence that they had also provided microdata for surveillance," Anderson says. The Census Bureau had no records of such action, so the researchers turned to the records of the chief clerk of the Commerce Department, which received and had the authority to authorize interagency requests for census data under the Second War Powers Act. Anderson and Seltzer discovered copies of a memo from the secretary of the treasury (of which the Secret Service is part) to the secretary of commerce (who oversees the Census Bureau) requesting the data, and memos documenting that the Bureau had provided it [see image below]. The memos from the Bureau bear the initials "JC," which the researchers identified as those of then-director, J.C. Capt. "What it suggests is that the statistical information was used at the microlevel for surveillance of civilian populations," Anderson says. She adds that she and Seltzer are reviewing Secret Service records to try to determine whether anyone on the list was actually under surveillance, which is still unclear. "The [new] evidence is convincing," says Kenneth Prewitt, Census Bureau director from 1998 to 2000 and now a professor of public policy at Columbia University, who issued a public apology in 2000 for the Bureau's release of neighborhood data during the war. "At the time, available evidence (and Bureau lore) held that there had been no release of microdata," he says. "That can no longer be said." The newly revealed documents show that census officials released the information just seven days after it was requested. Given the red tape for which bureaucracies are famous, "it leads us to believe this was a well-established path," Seltzer says, meaning such disclosure may have occurred repeatedly between March 1942, when legal protection of confidentiality was suspended, and the August 1943 request. Anderson says that microdata would have been useful for what officials called the "mopping up" of potential Japanese-Americans who had eluded internment. The researchers turned up references to five subsequent disclosure requests made by law enforcement or surveillance agencies, including the Federal Bureau of Investigation, none of which dealt with Japanese-Americans. Lawmakers restored the confidentiality of census data in 1947. from the New York Times, 2007-Mar-9, by David Johnston and Eric Lipton: Justice Department Says F.B.I. Misused Patriot Act WASHINGTON The F.B.I. has improperly used provisions of the USA Patriot Act to obtain thousands of telephone, business and financial records without prior judicial approval, the Justice Department's inspector general said today in a report that embarrassed the F.B.I. and ignited outrage on Capitol Hill.

The report found that the bureau lacked sufficient controls to make sure that its agents were acting properly when they obtained records using administrative subpoenas, which do not require a judge's prior approval. And the report found that the bureau does not follow some of the rules it does have on the matter. Robert S. Mueller III, the director of the Federal Bureau of Investigation, called a news conference today to accept responsibility for the lapses, and to pledge his best efforts to see that they are not repeated. How could this happen? Mr. Mueller asked rhetorically. Who is to be held accountable? And the answer to that is, I am to be held accountable. Under the USA Patriot Act, the bureau has issued more than 20,000 demands for information known as national security letters. The report concluded that the program lacks effective management, monitoring, and reporting procedures. The report is available on the Department of Justice's web site. Mr. Mueller noted that the report attributes the lapses to procedural errors rather than malicious intent; that the actual number of abuses was relatively small; that it appeared that no individual or business was harmed; and that the mistakes were committed in the tension-filled atmosphere of the post-Sept. 11 world. Nevertheless, Mr. Mueller said, the abuses were serious because they infringed, at least potentially, on privacy rights that Americans cherish. The director said he welcomed Congress's ideas on how to avoid similar mistakes in the future, and acknowledged Congress's proper trust but verify posture. Still, the report touched off a bipartisan storm in the Capitol. This is, regrettably, part of an ongoing process where the federal authorities are not really sensitive to privacy and go far beyond what we have authorized, said Senator Arlen Specter of Pennsylvania, the top Republican on the Senate Judiciary Committee. Senator Russell D. Feingold, Democrat of Wisconsin and a member of the judiciary panel, said the report demonstrates that `trust us' doesn't cut it. Mr. Mueller said in response to a reporter's question that he had no intention of resigning his post. Details of the inspector general's report emerged on Thursday, a day ahead of its formal publication, as Attorney General Alberto R. Gonzales and other officials struggled to tamp down a Congressional uproar over another issue, the ouster of eight United States attorneys. Mr. Gonzales told Democratic and Republican senators that the Justice Department would drop its opposition to a change in a one-year-old rule for replacing federal prosecutors, senators and Justice Department officials said.

Mr. Gonzales offered the concession at a private meeting on Capitol Hill with members of the Senate Judiciary Committee. Mr. Gonzales also agreed to let the panel question Justice Department officials involved in the removals, Congressional aides said. The officials would testify voluntarily without subpoena. Mr. Gonzales's willingness to give in to Senate demands appeared to underscore how the Justice Department had been put on the defensive by the criticism over the prosecutors' ousters. The use of national security letters since the September 2001 attacks has been a hotly debated domestic intelligence issue. They were once used only in espionage and terrorism cases, and then only against people suspected as agents of a foreign power. With the passage of the Patriot Act, their use was greatly expanded and was allowed against Americans who were subjects of any investigation. The law also allowed other agencies like the Homeland Security Department to issue the letters. The letters have proved contentious in part because unlike search warrants, they are issued without prior judicial approval and require only the approval of the agent in charge of a local F.B.I. office. A Supreme Court ruling in 2004 forced revisions of the Patriot Act to permit greater judicial review, without requiring advance authorization. As problems for the Justice Department appeared to be piling up, criticism of Mr. Gonzales seemed to grow more biting as Republicans senators complained about Mr. Gonzales, some because of a letter in USA Today in which he said he had lost confidence in the ousted prosecutors and regarded the question an overblown personnel matter. Senator Arlen Specter of Pennsylvania, senior Republican on the judiciary panel, said in a telephone interview that those comments were extraordinarily insensitive and that the prosecutors were professionals who are going to have a cloud over them which could last a lifetime. I have been trying to hold down the rhetoric and try to deal with this on a factual and analytical basis, and his letter was volcanic, Mr. Specter said. We don't need that, he added. Earlier at the Judiciary Committee business meeting, Mr. Specter also had harsh words for Mr. Gonzales, saying, One day, there will be a new attorney general, maybe sooner rather than later. Mr. Specter said later his remark did not indicate that Mr. Gonzales had any intention of stepping down.

Other Republican senators expressed strong criticism of the removals and handling by Mr. Gonzales's aides. Senator John Ensign, Republican of Nevada, was quoted by The Las Vegas Review-Journal as saying the prosecutors' removals had been completely mishandled. The United States attorney in Nevada, Daniel G. Bogden, was one of the eight dismissed without explanation until he was told by a senior Justice Department officials that he was being replaced to make room for other appointees. Mr. Ensign said the department fired Mr. Bogden over his objections. Mr. Ensign said last month that he was told that the change was for performance reasons, but said he was surprised when a Justice Department official testified at a House hearing on Tuesday that Mr. Bogden's performance had no serious lapses. Even staunch Republican defenders of the department expressed criticism. One ally was Senator Jon Kyl of Arizona, where Paul K. Charlton was among those dismissed. Some people's reputations are going to suffer needlessly, Mr. Kyl said. Hopefully, we can get to the point where we say, `These people did a great job.` The withdrawal of objections to changing the rules for the prosecutors appears to assure passage of a measure to restore rules changed last March, when the attorney general was given authority to appoint replacement United States attorneys indefinitely, several senators said. The administration has withdrawn its objections to my legislation, the sponsor of the bill, Senator Dianne Feinstein, Democrat of California, said. She was one of the senators who met with Mr. Gonzales. Others were Mr. Specter, Charles E. Schumer, Democrat of New York, and Patrick J. Leahy of Vermont, the chairman of the Judiciary Committee. Ms. Feinstein said: My concerns have been that the firing of people with strong performance reviews all at one time, a number of whom were involved in corruption cases, sends an adverse signal to the rest of the U.S. attorneys, as well as to the general public. They may be hired by the president, but they serve the people and they should not be subjected to political pressure. The bill would let the attorney general appoint a temporary replacement for 120 days. If the Senate confirms no one after that time, the appointment of an interim United States attorney would be left to a federal district judge. Brian Roehrkasse, a Justice Department spokesman, said Thursday night: The department stands by the decision to remove the U.S. attorneys. As we have acknowledged in hindsight, we should have provided the U.S. attorneys with specific reasons that led to their dismissal that would have help to avoid the rampant misinformation and wild speculation that currently exits. from the San Francisco Chronicle, 2007-Mar-15, p.C3, by Verne Kopytoff:

Google to tighten its rules to shield search requests Data won't hold identifying links after 18-24 months In a nod to privacy advocates, Google Inc. said Wednesday that it is adopting a new data retention policy so that it's harder to link users to what they search for online. Under the plan, the Mountain View Internet company will shroud the information it collects about users in anonymity, eliminating a potential treasure trove of evidence for government search warrants and subpoenas. By the end of the year, Google expects to purge important identifying information on its computer servers about the sources of virtually all search queries after 18 to 24 months. Subsequently, the company will have access to only partial records, so that no one can trace the queries back to individual users. Google's move is intended to comply with various foreign laws and proposed legislation dictating that Web sites must keep user information for up to two years in case it is needed for legal proceedings. Similar rules are under consideration in the United States. Google is the first major search engine to set a time limit for retention of search information, which can reveal a great deal about an individual such as whether they're sick (as indicated by a number of queries about cancer) and political affiliation (demonstrated by searches for certain blogs). Until now, the company kept search logs indefinitely, raising criticism that the data could be misused by Google, law enforcement or marketers. Google said the changes are in response to feedback from privacy groups and government agencies, including the Norwegian Data Protection Authority, which raised concerns about Google's existing practices. The new policy, Google said, provides more transparency to users about data retention and better protects their privacy. Kurt Opsahl, an attorney for the Electronic Frontier Foundation, a digital rights group, gave measured praise to Google's decision, calling it a step in the right direction. He asked that Google similarly purge information collected about users of its other products, such as YouTube. Retention of search records emerged as a hot-button issue last year after a demand by the Justice Department that several Web sites turn over query data became public. Yahoo Inc., Time Warner's AOL and Microsoft Corp. handed over the information, to the consternation of many privacy advocates, but Google fought the request in court and ultimately got the amount it had to provide reduced. Separately, AOL made a high-profile blunder by posting 19 million search queries online as part of a research project. Ostensibly anonymous, the information was

used to identify some of the users responsible for the queries, prompting a public apology by the Web site and a series of resignations. "By taking some technical measures to anonymize this data, there is an extra layer of protection," Opsahl said. "You can't disclose what you don't have." As part of the new policy, Google will erase eight of the bits that make up an Internet Protocol address, known commonly as an IP address, that identifies the computer used to make a search query. It will also make cookies -- the small files that help track user visits to specific Web sites and preferences -- anonymous. After the plan is implemented, Google intends to keep the partial records and associated search query terms, explaining that the information will help the company improve its services and help detect fraud. from TheInquirer.net, 2007-Mar-8: Windows piracy hunt tool phones home if aborted Windows Genuine Annoyance HAVING RUN SOME TESTS, hacks at German wire Heise revealed that Microsoft's updated Windows Genuine Advantage Notification phones home when the installation is aborted. The user is not notified of the communication, but Microsoft claims it is useful for it to know when an installation is cancelled. Using network sniffer Wireshark the hacks say they also detected the software logging those not signing up to Windows update. It says data transmitted may contain enough information to identify individual computers Microsoft told Heise it collected the data to improve the quality of the WGA for users. It was useful, the spokesman said to know if a user had cancelled setup. The spokesVole said the user is not identified. No explanation was forthcoming as to why the software does not tell the user what it is telling Microsoft, much less ask permission to do so. from CNET News.com, 2006-Dec-1, by Declan McCullagh: FBI taps cell phone mic as eavesdropping tool The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him.

Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years. The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call." Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.) "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added. FBI's physical bugs discovered The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects

met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged. But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible. That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded. Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware. One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone. "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by." But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver. In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted. A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down." For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate."

Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible." A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment. Mobsters: The surveillance vanguard This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters. In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data. So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. Like Ardito's lawyers, Scarfo's defense attorneys argued that the then-novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible. This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance." from the Privacy Forum, 2006-Dec-3, from Lauren Weinstein: How to Tell If Your Cell Phone is Bugged Greetings. A story is making the rounds right now regarding FBI use of cell phones as remote bugs (e.g. http://news.com.com/2100-1029-6140191.html [seen above -AMPP Ed.]). I originally wrote about this concept in my PRIVACY Forum in 1999 ("Cell Phones Become Instant Bugs!" http://www.vortex.com/privacy/priv.08.11 ) so the issue is real, but we still need to bring the current saga back down to earth. This discussion doesn't only relate to "legal" bugs but also to the use of such techniques by illegal clandestine operations, and applies to physically unmodified cell phones (not phones that might have had separate, specialized bugs physically installed within them by third parties).

There is no magic in cell phones. From a transmitting standpoint, they are either on or off. It is true that many phones have an alarm feature that permits them to "wake up" from their usual "off" state. However, this is not a universal functionality, even in advanced phones such as PDA cell phones, which now often have a "totally off" mode available as well. It is also true that some phones can be remotely programmed by the carrier to mask or otherwise change their display and other behaviors in ways that could be used to fool the unwary user. However, this level of remote programmability is another feature that is not universal, though most modern cell phones can be easily programmed with the correct tools if you have physical access to the phones, even briefly. But remember -- no magic! When cell phones are transmitting -- even as bugs -certain things are going to happen every time that the alert phone user can often notice. First, when the phone is operating as a bug, regular calls can't be taking place in almost all cases. A well designed bug program could try to minimize the obviousness of this by quickly dropping the bug call if the phone owner tried to make an outgoing call, or drop the bug connection if an incoming call tried to ring through. But if the bug is up and running, that's the only transmission path that is available on the phone at that time for the vast majority of currently deployed phones. Some very new "3G" phones technically have the capability of running a separate data channel -- in which voice over IP data could be simultaneously transmitted along with the primary call. But this is pretty bleeding-edge stuff for now, and not an issue for the vast majority of current phones. Of course, if a cell phone is being used as a remote bug, the odds are that the routine conversations through that phone are also being monitored, right? So this "one call at a time" aspect isn't as much of a limitation to bugging as might otherwise be expected. Want to make sure that your phone is really off? Taking out the battery is a really good bet. Don't worry about the stories of hidden batteries that supposedly can be activated remotely or with special codes. The concept makes no sense in general, and there just isn't room in modern cell phones for additional batteries that could supply more than a tiny bit of added power, if any. But if your battery seems to be running out of juice far too early (despite what the battery status display might claim), that might be an indication that your phone is being used to transmit behind your back (or it might be a worn out battery and a typically inaccurate battery status display). Another clue that a phone may have been transmitting without your permission is if it seems unexpectedly warm. You've probably noticed how most cell phones heat up, especially on longer calls. This is normal, but if you haven't been on any

calls for a while and your cell phone is warm as if long calls were in progress, you have another red flag indication of something odd perhaps going on. Finally, if you use a GSM phone (like the vast majority of phones around the world, including Cingular and T-Mobile in the U.S.) you have another virtually fullproof way to know if you phone is secretly transmitting. You've probably noticed the "buzzing" interference that these phones tend to make in nearby speakers when calls or data transmissions are in progress. A certain amount of periodic routine communications between cell phones and the networks will occur while the phones are powered on -- even when calls are not in progress -so short bursts of buzzing between calls (and when turning the phones on or off) are normal. But if you're not on a call, and you hear a continuing rapid buzz-buzz-buzz in nearby speakers that lasts more than a few seconds and gets louder as you approach with your phone, well, the odds are that your phone is busily transmitting, and bugging is a definite possibility. Note that this particular test is much less reliable with non-GSM phones that use CDMA (e.g. Sprint/Verizon phones), since CDMA's technology is less prone to producing easily audible local interference. This strongly suggests that CDMA phones may be preferred for such bugging operations. The odds of most people being targeted for bugging are quite small. But it's always better to know the technical realities. Don't be paranoid, but be careful. from the Associated Press, 2006-Dec-1: New Rules Make Firms Track E-Mails, IM's If you use e-mail, instant messaging or a BlackBerry at work -- smile! Your company is recording everything you do, thanks to new federal rules that go into effect Friday. According to legal experts, the rules, approved by the Supreme Court in April, require American companies and other entities involved in federal litigation to produce "electronically stored information" as part of the discovery process, when evidence is shared by both sides before a trial. The change makes it more important for companies to know what electronic information they have and where. Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of "virtual shredding," said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. James Wright, director of electronic discovery at Halliburton Co., said that large companies are likely to face higher costs from organizing their data to comply with the rules.

In addition to e-mail, companies will need to know about things more difficult to track, like digital photos of work sites on employee cell phones and information on removable memory cards, he said. Both federal and state courts have increasingly been requiring the production of relevant electronic documents during discovery, but the new rules codify the practice, legal experts said. The rules also require that lawyers provide information about where their clients' electronic data is stored and how accessible it is much earlier in a lawsuit than was previously the case. There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, Wright said. That figure could double in 2007, he added. Another expense will likely stem from the additional time lawyers will have to spend reviewing electronic documents before turning them over to the other side. While the amount of data will be narrowed by electronic searches, some highpaid lawyers will still have to sift through casual e-mails about subjects like "office birthday parties in the pantry" in order to find information relevant to a particular case. Martha Dawson, a partner at the Seattle-based law firm of Preston Gates & Ellis LLP who specializes in electronic discovery, said the burden of the new rules won't be that great. Companies will not have to alter how they retain their electronic documents, she said, but will have to do an "inventory of their IT system" in order to know better where the documents are. The new rules also provide better guidance on how electronic evidence is to be handled in federal litigation, including guidelines on how companies can seek exemptions from providing data that isn't "reasonably accessible," she said. This could actually reduce the burden of electronic discovery, she said. from USA Today, 2006-Sep-4, by Kevin McCoy: IRS sends collection agencies calling for back taxes Beginning this week, thousands of Americans who owe taxes to the federal government will start getting phone calls to pay up from private collection agencies, not the IRS. Despite congressional opposition and criticism from a federal employee union and a taxpayer advisory panel, the IRS is giving three collection agencies information on 12,500 taxpayers who owe less than $25,000 and have not disputed the debt.

The IRS has moved to reassure taxpayers about the plan, even outlining steps to guard against potential scam artists posing as private collectors. "We are working hard to protect taxpayer privacy and taxpayer rights," IRS Commissioner Mark Everson said last month announcing the plan. Critics argue that privatizing any part of the IRS' traditional collection role would increase the agency's costs and raise privacy issues, as well as create potential for fraud. "We're continuing to do all we can to shine a light on this program," says Colleen Kelley, president of the National Treasury Employees Union, which represents IRS employees. "When taxpayers hear about what the government is doing, they are outraged." The IRS national taxpayer advocate and the Taxpayer Advocacy Panel, an advisory board chosen by the IRS, have questioned parts of the plan. The House passed a budget bill that, if approved by the Senate, could block the IRS from funding the effort. Kelley's union plans to start contacting senators when Congress reconvenes this week. IRS officials say the plan involves smaller cases that federal agents wouldn't otherwise have time to pursue. The profit potential is large. The collection companies will keep up to 24% of what they recover. That amounts to as much as $336 million of the $1.4 billion the IRS projects the program will recover during the next decade. The IRS chose three firms for the initial cases: The CBE Group of Waterloo, Iowa; Pioneer Credit Recovery of Arcade, N.Y.; and Linebarger Goggan Blair & Sampson, an Austin, Texas, law firm. The IRS says taxpayers targeted by the program will receive written notification from the agency that includes the name of the collection company that will contact them. They will also get a separate letter from the firm. Payment checks should be written to the U.S. Treasury, not to an individual or company, the IRS says. Taxpayers with questions can call 800-829-1040. from the Times of London, 2006-Nov-27, by Lucy Bannerman: Police target dangerous suspects before they can offend Criminal profilers are drawing up a list of the 100 most dangerous murderers and rapists of the future even before they commit such crimes, The Times has learnt. The highly controversial database will be used by police and other agencies to target suspects before they can carry out a serious offence. Pilot projects to identify the highest-risk future offenders have been operating in five London boroughs for the past two months.

The Soham murderer Ian Huntley and the serial rapist Richard Baker have been used as examples of the type of man police will identify. However, the database will increase concerns at the growth of official surveillance and anxieties that innocent men are being singled out for offences they have no intention of committing. Experts from the Metropolitan Polices Homicide Prevention Unit are creating psychological profiles of likely offenders to predict patterns of criminal behaviour. Statements from former partners, information from mental health workers and details of past complaints are being combined to identify the men considered most likely to commit serious violent crimes. The list will draw comparisons with the Hollywood film Minority Report, in which suspects are locked up before they can commit a predicted crime. Laura Richards, a senior criminal psychologist with the Homicide Prevention Unit, told The Times: My vision is that we know across London who the top 100 people are. We need to know who we are targeting. It is trying to pick up Ian Huntley before he goes out and commits that murder. Then we have the opportunity to stop something turning into a lethal event. The team is concentrating on reducing the risk of those with a history of domestic violence turning into murderers. About a quarter of murders are related to domestic violence. There are some pretty dangerous people out there, so you need these risk models to wheedle them out, separate the wheat from the chaff, she said. If you add up all the information, it tells us which people are risky. Ms Richards said that once an individual had been identified, police would decide whether to make moves towards an arrest, or to alert the relevant social services who could steer those targeted into management programmes. The project will be closely watched by the Home Office. However, civil liberties groups and human rights lawyers will be concerned at the plans to intervene in the lives of men before they actually commit a crime. Details of the database emerged after Richard Thomas, the Information Commissioner, said that Britain had sleepwalked into a surveillance society. Simon Davies, director of Privacy International, said yesterday: It is quite right that the police should keep intelligence on suspected criminals, but it is obscene to suggest there should be a crime idol list of those who might commit an offence. The police are systematically moving the boundaries as to where they can exercise their powers. The Minority Report syndrome is pushing the boundary of criminal intervention further into the general community.

There was also concern that the database would be ineffective if the authorities continued to fail to act on the information already available to them. Ray Wyre, a sexual crimes consultant, was supportive of the database but said that it would only work if police acted on the information. Of course you have to know your enemy, but it is what you do with the data that matters, he said. from Macworld.co.uk, 2006-Jul-5: Mac OS X Calling Cupertino New Dashboard process contacts Apple servers without user knowledge. Mac users are growing concerned about a new feature within Mac OS X 10.4.7 that contacts servers at Apple HQ on a regular basis. The new Dashboard process is called dashboardadvisory. According to Apple's release notes for 10.4.7, the application contacts Apple's servers for just one purpose--to ensure a user's Dashboard widgets are up-to-date. "You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on [www.apple.com] before installing it," Apple's release notes say, in effect preventing users accidentally downloading less secure widgets. User Discovers Unauthorized Activity The feature was discovered by Daniel Jakult, who uses an application called Little Snitch to check for unauthorized network activity on his machine. He writes: "In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our 'digital house' by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac. Keep me in the loop, Apple. And if I'm not comfortable with it, give me an option (short of Little Snitch) for turning it off. It's my computer, after all." from the Washington Post, 2006-Jun-7, p.A1, by Ann Scott Tyson and Christopher Lee with Ernesto Londoo contributing: Data Theft Affected Most in Military National Security Concerns Raised Social Security numbers and other personal information for as many as 2.2 million U.S. military personnel -- including nearly 80 percent of the active-duty force -- were among the data stolen from the home of a Department of Veterans Affairs analyst last month, federal officials said yesterday, raising concerns about national security as well as identity theft.

The department announced that personal data for as many as 1.1 million activeduty military personnel, 430,000 National Guard members and 645,000 reserve members may have been included on an electronic file stolen May 3 from a department employee's house in Aspen Hill. The data include names, birth dates and Social Security numbers, VA spokesman Matt Burns said. Defense officials said the loss is unprecedented and raises concerns about the safety of U.S. military forces. But they cautioned that law enforcement agencies investigating the incident have not found evidence that the stolen information has been used to commit identity theft. "Anytime there is a theft of personal information, it is concerning and requires us and our members to be vigilant," Pentagon spokesman Bryan Whitman said. He said the loss is "the largest that I am aware of." Army spokesman Paul Boyce said: "Obviously there are issues associated with identity theft and force protection." For example, security experts said, the information could be used to find out where military personnel live. "This essentially can create a Zip code for where each of the service members and [their] families live, and if it fell into the wrong hands could potentially put them at jeopardy of being targeted," said David Heyman, director of the homeland security program at the Center for Strategic and International Studies (CSIS). Another worry is that the information could reach foreign governments and their intelligence services or other hostile forces, allowing them to target service members and their families, the experts said. "There is a global black market in this sort of information . . . and you suddenly have a treasure trove of information on the U.S. military that is available," said James Lewis, director of technology and public policy at CSIS. One defense official, speaking on the condition of anonymity because of the sensitivity of the matter, called the extent of the data loss "monumental." The new revelations significantly increase the potential harm from what was already one of the largest data breaches in U.S. history. On May 22, VA disclosed that an external computer hard drive was stolen May 3 from the home of a VA employee and that it contained unencrypted names and birth dates for as many as 26.5 million veterans who were discharged after 1975 or submitted benefit claims. It also included Social Security numbers for 19.6 million of those veterans, VA officials said. Initially VA thought that all of the 26.5 million people affected were veterans, but a database comparison revealed that they also included the bulk of active-duty military services, as well as more than 1 million members of the National Guard and reserves.

Montgomery County police released a description yesterday of the stolen laptop and its external hard drive because they said it may have been purchased by someone who does not realize the value of its content. "It could have shown up at a yard sale or a secondhand store," police spokeswoman Lucille Baur said. "This is a time of the year when parents may be buying computers for kids going to college in the fall." Montgomery County police are offering a $50,000 reward for information that allows authorities to recover the laptop. The computer is a Hewlett-Packard model zv5360us and the external hard drive is an HP External Personal Media Drive. The Washington Post is not publishing the name of the career data analyst whose laptop was stolen in response to a request from law enforcement authorities who are investigating its disappearance. The breach outraged veterans -- even more so because senior VA officials knew about the theft within hours of the crime but did not tell VA Secretary Jim Nicholson until 13 days later. The 60-year-old analyst, who had been taking home sensitive data for at least three years without authorization, has been fired, officials have said. His boss resigned last week and another senior VA official is on administrative leave pending investigations by the FBI, the VA inspector general and Montgomery County police. A coalition of veterans groups filed a class-action lawsuit against the federal government yesterday, contending that privacy rights were violated and seeking $1,000 in damages for each affected veteran. The lawsuit, filed in U.S. District Court in the District of Columbia, demands that VA fully disclose who was affected by the theft, and asks a court to prohibit VA workers from using sensitive data until safeguards are in place. Burns said the department does not comment on pending litigation. He said VA has received no reports of stolen data being used for identity theft or other criminal activity. VA receives records for every new recruit because active-duty personnel, National Guard members and reservists are eligible for certain VA benefits, such as GI Bill educational assistance and the home-loan program. "The department will continue to make every effort to inform and help protect those potentially affected, and is working with the Department of Defense to notify all affected personnel," Nicholson said. Rep. Lane Evans (D-Ill.), ranking member of the House Veterans' Affairs Committee, said yesterday that he was "appalled" at the data breach and called for a Government Accountability Office investigation into VA information security practices. Research shows that it is not unusual for government employees to take home sensitive data on laptops, Lewis said. "The rules we have are either chaotic or

nonexistent. . . . We still have a paper rules government when we are a digital nation." from the Associated Press, 2006-Jun-9, by H. Josef Hebert: DOE Computers Hacked; Info on 1,500 Taken WASHINGTON -- A hacker stole a file containing the names and Social Security numbers of 1,500 people working for the Energy Department's nuclear weapons agency. But in the incident last September, somewhat similar to recent problems at the Veterans Affairs Department, senior officials were informed only two days ago, officials told a congressional hearing Friday. None of the victims was notified, they said. The data theft occurred in a computer system at a service center belonging to the National Nuclear Security Administration in Albuquerque, N.M. The file contained information about contract workers throughout the agency's nuclear weapons complex, a department spokesman said. NNSA Administrator Linton Brooks told a House hearing that he learned of the security breach late last September, but did not inform Energy Secretary Samuel Bodman about it. It had occurred earlier that month. Brooks blamed a misunderstanding for the failure to inform either Bodman or Deputy Energy Secretary Clay Sell about the security breach. Brooks' NNSA is a semiautonomous agency within the department and he said he assumed DOE's counterintelligence office would have briefed the two senior officials. "That's hogwash," Rep. Joe Barton, chairman of the Energy and Commerce Committee, told Brooks. "You report directly to the secretary. You meet with him or the deputy every day. ... You had a major breach of your own security and yet you didn't inform the secretary." Bodman first learned of the theft two days ago, according to his spokesman, Craig Stevens. "He's deeply disturbed by the way this was handled," Stevens said. Barton, R-Texas, called for Brooks' resignation because of his failure to inform Bodman and other senior DOE officials of the security failure. The House Energy and Commerce oversight and investigations subcommittee learned of the security lapse late Thursday, on the eve of its hearing on DOE cyber security, said Rep. Ed Whitfield, R-Ky., chairman of the panel. The issue dominated lawmakers' questioning of DOE officials at the hearing. After an open session, the subcommittee continued questioning Brooks and other officials about it at a closed session because of the security implications.

Although the compromised data file was in the NNSA's unclassified computer system - and not part of a more secure classified network that contains nuclear weapons data - the DOE officials would provide only scant information about the incident during the public hearing. Brooks said the file contained names, Social Security numbers, date-of-birth information, a code where the employees worked and codes showing their security clearances. A majority of the individuals worked for contractors and the list was compiled as part of their security clearance processing, he said. Tom Pyke, DOE's official charged with cyber security, said he learned of the incident only a few days ago. He said the hacker, who obtained the data file, penetrated a number of security safeguards in obtaining access to the system. Stevens said Bodman, upon learning of the incident, directed that the individuals be immediately told their information had been compromised. Brooks acknowledged that no attempt was made to notify the individuals until now. He declined to elaborate because of security concerns, but indicated he could tell the lawmakers more in the closed session. "If somebody got that information from your file, wouldn't you be a little concerned if nobody told you?" Rep. Diane DeGette, D-Colo., asked Brooks. "Of course I would," he replied. The Energy Department spends $140 million a year on cyber security, Gregory Friedman, the DOE's inspector general, told the committee. But he said that while improvements have been made, "significant weaknesses continue to exist," making the unclassified computer system vulnerable to hackers. Last fall, a so-called "Red Team" of DOE computer specialists - seeking to test the security safeguards - succeeded in hacking into and gaining control of a DOE facility's computer system, the panel was told. "We had access to sensitive data including financial and personal data.... We basically had domain control," said Glenn Podonsky, director of DOE's Security and Safety Performance Assessment. "We were able to get passwords, go from one account to another." Podonsky did not name the facility. But in response to questioning, he said that during the test it was learned that an actual penetration of a DOE computer system had occurred, leading to the theft of the files containing information about the 1,500 contract workers. from TheInquirer.net, 2006-Jun-5, by Adamson Rust: The Google monster strikes inhuman resources

HUMAN RESOURCE officers are using Google as a supplement to job applications, with would be candidates facing rejection if a search turns up stuff that doesn't fit the corporate profile. Even though a candidate's CV and references may suggest she or he is the perfect soul for a job, the HR bunnies are starting to Google and reject candidates who have interests that could be considered out of the usual. Highly placed sources said that the technique has become common in the USA, with job vetting taking an unusual turn of events. We wonder if our own Mike Magee would ever have got the job if the HR department did a search on Google and discovered the unlikely fact that a Dr Mike Magee advises on health policies, while apparently he's good at poker too? Or what if someone searched for top rumour mongeress Eva Glass only to discover that the would be candidate is part of an adhesion strength study of Eva encapsulants on Glass substrates? A search on Fuad Fudo Abazovic understandably reveals loads of INQ stories. But how come he's ended up in a fishing forum? More worryingly, the source that told us about the HR stuff also said it's a growing practice in the USA for people to do a search on suitable partners by Googling them before they'll accept a date. * DISCLOSURE A search on Google for my name reveals that I've been dissed by Gizmodo for spending too much time down the pub. I wish. from the Associated Press, 2006-Jun-7, by Allison Linn: Microsoft plans better disclosures of tool SEATTLE - Microsoft Corp. acknowledged Wednesday that it needs to better inform users that its tool for determining whether a computer is running a pirated copy of Windows also quietly checks in daily with the software maker. The company said the undisclosed daily check is a safety measure designed to allow the tool, called Windows Genuine Advantage, to quickly shut down in case of a malfunction. For example, if the company suddenly started seeing a rash of reports that Windows copies were pirated, it might want to shut down the program to make sure it wasn't delivering false results. "It's kind of a safety switch," said David Lazar, who directs the Windows Genuine Advantage program. Lazar said the company added the safety measure because the piracy check, despite widespread distribution, is still a pilot program. He said the company was worried that it might have an unforeseen emergency that would require the program to terminate quickly.

But he acknowledged that Microsoft should have given users more information about the daily interactions. "We're looking at ways to communicate that in a more forward manner," he said. Lazar also said the company plans to tweak the program soon so that it will only check in with Microsoft every two weeks, rather than daily. The tool, part of the Redmond company's bid to thwart widespread piracy, is being distributed gradually to people who have signed up to receive Windows security updates. The company expects to have offered it to all users worldwide by the end of the year. Lazar said that so far, about 60 percent of users who were offered the piracy check decided to install it. Once installed, the program checks to make sure the version of Windows a user is running is legitimate, and gathers information such as the computer's manufacturer and the language and locale it is set for. That information-gathering is disclosed in a licensing agreement. But the agreement does not make clear that the program also is designed to "call home" to Microsoft's servers, to make sure that it should keep running. At least every 90 days, the tool also checks again to see if the copy of Windows is legitimate. Lazar said that's because the company sometimes discovers that a copy of Windows that it thought was legitimate is actually pirated. When Microsoft believes a copy of Windows is pirated, the user begins to get a series of reminders that the copy isn't genuine. Such users also are barred from downloading noncritical updates, such as the new version of its Internet Explorer browser. But anyone who has signed up to automatically receive security updates, which repair flaws to prevent Internet attacks, will still get those fixes. Lauren Weinstein, who is co-founder of People for Internet Responsibility and was one of the first people to notice the daily communications to Microsoft, said he understands and sympathizes with Microsoft's desire to control piracy. But he said it's problematic that Microsoft did not disclose all the program's communications with the company. Weinstein said he also was surprised that Microsoft decided to release so widely a tool that it says is in a "pilot" mode and might need to be suddenly shut down. "Really what you're talking about is someone saying, 'Look we've put something on your computer and it might go screwy, so we're going to kind of check in every day,'" he said. from ZD Net UK News, 2006-May-18, by Tom Espiner: Government to force handover of encryption keys Businesses and individuals may soon have to release their encryption keys to the police or face imprisonment, when Part 3 of the RIP Act comes into effect

The UK Government is preparing to give the police the authority to force organisations and individuals to disclose encryption keys, a move which has outraged some security and civil rights experts. The powers are contained within Part 3 of the Regulation of Investigatory Powers Act (RIPA). RIPA was introduced in 2000, but the government has held back from bringing Part 3 into effect. Now, more than five years after the original act was passed, the Home Office is seeking to exercise the powers within Part Three of RIPA. Some security experts are concerned that the plan could criminalise innocent people and drive businesses out of the UK. But the Home Office, which has just launched a consultation process, says the powers contained in Part 3 are needed to combat an increased use of encryption by criminals, paedophiles, and terrorists. "The use of encryption is... proliferating," Liam Byrne, Home Office minister of state told Parliament last week. "Encryption products are more widely available and are integrated as security features in standard operating systems, so the Government has concluded that it is now right to implement the provisions of Part 3 of RIPA... which is not presently in force." Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. Under current anti-terrorism legislation, terrorist suspects now face up to five years for withholding keys. If Part 3 is passed, financial institutions could be compelled to give up the encryption keys they use for banking transactions, experts have warned. "The controversy here [lies in] seizing keys, not in forcing people to decrypt. The power to seize encryption keys is spooking big business," Cambridge University security expert Richard Clayton told ZDNet UK on Wednesday. "The notion that international bankers would be wary of bringing master keys into UK if they could be seized as part of legitimate police operations, or by a corrupt chief constable, has quite a lot of traction," Clayton added. "With the appropriate paperwork, keys can be seized. If you're an international banker you'll plonk your headquarters in Zurich." Opponents of the RIP Act have argued that the police could struggle to enforce Part 3, as people can argue that they don't possess the key to unlock encrypted data in their possession. "It is, as ever, almost impossible to prove 'beyond a reasonable doubt' that some random-looking data is in fact ciphertext, and then prove that the accused actually has the key for it, and that he has refused a proper order to divulge it,"

pointed out encryption expert Peter Fairbrother on ukcrypto, a public email discussion list. Clayton backed up this point. "The police can say 'We think he's a terrorist' or 'We think he's trading in kiddie porn', and the suspect can say, 'No, they're love letters, sorry, I've lost the key'. How much evidence do you need [to convict]? If you can't decrypt [the data], then by definition you don't know what it is," said Clayton. The Home Office on Wednesday told ZDNet UK that it would not reach a decision about whether Part 3 will be amended until the consultation process has been completed. "We are in consultation, and [are] looking into proposals on amendments to RIPA," said a Home Office spokeswoman. "The Home Office is waiting for the results of the consultation" before making any decisions, she said. The Home Office said last week that the focus on key disclosure and forced decryption was necessary due to "the threat to public safety posed by terrorist use of encryption technology". Clayton, on the other hand, argues that terrorist cells do not use master keys in the same way as governments and businesses. "Terrorist cells use master keys on a one-to-one basis, rather than using them to generate pass keys for a series of communications. With a one-to-one key, you may as well just force the terrorist suspect to decrypt that communication, or use other methods of decryption," said Clayton. "My suggestion is to turn on all of Part 3, except the part about trying to seize keys. That won't create such a furore in financial circles," he said. from the San Francisco Chronicle, 2006-May-17, by Bob Egelko: AT&T documents to stay sealed 13:04 PDT SAN FRANCISCO - A federal judge maintained a lid of secrecy today on AT&T documents that allegedly show the company's cooperation with a government electronic surveillance program, and put a privacy-rights group's suit on hold while he considers the Bush administration's request to dismiss the case. The documents were obtained by Marc Klein, a former AT&T technician, who said in a statement that he had seen equipment installed at the company's San Francisco facility in 2003 that would allow the National Security Agency to screen huge volumes of customers' Internet messages. Klein's testimony and supporting documents are the heart of a lawsuit accusing AT&T of illegally turning over phone and Internet data to the federal agency without a warrant or proof of wrongdoing. The Justice Department says the suit must be dismissed because it would expose military secrets.

At today's hearing in San Francisco, the first since the suit was filed in January, Chief U.S. District Judge Vaughn Walker refused AT&T's request to require Klein and the plaintiffs to return their copies of the documents. But Walker also denied requests by the plaintiffs, joined by The Chronicle and other media organizations, to unseal the documents and make them available to the public. The documents may contain trade secrets, as the company contends, and should remain under wraps for now, the judge said. He left the door open for the disclosure of other sealed material, including declarations by Klein and an expert witness, but said the next order of business would be a hearing June 23 on motions by AT&T and the government to dismiss the suit. "These are motions that may very well terminate the litigation at an early stage,'' Walker said. He rejected arguments by the Electronic Frontier Foundation, which filed the suit on behalf of AT&T customers, that he should at the same time consider an injunction that would prohibit the company from turning over any more customer information to the government. The Bush administration's motion to dismiss the case, which the government filed at 1 a.m. Saturday, was based largely on secret arguments and evidence about the surveillance program that have been kept in a government facility and have not yet been presented to Walker. When Justice Department lawyer Carl Nichols urged Walker to read the classified material before ruling on the dismissal motion, the judge asked whether that would be fair to the plaintiffs, who will not have access to that material when they argue against the motion. "That is how it has to be done,'' Nichols replied. "To do otherwise would be to disclose facts, the result of which would be harmful to national security.'' Electronic Frontier Foundation lawyer Cindy Cohn contended that the suit against AT&T could be decided without delving into state secrets, by determining whether the company had disclosed customer information to the government without legal authority. But AT&T lawyer Bradford Berenson -- who described the company as "an innocent bystander'' in a dispute between the plaintiffs and the government -said the question of whether the government had authorized the alleged disclosures may also involve state secrets. from the Los Angeles Times, 2005-May-12, by Joseph Menn and James S. Granelli: As Tech Advances, Privacy Laws Lag Businesses that use advanced tools to track data are caught between customers' expectations of privacy and official demands for access. Never has it been so easy to know so much about so many.

Thursday's disclosure that three of the nation's biggest telephone companies gave customer calling records to the National Security Agency again demonstrates that technology is rewriting the rules of privacy faster than the law can adapt. And with their powerful database programs tracking a massive amount of personal details of Americans' daily lives, a growing number of companies find themselves sandwiched between the privacy expectations of their customers and the national security demands of the federal government. "It's so easy to say yes," said technology security expert Bruce Schneier. "The government sings a patriotic song, and you want to do what's right. We all want to band together." With the rise of lightning-fast ways to collect, collate and distribute digital data, county sheriffs, credit card companies and even nosy neighbors can dig up private information. But in many cases it is the federal government that has been looking over the public's virtual shoulder. The NSA program is the most recent example of how personal data collected for commercial purposes can be used in unexpected ways. "You have to think about how that information could be misused or used too zealously," said constitutional law professor Martin S. Flaherty of Fordham Law School in New York. "At the end of the day, you're still talking about information on private parties." The data collected by the NSA over the last four years did not routinely include individual names. The NSA is barred from deliberately tracking U.S. residents. Instead, the data were used to map calling patterns in search of clues to help identify terrorist activity. Even so, civil liberties advocates said the effort raised questions about the government's willingness to use technology to skirt privacy laws. "This is the most comprehensive surveillance of the American public ever undertaken by the American government," said Marc Rotenberg, executive director of the Electronic Information Policy Center. Said attorney Kevin Bankston of the Electronic Frontier Foundation: "There is simply no legal process for this kind of wholesale invasion of privacy. What they claim to be doing with the data is irrelevant because the fact is they could do whatever they choose without any oversight." The foundation already is suing AT&T Corp. the largest of the companies that provided data to the NSA over previously disclosed cooperation with the spy agency. That case cites a December report in the Los Angeles Times that the company gave the NSA access to a database cataloging all of its calling records.

The foundation also accuses AT&T of maintaining a room in its main San Francisco switching office with equipment that received copies of all e-mail and digitized voice traffic transmitted through the site. The room was accessible only to people cleared by the NSA, former employees said. AT&T declined to comment. Federal intelligence authorities are finding cooperative partners in corporate America, particularly in the wake of the 9/11 attacks on New York and the Pentagon. Companies maintain detailed records on their customers, generally for marketing purposes. Credit card companies can track every purchase and use that information to make customized offers to consumers. Online retailers such as Amazon.com Inc. have software with the uncanny ability to recommend purchases. Search engines that catalog queries can reveal the changing zeitgeist. Companies that have made blunders on privacy issues sometimes have suffered a backlash while others that safeguarded customer information against outside perusal have won plaudits. Data broker ChoicePoint Inc. saw its stock fall sharply last year, after its databases were infiltrated by identity thieves. Some Internet users switched to Verizon Communications Inc. after it fought recording industry requests to identify customers suspected of piracy. And Google Inc. was hailed by privacy advocates for fighting subpoenas for millions of search queries while other Internet companies complied. The release of phone records resonates because calls have been presumed to be private for decades. Unlike other companies, phone carriers are barred from revealing anything without a court order. Of the four phone companies the NSA asked for information about customer calls, only Qwest Communications International Inc. refused. Qwest declined to comment Thursday on what it said were "matters related to national security." The other carriers Verizon, BellSouth Corp. and AT&T Inc. said they followed the law. "For many years, we have cooperated with law enforcement and did that under applicable laws," Verizon spokesman Eric W. Rabe said. "Nothing's changed. Certainly, we also think we take our customers' privacy extremely importantly." Telecommunications industry insiders, speaking without attribution because of the sensitivity of the NSA's activities, described the massive data collection to determine calling patterns as benign.

"This was about traffic patterns, aggregate calling from one place to another, [not] tracing a particular call," one said. Other communications companies, such as Internet service provider EarthLink Inc., said they would object to such a broad request. Les Seagraves, EarthLink's chief privacy officer, said his company responded to law-enforcement and intelligence requests, but regarding only one customer at a time. No broader monitoring is allowed, and "no agency has carte blanche," Seagraves said. Former NSA Director Bob Inman said the use of telephone and other databases might not have violated privacy rights. That's because the initial explorations were automated and personal information wouldn't have spread any further in most cases a position supported by a former Bush administration official familiar with the monitoring program. "Computers may have sorted through hundreds of millions of messages without a person ever seeing it. So no one's e-mail or phone call has been compromised," Inman said. "The problem only starts when the information goes to an analyst to read." Legal experts were less sanguine. "Substantively, I don't really care if they know my address and phone number and my calling habits," said Frank Pasquale, an associate professor at Seton Hall Law School in New Jersey. "But if all the systems of checks and balances are torn down, then that's a matter for concern. How far can they go?" A key law regulating the NSA's domestic activities is 1978's Foreign Intelligence Surveillance Act, or FISA, which was prompted by a congressional investigation begun three years earlier over a Central Intelligence Agency spy campaign. Without warrants, the CIA had intercepted international mail and telegrams headed to the Soviet Union and other Communist nations for 20 years. "The total number of mail and messages intercepted was in the millions, and testimony in Congress showed that the intelligence yield was pretty thin," said Bruce Fein, a former Federal Communications Commission general counsel. "Now we have the ability to track massive amounts of information. We don't even know the full scope of the NSA's activities." Fein disputed the Bush administration's contention that regulations needed to adapt to the realities of fighting terrorism. When FISA was passed, he noted, the U.S. had intercontinental missiles aimed at it, and the Cold War was in full force. "To think all the world changed with 9/11 is wrong," he said. "There have always been threats we faced."

Flaherty, the Fordham law professor, said modern technology had raised possibilities no one could envision in 1934, when many of the original laws that still govern telecommunications companies were passed. "Government is sitting on a huge database," he said, "and you have to think about how that information could be misused or used too zealously." from CNET News.com, 2006-May-5, by Declan McCullagh: Appeals court takes dim view of Net-tapping rules WASHINGTON--A federal appeals court suggested on Friday that government regulations levying extensive Internet wiretapping requirements on universities and libraries may go too far. The U.S. Court of Appeals here sharply questioned whether the Federal Communications Commission exceeded its legal authority last year when it ordered "any type of broadband Internet access service" and many Net phone services to rewire their networks for police convenience. Judge Harry Edwards repeatedly pressed a government attorney who had argued that a 1994 law permitted the FCC to extend wiretapping rules to the Internet, even though the U.S. Congress had referred only to telephone networks. "This is wholly ridiculous," Edwards said, saying that Congress' meaning was clear. The FCC's argument "is such gobbledygook, it's really funny.... It's utter nonsense." The Bush administration had pressed for these Net surveillance rules for years, saying they were necessary to make it easier to catch "criminals, terrorists and spies" who would otherwise be able to evade detection. But the organizations behind the lawsuit say Congress never intended to force broadband providers--and networks at corporations and universities--to build in central surveillance hubs for the police. The list of organizations includes Sun Microsystems, Pulver.com, the American Association of Community Colleges, the Association of American Universities and the American Library Association. Judge David Sentelle suggested that the three-judge panel may effectively split the difference, striking down the FCC's regulation of broadband providers but permitting it to impose wiretapping rules on voice over Internet Protocol, or VoIP, companies. "They have to be wrong on at least voice over" Internet Protocol, Sentelle said, referring to the library, education and other groups that filed the lawsuit. Added Edwards: "I don't see how counsel can argue with a straight face" that VoIP could not be covered by the 1994 law, the Communications Assistance for

Law Enforcement Act. CALEA did specify that services that begin to supplant traditional phone service could be covered by the rules. Even without the FCC rules that are scheduled to take effect in May 2007, police have the legal authority to conduct Internet wiretaps--that's precisely what the FBI's Carnivore system was designed to do. Still, the FBI has claimed, the need for "standardized broadband intercept capabilities is especially urgent in light of today's heightened threats to homeland security and the ongoing tendency of criminals to use the most clandestine modes of communication." According to the groups that sued the government, the FCC is "relying on an interpretation of CALEA that is contrary to the plain meaning of the statute, arbitrary and capricious, and otherwise not in accordance with law." In other news: At least on the question of whether CALEA covers broadband providers, Edwards seemed sympathetic. "A telephone isn't an orange," Edwards told Jacob Lewis, the FCC's associate general counsel. "And just because it's in a new statute you can't say it's a fruit." In an unusual twist, some of the FCC commissioners who unanimously approved the wiretapping rules have acknowledged that the agency was on shaky legal ground. Then-Commissioner Kathleen Abernathy, for instance, said at the time that she had "concern that an approach like the one we adopt today is not without legal risk." Earlier this week, the FCC unanimously reaffirmed its Internet wiretapping regulations and said that universities and other companies that would be affected would have to pick up their own costs for the network upgrades. from the Washington Post via the San Francisco Chronicle, 2006-Mar-23, p. A14, by Charles Lane: High court confirms limits on warrantless police searches Washington -- The Supreme Court narrowed police search powers Wednesday, ruling that officers must have a warrant to look for evidence in a couple's home unless both partners present agree to let them in. The 5-3 decision sparked a sharp exchange among the justices. The majority portrayed the decision as striking a blow for privacy rights and gender equality; dissenters said it could undermine police efforts against domestic violence, the victims of which are often women. The ruling upholds a 2004 decision of the Georgia Supreme Court, but it still makes a significant change in the law nationwide, because most other lower federal and state courts had previously said police could search with the consent of one of two adults living together. Now, officers must first ask a judicial officer for a warrant in such cases.

Justice David Souter's majority opinion said the consent of one partner is inadequate because of "widely shared social expectations" that adults living together each have veto power over who can enter their living space. That makes a warrantless search based on only one partner's consent "unreasonable" and, therefore, unconstitutional. "(T)here is no common understanding that one co-tenant generally has a right or authority to prevail over the express wishes of another, whether the issue is the color of the curtains or invitations to outsiders," Souter wrote. Chief Justice John Roberts, writing his first dissent since joining the court in October, said the ruling's cost would be great, especially in domestic disputes. Roberts wrote that the ruling made no sense, given that the court previously said it is constitutional for police to enter a house with the permission of one partner when the other is asleep or absent. Those rulings were unchanged by Wednesday's decision. Just by agreeing to live with someone else, a co-tenant has surrendered a good deal of the privacy that the Constitution's Fourth Amendment was designed to protect, Roberts argued. "The majority's rule apparently forbids police from entering to assist with a domestic dispute if the abuser whose behavior prompted the request for police assistance objects," he wrote. Souter called that argument a "red herring," saying police still have legal authority to enter homes where one partner is truly in danger. "(T)his case has no bearing on the capacity of the police to protect domestic victims," Souter wrote. "No question has been raised, or reasonably could be, about the authority of the police to enter a dwelling to protect a resident from domestic violence; so long as they have good reason to believe such a threat exists." Souter said Roberts was guilty of declaring that "the centuries of special protection for the privacy of the home are over." Souter's opinion was joined by Justices John Paul Stevens, Anthony Kennedy, Ruth Bader Ginsburg and Stephen Breyer. Breyer backed Souter with a separate opinion that said his decisive fifth vote was cast on the understanding that Souter's analysis applies to cases such as this one, in which police were searching for evidence of a crime, rather than intervening in a violent dispute. The case arose out of a 2001 quarrel over child custody at the home of Janet and Scott Randolph in Americus, Ga. When officers arrived, she told them where to find his cocaine. An officer asked Scott Randolph for permission to search the

house. He refused, but she said yes -- and led them to a straw covered in cocaine crystals. Scott Randolph was arrested and indicted for cocaine possession. Georgia's Supreme Court ultimately ruled that the evidence should be suppressed, because it was gathered without a warrant. Justices Antonin Scalia and Clarence Thomas also dissented. Justice Samuel Alito did not vote because he was not yet on the court in November, when the case was argued. The main argument between Souter and Roberts was accompanied by a skirmish between Stevens and Scalia, who used the case as an opportunity to make points in the court's long-running dispute over Scalia's view that the Constitution should be interpreted in light of the Framers' original intent. In a brief concurring opinion, Stevens noted that the court's ruling was based on the concept that neither a husband nor a wife is "master" of the house in the eyes of the law. But at the time the Bill of Rights was drafted, he wrote, only a husband's consent or objection would have been taken into account. Thus, he wrote, "this case illustrates why even the most dedicated adherent to an approach ... that places primary reliance on a search for original understanding would recognize the relevance of changes in our society." Scalia fired back at "Justice Stevens' 'attempted critique' of originalism," arguing that the ruling is unlikely to benefit women. "Given the usual patterns of domestic violence," he wrote, "how often can police be expected to encounter the situation in which a man urges them to enter the home while a woman simultaneously demands they stay out?" The case is Georgia vs. Randolph, No. 04-1067. from the International Herald Tribune (New York Times in Paris), 2005-Dec-15, by Kevin J. O'Brien: Data law passed in EU seen as restrictive BERLIN The European Parliament on Wednesday passed an anti-terror law requiring Internet service providers and telephone companies in the 25-nation European Union to keep phone and Web site records on their customers for as long as two years. By a vote of 378 to 197, with 30 abstentions, European lawmakers meeting in Strasbourg passed what one privacy advocate opposed to the plan called "one of the most restrictive surveillance laws in the world," exceeding the level of communications monitoring allowed in United States.

"The EU plans to fingerprint all of its citizens, monitor all communications transactions and surveil all movement and travel," said Gus Hosein, a senior fellow at Privacy International, a London-based watchdog, and a visiting lecturer at the London School of Economics. "All these policies have been rejected by the U.S., but are now law in Europe." European lawmakers, who had been deadlocked on the issue for more than three years, adopted a plan proposed by Home Secretary Charles Clarke of Britain that narrowed the amount of data required to be stored to overcome objections from telecommunications businesses concerned about the costs. Under the new law, telecommunications companies that do not currently store data on unsuccessful calls - which is the majority of operators - will not be required to do so. Also, operators will only be required to keep data that locates a mobile call by its geographic cell at the beginning of the call, not throughout an entire conversation. "While these concessions represent some improvement for European telecom companies, the new law still imposes significant burdens on the industry," said Michael Bartholomew, director of the European Telecommunications Network Operators' Association, a Brussels group representing 41 operators. Bartholomew questioned the effectiveness and feasibility of the law in stopping terrorists, who could simply use U.S.-based e-mail services not subject to EU scrutiny. He also criticized the lack of any provision to reimburse operators for costs of data storage. One European telecommunications company executive echoed those sentiments. "In my opinion, this law is definitely not going to hinder terrorism," said Carl Mhlner, the chief executive of Tiscali Deutschland, an Internet service provider based in Dreieich, Germany. Tiscali, like most German Internet providers, currently stores data on customer Web site visits and e-mail exchanges for up to three months - the maximum permitted under German law. Mhlner predicted that the new EU law would bring a "significant increase in operating costs that could amount to several million euros." Proponents of the law said it would give European law enforcement officials a powerful weapon to track terrorists. The law would require phone operators to store data on completed calls, and Internet providers to log customer Web site visits, from six months to two years. Each EU member state, which must adopt the measure into local law before it can take effect, will determine how long data is kept. Only connected calls, e-mail exchanges and Web site visits will be recorded, not the content of individual conversations or e-mails. from USA Today, 2006-Feb-14, by Judy Keen: Daley wants security cameras at bars

CHICAGO Surveillance cameras aimed at government buildings, train platforms and intersections here might soon be required at corner taverns and swanky nightclubs. Mayor Richard Daley wants to require bars open until 4 a.m. to install security cameras that can identify people entering and leaving the building. Other businesses open longer than 12 hours a day, including convenience stores, eventually would have to do the same. Daley's proposed city ordinance adds a dimension to security measures installed after the Sept. 11 attacks. The proliferation of security cameras especially if the government requires them in private businesses troubles some civil liberties advocates. "There is no reason to mandate all of those cameras unless you one day see them being linked up to the city's 911 system," says Ed Yohnka of the Illinois American Civil Liberties Union. "We have perhaps reached that moment of critical mass when people ... want to have a dialogue about how much of this is appropriate." Milwaukee is considering requiring cameras at stores that have called police three or more times in a year. The Baltimore County Council in Maryland ordered large malls to put cameras in parking areas after a murder in one garage last year. The measure passed despite objections from business groups. "We require shopping centers to put railings on stairs and install sprinkler systems for public safety. This is a proper next step," says Baltimore County Councilman Kevin Kamenetz, who sponsored the ordinance. Some cities aren't going along. Schenectady, N.Y., shelved a proposal that would have required cameras in convenience stores. "The safer we make the city, the better it is for everyone," says Chicago Alderman Ray Suarez, who first proposed mandatory cameras in some businesses. "If you're not doing anything wrong, what do you have to worry about?" Nick Novich, owner of three Chicago bars, worries about the cost. "Every added expense ... puts a small business in greater jeopardy of going out of business," he says. Daley says cameras will deter crime, but Novich says, "That's what we're paying taxes for." Colleen McShane, president of the Illinois Restaurant Association, says the proposal, which Daley announced last week, is an unfair burden on small businesses. "This is once again more government intrusion," she says. Some business owners say cameras make patrons feel safer. Cameras are in all 30 Chicago bars, clubs and restaurants owned by Ala Carte Entertainment,

spokeswoman Julia Shell says: "It's far more cost-effective for us to have them than not to have them." By spring, 30 Chicago intersections will have cameras to catch drivers who run red lights. More than 2,000 cameras around the city are linked to an emergency command center, paid for in part by federal homeland security funds. The newest "smart" cameras alert police when there's gunfire or when someone leaves a package or lingers outside public buildings. The system is based on the one in London that helped capture suspected terrorists after last summer's subway bombings. Chicago is installing those sophisticated camera systems more aggressively than any other U.S. city, says Rajiv Shah, an assistant professor at the University of Illinois-Chicago who studies the policy implications of surveillance technology. Recording what people do in public "is just getting easier and cheaper to do," he says. "Think of your camera cellphone." from the Los Angeles Times, 2006-Jan-19, by Jesus Sanchez: Google Resists Fed Efforts to Secure Records in Porn Probe Federal prosecutors are trying to force Google Inc. to turn over user requests and website addresses stored in its massive Internet search engine to help the government defend a law protecting minors from online porn and other harmful material. The U.S. Justice Department, in papers filed with the U.S. District Court in San Jose on Wednesday, said that Google has refused to comply with the request for information but that other, unnamed search engine operators have cooperated. The government requested that the court order Google, which operates the Internet's most heavily used search engine, to turn over the necessary records. "The production of those materials would be of significant assistance to the government's preparation of its defense of the constitutionality of this important statue," prosecutors said in the court filing. Google has refused to comply with these requests in any way." Prosecutors are asking Mountain View, Calif.-based Google for the text of search engine requests made during a one-week period and a random selection of one million website addresses stored in the company's databases. Google has refused to cooperate in part because compliance would prove to be an "undue burden" and may reveal trade secrets, the government said in its filing. Google attorney Nicole Wong told the San Jose Mercury News that the company will continue to "vigorously" oppose the government's efforts. "Google is not a party to this lawsuit, and the demand for the information is overreaching."

The information is needed to help the government defend a challenge filed by the American Civil Liberties Unions against enforcement of the Child Online Protection Act. Federal prosecutors say the information from Google and other search engines will be used to help support their contention that the law is more effective than online filtering software to protect children from online pornography. Prosecutors said the privacy of Google users would be protected because it only wants the text of their requests, not their identities. The court papers noted that other search engine operators, who were not identified, had provided similar information. "Google thus should have no difficulty in complying in the same way as its competitors have," the government said. More than 380 million visitors worldwide use the Google site each month to search the web for information, the company said. from the Los Angeles Times, 2006-Mar-18, by Chris Gaither: U.S. Is Denied Google Queries Privacy activists hail a federal judge's ruling. But he orders the search engine to reveal some information about websites in its database. A federal judge Friday denied a Justice Department demand for access to some Internet search queries of Google Inc. users in a closely watched case testing the limits of online privacy. The ruling by U.S. District Judge James Ware in San Jose was a victory for Google, which argued that handing over the records would violate the privacy of people who might scour the Internet with terms as diverse as "best-actor nominees," "third trimester abortion" or "pipe bomb." Although Ware required Google to reveal some information about the websites in its database, he ordered the government to reimburse the Mountain View, Calif., company for the time and expense required to comply. But for Google a quirky dot-com with the corporate mantra "Don't be evil" the more important issue was whether it could restrict access to potentially revealing queries. "We will always be subject to government subpoenas, but the fact that the judge sent a clear message about privacy is reassuring," said Google's associate general counsel, Nicole Wong. "What his ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies."

Privacy advocates cheered the decision as a check on the Bush administration's efforts to collect information about people, but noted that the trove of personal data gathered and stored by sites like Google was irresistible to investigators. "This issue is going to come up over and over again," said Cindy Cohn, legal director of the Electronic Frontier Foundation. "I don't think this should make anybody very comfortable about the future. Google still has this stuff and people will still try to seek it." Atty. Gen. Alberto R. Gonzales issued subpoenas to Google and three other top Internet companies last year, seeking details of potentially billions of search queries as part of an investigation into online pornography. The Justice Department also demanded a sample of the millions of websites archived in the search engines' databases. The other companies Yahoo Inc., Microsoft Corp. and America Online Inc. complied at least in part. Google executives balked and the case became a test of the government's reach in the Internet Age. Yahoo, Microsoft and America Online declined to comment after Ware's ruling late Friday. Those companies have said that the information they provided did not violate users' privacy, because it did not include names or computer addresses. Even so, the disclosure alarmed civil liberties advocates, who feared that the searches could reveal private information and that the government could pass alarming queries to criminal investigators. "People for too long thought they were anonymous on the Internet," said Andrew Serwin, an attorney specializing in privacy and Internet law. "People now realize they're not." Justice Department officials could not be reached late Friday. Federal lawyers earlier this week slashed their Google request to 5,000 randomly selected search terms entered by users and 50,000 website addresses in the company's searchable index. The government previously had requested a week's worth of queries, which could have numbered in the billions, as well as a million indexed Web addresses. Ware granted the request for the Web addresses but declined to force Google to release the queries. He wrote in his 21-page ruling that he was balancing the government's need to gather data against Google's expectation that it could operate without undue interference or fear that its trade secrets might be revealed. Google lawyers argued at a hearing Tuesday that the company's search engine was popular in part because users trusted that their personal information would be guarded.

"The expectation of privacy by some Google users may not be reasonable, but may nonetheless have an appreciable impact on the way in which Google is perceived, and consequently the frequency with which users use Google," Ware wrote. Federal laws generally require a search warrant or court order to procure electronic information without a user's permission, not the simple subpoena presented to Google. Government lawyers had requested the data for an unrelated civil lawsuit regarding the Child Online Protection Act, a 1998 law blocked by a federal court. The Justice Department, seeking to restore the law, said it would use the information from search engines only to test how well Internet filters prevent children from accessing potentially harmful websites. Deirdre Mulligan, a law profesor at UC Berkeley, called the government's request to Google "a fishing expedition." "It's the same as going into a medical clinic and saying, 'The last few people who came in, what diseases did they ask you about?' " Mulligan said. from TheInquirer.net, 2006-Jan-23, by Nick Farrell: Media rounds on Google Someone is being spun, claim FANS OF Google are starting to complain that the media is misreporting the search outfit's defiance of the Bush Government. Google refused a request from the government to hand over data on its searchers. This was widely reported as Google stopping a Bush government initiative on child porn. According to Google watcher Philipp Lenssen, the media seems to have been spun a line, as the law in question had nothing to do with child porn. The law was to make sure that webmasters did more to restrict children from viewing pornographic material. It is another gasp of the Child Online Protection Act, which just didn't get through in the past, and which the Bush administration wants to revive. It wanted Google to hand over (search logs and indexed URLs to prove the law is needed. Writing in his bog, Lenssen said that the first story appeared in the Mercury News and has been copied ever since. He gives a list of newspapers who have copied the mishtake here. The problem is that it makes Google look like the bad guy defending child porn, rather than an outfit preventing censorship and privacy. from MarketWatch.com, 2006-Jan-21, by John Shinal:

Internet privacy in China and the U.S. Commentary: Google's battle has broad implications SAN FRANCISCO -- I'm not sure what's more troubling -- the fact that the U.S. government wanted to get its hands on the Internet search results of millions of its citizens, or that some of the leading search firms were so quick to provide the data. Privacy -- or the lack of it -- on the Internet came screaming to the front burner this week on the news that Google Inc. was the only one of four major U.S. search engines to refuse a Justice Department subpoena to provide information on its users' search results. Not that Google has always been the white knight. Like Yahoo Inc. and Microsoft Corp., Google has previously responded to government requests -- in China -- to censor or turn over its data. Rather than tracking down and jailing dissidents, as the Chinese government did with information provided by Yahoo, the subpoena by U.S. Attorney General Alberto Gonzales is part of an effort to revive a 1998 law designed to protect children from seeing or being exploited by online pornography. The U.S. Supreme Court struck down the law as too broad in 2004, saying, among other things, that the government should give Web-filtering software a chance to work. See archived story. Trolling through two month's worth of random results at the world's leading search engine, as the government's original subpoena requested, presumably would give Justice Department investigators a good read on what percentage of those searches were for child porn. But some privacy advocates, coming to Google's defense, called the effort a fishing expedition that completely disregards the privacy of the millions of browsers who conduct innocent searches. "This could have a chilling effect on how people use the Internet," said Evan Hendricks, who's edited and published Privacy Times newsletter in Washington, D.C., since 1981. Even more troubling to Hendricks was that Google's search rivals, including Yahoo Inc. declined to comment on whether it received a subpoena, but a lawyer for the American Civil Liberties Union, which sued to overturn the 1998 law, told MarketWatch the software giant did. Although AOL and Yahoo said they complied in a limited way that would keep its search users anonymous, Hendricks was skeptical of that guarantee. "There's no way to be sure that those search results can't be used later to track people down for all sorts of reasons," he said.

One privacy lawyer not involved in the case agreed. Under the Electronic Communication Privacy Act, government prosecutors have fairly wide latitude to subpoena emails and other electronic communications if they have probable cause to believe a crime has been committed, said Andrew Serwin, a partner with the law firm Foley & Lardner LLP. If an individual user had made thousands of searches for child porn, for example, "there's nothing stopping federal prosecutors from issuing another subpoena to learn the Internet address of the person who made those requests," said Serwin. I would argue that anyone exploiting children over the Internet deserves to be tracked down and prosecuted. But what if the government decided to use the same method to track down people who used questionable tax shelters? How much right should the government have to use private-sector records to troll for possible criminal activity? "As a society, we have to decide how far the government can go to establish probable cause" that a crime has been committed, Serwin said. Google has already paid a price for its refusal, at least in the stock market. Shares of the Mountain View, Calif.-based firm, whose stock has risen five-fold since it went public in August 2004, suffered their biggest percentage drop ever Friday. See full story. On a day when the broader technology sector suffered its biggest point drop in more than two years, it's unclear whether the drop was due to general investor bearishness or fears that Internet users may be more reluctant to use search engines if they know the results could be reviewed by law enforcement agencies. Google's shares dropped more than those of Yahoo, Microsoft and Time-Warner, which complied with the subpoena. Part of the Google bearishness stems from the cost that Google might incur from a protracted legal fight. If Google decides to go to court, its success in resisting the government would turn on whether the government's request is allowed under a part of the Electronic Communication Privacy Act that deals with stored communications. That law, according to Serwin, is "cumbersome, difficult to understand and has been interpreted in many ways" by various courts. "As written, it's a bad law," he said. So much gray area makes it likely that the two sides may choose to compromise, rather than slug it out before a judge.

Google obviously has other things to do, like figure out how to get their search results on iPods. And should the government pursue the case and lose, its antiporn efforts would be hamstrung. Still, another privacy watcher said it's important that Google stand on principle. "It's important that they fight this, or else every prosecutor is going to start using Google as its research service," said Jim Harper, director of information policy studies at the Cato Institute, a Washington, D.C., think tank. Given the experience of Internet companies in China, it's important to draw the line now, according to Harper. Last month, Microsoft Corp.'s MSN unit pulled the plug on a Chinese blogger who discussed politically-sensitive issues. Yahoo has also shared such data, which led to the conviction and jailing of a journalist, and Google itself has agreed to make its search results in that country amenable to surveillance. "This request (for Google's data) is disturbing because it's the nose under the camel's tent," Harper said. If we're not careful, control and censorship of Internet data in this country "could look more like China than we thought possible," he said. from the New York Times, 2005-Dec-16, by James Risen and Eric Lichtblau: Bush Lets U.S. Spy on Callers Without Courts WASHINGTON, Dec. 15 - Months after the Sept. 11 attacks, President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity without the court-approved warrants ordinarily required for domestic spying, according to government officials. Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible "dirty numbers" linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications. The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major shift in American intelligencegathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches. "This is really a sea change," said a former senior official who specializes in national security law. "It's almost a mainstay of this country that the N.S.A. only does foreign searches."

Nearly a dozen current and former officials, who were granted anonymity because of the classified nature of the program, discussed it with reporters for The New York Times because of their concerns about the operation's legality and oversight. According to those officials and others, reservations about aspects of the program have also been expressed by Senator John D. Rockefeller IV, the West Virginia Democrat who is the vice chairman of the Senate Intelligence Committee, and a judge presiding over a secret court that oversees intelligence matters. Some of the questions about the agency's new powers led the administration to temporarily suspend the operation last year and impose more restrictions, the officials said. The Bush administration views the operation as necessary so that the agency can move quickly to monitor communications that may disclose threats to the United States, the officials said. Defenders of the program say it has been a critical tool in helping disrupt terrorist plots and prevent attacks inside the United States. Administration officials are confident that existing safeguards are sufficient to protect the privacy and civil liberties of Americans, the officials say. In some cases, they said, the Justice Department eventually seeks warrants if it wants to expand the eavesdropping to include communications confined within the United States. The officials said the administration had briefed Congressional leaders about the program and notified the judge in charge of the Foreign Intelligence Surveillance Court, the secret Washington court that deals with national security issues. The White House asked The New York Times not to publish this article, arguing that it could jeopardize continuing investigations and alert would-be terrorists that they might be under scrutiny. After meeting with senior administration officials to hear their concerns, the newspaper delayed publication for a year to conduct additional reporting. Some information that administration officials argued could be useful to terrorists has been omitted. Dealing With a New Threat While many details about the program remain secret, officials familiar with it say the N.S.A. eavesdrops without warrants on up to 500 people in the United States at any given time. The list changes as some names are added and others dropped, so the number monitored in this country may have reached into the thousands since the program began, several officials said. Overseas, about 5,000 to 7,000 people suspected of terrorist ties are monitored at one time, according to those officials. Several officials said the eavesdropping program had helped uncover a plot by Iyman Faris, an Ohio trucker and naturalized citizen who pleaded guilty in 2003 to supporting Al Qaeda by planning to bring down the Brooklyn Bridge with

blowtorches. What appeared to be another Qaeda plot, involving fertilizer bomb attacks on British pubs and train stations, was exposed last year in part through the program, the officials said. But they said most people targeted for N.S.A. monitoring have never been charged with a crime, including an Iranian-American doctor in the South who came under suspicion because of what one official described as dubious ties to Osama bin Laden. The eavesdropping program grew out of concerns after the Sept. 11 attacks that the nation's intelligence agencies were not poised to deal effectively with the new threat of Al Qaeda and that they were handcuffed by legal and bureaucratic restrictions better suited to peacetime than war, according to officials. In response, President Bush significantly eased limits on American intelligence and law enforcement agencies and the military. But some of the administration's antiterrorism initiatives have provoked an outcry from members of Congress, watchdog groups, immigrants and others who argue that the measures erode protections for civil liberties and intrude on Americans' privacy. Opponents have challenged provisions of the USA Patriot Act, the focus of contentious debate on Capitol Hill this week, that expand domestic surveillance by giving the Federal Bureau of Investigation more power to collect information like library lending lists or Internet use. Military and F.B.I. officials have drawn criticism for monitoring what were largely peaceful antiwar protests. The Pentagon and the Department of Homeland Security were forced to retreat on plans to use public and private databases to hunt for possible terrorists. And last year, the Supreme Court rejected the administration's claim that those labeled "enemy combatants" were not entitled to judicial review of their open-ended detention. Mr. Bush's executive order allowing some warrantless eavesdropping on those inside the United States - including American citizens, permanent legal residents, tourists and other foreigners - is based on classified legal opinions that assert that the president has broad powers to order such searches, derived in part from the September 2001 Congressional resolution authorizing him to wage war on Al Qaeda and other terrorist groups, according to the officials familiar with the N.S.A. operation. The National Security Agency, which is based at Fort Meade, Md., is the nation's largest and most secretive intelligence agency, so intent on remaining out of public view that it has long been nicknamed "No Such Agency." It breaks codes and maintains listening posts around the world to eavesdrop on foreign governments, diplomats and trade negotiators as well as drug lords and terrorists. But the agency ordinarily operates under tight restrictions on any spying on Americans, even if they are overseas, or disseminating information about them.

What the agency calls a "special collection program" began soon after the Sept. 11 attacks, as it looked for new tools to attack terrorism. The program accelerated in early 2002 after the Central Intelligence Agency started capturing top Qaeda operatives overseas, including Abu Zubaydah, who was arrested in Pakistan in March 2002. The C.I.A. seized the terrorists' computers, cellphones and personal phone directories, said the officials familiar with the program. The N.S.A. surveillance was intended to exploit those numbers and addresses as quickly as possible, they said. In addition to eavesdropping on those numbers and reading e-mail messages to and from the Qaeda figures, the N.S.A. began monitoring others linked to them, creating an expanding chain. While most of the numbers and addresses were overseas, hundreds were in the United States, the officials said. Under the agency's longstanding rules, the N.S.A. can target for interception phone calls or e-mail messages on foreign soil, even if the recipients of those communications are in the United States. Usually, though, the government can only target phones and e-mail messages in the United States by first obtaining a court order from the Foreign Intelligence Surveillance Court, which holds its closed sessions at the Justice Department. Traditionally, the F.B.I., not the N.S.A., seeks such warrants and conducts most domestic eavesdropping. Until the new program began, the N.S.A. typically limited its domestic surveillance to foreign embassies and missions in Washington, New York and other cities, and obtained court orders to do so. Since 2002, the agency has been conducting some warrantless eavesdropping on people in the United States who are linked, even if indirectly, to suspected terrorists through the chain of phone numbers and e-mail addresses, according to several officials who know of the operation. Under the special program, the agency monitors their international communications, the officials said. The agency, for example, can target phone calls from someone in New York to someone in Afghanistan. Warrants are still required for eavesdropping on entirely domestic-to-domestic communications, those officials say, meaning that calls from that New Yorker to someone in California could not be monitored without first going to the Federal Intelligence Surveillance Court. A White House Briefing After the special program started, Congressional leaders from both political parties were brought to Vice President Dick Cheney's office in the White House. The leaders, who included the chairmen and ranking members of the Senate and House intelligence committees, learned of the N.S.A. operation from Mr. Cheney, Lt. Gen. Michael V. Hayden of the Air Force, who was then the agency's director and is now a full general and the principal deputy director of national intelligence, and George J. Tenet, then the director of the C.I.A., officials said.

It is not clear how much the members of Congress were told about the presidential order and the eavesdropping program. Some of them declined to comment about the matter, while others did not return phone calls. Later briefings were held for members of Congress as they assumed leadership roles on the intelligence committees, officials familiar with the program said. After a 2003 briefing, Senator Rockefeller, the West Virginia Democrat who became vice chairman of the Senate Intelligence Committee that year, wrote a letter to Mr. Cheney expressing concerns about the program, officials knowledgeable about the letter said. It could not be determined if he received a reply. Mr. Rockefeller declined to comment. Aside from the Congressional leaders, only a small group of people, including several cabinet members and officials at the N.S.A., the C.I.A. and the Justice Department, know of the program. Some officials familiar with it say they consider warrantless eavesdropping inside the United States to be unlawful and possibly unconstitutional, amounting to an improper search. One government official involved in the operation said he privately complained to a Congressional official about his doubts about the program's legality. But nothing came of his inquiry. "People just looked the other way because they didn't want to know what was going on," he said. A senior government official recalled that he was taken aback when he first learned of the operation. "My first reaction was, 'We're doing what?' " he said. While he said he eventually felt that adequate safeguards were put in place, he added that questions about the program's legitimacy were understandable. Some of those who object to the operation argue that is unnecessary. By getting warrants through the foreign intelligence court, the N.S.A. and F.B.I. could eavesdrop on people inside the United States who might be tied to terrorist groups without skirting longstanding rules, they say. The standard of proof required to obtain a warrant from the Foreign Intelligence Surveillance Court is generally considered lower than that required for a criminal warrant - intelligence officials only have to show probable cause that someone may be "an agent of a foreign power," which includes international terrorist groups - and the secret court has turned down only a small number of requests over the years. In 2004, according to the Justice Department, 1,754 warrants were approved. And the Foreign Intelligence Surveillance Court can grant emergency approval for wiretaps within hours, officials say. Administration officials counter that they sometimes need to move more urgently, the officials said. Those involved in the program also said that the N.S.A.'s eavesdroppers might need to start monitoring large batches of numbers all at once, and that it would be impractical to seek permission from the Foreign Intelligence Surveillance Court first, according to the officials.

The N.S.A. domestic spying operation has stirred such controversy among some national security officials in part because of the agency's cautious culture and longstanding rules. Widespread abuses - including eavesdropping on Vietnam War protesters and civil rights activists - by American intelligence agencies became public in the 1970's and led to passage of the Foreign Intelligence Surveillance Act, which imposed strict limits on intelligence gathering on American soil. Among other things, the law required search warrants, approved by the secret F.I.S.A. court, for wiretaps in national security cases. The agency, deeply scarred by the scandals, adopted additional rules that all but ended domestic spying on its part. After the Sept. 11 attacks, though, the United States intelligence community was criticized for being too risk-averse. The National Security Agency was even cited by the independent 9/11 Commission for adhering to self-imposed rules that were stricter than those set by federal law. Concerns and Revisions Several senior government officials say that when the special operation began, there were few controls on it and little formal oversight outside the N.S.A. The agency can choose its eavesdropping targets and does not have to seek approval from Justice Department or other Bush administration officials. Some agency officials wanted nothing to do with the program, apparently fearful of participating in an illegal operation, a former senior Bush administration official said. Before the 2004 election, the official said, some N.S.A. personnel worried that the program might come under scrutiny by Congressional or criminal investigators if Senator John Kerry, the Democratic nominee, was elected president. In mid-2004, concerns about the program expressed by national security officials, government lawyers and a judge prompted the Bush administration to suspend elements of the program and revamp it. For the first time, the Justice Department audited the N.S.A. program, several officials said. And to provide more guidance, the Justice Department and the agency expanded and refined a checklist to follow in deciding whether probable cause existed to start monitoring someone's communications, several officials said. A complaint from Judge Colleen Kollar-Kotelly, the federal judge who oversees the Federal Intelligence Surveillance Court, helped spur the suspension, officials said. The judge questioned whether information obtained under the N.S.A. program was being improperly used as the basis for F.I.S.A. wiretap warrant requests from the Justice Department, according to senior government officials. While not knowing all the details of the exchange, several government lawyers said there appeared to be concerns that the Justice Department, by trying to

shield the existence of the N.S.A. program, was in danger of misleading the court about the origins of the information cited to justify the warrants. One official familiar with the episode said the judge insisted to Justice Department lawyers at one point that any material gathered under the special N.S.A. program not be used in seeking wiretap warrants from her court. Judge Kollar-Kotelly did not return calls for comment. A related issue arose in a case in which the F.B.I. was monitoring the communications of a terrorist suspect under a F.I.S.A.-approved warrant, even though the National Security Agency was already conducting warrantless eavesdropping. According to officials, F.B.I. surveillance of Mr. Faris, the Brooklyn Bridge plotter, was dropped for a short time because of technical problems. At the time, senior Justice Department officials worried what would happen if the N.S.A. picked up information that needed to be presented in court. The government would then either have to disclose the N.S.A. program or mislead a criminal court about how it had gotten the information. Several national security officials say the powers granted the N.S.A. by President Bush go far beyond the expanded counterterrorism powers granted by Congress under the USA Patriot Act, which is up for renewal. The House on Wednesday approved a plan to reauthorize crucial parts of the law. But final passage has been delayed under the threat of a Senate filibuster because of concerns from both parties over possible intrusions on Americans' civil liberties and privacy. Under the act, law enforcement and intelligence officials are still required to seek a F.I.S.A. warrant every time they want to eavesdrop within the United States. A recent agreement reached by Republican leaders and the Bush administration would modify the standard for F.B.I. wiretap warrants, requiring, for instance, a description of a specific target. Critics say the bar would remain too low to prevent abuses. Bush administration officials argue that the civil liberties concerns are unfounded, and they say pointedly that the Patriot Act has not freed the N.S.A. to target Americans. "Nothing could be further from the truth," wrote John Yoo, a former official in the Justice Department's Office of Legal Counsel, and his co-author in a Wall Street Journal opinion article in December 2003. Mr. Yoo worked on a classified legal opinion on the N.S.A.'s domestic eavesdropping program. At an April hearing on the Patriot Act renewal, Senator Barbara A. Mikulski, Democrat of Maryland, asked Attorney General Alberto R. Gonzales and Robert S. Mueller III, the director of the F.B.I., "Can the National Security Agency, the great electronic snooper, spy on the American people?" "Generally," Mr. Mueller said, "I would say generally, they are not allowed to spy or to gather information on American citizens."

President Bush did not ask Congress to include provisions for the N.S.A. domestic surveillance program as part of the Patriot Act and has not sought any other laws to authorize the operation. Bush administration lawyers argued that such new laws were unnecessary, because they believed that the Congressional resolution on the campaign against terrorism provided ample authorization, officials said. The Legal Line Shifts Seeking Congressional approval was also viewed as politically risky because the proposal would be certain to face intense opposition on civil liberties grounds. The administration also feared that by publicly disclosing the existence of the operation, its usefulness in tracking terrorists would end, officials said. The legal opinions that support the N.S.A. operation remain classified, but they appear to have followed private discussions among senior administration lawyers and other officials about the need to pursue aggressive strategies that once may have been seen as crossing a legal line, according to senior officials who participated in the discussions. For example, just days after the Sept. 11, 2001, attacks on New York and the Pentagon, Mr. Yoo, the Justice Department lawyer, wrote an internal memorandum that argued that the government might use "electronic surveillance techniques and equipment that are more powerful and sophisticated than those available to law enforcement agencies in order to intercept telephonic communications and observe the movement of persons but without obtaining warrants for such uses." Mr. Yoo noted that while such actions could raise constitutional issues, in the face of devastating terrorist attacks "the government may be justified in taking measures which in less troubled conditions could be seen as infringements of individual liberties." The next year, Justice Department lawyers disclosed their thinking on the issue of warrantless wiretaps in national security cases in a little-noticed brief in an unrelated court case. In that 2002 brief, the government said that "the Constitution vests in the President inherent authority to conduct warrantless intelligence surveillance (electronic or otherwise) of foreign powers or their agents, and Congress cannot by statute extinguish that constitutional authority." Administration officials were also encouraged by a November 2002 appeals court decision in an unrelated matter. The decision by the Foreign Intelligence Surveillance Court of Review, which sided with the administration in dismantling a bureaucratic "wall" limiting cooperation between prosecutors and intelligence officers, cited "the president's inherent constitutional authority to conduct warrantless foreign intelligence surveillance." But the same court suggested that national security interests should not be grounds "to jettison the Fourth Amendment requirements" protecting the rights of

Americans against undue searches. The dividing line, the court acknowledged, "is a very difficult one to administer." Barclay Walsh contributed research for this article. from the New York Times, 2005-Dec-16, by David Stout: Supporters of Patriot Act Suffer a Stinging Defeat in Senate WASHINGTON - Supporters of the broad anti-terrorism law known as the USA Patriot Act suffered a stinging defeat in the Senate today, falling well short of the 60 votes needed to bring the act to a final vote and leaving it in limbo for the moment. After an emotional debate about the balance between national security and personal liberties and the very character of the republic, the Senate voted, 52 to 47, to end debate and take a yes-or-no vote on the law itself. But since 60 votes are required under Senate rules to end debate, the Patriot Act was left hanging. The House of Representatives voted, 251 to 174, last week in favor of the latest version of the bill, which had been worked out in negotiations between the two chambers. The Senate action today leaves the bill up in the air and due to expire on Dec. 31. President Bush and House Republican leaders had pushed hard for the bill and had spoken strongly against any further compromises. But no one would be surprised if yet another round of talks is undertaken to avoid the prospect of the lawmakers going home for Christmas and allowing the statute to lapse. Today's Senate debate and vote reflected deep divisions that cut across party lines in ways rarely seen. For instance, Senator Larry Craig, a conservative Republican from Idaho who would be expected to support President Bush on most issues, opposes the present form of the Patriot Act. "Of all that we do this year that is lasting beyond tomorrow," Mr. Craig said, the decision on the Patriot Act is the most important. Senator Bill Frist of Tennessee, the Republican majority leader, unsuccessfully pushed for the vote to end debate and move to the bill itself. "Advance or retreat" in the war on terrorism, he said. "It's as simple as that." Another supporter of the bill, Senator Jon Kyl, Republican of Arizona, asserted that if the Patriot Act had been in place before Sept. 11, 2001, the attacks might never have happened. And should another attack occur before the law is reauthorized, "We will have to answer for that," he said. Supporters of the bill, enacted only days after the Sept. 11 attacks, have called it a vital tool for law enforcement in this new age of terrorism. Its opponents have said it infringes too much on personal liberties - too easily allowing wiretaps and

surveillance of library records, for instance - in ways that will not enhance national security. The measure that was passed in the House but stalled in the Senate today would make permanent 14 of 16 provisions that are set to expire at year's end, while putting in place additional judicial oversight and safeguards against abuse. Critics of the bill, who insist it does not go far enough to protect individual freedom and privacy, have called for extending the present bill for three months to allow further refinements. But House Republican leaders have so far resisted a three-month extension, as have Mr. Frist and the White House. President Bush "is not interested in signing any short-term renewal," the president's chief spokesman, Scott McClellan, said after the vote. "We urge them to get this done now and pass that legislation." Senator Arlen Specter of Pennsylvania, the Republican who heads the Senate Judiciary Committee, urged the Senate to vote on the act today. He called it "a balanced bill" that does not have all the civil liberties protections he wanted but one that is, nevertheless, acceptable and would give "important tools to law enforcement, in a balanced way." Senator Patrick J. Leahy of Vermont, the ranking Democrat on the panel, urged rejection of the bill in its present form. Yes, he said, there is a threat from terrorism, but "the threat to civil liberties is also very real in America today." Several senators held up copies of The New York Times, which reported today that President Bush secretly authorized the National Security Agency to eavesdrop on Americans and others inside the United States to search for evidence of terrorist activity, but without court-approved warrants ordinarily required for such surveillance. Senator Charles E. Schumer, Democrat of New York, called the disclosure "shocking" and said it had impelled him to vote "no" today. Senator Edward M. Kennedy, Democrat of Massachusetts, said the disclosure showed that "this administration feels it's above the law," and that "we cannot protect our borders if we do not protect our ideals." And Senator Russell D. Feingold. Democrat of Wisconsin and the only senator to vote against the Patriot Act four years ago, said the disclosure of domestic spying "should send a chill down the spine of every senator and every American." Only two Democrats, Senators Ben Nelson of Nebraska and Tim Johnson of South Dakota, voted to end debate - that is, in favor of the bill. Several Republican senators voted against ending debate - in other words, against the bill. They were Mr. Craig, John Sununu of New Hampshire, Chuck Hagel of Nebraska and Lisa Murkowski of Alaska.

Mr. Frist also voted "no" in the end, but in a purely parliamentary maneuver to allow him to try to bring up the bill again. Thus, the Patriot Act was actually seven votes short of the 60 needed to end debate today. from the Washington Post, 2005-Dec-22, p.A1, by Carol D. Leonnig and Dafna Linzer: Judges on Surveillance Court To Be Briefed on Spy Program The presiding judge of a secret court that oversees government surveillance in espionage and terrorism cases is arranging a classified briefing for her fellow judges to address their concerns about the legality of President Bush's domestic spying program, according to several intelligence and government sources. Several members of the Foreign Intelligence Surveillance Court said in interviews that they want to know why the administration believed secretly listening in on telephone calls and reading e-mails of U.S. citizens without court authorization was legal. Some of the judges said they are particularly concerned that information gleaned from the president's eavesdropping program may have been improperly used to gain authorized wiretaps from their court. "The questions are obvious," said U.S. District Judge Dee Benson of Utah. "What have you been doing, and how might it affect the reliability and credibility of the information we're getting in our court?" Such comments underscored the continuing questions among judges about the program, which most of them learned about when it was disclosed last week by the New York Times. On Monday, one of 10 FISA judges, federal Judge James Robertson, submitted his resignation -- in protest of the president's action, according to two sources familiar with his decision. He will maintain his position on the U.S. District Court here. Other judges contacted yesterday said they do not plan to resign but are seeking more information about the president's initiative. Presiding Judge Colleen KollarKotelly, who also sits on the U.S. District Court for the District of Columbia, told fellow FISA court members by e-mail Monday that she is arranging for them to convene in Washington, preferably early next month, for a secret briefing on the program, several judges confirmed yesterday. Two intelligence sources familiar with the plan said Kollar-Kotelly expects topranking officials from the National Security Agency and the Justice Department to outline the classified program to the members. The judges could, depending on their level of satisfaction with the answers, demand that the Justice Department produce proof that previous wiretaps were not tainted, according to government officials knowledgeable about the FISA court. Warrants obtained through secret surveillance could be thrown into question. One judge, speaking on the condition of anonymity, also said members could suggest disbanding the court in light of the president's suggestion that he has the power to bypass the court.

The highly classified FISA court was set up in the 1970s to authorize secret surveillance of espionage and terrorism suspects within the United States. Under the law setting up the court, the Justice Department must show probable cause that its targets are foreign governments or their agents. The FISA law does include emergency provisions that allow warrantless eavesdropping for up to 72 hours if the attorney general certifies there is no other way to get the information. Still, Bush and his advisers have said they need to operate outside the FISA system in order to move quickly against suspected terrorists. In explaining the program, Bush has made the distinction between detecting threats and plots and monitoring likely, known targets, as FISA would allow. Bush administration officials believe it is not possible, in a large-scale eavesdropping effort, to provide the kind of evidence the court requires to approve a warrant. Sources knowledgeable about the program said there is no way to secure a FISA warrant when the goal is to listen in on a vast array of communications in the hopes of finding something that sounds suspicious. Attorney General Alberto R. Gonzales said the White House had tried but failed to find a way. One government official, who spoke on the condition of anonymity, said the administration complained bitterly that the FISA process demanded too much: to name a target and give a reason to spy on it. "For FISA, they had to put down a written justification for the wiretap," said the official. "They couldn't dream one up." The NSA program, and the technology on which it is based, makes it impossible to meet that criterion because the program is designed to intercept selected conversations in real time from among an enormous number relayed at any moment through satellites. "There is a difference between detecting, so we can prevent, and monitoring. And it's important to note the distinction between the two," Bush said Monday. But he added: "If there is a need based upon evidence, we will take that evidence to a court in order to be able to monitor calls within the United States." The American Civil Liberties Union formally requested yesterday that Gonzales appoint an outside special counsel to investigate and prosecute any criminal acts and violations of laws as a result of the spying effort. Also yesterday, John D. Negroponte, Bush's director of national intelligence, sent an e-mail to the entire intelligence community defending the program. The politically tinged memo referred to the disclosure as "egregious" and called the program a vital, constitutionally valid tool in the war against al Qaeda. Benson said it is too soon for him to judge whether the surveillance program was legal until he hears directly from the government.

"I need to know more about it to decide whether it was so distasteful," Benson said. "But I wonder: If you've got us here, why didn't you go through us? They've said it's faster [to bypass FISA], but they have emergency authority under FISA, so I don't know." As it launched the dramatic change in domestic surveillance policy, the administration chose to secretly brief only the presiding FISA court judges about it. Officials first advised U.S. District Judge Royce C. Lamberth, the head of FISA in the fall of 2001, and then Kollar-Kotelly, who replaced him in that position in May 2002. U.S. District Judge George Kazen of the Southern District of Texas said in an interview yesterday that his information about the program has been largely limited to press accounts over the past several days. "Why didn't it go through FISA," Kazen asked. "I think those are valid questions. The president at first said he didn't want to talk about it. Now he says, 'You're darn right I did it, and it's completely legal.' I gather he's got lawyers telling him this is legal. I want to hear those arguments." Judge Michael J. Davis of Minnesota said he, too, wants to be sure the secret program did not produce unreliable or legally suspect information that was then used to obtain FISA warrants. "I share the other judges' concerns," he said. But Judge Malcolm Howard of eastern North Carolina said he tends to think the terrorist threat to the United States is so grave that the president should use every tool available and every ounce of executive power to combat it. "I am not overly concerned" about the surveillance program, he said, but "I would welcome hearing more specifics." Researcher Julie Tate contributed to this report. from the Washington Post, 2005-Oct-19, p.D1, by Mike Musgrove: Sleuths Crack Tracking Code Discovered in Color Printers It sounds like a conspiracy theory, but it isn't. The pages coming out of your color printer may contain hidden information that could be used to track you down if you ever cross the U.S. government. Last year, an article in PC World magazine pointed out that printouts from many color laser printers contained yellow dots scattered across the page, viewable only with a special kind of flashlight. The article quoted a senior researcher at Xerox Corp. as saying the dots contain information useful to law-enforcement authorities, a secret digital "license tag" for tracking down criminals. The content of the coded information was supposed to be a secret, available only to agencies looking for counterfeiters who use color printers. Now, the secret is out.

Yesterday, the Electronic Frontier Foundation, a San Francisco consumer privacy group, said it had cracked the code used in a widely used line of Xerox printers, an invisible bar code of sorts that contains the serial number of the printer as well as the date and time a document was printed. With the Xerox printers, the information appears as a pattern of yellow dots, each only a millimeter wide and visible only with a magnifying glass and a blue light. The EFF said it has identified similar coding on pages printed from nearly every major printer manufacturer, including Hewlett-Packard Co., though its team has so far cracked the codes for only one type of Xerox printer. The U.S. Secret Service acknowledged yesterday that the markings, which are not visible to the human eye, are there, but it played down the use for invading privacy. "It's strictly a countermeasure to prevent illegal activity specific to counterfeiting," agency spokesman Eric Zahren said. "It's to protect our currency and to protect people's hard-earned money." It's unclear whether the yellow-dot codes have ever been used to make an arrest. And no one would say how long the codes have been in use. But Seth Schoen, the EFF technologist who led the organization's research, said he had seen the coding on documents produced by printers that were at least 10 years old. "It seems like someone in the government has managed to have a lot of influence in printing technology," he said. Xerox spokesman Bill McKee confirmed the existence of the hidden codes, but he said the company was simply assisting an agency that asked for help. McKee said the program was part of a cooperation with government agencies, competing manufacturers and a "consortium of banks," but would not provide further details. HP said in a statement that it is involved in anti-counterfeiting measures and supports the cooperation between the printer industry and those who are working to reduce counterfeiting. Schoen said that the existence of the encoded information could be a threat to people who live in repressive governments or those who have a legitimate need for privacy. It reminds him, he said, of a program the Soviet Union once had in place to record sample typewriter printouts in hopes of tracking the origins of underground, self-published literature. "It's disturbing that something on this scale, with so many privacy implications, happened with such a tiny amount of publicity," Schoen said. And it's not as if the information is encrypted in a highly secure fashion, Schoen said. The EFF spent months collecting samples from printers around the world and then handed them off to an intern, who came back with the results in about a week.

"We were able to break this code very rapidly," Schoen said. from the New York Times, 2005-Oct-23, by Sam Dillon and Stephen Labaton: Colleges Protest Call to Upgrade Online Systems The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications. The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers. Because the government would have to win court orders before undertaking surveillance, the universities are not raising civil liberties issues. The order, issued by the Federal Communications Commission in August and first published in the Federal Register last week, extends the provisions of a 1994 wiretap law not only to universities, but also to libraries, airports providing wireless service and commercial Internet access providers. It also applies to municipalities that provide Internet access to residents, be they rural towns or cities like Philadelphia and San Francisco, which have plans to build their own Net access networks. So far, however, universities have been most vocal in their opposition. The 1994 law, the Communications Assistance for Law Enforcement Act, requires telephone carriers to engineer their switching systems at their own cost so that federal agents can obtain easy surveillance access. Recognizing the growth of Internet-based telephone and other communications, the order requires that organizations like universities providing Internet access also comply with the law by spring 2007. The Justice Department requested the order last year, saying that new technologies like telephone service over the Internet were endangering law enforcement's ability to conduct wiretaps "in their fight against criminals, terrorists and spies." Justice Department officials, who declined to comment for this article, said in their written comments filed with the Federal Communications Commission that the new requirements were necessary to keep the 1994 law "viable in the face of the monumental shift of the telecommunications industry" and to enable law enforcement to "accomplish its mission in the face of rapidly advancing technology."

The F.C.C. says it is considering whether to exempt educational institutions from some of the law's provisions, but it has not granted an extension for compliance. Lawyers for the American Council on Education, the nation's largest association of universities and colleges, are preparing to appeal the order before the United States Court of Appeals for the District of Columbia Circuit, Terry W. Hartle, a senior vice president of the council, said Friday. The Center for Democracy and Technology, a nonprofit civil liberties group, has enlisted plaintiffs for a separate legal challenge, focusing on objections to government control over how organizations, including hundreds of private technology companies, design Internet systems, James X. Dempsey, the center's executive director, said Friday. The universities do not question the government's right to use wiretaps to monitor terrorism or criminal suspects on college campuses, Mr. Hartle said, only the order's rapid timetable for compliance and extraordinary cost. Technology experts retained by the schools estimated that it could cost universities at least $7 billion just to buy the Internet switches and routers necessary for compliance. That figure does not include installation or the costs of hiring and training staff to oversee the sophisticated circuitry around the clock, as the law requires, the experts said. "This is the mother of all unfunded mandates," Mr. Hartle said. Even the lowest estimates of compliance costs would, on average, increase annual tuition at most American universities by some $450, at a time when rising education costs are already a sore point with parents and members of Congress, Mr. Hartle said. At New York University, for instance, the order would require the installation of thousands of new devices in more than 100 buildings around Manhattan, be they small switches in a wiring closet or large aggregation routers that pull data together from many sites and send it over the Internet, said Doug Carlson, the university's executive director of communications and computing services. "Back of the envelope, this would cost us many millions of dollars," Mr. Carlson said. F.C.C. officials declined to comment publicly, citing their continuing review of possible exemptions to the order. Some government officials said they did not view compliance as overly costly for colleges because the order did not require surveillance of networks that permit students and faculty to communicate only among themselves, like intranet services. They also said the schools would be required to make their networks accessible to law enforcement only at the point where those networks connect to the outside world.

Educause, a nonprofit association of universities and other groups that has hired lawyers to prepare its own legal challenge, informed its members of the order in a Sept. 29 letter signed by Mark A. Luker, an Educause vice president. Mr. Luker advised universities to begin planning how to comply with the order, which university officials described as an extraordinary technological challenge. Unlike telephone service, which sends a steady electronic voice stream over a wire, the transmission of e-mail and other information on the Internet sends out data packets that are disassembled on one end of a conversation and reassembled on the other. Universities provide hundreds of potential Internet access sites, including lounges and other areas that offer wireless service and Internet jacks in libraries, dorms, classrooms and laboratories, often dispersed through scores of buildings. If law enforcement officials obtain a court order to monitor the Internet communications of someone at a university, the current approach is to work quietly with campus officials to single out specific sites and install the equipment needed to carry out the surveillance. This low-tech approach has worked well in the past, officials at several campuses said. But the federal law would apply a high-tech approach, enabling law enforcement to monitor communications at campuses from remote locations at the turn of a switch. It would require universities to re-engineer their networks so that every Net access point would send all communications not directly onto the Internet, but first to a network operations center where the data packets could be stitched together into a single package for delivery to law enforcement, university officials said. Albert Gidari Jr., a Seattle lawyer at the firm Perkins Coie who is representing Educause, said he and other representatives of universities had been negotiating with lawyers and technology officials from the Federal Bureau of Investigation, the Department of Homeland Security and other agencies since the spring about issues including what technical requirements universities would need to meet to comply with the law. "This is a fight over whether a Buick is good enough, or do you need a Lexus?" Mr. Gidari said. "The F.B.I. is the lead agency, and they are insisting on the Lexus." Law enforcement has only infrequently requested to monitor Internet communications anywhere, much less on university campuses or libraries, according to the Center for Democracy and Technology. In 2003, only 12 of the 1,442 state and federal wiretap orders were issued for computer communications, and the F.B.I. never argued that it had difficulty executing any of those 12 wiretaps, the center said.

"We keep asking the F.B.I., What is the problem you're trying to solve?" Mr. Dempsey said. "And they have never showed any problem with any university or any for-profit Internet access provider. The F.B.I. must demonstrate precisely why it wants to impose such an enormously disruptive and expensive burden." Larry D. Conrad, the chief information officer at Florida State University, where more than 140 buildings are equipped for Internet access, said there were easy ways to set up Internet wiretaps. "But the wild-eyed fear I have," Mr. Conrad said, "is that the government will rule that this all has to be automatic, anytime, which would mean I'd have to rearchitect our entire campus network." He continued, "It seems like overkill to make all these institutions spend this huge amount of money for a just-in-case kind of scenario." The University of Illinois says it is worried about the order because it is in the second year of a $20 million upgrade of its campus network. Peter Siegel, the university's chief information officer, estimated that the new rules would require the university to buy 2,100 new devices, at a cost of an additional $13 million, to replace equipment that is brand new. "It's like you buy a new car, and then the E.P.A. says you have to buy a new car again," Mr. Siegel said. "You'd say, 'Gee, could I just buy a new muffler?' " from the Washington Post, 2005-Oct-25, p.A1, by Dan Eggen: FBI Papers Indicate Intelligence Violations Secret Surveillance Lacked Oversight The FBI has conducted clandestine surveillance on some U.S. residents for as long as 18 months at a time without proper paperwork or oversight, according to previously classified documents to be released today. Records turned over as part of a Freedom of Information Act lawsuit also indicate that the FBI has investigated hundreds of potential violations related to its use of secret surveillance operations, which have been stepped up dramatically since the Sept. 11, 2001, attacks but are largely hidden from public view. In one case, FBI agents kept an unidentified target under surveillance for at least five years -- including more than 15 months without notifying Justice Department lawyers after the subject had moved from New York to Detroit. An FBI investigation concluded that the delay was a violation of Justice guidelines and prevented the department "from exercising its responsibility for oversight and approval of an ongoing foreign counterintelligence investigation of a U.S. person." In other cases, agents obtained e-mails after a warrant expired, seized bank records without proper authority and conducted an improper "unconsented physical search," according to the documents.

Although heavily censored, the documents provide a rare glimpse into the world of domestic spying, which is governed by a secret court and overseen by a presidential board that does not publicize its deliberations. The records are also emerging as the House and Senate battle over whether to put new restrictions on the controversial USA Patriot Act, which made it easier for the government to conduct secret searches and surveillance but has come under attack from civil liberties groups. The records were provided to The Washington Post by the Electronic Privacy Information Center, an advocacy group that has sued the Justice Department for records relating to the Patriot Act. David Sobel, EPIC's general counsel, said the new documents raise questions about the extent of possible misconduct in counterintelligence investigations and underscore the need for greater congressional oversight of clandestine surveillance within the United States. "We're seeing what might be the tip of the iceberg at the FBI and across the intelligence community," Sobel said. "It indicates that the existing mechanisms do not appear adequate to prevent abuses or to ensure the public that abuses that are identified are treated seriously and remedied." FBI officials disagreed, saying that none of the cases have involved major violations and most amount to administrative errors. The officials also said that any information obtained from improper searches or eavesdropping is quarantined and eventually destroyed. "Every investigator wants to make sure that their investigation is handled appropriately, because they're not going to be allowed to keep information that they didn't have the proper authority to obtain," said one senior FBI official, who declined to be identified by name because of the ongoing litigation. "But that is a relatively uncommon occurrence. The vast majority of the potential [violations] reported have to do with administrative timelines and time frames for renewing orders." The documents provided to EPIC focus on 13 cases from 2002 to 2004 that were referred to the Intelligence Oversight Board, an arm of the President's Foreign Intelligence Advisory Board that is charged with examining violations of the laws and directives governing clandestine surveillance. Case numbers on the documents indicate that a minimum of 287 potential violations were identified by the FBI during those three years, but the actual number is certainly higher because the records are incomplete. FBI officials declined to say how many alleged violations they have identified or how many were found to be serious enough to refer to the oversight board. Catherine Lotrionte, the presidential board's counsel, said most of its work is classified and covered by executive privilege. The board's investigations range

from "technical violations to more substantive violations of statutes or executive orders," Lotrionte said. Most such cases involve powers granted under the Foreign Intelligence Surveillance Act, which governs the use of secret warrants, wiretaps and other methods as part of investigations of agents of foreign powers or terrorist groups. The threshold for such surveillance is lower than for traditional criminal warrants. More than 1,700 new cases were opened by the court last year, according to an administration report to Congress. In several of the cases outlined in the documents released to EPIC, FBI agents failed to file annual updates on ongoing surveillance, which are required by Justice Department guidelines and presidential directives, and which allow Justice lawyers to monitor the progress of a case. Others included a violation of bank privacy statutes and an improper physical search, though the details of the transgressions are edited out. At least two others involve e-mails that were improperly collected after the authority to do so had expired. Some of the case details provide a rare peek into the world of FBI counterintelligence. In 2002, for example, the Pittsburgh field office opened a preliminary inquiry on a person to "determine his/her suitability as an asset for foreign counterintelligence matters" -- in other words, to become an informant. The violation occurred when the agent failed to extend the inquiry while maintaining contact with the potential asset, the documents show. The FBI general counsel's office oversees investigations of alleged misconduct in counterintelligence probes, deciding whether the violation is serious enough to be reported to the oversight board and to personnel departments within Justice and the FBI. The senior FBI official said those cases not referred to the oversight board generally involve missed deadlines of 30 days or fewer with no potential infringement of the civil rights of U.S. persons, who are defined as either citizens or legal U.S. resident aliens. "The FBI and the people who work in the FBI are very cognizant of the fact that people are watching us to make sure we're doing the right thing," the senior FBI official said. "We also want to do the right thing. We have set up procedures to do the right thing." But in a letter to be sent today to the Senate Judiciary Committee, Sobel and other EPIC officials argue that the documents show how little Congress and the public know about the use of clandestine surveillance by the FBI and other agencies. The group advocates legislation requiring the attorney general to report violations to the Senate. The documents, EPIC writes, "suggest that there may be at least thirteen instances of unlawful intelligence investigations that were never disclosed to Congress." from TheInquirer.net, 2005-Dec-25, by Wendy M. Grossman:

Copyrighting data retention YOU KNOW, a smart person wanting an unpopular policy ? like, oh, say, to pick something at random, data retention -- would wait until the policy had been enacted into law before pressing for even more unpopular amendments. The policy is data retention, and the amendment is to make retained data available to combat copyright infringement. Or, in the precise words of a cover note discussing the directive, "The retention of traffic data can also be important to combat organised crime in the area of intellectual copyright infringements," a point the directive credits to a letter the Creative and Media Business Aliiance sent in July 2005. On Wednesday, CMBA sent a letter to all MEPs making the same request, according to the new Open Rights Group, a sort of UK spinoff of the Electronic Frontier Foundation. This is not, of course, what data retention was supposed to be for. Nowhere in any of the years of discussions before has there been a suggestion that EU governments should put in place an infrastructure to serve copyright interests. It is a perfect example of what privacy advocates like to call "function creep": systems put in place for one avowed purpose tend to spread into all sorts of uses for which they were never intended. The typical example is the US Social Security Number, which began life as a way of identifying people for the purpose of receiving state benefits, and is now required for everything from going to school as a five-year-old to getting a driver's licence. Even if you support data retention on the grounds that it will help security services protect us against terorrism, do you really want the data to be handed over to a small group of multinational businesses to help them protect their fading business model? Will you feel better if I tell you that one of the proposed amendments to the draft directive wants to take out the language that would limit the use of the data to "serious" crimes? It's all going to be decided in the next two weeks. The discussions had been meandering along for years, as these things do, when the July 7 London bomb attacks happened. The UK had just assumed the EU presidency, and therefore the UK's Home Secretary, Charles Clarke, made a strong anti-terrorism pitch, with data retention as one of the priorities. The UK will be succeeded in the presidency on December 24 by Austria, and then in June by Finland. Had it been Ireland or Italy, the only two countries that have actually enacted their own data retention rules, the UK might be in less of a hurry. But with things as they are, this directive is being rushed through so hastily that it's only getting one reading, instead of the usual two. The final vote in the plenary of the European Parliament is on December 13. If you want to say anything, write to your MEP now. Note that this is a nice example of what Gus Hosein, a Visiting Fellow at the LSE, likes to call "policy laundering": having failed to gain agreement on data retention in the UK itself, the British government is trying to push it through in Europe, so that then they can come back to the UK and say, "Have to pass it. European law."

To review briefly the story so far: the data to be retained is traffic data, not content: telephone calling records, email headers, base Web site addresses (though not complete URLs of inner pages). The retainers of that data will be Internet service providers, telephone companies, mobile network operators, and so on. Traffic data is far more privacy-invasive and revealing than many people realize: who you call or email, how often, and at what times of day can be more revealing than the actual contents of the messages. (What tells you more about a relationship? The fact that two people email each other every night at 2am, or an intercepted message whose content says, "Where are the car keys?") ISPs and telcos hate these proposals. Paying to put systems in place to store the data and comply not only with the data retention rules but also the data protection laws contributes nothing to the bottom line of an ISP ? and it consumes resources which then are not available to put towards other opportunities. Making things more complicated is the process by which legislation is enacted in the EU, which most people don't understand and few national media follow in any detail. Only the European Parliament plenary can make a law. But because no one can be an expert on everything, the actual language and provisions of new laws are hashed out in one or more committees, and the plenary vote usually follows these committees' lead. The vote this week was by the civil liberties committee, which voted yesterday 33 to eight to limit data retention to 12 months. The next vote will be in the EU Council, which is known to want more than that: longer term of storage and more data, including failed call attempts. The twist in the tail, according to the Open Rights Group, is the upcoming IPRED2 legislation (PDF), which turns "all intentional infringements of an IP right on a commercial scale" into a criminal offense. So: there you have it. The perfect framework for the Copyright State. Is that what you voted for? from the Washington Post, 2005-Nov-13, p.B1, by David A. Vise: What Lurks in Its Soul? The soul of the Google machine is a passion for disruptive innovation. Powered by brilliant engineers, mathematicians and technological visionaries, Google ferociously pushes the limits of everything it undertakes. The company's DNA emanates from its youthful founders, Sergey Brin and Larry Page, who operate with "a healthy disregard for the impossible," as Page likes to say. Their goal: to organize all of the world's information and make it universally accessible, whatever the consequences. Google's colorful childlike logo, its whimsical appeal and its lightning-fast search results have made it the darling of information-hungry Internet users. Google has accomplished something rare in the hard-charging, mouse-eat-mouse environment that defines the high-tech world -- it has made itself charming. We like Google. We giggle at the "Google doodles," the playful decorations on its logo that appear on holidays or other special occasions. We eagerly sample the new online toys that Google rolls out every few months.

But these friendly features belie Google's disdain for the status quo and its voracious appetite for aggressively pursuing initiatives to bring about radical change. Google is testing the boundaries in so many ways, and so purposefully, it's likely to wind up at the center of a variety of legal battles with landmark significance. Consider the wide-ranging implications of the activities now underway at the Googleplex, the company's campuslike headquarters in California's Silicon Valley. Google is compiling a genetic and biological database using the vast power of its search engines; scanning millions of books without traditional regard for copyright laws; tracing online searches to individual Internet users and storing them indefinitely; demanding cell phone numbers in exchange for free e-mail accounts (known as Gmail) as it begins to build the first global cell phone directory; saving Gmails forever on its own servers, making them a tempting target for law enforcement abuse; inserting ads for the first time in e-mails; making hundreds of thousands of cheap personal computers to serve as cogs in powerful global networks. Google has also created a new kind of work environment. It serves three free meals a day to its employees (known as Googlers) so that they can remain onsite and spend more time working. It provides them with free on-site medical and dental care and haircuts, as well as washers and dryers. It charters buses with wireless Web access between San Francisco and Silicon Valley so that employees can toil en route to the office. To encourage innovation, it gives employees one day a week -- known as 20 percent time -- to work on anything that interests them. To eliminate the distinction between work and play -- and keep the Googlers happily at the Googleplex -- they have volleyball, foosball, puzzles, games, rollerblading, colorful kitchens stocked with free drinks and snacks, bowls of M&Ms, lava lamps, vibrating massage chairs and a culture encouraging Googlers to bring their dogs to work. (No cats allowed.) The perks also include an on-site masseuse, and extravagant touch-pad-controlled toilets with six levels of heat for the seat and automated washing, drying and flushing without the need for toilet paper. Meanwhile, the Googlers spend countless hours tweaking Google's hardware and software to reliably deliver search results in a fraction of a second. Few Google users realize, however, that every search ends up as a part of Google's huge database, where the company collects data on you, based on the searches you conduct and the Web sites you visit through Google. The company maintains that it does this to serve you better, and deliver ads and search results more closely targeted to your interests. But the fact remains: Google knows a lot more about you than you know about Google. If these were the actions of some obscure company, maybe none of this would matter much. But these are the practices of an enterprise whose search engine is so ubiquitous it has become synonymous with the Internet itself for millions of

computer users. And if the Google Guys have their way, their presence will only grow. Brin and Page see Google (its motto: "Don't Be Evil") as a populist force for good that empowers individuals to find information fast about anything and everything. Part of Google's success has to do with the network of more than 100,000 cheap personal computers it has built and deployed in its own data centers around the world. Google constantly adds new computers to its network, making it a prolific PC assembler and manufacturer in its own right. "We are like Dell," quipped Peter Norvig, Google's chief of search quality. The highly specialized world of technology breaks down these days into companies that do either hardware or software. Google's tech wizards have figured out how to do both well. "They run the largest computer system in the world," said John Hennessy, a member of Google's board of directors, a computer scientist and president of Stanford University. "I don't think there is even anything close." Google doesn't need all that computer power to help us search for the best Italian restaurant in Northern Virginia. It has grander plans. The company is quietly working with maverick biologist Craig Venter and others on groundbreaking genetic and biological research. Google's immense capacity and turbo-charged search technology, it turns out, appears to be an ideal match for the large amount of data contained in the human genome. Venter and others say that the search engine has the ability to deal with so many variables at once that its use could lead to the discovery of new medicines or cures for diseases. Sergey Brin says searching all of the world's information includes examining the genetic makeup of our own bodies, and he foresees a day when each of us will be able to learn more about our own predisposition for various illnesses, allergies and other important biological predictors by comparing our personal genetic code with the human genome, a process known as "Googling Your Genes." "This is the ultimate intersection of technology and health that will empower millions of individuals," Venter said. "Helping people understand their own genetic code and statistical code is something that should be broadly available through a service like Google within a decade." Brin's partner has nurtured a different ambition. For years, Larry Page dreamed of tearing down the walls of libraries, and eliminating the barriers of geography, by making millions of books searchable by anybody in the world with an Internet connection. After Google began scanning thousands of library books to make them searchable online, book publishers and authors cried foul, filing lawsuits claiming copyright infringement. Many companies would have reached an amicable settlement. Not Google. Undaunted, Google fired back, saying copyright laws were meant to serve the public interest and didn't apply in the digital realm of search. Google's altruistic tone masked its savvy, hard-nosed business strategy -- more books online

means more searches, more ads and more profits. Google recently began displaying some of these books online (print.google.com), and resumed scanning the contents of books from the collections of Harvard, Stanford, the University of Michigan, the New York Public Library and Oxford. But legal experts predict that the company's disruptive innovation will undoubtedly show up on the Supreme Court's docket one day. From Madison Avenue to Microsoft, Google's rapid-fire innovation and growing power pose a threat of one kind or another. Its ad-driven financial success has propelled its stock market value to $110 billion, more than the combined value of Disney, Ford, General Motors, Amazon.com and the media companies that own the New York Times, the Wall Street Journal and The Washington Post. Its simplified method of having advertisers sign up online, through a self-service option, threatens ad agencies and media buyers who traditionally have played that role. Its penchant for continuously releasing new products and services in beta, or test form, before they are perfected, has sent Microsoft reeling. Chairman Bill Gates recently warned employees in an internal memo of the challenges posed by such "disruptive" change. Microsoft also worries that Google is raiding the ranks of its best employees. That was threatening enough when Google operated exclusively in Silicon Valley. But it grew worse when Google opened an outpost in the suburbs of Seattle, just down the road from Microsoft headquarters, and aggressively started poaching. Microsoft finally sued Google for its hiring of Kai-Fu Lee, a senior technologist who once headed Microsoft's Chinese operations. Lee is now recruiting in Asia for Google, despite a court order upholding aspects of a noncompete clause that Lee signed while at Microsoft. Google's success is neither accidental nor ephemeral. Brin and Page -- the sons of college professors who introduced them to computing when they were toddlers -- met in 1995 at Stanford, where they were both Ph.D candidates in computer science and technology. They became inseparable and set out to do things their own way. Professors laughed at Page when he said one day that he was going to download the Internet so he could improve upon the primitive early search engines. Seven years ago, Google didn't exist in any form beyond a glimmer in the eyes of Brin and Page. Then in the fall of 1998, they took leaves of absence from Stanford, and moved their hardware into the garage and several rooms of a house in nearby Menlo Park. Armed primarily with the belief that they could build a better search engine, they have created a company unlike any other. With Brin and Page setting the tone, Google's distinctive DNA makes it an employer of choice for the world's smartest technologists because they feel empowered to change the world. And despite its growing head count of more than 4,000 employees worldwide, Google maintains the pace of innovation in ways contrary to other corporations by continuing to work in small teams of three to five, no matter how big the undertaking. Once Google went public and could

no longer lure new engineers with the promise of lucrative stock options, Brin invented large multi-million-dollar stock awards for the small teams that come up with the most innovative ideas. A good example is Google's latest deal -- a far-reaching, complex partnership with NASA, unlike any agreement between a private firm and the space agency, to share data and resources and employees and identify ways to create new products and conduct searches together in space. Although NASA is a public entity, many of the details of the partnership remain hidden from public view. Despite all that has been achieved, Google remains in its infancy. Brin likes to compare the firm to a child who has completed first grade. He and Page gaze into a glittering globe in the Googleplex that shows billions of Google searches streaming in from around the world, and notice the areas that are dark. These are the places that have no Internet access. Quietly, they have been buying up the dark fiber necessary to build GoogleNet, and provide wireless Web access for free to millions or billions of computer userspotentially disruptive to phone and cable companies that now dominate the high-speed Internet field. Their reasoning is straightforward: If more people globally have Internet access, then more people will use Google. The more books and other information that they can translate into any language through an automated, math-based process they are developing now, the more compelling the Google experience will be for everyone, and the more wealth the company will have to invest in their vision. Supremely confident, the biggest risk that Brin, Page and Google face is that they will be unable to avoid the arrogance that typically accompanies extraordinary success. Amazon.com founder Jeff Bezos jokes that Brin and Page are so sure of themselves, they wouldn't hesitate to argue with a divine presence. But the fact remains that they are human beings, and inevitably, both they and Google will make mistakes. Unless any of these prove lethal, however, Google -through its relentless focus on disruptive innovation -- appears likely to wreak havoc on established enterprises and principles for many years to come. David Vise is a Post business reporter and the co-author with Mark Malseed of "The Google Story," published this week by Random House. from the Wall Street Journal via OpinionJournal.com, 2005-May-10, by Brendan Miniter: Soak the Green Oregon mulls a new tax that environmentalists and privacy advocates will hate. As gas prices continue to top $2 a gallon, all those drivers of fuel-efficient cars may not have reason to gloat for much longer. Oregon is worried that too many Honda Insights and Toyota Priuses hitting the roads will rob it of the cash it expects out of its 24-cent-a-gallon tax. So the Beaver State is studying ways to

ensure that "hybrid" car owners pay their "fair share" of taxes for the miles they drive. That means allowing the taxman to catch up to hybrid owners just as often as he catches up to gas guzzling SUV drivers. And if Oregon goes ahead, it won't be long before other states follow. Oregon won't complete its study until 2007. But it's already clear the state is looking to influence behavior in addition to raising revenue by implementing a "vehicle mileage tax." Under a VMT a motorist would pay a tax for each mile driven, probably around 1.25 cents. To administer this tax, a global positioning system would be mounted in each car. As a driver fuels up, the device would relay mileage information to the gas pump, which would calculate the VMT. A simple electronic odometer-reading device would do the trick, but Oregon is looking at GPS devices because they would also allow for charging higher VMT rates for miles driven in "congested" areas during rush hour or to exempt miles driven out of state. This is bad news not just for enviro-friendly motorists but for anyone who cares about privacy and transparence in government. More than 200 years into our experiment of a government founded on liberty and more than 70 years after FDR's New Deal, it might seem that the issues surrounding individual liberty have already been well hashed out. But the digital age offers a fresh set of challenges for anyone interested in pushing back the encroaching hand of government. Those challenges involve much more than what we've seen in the controversy over the Patriot Act or the civil libertarians' privacy battles over the past several years. In terms of security, the public has openly debated the issues and has so far willingly traded a small amount of liberty--mostly at the airport--for the express purpose of catching terrorists. Of course, at some point, the government may overstep its bounds, which is why the public must remain vigilant. But on privacy issues unrelated to the war on terror, the government to fear is the one that has a reason to pry into individuals' lives. What Oregon is showing us is that taxes can provide a government with the rationale to amass and act on all sorts of personal information, including when and where you've driven. After all, it's hard to argue that Oregon doesn't need the money to repair the roads. And it's not just about taxing hybrid car owners or--as Virginia is now planning--charging commuters in certain toll lanes more if they don't carpool to work. Technology is making it easier for governments to have a pricing structure similar to that of airlines--where a passenger paying $300 sits next to and gets the same services as someone paying $1,200. But unlike in the travel industry, there's little competition and it's nearly impossible to decide to get off the plane. To some degree, this is the tax regime we have now. We can't opt out of it; and mortgage deductions, child tax credits and so forth have left middle-class Americans, who make similar amounts of money, paying vastly different amounts in taxes. Deducting taxes from paychecks began under FDR as a way to help

finance fighting World War II. And in Europe technology that has allowed for better recordkeeping has also allowed governments to collect value-added taxes-essentially, steep sales taxes embedded in the price of each item--and other fees that were never possible back in the days when taxes were much more visible. In the virtual world, the taxes are real but increasingly difficult to spot. Now we have to contend with efforts to charge sales taxes on the Internet and impose a value-added tax or a national sales tax in America. One outfit calling itself Americans for Fair Taxation is pushing to replace the income tax with a sales tax (although the group's leaders won't call it that). Their plan would impose a rate that approaches 30%, but would also offer rebates--checks mailed out every month--so that the tax wouldn't hurt those living in poverty. Such taxing schemes were once inconceivable for the practical reason that they could not be enforced. Now technology allows for their collection without many taxpayers ever realizing how much they are actually paying the government. Unlike the unpopular stamp taxes England once imposed on a wide array of documents in America (thus helping foment the Revolution), taxes in the digital age need not visible be at all. They can easily be imbedded in the cost of many of the items we buy. They can even be targeted to hit only a select group of individuals. This is all something to keep in mind as Congress and President Bush turn to tax reform, perhaps as early as this summer. Whichever reform comes down the pike, one item to insist on is making permanent the Internet tax moratorium. A simple and fair tax code is a worthy goal. It's equally important, however, that the notion of "fairness" isn't allowed to morph into a rationale for using technology to target small groups of taxpayers who happen to have a little extra money lying around. The only way to ensure that taxes remain fair and relatively low is to spread the pain to as wide a cross section of the population as possible. Thanks to Oregon, perhaps this is something even the green community can now come to understand. Mr. Miniter is assistant editor of OpinionJournal.com. His column appears Tuesdays. from the Washington Post, 2005-Jul-23, p.A12, by Michael Powell and Michelle Garcia: New York's Subway Riders Face Bag Checks With Somber Tolerance Transit Authority Begins Random Inspections NEW YORK, July 22 -- Police began the arduous process of randomly searching a few of the thousands of bags that passengers carry onto the subways Friday, after New York became the first U.S. city to require such searches in the aftermath of new terrorist explosions in London.

Mayor Michael R. Bloomberg said the baggage searches -- which will be extended to buses and suburban trains -- could continue for weeks, if not months. Seven million people ride the city's buses and subways each day, more than half the nation's daily mass transit riders. "Clearly, we'll do it for a little while. It's partially designed to make people feel comfortable . . . and keep the potential threat away," Bloomberg (R) said in his weekly radio show, as reported by the Associated Press. Washington Metro transit officials said they are keeping a close eye on the New York City experience and have not ruled out conducting such searches on the Metro in the future. But the magnitude of New York's task, the attempt to search even a relative handful of the tens of thousands of bags, backpacks, suitcases and even steamer trunks that New Yorkers carry into 468 subway stations, quickly became apparent. At Times Square and at Atlantic Avenue in Brooklyn (where Long Island commuters pour into the subways), vast rivers of commuters moved through turnstiles manned by a handful of uniformed police officers. Few of the subway passengers objected to the idea that an officer might buttonhole them and ask to peer into their bags. The congenitally contentious New Yorker of legend was a muted presence. Police said few riders refused the searches, and some even voluntarily gave their bags over for scrutiny. "I'd rather be watched and alive than dead with my privacy intact," Frank Majowicz, a businessman from Toms River, N.J., said as he hauled a shoulder bag off the Times Square shuttle. At the multiple-tiered Atlantic Avenue station in Brooklyn, Xavier Rodney toted a small black backpack past four National Guardsmen holding M-16 rifles. He wore an oversize Los Angeles Lakers jersey and long shorts, and he spoke of supporting the searches, in part because as a black man, he does not think he fits the profile of a terrorist. "I don't have anything to hide . . . I guess they stopped looking for gangbangers," he said. "If I was in the position of the people they are profiling, I'd feel differently." Police officials took pains Friday to describe the searches as entirely random, hoping to allay fears of racial profiling. "We are looking at backpack size or containers large enough to house explosives that we know have been used in these mass transit attacks," said Paul J. Browne, chief spokesman for the city police. "The protocol would be to pick the fifth backpack in each group of 10. If a Middle Eastern man is number four, he would not get checked." That failed to convince civil libertarians, who say the searches will be ineffective and play on the fears of New Yorkers who ride along 722 miles of track. The New York Civil Liberties Union has set up a complaint form on its Web site, and its

attorneys said they are considering a lawsuit. Last year, the group successfully sued to prevent the police from searching the bags of people on their way to political demonstrations. "Our position is that the police should aggressively investigate anyone whom they suspect of bringing explosives into the system," said Christopher Dunn, associate legal director for the organization. "But police searches of subway riders without any suspicions are presumptively unconstitutional." At a mid-morning news conference, workers with the 38,000-strong Transport Workers Union attacked the system's security readiness, saying they had little training on handling the chaos that would come with a terrorist attack in the subway tunnels. They noted that city firefighters and police officers practice drills in the tunnels, but that motormen, conductors and track workers are not included. "As far as the training we got from the MTA, it's more human instinct," said subway operator Jermaine Johnson, who was stuck inside a tunnel when the East Coast experienced a blackout two years ago. "I had never evacuated. I just knew I wanted to get out of there." Current Metropolitan Transportation Authority policy dictates that transit workers call for help and wait at their posts. MTA officials responded that the union complaints were an attempt to build public support for future contract negotiations. They said in a written statement that all MTA employees are "trained in emergency aspects of their jobs" But many people entered the city's underground tunnels with a sense of unease on Friday. Kawar Mansy, 20, walked with her friend through the Atlantic Avenue station, both women wearing Muslim hijabs . They support the new security measures -- even as they worried about the inquiring eyes from commuters. "When I walk around, I don't feel safe," Mansy said. "You don't know what's going to happen." from the Guardian UK, 2005-Sep-22, by David Mery: Suspicious behaviour on the tube A London underground station was evacuated and part of a main east-west line closed in a security alert on Thursday, three weeks after suicide bombers killed 52 people on the transport network, police said. (Reuters) This Reuters story was written while the police were detaining me in Southwark tube station and the bomb squad was checking my rucksack. When they were through, the two explosive specialists walked out of the tube station smiling and commenting: "Nice laptop." The officers offered apologies on behalf of the Metropolitan police. Then they arrested me.

7.10 pm: From my workplace in Southwark, south London, I arrange by text message to meet my girlfriend at Hanover Square. To save time - as I suppose I decide to take the tube to Bond Street instead of my usual bus. I am wearing greenish Merrell shoes, black trousers, T-shirt, black Gap jumper, light rainproof Schott jacket and grey Top Shop cap. I am carrying a black rucksack I use as a workbag. 7.21 pm: I enter Southwark tube station, passing uniformed police by the entrance, and more police beyond the gate. I walk down to the platform, peering down at the steps as, thanks to a small eye infection, I'm wearing specs instead of my usual contact lenses. The next train is scheduled to arrive in a few minutes. As other people drift on to the platform, I sit down against the wall with my rucksack still on my back. I check for messages on my phone, then take out a printout of an article about Wikipedia from inside my jacket and begin to read. The train enters the station. Uniformed police officers appear on the platform and surround me. They must immediately notice my French accent, still strong after living more than 12 years in London. They handcuff me, hands behind my back, and take my rucksack out of my sight. They explain that this is for my safety, and that they are acting under the authority of the Terrorism Act. I am told that I am being stopped and searched because: they found my behaviour suspicious from direct observation and then from watching me on the CCTV system; I went into the station without looking at the police officers at the entrance or by the gates; two other men entered the station at about the same time as me; I am wearing a jacket "too warm for the season"; I am carrying a bulky rucksack, and kept my rucksack with me at all times; I looked at people coming on the platform; I played with my phone and then took a paper from inside my jacket. They empty the contents of my pockets into two of their helmets, and search me, and loosen my belt. One or two trains arrive and depart, with people getting on and off. Then another train arrives and moves slowly through the station. The driver is told not to stop. After that, no more trains pass through the station. We move away from the platform into the emergency staircase. I sit down on the (dirty) steps. The police say they can't validate my address. I suggest they ask the security guard where I work, two streets away. We go up to the station doors, and I realise that the station is cordoned off. Two bomb squad officers pass by. One turns to me and says in a joking tone: "Nice laptop!" A police officer

apologises on behalf of the Metropolitan police, and explains that we are waiting for a more senior officer to express further apologies. They take off the handcuffs and start giving me back my possessions: my purse, keys, some papers. Another police officer says that this is not proper. I am handcuffed again. A police van arrives and I am told that I will wait in the back. After about five minutes, a police officer formally arrests me. 8.53pm Arrested for suspicious behaviour and public nuisance, I am driven to Walworth police station. I am given a form about my rights. I make one correction to the police statement describing my detention: no train passed before I was stopped. I empty my pockets of the few things they had given me back at the tube station, and am searched again. My possessions are put in evidence bags. They take Polaroid photographs of me. A police officer fingerprints me and takes DNA swabs from each side of my mouth. 10:06pm I am allowed a call to my girlfriend. She is crying and keeps repeating: "I thought you were injured or had an accident, where were you, why didn't you call me back?" I explain I'm in a police station, my phone was taken and the police wouldn't allow me to call. She wants to come to the station. I ask her to stay at home as I don't know how long it will take. 10:30pm I am put into an individual police cell. A plainclothes officer tells me my flat will be searched under the Terrorism Act. I request that my girlfriend be called beforehand, so that she won't be too scared. I am asked for her phone number. I don't know it - it is stored in my phone - so I explain it is with the officer at the desk. I later find out that they don't call her. 12:25-1:26 am Three uniformed police officers search my flat and interview my girlfriend. They take away several mobile phones, an old IBM laptop, a BeBox tower computer (an obsolete kind of PC from the mid-1990s), a handheld GPS receiver (positioning device with maps, very useful when walking), a frequency counter (picked it up at a radio amateur junk fair because it looked interesting), a radio scanner (receives short wave radio stations), a blue RS232C breakout box (a tool I used to use when reviewing modems for computer magazines), some cables, a computer security conference leaflet, envelopes with addresses, maps of Prague and London Heathrow, some business cards, and some photographs I took for the 50 years of the Association of Computing Machinery conference. This list is from my girlfriend's memory, or what we have noticed is missing since. 3.20am I am interviewed by a plainclothes officer. The police again read out their version of events. I make two corrections: pointing out that no train passed between my arrival on the platform and when I was detained, and that I didn't take any wire out of my pocket. The officer suggests the computer cables I had in my rucksack could have been confused for wires. I tell him I didn't take my rucksack off until asked by police so this is impossible. Three items I was carrying seem to be of particular interest to the officer: a small promotional booklet I got at the Screen on the Green cinema during the screening of The Assassination of Richard Nixon: a folded A4 page where I did some doodles (the

police suspect it could be a map); and the active part of an old work pass where one can see the induction loop and one integrated circuit. Items from the flat the police officer asks about: the RS232C breakout box, the radio scanner and the frequency counter. The officer explains what made them change their mind and arrest me. Apparently, on August 4, 2004, there was a firearms incident at the company where I work. The next day I find out that there had been a hoax call the previous year, apparently from a temp claiming there was an armed intruder. Some staff had also been seen photographing tube stations with a camera phone. On June 2, as part of a team-building exercise, new colleagues were supposed to photograph landmarks and try to get a picture of themselves with a policeman. 4:30am The interviewing officer releases me on bail, without requiring security. He gives me back most of the contents of my pockets, including my Oyster card and iPod, and some things from my rucksack. He says he will keep my phone. I ask if I can have the SIM card? He says no, that's what they need, but lets me keep the whole phone. On August 31 I arrive at the police station at 9 am as required by bail, with my solicitor. A plainclothes police officer tells us they are dropping the charges, and briefly apologises. The officer in charge of the case is away so the process of clearing up my case is suspended until he signs the papers cancelling the bail and authorising the release of my possessions. The meeting lasts about five minutes. I send letters to the data protection registrars of London Underground, Transport for London, the British Transport police and the Metropolitan police. The first three letters ask for any data, including CCTV footage, related to the incident on July 28, while the final one asks for any data they have on me. They all have 40 days to respond. On September 8 I talk to my solicitor about ensuring the police return all my possessions, giving us all the inquiry documents (which they may or may not do) and expunging police records (apparently unlikely to happen). The solicitor sends a letter to the officer in charge of my case conveying to him how upset I am. I write to my MP about my concerns. The police decided that wearing a rain jacket, carrying a rucksack with a laptop inside, looking down at the steps while going into a tube station and checking your phone for messages just ticked too many boxes on their checklist and makes you a terrorist suspect. How many other people are not only wrongly detained but wrongly arrested every week in similar circumstances? And how many of them are also computer and telecoms enthusiasts, fitting the police's terrorist profile so well? While a police officer did state that my rain jacket was "too warm for the season", could it have been instead that the weather was too cold for the season? The day before had been the coldest July day for 25 years. Under current laws the police are not only entitled to keep my fingerprints and DNA samples, but according to my solicitor, they are also entitled to hold on to

what they gather during their investigation: notepads of arresting officers, photographs, interviewing tapes and any other documents they entered in the police national computer (PNC). So even though the police consider me innocent there will remain some mention (what exactly?) in the PNC and, if they fully share their information with Interpol, in other police databases around the world as well. Isn't a state that keeps files on innocent persons a police state? This erosion of our fundamental liberties should be of concern to us all. All men are suspect, but some men are more suspect than others (with apologies to George Orwell). from the Washington Times, 2004-Nov-25, by Audrey Hudson: TSA 'pat-downs' cross the line for some fliers Millions of holiday travelers nationwide are experiencing an all-too-intimate form of security screening that some say amounts to sexual groping -- a "pat-down" by government officials. The Transportation Security Administration (TSA) initiated the approach to airline security Sept. 22 in response to the August terrorist bombing of two passenger planes in Russia. "TSA policy is that screeners are to use the back of the hand when screening sensitive body areas, which include the breasts (females only), genitals, and buttocks," the policy says. Female passengers say the experience is humiliating and men also are complaining of unexpected checks of their private regions. When former Rep. Helen Chenoweth, Idaho Republican, was flagged as a highrisk passenger with a one-way ticket from Boise, Idaho, to Reno, Nev., she refused to be patted down and was forced to drive to her destination. "That area is private," Mrs. Chenoweth told KBCI-TV, the Boise NBC affiliate. "We have programs teaching children that these areas are private and yet we have our government patting us down. There's something wrong with that. To be patted down like that was just way over the edge and that's why I chose to drive and I will drive from now on," she said. Jamie Sibulkin told the Boston Globe she requested that her search before a flight from Boston to Dallas be performed by a woman, who joked to the male screener he was "missing out." She said the screener waved a metal-detector wand in front of her chest, and "out of nowhere started touching my breast." She said she was told her metal-wire bra had set off the metal detector, so she didn't wear it on the return trip -- yet was screened again by a female screener who felt her breasts. "They said, 'This is regulation.' I said, 'This is molestation,' " the 27-year-old woman said.

Retired Navy Rear Adm. David M. Stone, assistant secretary of homeland security for TSA, reminded the traveling public of the new rule Monday to detect explosive trace elements. He said all passengers have the right to private screening. "A vigilant America may well have discouraged terrorist acts tied to high-profile events like the recent political conventions and the election," Adm. Stone said. "The holidays also are a period when increased vigilance is especially appropriate." In the average week, 2.1 million passengers are patted down and 12 complaints are filed, said Mark Hatfield, spokesman for the TSA. "Every complaint is important and we want to get to the bottom of the complaints and find out what has happened," Mr. Hatfield said. "But this is a very important security measure to address a specific threat, and until we can come up with a technological solution, this is an old-fashioned, low-tech tool in our arsenal to mitigate a threat." An investigation of the Russian crashes found that two women wore the explosives on their torso under clothing. "Our metal detectors won't detect that type of explosive, so we are aggressively testing new technologies to combat this threat," Mr. Hatfield said. In a report on WJLA Channel 7 News last night, unidentified screeners at Ronald Reagan Washington National Airport said women were being selected for private screening based on breast size and strip-searched. The searches were required after screeners kicked equipment to set off alarms. "In a sense, they were being raped," one TSA screener said. Strip searches were being conducted in a stairwell, WJLA reported, but were moved to a supervisor's private office where the activities were recorded on a hidden camera. Mr. Hatfield said the TSA will show "zero tolerance" in its investigation of the matter. "We will root out the individual," he said. Ava Kingsford told the Christian Broadcasting Network that she, her husband and their infant drove 15 hours home to San Diego from Denver because she refused to be patted down. "I thought I was done being patted down, and she says, 'I am going to feel your breasts now.' I said, 'I am uncomfortable with that.' I said, 'That's crossing the line.' "They were yelling the same thing: 'If you don't let her continue the search -- and that entails feeling your breasts -- you will not board your airplane home to San Diego.' "

excerpt from The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, by A. Michael Froomkin, Associate Professor, University of Miami School of Law, published in the University of Pennsylvania Law Review 143:709897 (1995) (footnotes and page boundaries omitted in excerpt): Most, if not all, of the readers of this Article probably experience life in the United States as one of political freedom. For some of these readers, a desire for communications and electronic records security, particularly security from possible or suspected government surveillance or intrusion, may appear to be an excess of libertarian paranoia. The existence of low-water marks in civil liberties (such as the 1798 Alien and Sedition Act, the 1920s' "Palmer raids," the Japanese internment during World War II, and COINTELPRO) may be seen by some readers as well-documented and anomalous departures from American ideals; other readers may see them as symptoms of A more general tendency of those in authority, approaching the "iron law of oligarchy." Organized government intrusion into personal communications and data privacy is less visible than an order to round up thousands of civilians. It is also far more frequent. When given the duty and authority to identify threats to national security, public servants have shown a tendency to adopt a "vacuum cleaner[]" approach to private information. Indeed, the Senate committee charged with investigating domestic surveillance noted "the tendency of intelligence activities to expand beyond their initial scope" and stated that government officials "have violated or ignored the law over long periods of time and have advocated and defended their right to break the law." It is harder to view fears of government surveillance as aberrational when one learns that in the 1950s the FBI identified 26,000 "potentially dangerous" persons who should be rounded up in the event of a "national emergency," and that it maintained this list for many years. During the 1970s, even sympathizers dismissed as fantastical the claims by Black Panthers and other dissident groups that they were being wiretapped and bugged by the FBI. These allegations proved to be correct. Indeed, the U.S. government has an unfortunate recent history of intrusion into private matters. During the 1970s, the FBI kept information in its files covering the beliefs and activities of more than one in four hundred Americans; during the 1960s, the U.S. Army created files on about 100,000 civilians. Between 1953 and 1973, the CIA opened and photographed almost 250,000 first class letters within the U.S. from which it compiled a database of almost 1.5 million names. Similarly, the FBI opened tens of thousands of domestic letters, while the NSA obtained millions of private telegrams sent from, to, or through the United States. Although the Constitution guarantees a high degree of political freedom and autonomy, "[t]he Government has often undertaken the secret surveillance of citizens on the basis of their political beliefs, even when those beliefs posed no threat of violence or illegal acts on behalf of a hostile foreign power." Certainly, neither statutory nor constitutional prohibitions have proved consistently effective in preventing civil liberties abuses. For example, U.S. Census data is supposed

to be private, and that privacy is guaranteed by law. Nevertheless, during World War II the government used census data to identify and locate 112,000 Americans of Japanese ancestry who were then transported to internment camps. Similarly, the CIA repeatedly violated the prohibition on domestic intelligence contained in its charter. One need not believe that such excesses are routine to sympathize with those who fear that another such excess is foreseeable. Indeed, whether one considers these operations to have been justified, to have resulted from a type of a bureaucratic rationality that rewards results regardless of legal niceties, or to have been a form of security paranoia, this history could cause a reasonable person to fear she might someday be swept up in an investigation. The passage of Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (Title III), designed to define standards for the use of wiretaps, appears to have reduced greatly the amount of illegal wiretapping by police. Nonetheless, illegal wiretapping by police has not been completely eliminated. Not all government intrusion into privacy is centrally organized, but that hardly makes it less intrusive. During the past five years the IRS has caught hundreds of its employees snooping into the tax records "of friends, neighbors, enemies, potential in-laws, stockbrokers, celebrities and former spouses." Authorized users of the FBI's National Crime Information Center have used its databases to check up on friends and neighbors and to check backgrounds for political purposes. It is an article of faith for many Americans that postal workers read the postcards they process and not without reason when postal workers are heard to say that they "pass the really good ones around the office." A reasonable person may also be concerned about surveillance by nongovernmental actors. For instance, political campaigns are notorious for dirty tricks, including the bugging of opponents; the yellow pages in any major city contain numerous advertisements for detective agencies and investigators; and eavesdropping and bugging devices are readily available in stores. In light of this history of public and private intrusion into personal privacy and the growing interconnection of computers and communications envisioned by the National Information Infrastructure, it is impossible to dismiss the desire for personal communications and records security as pure paranoia. It may, in fact, be very sensible. from the Associated Press via the Washington Post, 2005-Aug-10, by Jennifer C. Kerr: Groups Slam FCC on Internet Phone Tap Rule WASHINGTON -- New regulations making it easier for law enforcement to tap Internet phone calls will also make computer systems more vulnerable to hackers, digital privacy and civil liberties groups say.

While the groups don't want the Internet to be a safe haven for terrorists and criminals, they complain that expanding wiretapping laws to cover Internet calls -or Voice over Internet Protocol (VoIP) -- will create additional points of attack and security holes that hackers can exploit. "Once you enable third-party access to Internet-based communication, you create a vulnerability that didn't previously exist," Marc Rotenberg, executive director at the Electronic Privacy Information Center said in an interview Wednesday. "It will put at risk the stability and security of the Internet." Acting on appeals from the Justice Department and other law enforcement officials, the Federal Communications Commission voted last week to require providers of Internet phone calls and broadband services to ensure their equipment can allow police wiretaps. The decision applies to Voice over Internet Protocol providers such as Vonage that use a central telephone company to complete the Internet calls. It also applies to cable and phone companies that provide broadband services. The companies will have 18 months to comply. "We recognize that people use different methods for communication and certainly most of the time the people are using the method that they can avoid detection most," said FBI spokesman Ed Cogswell. Voice over Internet Protocol technology shifts calls away from wires and switches, instead using computers and broadband connections to convert sounds into data and transmit them via the Internet. Besides the privacy and security concerns, digital rights experts worry that expansion of the wiretapping law, known as CALEA, will stifle innovation. "Creativity and innovation will end up moving offshore where programmers outside the U.S. can develop technologies that are not required to address the onerous CALEA requirements," said Kurt Opsahl, staff attorney at the Electronic Frontier Foundation. "The U.S. companies will face competition from foreign providers who will enjoy an advantage." The groups also argue that the FCC doesn't have the authority to order the companies to make changes to their systems for wiretapping purposes, since CALEA only pertains to telecommunications systems, not information systems like the Internet. An FCC spokesman declined to comment. The 1994 Communications Assistance for Law Enforcement Act (CALEA) required the telecommunications industry to build into its products tools that federal investigators can use -- after getting court approval -- to eavesdrop on conversations.

Lawyers for the Justice Department, FBI and Drug Enforcement Administration asked the FCC in March 2004 to affirm that Voice over Internet Protocol falls under CALEA. from the New York Times, 2004-Dec-18, by Stephanie Strom: A.C.L.U.'s Search for Data on Donors Stirs Privacy Fears The American Civil Liberties Union is using sophisticated technology to collect a wide variety of information about its members and donors in a fund-raising effort that has ignited a bitter debate over its leaders' commitment to privacy rights. Some board members say the extensive data collection makes a mockery of the organization's frequent criticism of banks, corporations and government agencies for their practice of accumulating data on people for marketing and other purposes. Daniel S. Lowman, vice president for analytical services at Grenzebach Glier & Associates, the data firm hired by the A.C.L.U., said the software the organization is using, Prospect Explorer, combs a broad range of publicly available data to compile a file with information like an individual's wealth, holdings in public corporations, other assets and philanthropic interests. The issue has attracted the attention of the New York attorney general, who is looking into whether the group violated its promises to protect the privacy of its donors and members. "It is part of the A.C.L.U.'s mandate, part of its mission, to protect consumer privacy," said Wendy Kaminer, a writer and A.C.L.U. board member. "It goes against A.C.L.U. values to engage in data-mining on people without informing them. It's not illegal, but it is a violation of our values. It is hypocrisy." The organization has been shaken by infighting since May, when the board learned that Anthony D. Romero, its executive director, had registered the A.C.L.U. for a federal charity drive that required it to certify that it would not knowingly employ people whose names were on government terrorism watch lists. A day after The New York Times disclosed its participation in late July, the organization withdrew from the charity drive and has since filed a lawsuit with other charities to contest the watch list requirement. The group's new data collection practices were implemented without the board's approval or knowledge, and were in violation of the A.C.L.U.'s privacy policy at the time, said Michael Meyers, vice president of the organization and a frequent and strident internal critic. Mr. Meyers said he learned about the new research by accident Nov. 7 in a meeting of the committee that is organizing the group's Biennial Conference in July.

He objected to the practices, and the next day, the privacy policy on the group's Web site was changed. "They took out all the language that would show that they were violating their own policy," he said. "In doing so, they sanctified their procedure while still keeping it secret." Attorney General Eliot Spitzer of New York appears to be asking the same questions. In a Dec. 3 letter, Mr. Spitzer's office informed the A.C.L.U. that it was conducting an inquiry into whether the group had violated its promises to protect the privacy of donors and members. Emily Whitfield, a spokeswoman for the A.C.L.U., said the organization was confident that its efforts to protect donors' and members' privacy would withstand any scrutiny. "The A.C.L.U. certainly feels that data privacy is an extremely important issue, and we will of course work closely with the state attorney general's office to answer any and all questions they may have," she said. Robert B. Remar, a member of the board and its smaller executive committee, said he did not think data collection practices had changed markedly. He recalled that the budget included more money to cultivate donors but said he did not know what specifically was being done. Mr. Remar said he did not know until this week that the organization was using an outside company to collect data or that collection had expanded from major donors to those who contribute as little as $20. "Honestly, I don't know the details of how they do it because that's not something a board member would be involved in," he said. The process is no different than using Google for research, he said, emphasizing that Grenzebach has a contractual obligation to keep information private. The information dispute is just the latest to engulf Mr. Romero. When the organization pulled out of the federal charity drive, it rejected about $500,000 in expected donations. Mr. Romero said that when he signed the enrollment certification, he did not think the A.C.L.U. would have to run potential employees' names through the watch lists to meet requirements. The board's executive committee subsequently learned that Mr. Romero had advised the Ford Foundation, his former employer, to follow the nation's main antiterrorism law, known as the Patriot Act, in composing language for its grant agreements, helping to ensure that none of its money inadvertently underwrites terrorism or other unacceptable activities. The A.C.L.U., which has vigorously contended that the act threatens civil liberties, had accepted $68,000 from Ford under the new terms by then. The board voted in October to return the money and reject further grants from Ford and the Rockefeller Foundation, which uses similar language in its grant agreements.

In 2003, Mr. Romero waited several months to inform the board that he had signed an agreement with Mr. Spitzer to settle a complaint related to the security of the A.C.L.U.'s Web site. The settlement, signed in December 2002, required the agreement to be distributed to the board within 30 days, and Mr. Romero did not hand it out until June 2003. He told board members that he had not carefully read the agreement and that he did not believe it required him to distribute it, according to a chronology compiled by Ms. Kaminer. Many nonprofit organizations collect information about their donors to help their fund-raising, using technology to figure out giving patterns, net worth and other details that assist with more targeted pitches. Because of its commitment to privacy rights, however, the A.C.L.U. has avoided the most modern techniques, according to minutes of its executive committee from three years ago. "What we did then wasn't very sophisticated because of our stance on privacy rights," said Ira Glasser, Mr. Romero's predecessor. Mr. Glasser, who resigned in 2001, said the group had collected basic data on major donors and conducted a ZIP code analysis of its membership for an endowment campaign while he was there. He said it had done research on Lexis/Nexis and may have looked at S.E.C. filings. Mr. Meyers said he learned on Nov. 7 that the A.C.L.U.'s data collection practices went far beyond previous efforts. "If I give the A.C.L.U. $20, I have not given them permission to investigate my partners, who I'm married to, what they do, what my real estate holdings are, what my wealth is, and who else I give my money to," he said. On Nov. 8, the privacy statement on the A.C.L.U. Web site was replaced with an "Online Privacy Policy." Until that time, the group had pledged to gather personal information only with the permission of members and donors. It also said it would not sell or transfer information to a third party or use it for marketing. Those explicit guarantees were eliminated from the Web site after Mr. Meyers raised his concerns about the new data-mining program at the Nov. 7 meeting. After learning of Mr. Spitzer's inquiry, the executive committee of the board took up the data-mining issue on Dec. 14. Board members are allowed to listen in on any executive committee meeting, and Mr. Meyers asked the panel to participate in its conference call. The first item on the agenda was whether he could be on the line. The executive committee voted 9 to 1 to bar him and had a staff member inform him that the meeting was of the board of the A.C.L.U. Foundation, not the group's executive committee, and thus he was excluded.

Mr. Remar, who has been a board member for 18 years, said board members had been asked to leave executive committee meetings during personnel discussions, but Mr. Meyers said it was a first. Mr. Remar said the data collection efforts were a function of the foundation, and thus the executive committee had met as the foundation board. But Mr. Romero convened a meeting of the executive committee, and Mr. Spitzer's letter was addressed to the A.C.L.U., with no mention of the foundation. Mr. Meyers said his exclusion raises a profound issue for other board members. "Their rationale for excluding me implicitly means that they can't share anything with the board, but the board as a whole has fiduciary responsibilities," he said. "How can board members do their duty if information is withheld from them?" I am obviously a privacy advocate. Somewhat less obviously, I am an ardent proponent of state integration of all the information to which it has lawful access. The alternative is simply silly. The following article tells a tale not often told by privacy advocates, and my sympathies are with the author's position. from the Wall Street Journal's OpinionJournal.com, 2004-Apr-1, by Heather Mac Donald: The 'Privacy' Jihad "Total Information Awareness" falls to total Luddite hysteria. The 9/11 Commission hearings have focused public attention again on the intelligence failures leading up to the September attacks. Yet since 9/11, virtually every proposal to use intelligence more effectively--to connect the dots--has been shot down by left- and right-wing libertarians as an assault on "privacy." The consequence has been devastating: Just when the country should be unleashing its technological ingenuity to defend against future attacks, scientists stand irresolute, cowed into inaction. The privacy advocates--who range from liberal groups focused on electronic privacy, such as the Electronic Privacy Information Center, to traditional conservative libertarians, such as Americans for Tax Reform--are fixated on a technique called "data mining." By now, however, they have killed enough different programs that their operating principle can only be formulated as this: No use of computer data or technology anywhere at any time for national defense, if there's the slightest possibility that a rogue use of that technology will offend someone's sense of privacy. They are pushing intelligence agencies back to a pre-9/11 mentality, when the mere potential for a privacy or civil liberties controversy trumped security concerns. The privacy advocates' greatest triumph was shutting down the Defense Department's Total Information Awareness (TIA) program. Goaded on by New York Times columnist William Safire, the advocates presented the program as the diabolical plan of John Poindexter, the former Reagan national security

adviser and director of Pentagon research, to spy on "every public and private act of every American"--in Mr. Safire's words. The advocates' distortion of TIA was unrelenting. Most egregiously, they concealed TIA's purpose: to prevent another attack on American soil by uncovering the electronic footprints terrorists leave as they plan and rehearse their assaults. Before terrorists strike, they must enter the country, receive funds, case their targets, buy supplies, and send phone and e-mail messages. Many of those activities will leave a trail in electronic databases. TIA researchers hoped that cutting-edge computer analysis could find that trail in government intelligence files and, possibly, in commercial databases as well. TIA would have been the most advanced application yet of "data mining," a young technology which attempts to make sense of the explosion of data in government, scientific and commercial databases. Through complex algorithms, the technique can extract patterns or anomalies in data collections that a human analyst could not possibly discern. Public health authorities have mined medical data to spot the outbreak of infectious disease, and credit-card companies have found fraudulent credit-card purchases with the method, among other applications. But according to the "privacy community," data mining was a dangerous, unconstitutional technology, and the Bush administration had to be stopped from using it for any national-security or law-enforcement purpose. By September 2003, the hysteria against TIA had reached a fevered pitch and Congress ended the research project entirely, before learning the technology's potential and without a single "privacy violation" ever having been committed. The overreaction is stunning. Without question, TIA represented a radical leap ahead in both data-mining technology and intelligence analysis. Had it used commercial data, it would have given intelligence agencies instantaneous access to a volume of information about the public that had previously only been available through slower physical searches. As with any public or private power, TIA's capabilities could have been abused--which is why the Pentagon research team planned to build in powerful safeguards to protect individual privacy. But the most important thing to remember about TIA is this: It would have used only data to which the government was already legally entitled. It differed from existing lawenforcement and intelligence techniques only in degree, not kind. Pattern analysis--the heart of data mining--is conventional crime-solving, whether the suspicious patterns are spotted on a crime pin map, on a city street, or in an electronic database. The computing world watched TIA's demolition and rationally concluded: Let's not go there. "People and companies will no longer enter into technology research [involving national-security computing] because of the privacy debates," says a privacy officer for a major information retrieval firm.

But the national-security carnage was just beginning. Next on the block: a biometric camera to protect embassies and other critical government buildings from terrorist attack; and an artificial intelligence program to help battlefield commanders analyze engagements with the enemy. In the summer of 2003, New York Times columnists Maureen Dowd and Mr. Safire sneered at the programs, portraying them as--once again--the personal toys of the evil Mr. Poindexter to invade the privacy of innocent Americans. The Dowd-Safire depictions of the projects were fantastically inaccurate; but Pentagon researchers, already reeling from the public-relations disaster of TIA, cancelled both projects without a fight. Special forces leaders in Afghanistan and embassies in terror-sponsoring states will just have to make do. The privacy vigilantes now have in their sights an airline-passenger screening system and an interstate network to share law enforcement and intelligence information. Both projects could soon go down in flames. As to whether that would be in the national interest, readers should ask themselves if they would be happy to fly seated next to Mohamed Atta. If yes, they needn't worry about the cancellation of the Computer Assisted Passenger Prescreening System (known as Capps II). And if they don't care whether police can track down a child abductor within minutes of his crime, then they shouldn't care about the crippling of the Multistate Anti-Terrorism Information Exchange, either. Capps II seeks to verify that an airline passenger is who he says he is and has no terrorist ties. To that end, the program would ask passengers to supply their name, address, phone number and date of birth upon purchasing a plane ticket. A commercial databank would cross-check those four identifiers against its own files to see if they match up. Next, Capps II would run the passenger's name through antiterror intelligence files. Depending on the results of both checks, the system would assign a risk score to air travelers--acceptable, unknown or unacceptable. Privacy zealots have mischaracterized Capps II as a sinister rerun of TIA--which it is not, since it has nothing to do with data mining--and as a plot to trample the privacy rights of Americans. They argue that, by asking your name and other minimal identifying information already available on the Internet and in countless commercial and government data bases, aviation officials are conducting a Fourth Amendment "search" of your private effects for which they should obtain a warrant based on probable cause that you have committed a crime. Such a broad reading of the Constitution is groundless, but even were the collecting of publicly available information a "search," it is clearly reasonable as a measure to protect airline safety. Development of Capps II has come to a halt, due to specious privacy crusading. Air passengers can only hope that when the next al Qaeda operative boards a plane, baggage screeners are having a particularly good day, free of the human errors that regularly let weapons on board.

Also under a death sentence: a state-run law enforcement program called "Multistate Anti-Terrorism Information Exchange."Known as Matrix, it allows police officers to search multiple law-enforcement databases and public records in the blink of an eye after a crime has been committed. It uses only information that law enforcement can already routinely access: its own records on suspects, convicts and sexual offenders, as well as publicly available data from county courthouses, telephone directories and business filings. Strong protections against abuse are built into the system. Matrix developers had hoped to allow law enforcement agencies nationwide to instantaneously connect the dots about itinerant felons like the D.C. snipers. That won't happen, however, thanks to the lies of the privacy community. Using the familiar tactic of tying the hated program to TIA and data mining, and of invoking Big Brother totalitarianism, the advocates have browbeaten nearly two-thirds of the states that had originally joined the data-sharing pact into withdrawing from it. The bottom line is clear: The privacy battalions oppose not just particular technologies, but technological innovation itself. Any effort to use computerized information more efficiently will be tarred with the predictable buzzwords: "surveillance," "Orwellian," "Poindexter." This Luddite approach to counterterrorism could not be more ominous. The volume of information in government intelligence files long ago overwhelmed the capacity of humans to understand it. Agents miss connections between people and events every day. Machine analysis is essential in an intelligence tidal wave. Before the privacy onslaught, scientists and intelligence officials were trying to find ways of identifying those fanatics who seek to destroy America before they strike again. Now many avenues are closed to them. This despite the fact that proposals for assessing risk in such areas as aviation do not grow out of an omnivorous desire to "spy on citizens" but out of a concrete need to protect people from a clear threat. And since 9/11, no one's "privacy rights" have been violated by terror pre-emption research. The "privocrats" will rightly tell you that eternal vigilance is the price of liberty. Trouble is, they're aiming their vigilance at the wrong target. Ms. Mac Donald is a fellow at the Manhattan Institute. This is adapted from the forthcoming issue of City Journal. from the Wall Street Journal, 2004-Oct-1, p.A14: Patriot Act Misinformation The American Civil Liberties Union has been spinning its victory in a federal court in New York this week as a blow against the USA Patriot Act. One typical headline: "Federal Judge Calls Patriot Act Secret Searches Unconstitutional." An ACLU press release hails the decision as "a landmark victory against the Ashcroft Justice Department."

Well, no. If reporters had bothered to read Judge Victor Marrero's decision, they would have learned that the law he actually struck down was a provision of the Electronic Communications Privacy Act of 1986. Section 2709 authorizes the FBI to issue "National Security Letters" to obtain information from wire communications companies about their subscribers. NSLs are issued secretly and the recipient is prohibited from notifying anyone about the request. As Judge Marrero noted in his ruling, "Section 2790 has been available to the FBI since 1986." He concludes that there must have been "hundreds" of NSLs issued since that time. The Patriot Act did amend Section 2790, but that amendment has nothing to do with the part that Judge Marrero says is unconstitutional. One more thing: The Electronics Communications Act was not the invention of John Ashcroft. It was sponsored by that famous and menacing right-winger, Vermont Senator Patrick Leahy, who said at the time that Section 2790 "provides a clear procedure for access to telephone toll records in counterintelligence investigations." from the Washington Post, 2005-Apr-5, p.A21, by Dan Eggen: Patriot Act Changes to Be Proposed Gonzales Will Seek to Respond to Critics, Get Law Renewed Attorney General Alberto R. Gonzales will propose some "technical modifications" to the controversial USA Patriot Act today in an effort to address the concerns of critics and ensure that the anti-terrorism legislation is renewed by Congress later this year, according to a Justice Department official. In an appearance before the Senate Judiciary Committee, Gonzales will support changes in the law concerning secret warrants for financial documents, library data and other business records, according to the Justice official. The changes would clearly limit the use of such warrants to national security investigations and would allow targets to mount legal challenges to the search, the official said. The proposal marks a significant shift for the Justice Department, which under Attorney General John D. Ashcroft had refused to entertain proposed changes to the legislation. It also marks an acknowledgment of the growing clout of critics of the law, who come from both the political left and right, and have persuaded scores of communities around the country to pass resolutions condemning the act. The law, approved overwhelmingly in the wake of the Sept. 11, 2001, attacks, dramatically increased the government's power to conduct clandestine searches and surveillance in a range of criminal cases. But about a dozen of its major provisions -- including the records provision that Gonzales has agreed to change -- are set to expire later this year unless Congress acts to renew them. That has laid the groundwork for a series of hearings in both the House and the Senate in coming weeks over the use of the Patriot Act in the past three years.

The Justice Department has argued vigorously in favor of renewing the law, saying that the act gives investigators crucial tools to combat shadowy terrorist organizations and prevent future attacks. Much of the law, including aspects that allow criminal and intelligence investigators to better share information, is not in widespread dispute. But other parts have come under increasing attack from an unusual alliance of civil liberties groups and politicians, including some conservative organizations and Republican lawmakers. For example, even as Gonzales and FBI Director Robert S. Mueller III defend the law in the Senate today, Sens. Larry E. Craig (R-Idaho) and Richard J. Durbin (D-Ill.) have scheduled a news conference to introduce joint legislation aimed at scaling back parts of the law. The event will also be attended by representatives of Patriots to Restore Checks and Balances, an ad hoc alliance that includes groups such as the American Civil Liberties Union and the American Conservative Union. The group was formed last month in an effort to seek changes in the Patriot Act. Critics of the law say they hope that by pulling together representatives of both parties, they will be able to convince Republican majorities in Congress that parts of the law should not be renewed or should be changed. "It's extremely important for people to see that this is not simply a Republican or Democratic or right or left concern, but that it cuts across the political spectrum," said former congressman Bob Barr of Georgia, who chairs the Checks and Balances group. "I hope it gives members and senators more comfort and some cover so it's not simply that they're supporting the ACLU or the far right." In addition to the provision on business records, critics are likely to focus on measures that loosened standards for secret intelligence warrants and on a permanent provision that allows delayed notification of searches -- known by critics as "sneak-and-peek warrants." In the latter case, the Justice Department released statistics yesterday showing that investigators have used such warrants 155 times since October 2001. Justice officials argue that the number is relatively small given the thousands of warrants executed by law enforcement officials. from the Associated Press, 2005-Feb-10, by Lisa Leff: Parents Protest Student Computer ID Tags SUTTER, Calif. - The only grade school in this rural town is requiring students to wear radio frequency identification badges that can track their every move. Some parents are outraged, fearing it will take away their children's privacy. The badges introduced at Brittan Elementary School on Jan. 18 rely on the same radio frequency and scanner technology that companies use to track livestock

and product inventory. Similar devices have recently been used to monitor youngsters in some parts of Japan. But few American school districts have embraced such a monitoring system, and civil libertarians hope to keep it that way. "If this school doesn't stand up, then other schools might adopt it," Nicole Ozer, a representative of the American Civil Liberties Union, warned school board members at a meeting Tuesday night. "You might be a small community, but you are one of the first communities to use this technology." The system was imposed, without parental input, by the school as a way to simplify attendance-taking and potentially reduce vandalism and improve student safety. Principal Earnie Graham hopes to eventually add bar codes to the existing ID's so that students can use them to pay for cafeteria meals and check out library books. But some parents see a system that can monitor their children's movements on campus as something straight out of Orwell. "There is a way to make kids safer without making them feel like a piece of inventory," said Michael Cantrall, one of several angry parents who complained. "Are we trying to bring them up with respect and trust, or tell them that you can't trust anyone, you are always going to be monitored, and someone is always going to be watching you?" Cantrall said he told his children, in the 5th and 7th grades, not to wear the badges. He also filed a protest letter with the board and alerted the ACLU. Graham, who also serves as the superintendent of the single-school district, told the parents that their children could be disciplined for boycotting the badges -and that he doesn't understand what all their angst is about. "Sometimes when you are on the cutting edge, you get caught," Graham said, recounting the angry phone calls and notes he has received from parents. Each student is required to wear identification cards around their necks with their picture, name and grade and a wireless transmitter that beams their ID number to a teacher's handheld computer when the child passes under an antenna posted above a classroom door. Graham also asked to have a chip reader installed in locker room bathrooms to reduce vandalism, although that reader is not functional yet. And while he has ordered everyone on campus to wear the badges, he said only the 7th and 8th grade classrooms are being monitored thus far. In addition to the privacy concerns, parents are worried that the information on and inside the badges could wind up in the wrong hands and endanger their children, and that radio frequency technology might carry health risks.

Graham dismisses each objection, arguing that the devices do not emit any cancer-causing radioactivity, and that for now, they merely confirm that each child is in his or her classroom, rather than track them around the school like a global-positioning device. The 15-digit ID number that confirms attendance is encrypted, he said, and not linked to other personal information such as an address or telephone number. What's more, he says that it is within his power to set rules that promote a positive school environment: If he thinks ID badges will improve things, he says, then badges there will be. "You know what it comes down to? I believe junior high students want to be stylish. This is not stylish," he said. This latest adaptation of radio frequency ID technology was developed by InCom Corp., a local company co-founded by the parent of a former Brittan student, and some parents are suspicious about the financial relationship between the school and the company. InCom plans to promote it at a national convention of school administrators next month. InCom has paid the school several thousand dollars for agreeing to the experiment, and has promised a royalty from each sale if the system takes off, said the company's co-founder, Michael Dobson, who works as a technology specialist in the town's high school. Brittan's technology aide also works part-time for InCom. Not everyone in this close-knit farming town northwest of Sacramento is against the system. Some said they welcomed the IDs as a security measure. "This is not Mayberry. This is Sutter, California. Bad things can happen here," said Tim Crabtree, an area parent. from GoDaddy.com, 2005-Mar-30, by Bob Parsons: Federal Agency Nixes Your Right to Privacy Dear Valued Go Daddy Customer, Today I have the unfortunate responsibility of informing you that there has been a decision made by bureaucrats of a Federal agency that takes away your right to privacy as guaranteed by the United States Constitution. This decision was unilaterally made by the National Telecommunications and Information Association ("NTIA") -- http://www.ntia.doc.gov/ -- without hearings that would determine the impact on those affected, and delivered without notice - in short, the NTIA decision was made without due process of any kind. This is exactly how our government is not supposed to work. The effect of this decision is to disallow new private domain name registrations on .US domain names. In addition, if you already own a private .US domain name registration, you will be forced to forfeit your privacy no later than January

26, 2006. By that time, you will need to choose between either making your personal information available to anyone who wants to see it, or giving up your right to that domain name. I personally find it ironic that our right to .US privacy was stripped away, without due process, by a federal government agency -- an agency that should be looking out for our individual rights. For the NTIA to choose the .US extension is the ultimate slap in your face. .US is the only domain name that is specifically intended for Americans (and also those who have a physical presence in our great country). So think about this for a moment. These bureaucrats stripped away the privacy that you're entitled to as an American, on the only domain name that says that you are an American. I am outraged by this -- you should be also. If, like me, you are outraged at the NTIA's decision to strip away our constitutional right to privacy, the Web site http://www.TheDangerOfNoPrivacy.com will provide you with a petition to sign. (Only your name will be published, your address and email information will be kept private.) This Web site also provides a very easy way for you to send either a fax or an email, expressing your outrage, to your Congressperson and Senators. This is all provided at no cost to you. All that is required is for you to take the time to visit http://www.TheDangerOfNoPrivacy.com sign the petition, and send the fax or email to your legislators. On my personal Blog -- http://www.BobParsons.com -- there are a number of articles where you can learn more about the NTIA's unfortunate decision and what you can do to help get it reversed. I also will be talking about our right to privacy on Radio Go Daddy, our weekly radio show that debuts today, March 30, at 7 PM PST. To find out how to listen in, please visit the Web site dedicated to the show, http://www.RadioGoDaddy.com You can be sure that I, and everyone at GoDaddy.com, will do everything in our power to get the NTIA decision reversed. However, we need your help. Please visit http://www.TheDangerOfNoPrivacy.com to sign the petition and express your feelings to your Congressperson and Senators. Sincerely, Bob Parsons President and Founder GoDaddy.com from the Associated Press, 2005-Feb-16: Company Pulls Out of Contract to Track Students SUTTER, Calif. - The grade school that required students to wear radio frequency identification badges that can track their every move stopped the program when the company that developed the technology pulled out.

"I'm disappointed; that's about all I can say at this point," Earnie Graham, the superintendent and principal of Brittan Elementary Sch ool in Sutter, said Tuesday night. "I think I let my staff down. Nobody on this campus knows every student." The badges, developed by Sutter-based technology company InCom Corp., were introduced on Jan. 18. The school board was set to talk abou t the controversial policy Tuesday night but tabled the discussion after InCom announced it was terminating its agreement. "I'm not convinced it's over," parent Dawn Cantrall, who filed a complaint with the American Civil Liberties Union, told the (Marysvill e) Appeal-Democrat. "I'm happy for now that kids are not being tagged, but I'm still fighting to keep it out of our school system. It h as to stop here." The system was imposed, without parental input, by the school as a way to simplify attendance-taking and potentially reduce vandalism a nd improve student safety. While many parents criticized the badges for violating privacy and possibly endangering children's health, some parents supported the p lan. "Technology scares some people it's a fear of the unknown," parent Mary Brower told the Appeal-Democrat before the meeting. "Any kind o f new technology has the potential for misuse, but I feel confident the school is not going to misuse it." Each student was required to wear identification cards around their necks with their picture, name and grade and a wireless transmitter that beams their ID number to a teacher's handheld computer when the child passes under an antenna posted above a classroom door. The school had already disabled the scanners above classroom doors and was not disciplining students who didn't wear the badges. from TPDL 2004-Nov-22, from NewsMax, by Dave Eberhart: Doctors Group Fights Prescription Reporting Bill The Association of American Physicians & Surgeons (AAPS) is warning all who will listen that ``Big Brother will be soon snooping around your medicine cabinet!'' The Arizona-based association has come out strongly against the National All Schedules Prescription Electronic Reporting Act. Already passed by the House, it is working its way through the Senate. ``Do you want the government to have a record of every prescription you get?'' asks the association in its campaign of flyers and e-mails reaching out to physicians and their patients around the country.

``Every painkiller? Every anti-depressant? Every sleeping pill? And then to pass that information along to law enforcement to prosecute you and your doctor if they don't like what they find?'' AAPS is arguing that while masquerading as a law enforcement tool to help control the illegal use of painkillers, the national bill would ``cast a net so wide that tens of millions of suffering patients & doctors will be snared in suspicion.'' Not limited to prescriptions for painkillers, AAPS adds, the bill would create a central database affecting tens of millions who are not even suspected of a crime -- and the information will be shared with state and local law enforcement. ``Prosecutors and law enforcement already second-guess doctors and prosecute them for prescribing `too much' or if they decide the patient doesn't `deserve' treatment,'' a spokesperson for AAPS told NewsMax. ``Overzealous prosecutors have already frightened many doctors out of prescribing pain treatment for the almost 50 million patients who suffer from pain,'' the spokesperson added. ``We can't let them do it to the rest of us as well.'' In its current campaign the organization highlights: The National All Schedules Prescription Reporting Act allows government and law enforcement to monitor your prescriptions; Treats tens of millions of patients as potential criminals; Gives prosecutors & law enforcement power to decide who is ``deserving'' of medicines. AAPS emphasizes that in its opinion the bill as presently worded would potentially target every prescription that involves any type of scheduled drug for anxiety, depression, insomnia, or pain --`making the suspect doctors' scripts readily accessible to the police and potentially to employers, newspapers, and blackmailers.'' Kathryn Serkes, public affairs counsel for AAPS, pointed out that more than 48 million people who suffer chronic pain in the United States are "having difficulty finding doctors to treat them as a result of misguided drug policy, law enforcement, and overzealous prosecutions. ``The `war on drugs' has turned into a war on doctors and the legal drugs they prescribe and the suffering patients who need the drugs to attempt anything approaching a normal life,'' added Serkes. from the Associated Press, 2004-Nov-18: Amtrak Begins 'Ticket Verification Program' Amtrak Begins Random Onboard ID Checks WASHINGTON -- Earlier this month, Amtrak started what they call a "ticket verification program."

An Amtrak spokesman said officials want to make sure the person who's traveling is the person whose name is on the ticket. He said the checks are part of a broader program to improve security. Amtrak also requires passengers to show ID at the ticket counter. And all luggage must be tagged with the owner's address. Officials have also started asking people to be alert for suspicious activity on trains and at stations. The security program is the result of a federal order issued in May. Since then, Amtrak has been using canine teams to randomly inspect trains and baggage. Amtrak officials say so far, no arrests have resulted from the random onboard checks. from the Portsmouth Herald, 2004-Aug-30, by Joe Adler: Fighting for their homes PORTSMOUTH - A lawsuit claiming the unconstitutionality of a state law that punishes residents for not allowing tax appraisers into their home has refueled the debate over yearly property valuations by local and state governments. Four New Hampshire residents and the Washington-based Institute for Justice filed suit last week in federal court against the New Hampshire Board of Tax and Land Appeals over a 1994 law that allows officials to obtain a search warrant and deny any property tax appeals if a homeowner refuses entry to an appraiser. In the lawsuit, the four residents - Tony and Alicia Leka of Hudson, and Phillip Smith and Anthony Stanizzi of Hollis - argue that the law violates their rights under the Fourth Amendment, which guarantees the right against unreasonable search and seizure. Bill St. Laurent, president of the Association of Portsmouth Taxpayers, said it was unreasonable to force property owners to let in strangers to appraise the interior of their homes. All the appraisers need to see, he said, is if there is an addition to the house in order to determine square footage. "They should be able to tell that from the street," said St. Laurent, a former city councilor. "You should not have to let someone in your home that you wish not to have come in your home. That's a personal thing. We have got to stop taking rights away from people in this country." The residents suing the state's Board of Tax and Land Appeals say they are willing to discuss their homes with assessors and show them public documents related to the property, and they are also open to inspections of their homes' exteriors.

But their decision not to grant assessors entry inside their homes has all but blocked them from pursuing appeals of their property tax assessments. "Government officials in the Live Free or Die State shouldn't be allowed to intrude into my family's home or penalize me for merely exercising my Fourth Amendment rights," said Smith. Over the years, Portsmouth has conducted numerous citywide property valuations to determine how much homeowners should pay in property taxes. In 2002, the city hired the consulting firm Cole-Layer-Trumble for $700,000 to do such appraisals. The property tax rate for 2004 was announced in October as $17.74 per $1,000 of assessed property value. That was a $1.53 decrease from the previous year's rate. St. Laurent said the only rational reason an assessor would need to enter a home to conduct an appraisal is to see whether a homeowner has made livable space out of a basement or attic, which would add square footage to a home. Any such improvement, said St. Laurent, would have to be filed through a municipal planning office before work could done. "I think they're basically calling (residents) liars," St. Laurent said of the law. "Police can't even come into your home if they don't have a search warrant. Why should an assessing company be able to come into your home?" Rosann Maurice, Portsmouth's deputy assessor, declined to comment Friday about the lawsuit. from TheInquirer.net, 2004-Jul-1, by Nick Farrell: US court allows email interception The nose wins A BOSTON US appeals court has decided that it is OK for anyone who has email being stoed on their network to open and examine it. The ruling follows the case of the online bookstore Interloc which made copies of e-mails in 1998 so it could look at messages sent to its subscribers by rival Amazon.com. Interloc executive Branford Councilman was indicted on an illegal wiretapping charge. The charge was thrown out, but the Government appealed. According to Associated Press, the Boston-based appeals court has upheld the dismissal. Councilman made his employees to write computer code to intercept and copy all incoming e-mails from Amazon.com to Interloc's subscribers, who were dealers seeking buyers for rare and out-of-print books.

The case against Councilman was that he tried to exploit the Amazon e-mails to develop a list of books, learn about competitors and attain a commercial advantage. His defence was that the e-mails were copied while in "electronic storage" -- and were in the process of being routed through a network of servers to recipients. The law only protects eavesdropping on messages that are not stored - such as an unrecorded phone conversation - but does not afford the same legal protections to stored messages. The ruling has scared the pants off civil rights groups which claim it means that all of our electronic communications are in jeopardy. It means that anyone who owns part of the network that the email happens to be flying around, has the right to stop and open it. The Electronic Frontier Foundation, said in a statement that the court dealt a 'grave blow' to the privacy of Internet communications. The US Justice Department said it was considering its options following the ruling. from the Associated Press, 2004-Jul-1: Appeals court allows intercepting e-mail Privacy advocates rap federal ruling In an online eavesdropping case with potentially profound implications, a federal appeals court in Boston ruled it was acceptable for a company that offered e-mail service to surreptitiously track its subscribers' messages. A now-defunct online literary clearinghouse, Interloc Inc., made copies of the emails in 1998 so it could peruse messages sent to its subscribers by rival Amazon.com Inc. An Interloc executive was subsequently indicted on an illegal wiretapping charge. An advocacy group said Tuesday's ruling by the 1st US Circuit Court of Appeals opens the door to further interpretations of the federal Wiretap Act that could erode personal privacy rights. "It puts all of our electronic communications in jeopardy -- voice mail, e-mail, you name it," said Jerry Berman, president of the Center for Democracy and Technology. In a 2-1 decision, the appeals court upheld a federal judge's dismissal last year of a wiretapping charge against a former Interloc vice president, Branford C. Councilman. According to his 2001 indictment, he directed employees to write computer code to intercept and copy all incoming e-mail from Amazon.com to Interloc's subscribers, who were dealers seeking buyers for rare and out-of-print books. Amazon.com did not then offer used books, but helped customers track down rare books.

The government alleged Interloc tried to exploit the Amazon e-mails "to develop a list of books, learn about competitors and attain a commercial advantage." Councilman argued no violation of the Wiretap Act had occurred because the emails were copied while in "electronic storage" -- the messages were in the process of being routed through a network of servers to recipients. The wiretapping law broadly protects eavesdropping on messages that are not stored -- such as an unrecorded phone conversation -- but does not afford the same legal protections to stored messages. The 1968 law was amended in 1986 to address emerging computer technologies. In a dissenting opinion, Appeals Court Judge Kermit V. Lipez wrote that upholding Councilman's arguments "would undo decades of practice and precedent regarding the scope of the Wiretap Act and would essentially render the act irrelevant to the protection of wire and electronic privacy." The significance of the trend evidenced in the following item is that the TLS transparent mail encryption system (included in most full featured mail handling software now, including the free and ubiquitous sendmail) provides cryptographic (guaranteed) privacy to users only if their computers are able to connect directly to the recipient's mail server, and consumer-oriented ISPs are now using their positions of power to block those direct connections. This means they can read all the email their subscribers send (and receive, in most cases), unless the subscribers use awkward, obscure, attention-grabbing technologies like PGP. from TheInquirer.net, 2004-Jul-2: Bell South set to block Spam Port 25 Goodbye emals. Well some of them BELLSOUTH IS SET to follow Comcast's lead and block port 25 in a bid to reduce the junk emals its customers are getting. The firm said it will upgrade its email service on July 13th and describes it as a spam fighting upgrade. In a letter it sent to its customers yesterday, it advised them on how to fix their email clients so they work properly with the move. There's a web page for its customers, here. from eWeek.com, 2004-Jul-1, by Matt Hicks: Wiretap Ruling Could Signal End of E-Mail Privacy A federal appeals court ruling this week has put a spotlight on the increasingly public nature of e-mail messages and has unraveled expectations that e-mail would gain the same privacy protections as traditional communications.

The 1st Circuit Court of Appeals on Tuesday ruled that protections under the federal Wiretap Act do not extend to e-mail messages stored on an e-mail provider's computer systems. "The fact is that there is now an emerging line of precedent in the courts that people should not expect privacy in their e-mail, for the most part," said Mark Plotkin, a partner at law firm Covington & Burling, in Washington, D.C. The decision stemmed from a 2001 indictment on wiretapping charges against an executive of Interloc Inc., a now-shuttered listing company for rare and used books. Bradford Councilman, who was a vice president at the company, was accused of having copied e-mails from Amazon.com Inc. that were being sent to book dealers who subscribed to Interloc's e-mail service. In a 2-1 ruling, the appeals court upheld a lower court's dismissal of the illegal wiretapping charge. Privacy advocates immediately called the ruling a blow to privacy rights, and technology attorneys agreed that the court's decision should put an end to users' expectations that their e-mails are safe from prying eyes. The court's decision hinged on the fact that the Wiretap Act, which dates to 1968, covers eavesdropping on live communications such as a phone conversations but not on stored communications, such as an e-mail message even temporarily stored on an e-mail provider's servers or computers en route to a recipient. "We believe that the language of the statute makes clear that Congress meant to give lesser protection to electronic communications than to wire and oral communications," the court's ruling stated. The decision is a blow to more than just the privacy of e-mail. It also could hurt efforts to prevent and prosecute other forms of cyber-crime, said Allonn Levy, an attorney with Hopkins & Carley in San Jose, Calif. "By ruling that copying e-mail messages that had been 'stored' by a computer while in transit is not a crime under the federal Wiretap Act, the First Circuit has removed an important tool for fighting industrial espionage, stalking, identity theft and other information-based crime," she said. The appeals court agreed that "the language may be out of step with the technological realities of computer crimes." But it argued that it is the role of the U.S. Congress, not the courts, to change any language in the law to extend the eavesdropping protections to e-mail and electronic communications. "What the courts are telling us is that unless the Wiretap Act is changed, e-mail should be viewed as public communication that anybody could potentially view," Plotkin said. Plotkin said he expects the ruling to embolden privacy advocates and others to push for changes in the law, but he doubts that the political climate will lead members of Congress to act. In light of terrorism threats, the issue will likely

become one of security versus privacy, which could be a hard sell for privacy advocates, he said. While the ruling would appear to allow Internet and e-mail service providers to read and copy users' e-mails, most major ones have their own privacy policies against such practices. A Yahoo Inc. spokeswoman, for example, said the company "does not access or disclose user information and content except in very limited circumstances such as when required to do so by law." Still, the ruling does remove what could have been one barrier to ISPs accessing e-mail for such activities as data-mining it for commercial purposes, said Paul Winick, a partner at law firm Thelen, Reid & Priest LLP, in New York. "As long as your e-mail is in storage, your service provider is not going to violate the Wiretap Act in reading your e-mail," he said. When it comes to government access to e-mail, law enforcement officials still would need a warrant to access e-mail, Winick said. But with wire communications, such as phone calls, the Wiretap Act restricts the types of conversations that could be tapped. Given the appeals court's ruling, similar limitations likely won't apply to stored e-mail messages once law enforcement officials gain access, he said. Beyond a push for updated laws, the court's ruling reinforces the need for businesses and consumers to take e-mail security more seriously, said Sonia Arrison, director of technology studies at the Pacific Research Institute, a San Francisco-based think tank advocating a free-market philosophy. Arrison said that rather than seeking new privacy laws, e-mail users need to embrace encryption methods for securing sensitive e-mails. "E-mail is just inherently insecure, and we have a whole bunch of problems because of it," Arrison said. "There are two things to take from this ruling: Know that your e-mail is not private and it never has been, and figure out what to do about it." from E-Commerce Times, 2004-Aug-24, by Robert Jaques: Virus Writers Create Peeping Tom Webcam Worm According to Sophos, the W32/Rbot-GR worm is evidence of a growing trend of malware spying on innocent home computer owners and poorly protected businesses. "With many home users keeping poorly defended PCs in their bedroom, there is considerable potential for abuse," said Graham Cluley, senior technology consultant for Sophos. Virus writers have developed a "Peeping Tom" worm Relevant Products/Services from AT&T Network Security Solutions that can use webcams to spy on computer users in their home or workplace, Internet security Relevant Products/Services from IBM eServer xSeries Systems watchers have warned.

The newly discovered Rbot-GR worm (W32/Rbot-GR) spreads via network shares, exploiting a number of Microsoft (Nasdaq: MSFT) Latest News about Microsoft security vulnerabilities before installing a backdoor Trojan as it travels, security firm Sophos Latest News about Sophos said. The company added that, once the worm infects a computer, remote hackers can easily gain access to the information on the PC's hard drive and steal passwords, as well as spy on innocent users via their webcam and microphone. "More and more hackers are interested in spying on the people they manage to infect with their worms and Trojan horses," said Graham Cluley, senior technology Relevant Products/Services from Intel Enterprise Solutions consultant for Sophos, in a statement. "In the workplace, this worm opens up the possibilities of industrial espionage. At home it is equivalent to a Peeping Tom who invades your privacy Latest News about privacy by peering through your curtains. "If your computer is infected and you have a webcam plugged in, then everything you do in front of the computer can be seen, and everything you say can be recorded." According to Sophos, the W32/Rbot-GR worm is evidence of a growing trend of malware spying on innocent home computer owners and poorly protected businesses. "With many home users keeping poorly defended PCs in their bedroom, there is considerable potential for abuse," added Cluley. "The message is simple: keep your PC protected against the latest threats with antivirus software and firewalls, and if in any doubt unplug your webcam when you're not using it." More information on the worm and instructions on how to remove it are available from Sophos. from The Telegraph, 2004-Sep-12, by Melissa Kite and Daniel Foggo: Cameras in the trees will spy on hunts Police are planning to use spy cameras in the countryside to enforce a ban on fox hunting. Chief constables intend to site CCTV cameras on hedgerows, fences and trees along known hunting routes to enable them to photograph hunt members who break the law after hunting with hounds is outlawed. The controversial measure was agreed at a secret meeting between David Blunkett and the chief constables of England and Wales after the hunting ban was announced last week. Police chiefs warned the Home Secretary that enforcing the ban would cost in excess of 30 million and divert resources from front-line policing. The plan to use cameras was put forward as a way of detecting illegal hunts without deploying hundreds of extra police to roam the countryside.

Some senior police have voiced concern that the measure could be easily foiled by riders and foot followers donning balaclavas. Mr Blunkett, however, was said to be enthusiastic about the idea, believing that cameras would be an affordable way of allowing police to identify where illegal hunts are taking place before moving in. An aide said: "This is the sort of imaginative policing solution that we will need to be able to police this ban, without incurring massive extra costs." The strategy was agreed during a meeting at the Home Office last week following the announcement that a Hunting Bill will be forced through, beginning in the Commons this week, but with its implementation delayed for two years. Opponents of the ban said the use of spy cameras would serve only to harden defiance. In another act of opposition, The Sunday Telegraph has learned that hundreds of farmers are to refuse to allow the Armed Forces to carry out military manoeuvres on their land if the Government succeeds in passing its Bill to outlaw hunting. The decision by landowners in Wales and parts of England to implement a permanent ban will place tens of thousand of acres out of bounds to the military and paralyse Ministry of Defence plans for forthcoming exercises. The move is a direct retaliation for the Government's decision to force the antihunting Bill through the zHouse of Lords. The Commons will vote on the Bill on Wednesday and, if it is passed as expected, the use of the Parliament Act will ensure that the ban becomes effective within two years, irrespective of opposition from the upper chamber. The MoD has long been reliant on the unpaid co-operation of farmers in allowing the Armed Forces to use their land for large-scale manoeuvres. Ken Jones, the master of the Irfon and Towy Hunt and the chairman of the Federation of Welsh Packs, said that dozens of farmers in mid-Wales would no longer give the MoD permission for troop exercises. Mr Jones, who owns an 800-acre sheep and cattle farm near Llanwrtyd Wells in Powys, said: "All co-operation with the military will be stopped immediately and for good. The Army and the SAS use our land for large exercises two or three times a year, but not any more they won't. "There is a big exercise set for November with units from all different parts of the world taking part but that will probably have to be cancelled now. "We have a very good relationship with the military so we don't relish doing this.

"The last thing we want to do is to ruin national security, but when you have people like the Labour Party running the country and the way they are treating country folk, we need to stand up." Tony Blair has ordered the implementation of the ban to be delayed to avoid an angry confrontation with hunt members in the run up to a general election next year. Mr Blunkett was also in favour of the delay because it will allow the police to prepare for the ban. However police in rural areas fear that if they have to arrest hunt members, it will drive a wedge between them and their local community. * A group of field sports supporters are making a complaint to the Commission for Racial Equality claiming that the Government's intention to outlaw fox hunting will discriminate against their "ethnic identity". The Free Church of Country Sports launched itself earlier this year in an effort to establish hunting as a religion. from the Boston Herald, 2004-Jul-23, by Thomas Caywood: Some cheer, some jeer as T begins random bag checks Any bags or parcels you carry on the T this morning are fair game now. MBTA cops began checking baggage for bombs at two suburban commuter rail stations yesterday under a controversial new security policy that outraged some riders and left others unfazed. Checking the bags of every 11th passenger carrying one at Randolph and Salem stations, police screened a total of 95 items during the morning commute using ion trap spectrometers. The machines, which list for $46,000 each and are about the size of a cash register, detected no explosive traces at either station. MBTA Police Chief Joseph Carter said no one refused to have bags swabbed for screening and, in fact, many riders wanted to volunteer. But civil rights advocates and subway riders at the Roxbury Crossing station yesterday afternoon blasted the checks - which also will include bomb-sniffing dogs and physical searches of bags - as heavy-handed and futile. ``It gives people a false sense of security. What's going to stop me from walking half a block to the next station?'' said Gabriel Camacho of the T Riders Union. Carter, the T police chief, acknowledged random checks in selected locations aren't foolproof. ``This isn't the end all and be all, but it is a major step,'' he said. French Wall of the Fenway, who caught the Orange Line at Roxbury Crossing yesterday with a bag in his hand, said he doesn't feel safer.

``It's a distraction from efforts to make me feel safer,'' Wall said. The American Civil Liberties Union of Massachusetts is gathering anecdotal reports from searched riders for a lawsuit, and the local chapter of the National Lawyers Guild plans to file an injunction to stop the checks. ``If we don't file (Friday) we will file on Monday,'' NLG's Urszula Masny-Latos said. While the ACLU and NLG maintain random searches in a public place without probable cause run afoul of the Fourth Amendment, the Anti-Defamation League of New England threw its support behind the policy yesterday. ``We believe the MBTA intends to protect the public while safeguarding civil liberties,'' ADL Regional Director Rob Leikind said. from the Associated Press, 2004-Jul-18: Boston to be blanketed by surveillance cameras during DNC BOSTON State and federal authorities are placing dozens of surveillance cameras at strategic points around Boston for the Democratic National Convention in an effort to deter terrorism, violent demonstrations and ordinary street crime. The new surveillance equipment is in addition to hundreds of cameras already in use by the MBTA, the Massachusetts Port Authority, the Big Dig and the state Highway Department. The burgeoning number of largely unregulated cameras has civil libertarians concerned that the increased surveillance will discourage people from exercising their First Amendment rights. "What this demonstrates is that '1984' is now technologically possible," said Barry Steinhardt, director of the American Civil Liberties Union's Technology and Liberty Program, referring to George Orwell's book about an all-seeing government. "This really is a situation where we are being asked to blindly trust the government. There is no oversight of this. There are no safeguards." Law enforcement officials say the cameras will only be used to deter and detect crime, not to snoop on law-abiding citizens or demonstrators. The surveillance includes 75 cameras installed by the federal government to monitor the Central Artery, City Hall Plaza, the FleetCenter and other high priority areas. The cameras will be centrally monitored in Boston and Washington. The U.S. Coast Guard is also using a surveillance system in the harbor and Charles River that includes infrared imaging equipment, radar and cameras to watch for unauthorized vessels entering the waters around Boston. And while many of the cameras are being set up in time for the convention, they will stay in use long after the delegates have gone home.

"We own them now," Boston Police Superintendent Robert Dunford said. "We're certainly not going to put them in a closet." Dunford, the department's top convention security planner, said the police have a policy in place to prevent abuse. Tapes that do not show criminal activity will be destroyed. The federal equipment will be used simply to identify suspicious and criminal activity and to respond to emergencies, not to snoop on private citizens, said Ronald Libby, regional director of the Federal Protective Service, a branch of the Homeland Security Department. "It doesn't make sense to take all these valuable resources and look at the guy on the corner smoking cigarettes," he said. The new surveillance equipment is part of the $50 million security effort for the July 26-29 convention, the first since the Sept. 11 terrorist attacks, and will augment an estimated 3,000 law enforcement personnel. Security for the convention, where Massachusetts Sen. John Kerry will formally accept the party's nomination for president, also includes the shutdown of portions of Interstate 93 for long stretches and the closure of the North Station commuter rail hub. Although all the cameras will not be part of the same network, law enforcement agencies have agreed to share camera shots if necessary. from TheRegister.co.uk, 2004-Jun-4, by Andrew Orlowski in San Francisco: RIAA wants your fingerprints Not content with asking for an arm and a leg from consumers and artists, the music industry now wants your fingerprints, too. The RIAA is hoping that a new breed of music player which requires biometric authentication will put an end to file sharing. Established biometric vendor Veritouch has teamed up with Swedish design company to produce iVue: a wireless media player that allows content producers to lock down media files with biometric security. This week Veritouch announced that it had demonstrated the device to the RIAA and MPAA. "In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan," claims the company. iVue has been developed in partnership with Swedish design house Thinking Materials. Since Veritouch already supplies security authentication systems up to Homeland Defense standards (in partnership with an Israeli defense contractor), we do forsee exciting synergies ahead, should budget cuts force the War on

Terror and the War on Piracy to be consolidated into just the one unwinnable "war". Do you think it will catch on? from CNET News.com, 2004-Apr-19, by Declan McCullagh: Shhh! The FBI's listening to your keystrokes The FBI is trying to convince the government to mandate that providers of broadband, Internet telephony, and instant-messaging services build in backdoors for easy wiretapping. That would constitute a sweeping expansion of police surveillance powers. Instead of asking Congress to approve the request, the FBI (along with the Department of Justice and the Drug Enforcement Administration) are pressing the Federal Communications Commission to move forward with minimal public input. The three agencies argue that the 1994 Communications Assistance for Law Enforcement Act (CALEA) permits the FCC to rewire the Internet to suit the eavesdropping establishment. "The importance and the urgency of this task cannot be overstated," their proposal says. "The ability of federal, state and local law enforcement to carry out critical electronic surveillance is being compromised today." Unfortunately for the three agencies, CALEA, as it's written, would not grant the request. When Congress was debating CALEA, then-FBI Director Louis Freeh reassured nervous senators that the law would be limited to telephone calls. (CALEA was intended to let police wiretap conversations flowing through then-novel services like cellular phones and three-way calling.) "So what we are looking for is strictly telephone--what is said over a telephone?" Sen. Larry Pressler, R-S.D., asked. Freeh replied: "That is the way I understand it. Yes, sir." A House of Representatives committee report prepared in October 1994 is emphatic, saying CALEA's requirements "do not apply to information services such as electronic-mail services; or online services such as CompuServe, Prodigy, America Online or Mead Data (Central); or to Internet service providers." Freeh, who has a sincere appreciation for wiretaps, had included Internet services in an earlier version of CALEA--but Congress didn't buy it. "Unlike the bills previously proposed by the FBI, this bill is limited to local and long-distance telephone companies, cellular and PCS providers, and other common carriers," Jerry Berman of the Electronic Frontier Foundation told Congress during a September 1994 hearing.

But now that more conversations are taking place through audio-based instantmessaging and voice over Internet Protocol (VoIP) services, the FBI and its allies are hoping that official Washington won't remember inconvenient details. "These (wiretapping) problems are real, not hypothetical, and their impact on the ability of federal, state and local law enforcement to protect the public is growing with each passing day," the police agencies say in their proposal to the FCC. It's true that the FBI has a difficult job to do, especially after Sept. 11, 2001, but is this proposal necessary, let alone wise? from Wired Magazine, 2004-Jan-6, by Kim Zetter: Bush Grabs New Power for FBI While the nation was distracted last month by images of Saddam Hussein's spider hole and dental exam, President George W. Bush quietly signed into law a new bill that gives the FBI increased surveillance powers and dramatically expands the reach of the USA Patriot Act. The Intelligence Authorization Act for Fiscal Year 2004 grants the FBI unprecedented power to obtain records from financial institutions without requiring permission from a judge. Under the law, the FBI does not need to seek a court order to access such records, nor does it need to prove just cause. Previously, under the Patriot Act, the FBI had to submit subpoena requests to a federal judge. Intelligence agencies and the Treasury Department, however, could obtain some financial data from banks, credit unions and other financial institutions without a court order or grand jury subpoena if they had the approval of a senior government official. The new law (see Section 374 of the act), however, lets the FBI acquire these records through an administrative procedure whereby an FBI field agent simply drafts a so-called national security letter stating the information is relevant to a national security investigation. And the law broadens the definition of "financial institution" to include such businesses as insurance companies, travel agencies, real estate agents, stockbrokers, the U.S. Postal Service and even jewelry stores, casinos and car dealerships. The law also prohibits subpoenaed businesses from revealing to anyone, including customers who may be under investigation, that the government has requested records of their transactions. Bush signed the bill on Dec. 13, a Saturday, which was the same day the U.S. military captured Saddam Hussein.

Some columnists and bloggers have accused the president of signing the legislation on a weekend, when news organizations traditionally operate with a reduced staff, to avoid public scrutiny and criticism. Any attention that might have been given the bill, they say, was supplanted by a White House announcement the next day about Hussein's capture. James Dempsey, executive director of the Center for Democracy & Technology, didn't see any significance to the timing of Bush's signing. The 2004 fiscal year began Oct. 1 and the Senate passed the bill in November. He said there was pressure to pass the legislation to free up intelligence spending. However, Dempsey called the inclusion of the financial provision "an intentional end-run" by the administration to expand the administration's power without proper review. Critics like Dempsey say the government is trying to pass legislation that was shot down prior to the U.S. invasion of Iraq, when the Bush administration drafted a bill to expand the powers of the Patriot Act. The so-called Patriot Act II was discovered by the Center for Public Integrity last year, which exposed the draft legislation and initiated a public outcry that forced the government to back down on its plans. But critics say the government didn't abandon its goals after the uproar; it simply extracted the most controversial provisions from Patriot Act II and slipped them surreptitiously into other bills, such as the Intelligence Authorization Act, to avoid raising alarm. Dempsey said the Intelligence Authorization Act is a favorite vehicle of politicians for expanding government powers without careful scrutiny. The bill, because of its sensitive nature, is generally drafted in relative secrecy and approved without extensive debate because it is viewed as a "must-pass" piece of legislation. The act provides funding for intelligence agencies. "It's hard for the average member to vote against it," said Dempsey, "so it makes the perfect vehicle for getting what you want without too much fuss." The provision granting increased power was little more than a single line of legislation. But Dempsey said it was written in such a cryptic manner that no one noticed its significance until it was too late. "We were the first to notice it outside of Congress," he said, "but we only noticed it in September after it had already passed in the House." Rep. Porter Goss (R-Florida), chairman of the House Intelligence Committee that reviewed the bill, introduced the legislation into the House last year on June 11, where it passed two weeks later by a vote of 410-9. The Senate passed the bill by unanimous consent on July 31.

Goss's staff said he was out of the country and unavailable for comment. But Goss told the House last year that he believed the financial institution provision in the bill brought the intelligence community up to date with the reality of the financial industry. "This bill will allow those tracking terrorists and spies to 'follow the money' more effectively and thereby protect the people of the United States more effectively," he said. But Rep. Betty McCollum (D-Minnesota), who opposed the legislation, told the House, "It is clear the Republican leadership and the administration would rather expand on the USA Patriot Act through deception and secrecy than debate such provisions in an open forum." Despite her remarks, however, McCollum voted in favor of the legislation. A number of other representatives expressed concern that the financial provision was slipped into the Intelligence Act at the 11th hour with no time for public debate and against objections from members the Senate Judiciary Committee, which normally has jurisdiction over the FBI. Sen. Patrick Leahy (D-Vermont), the minority leader of the Senate Judiciary Committee, along with five other members of the Judiciary Committee, sent a letter to the Intelligence Committee requesting that their committee be given time to review the bill. But the provision had already passed by the time their letter went out. "In our fight to protect America and our people, to make our world a safer place, we must never turn our backs on our freedoms," said Rep. C.L. "Butch" Otter (RIdaho) in a November press release. "Expanding the use of administrative subpoenas and threatening our system of checks and balances is a step in the wrong direction." Otter, however, also voted in favor of the bill. Charlie Mitchell, legislative counsel for the American Civil Liberties Union, said many legislators failed to recognize the significance of the legislation until it was too late. But he said the fact that 15 Republicans and over 100 Democrats voted against the Conference Report of the bill indicated that, had there been more time, there probably would have been sufficient opposition to remove the provision. "To have that many people vote against it, based on just that one provision without discussion beforehand, signifies there is strong opposition to new Patriot Act II powers," Mitchell said. He said legislators are now on the lookout for other Patriot Act II provisions being tucked into new legislation. "All things considered, this was a loss for civil liberties," he said. But on a brighter note, "this was the only provision of Patriot II that made it through this year.

Members are hearing from their constituents. I really think we have the ability to stop much of this Patriot Act II legislation in the future." from the Austin Chronicle, 2004-Jan-9, by Jordan Smith: Patriot II, Piece by Piece While the so-called Patriot Act II -- a wish list of sweeping powers dreamed up last year by U.S. Attorney General John Ashcroft to augment 2001's USA PATRIOT Act -- disappeared shortly after a draft copy was made public early last year, it did not die. In fact, on Saturday, Dec. 13 -- as news of Saddam Hussein's capture drove the news cycle -- President George W. Bush signed into law a bill that will allow the federal government broad access to individuals' financial records without a court order. This allows the government to sidestep decadesold financial privacy laws, all in the name of preventing terrorism. House Bill 2417, the Intelligence Authorization Act for fiscal year 2004, debuted in Congress last June, and was pushed back and forth between the House and Senate for nearly five months before finally making its way to Bush's desk on Dec. 2. The lengthy perennial bill authorizes appropriations for all intelligencerelated activities and, on the whole, is fairly standard. However, the final bill was amended by the Senate to include a section that redefines and broadens the phrase "financial institution" -- an obscure yet sweeping change that, at least until challenged in court, will allow the federal government the ability to snoop into nearly every financial aspect of individuals' lives. Previously, federal law enforcement officials could gain access to individuals' financial records from a bank only if those individuals were suspected of crimes and only after gaining the approval of a federal judge. But the new IAA not only allows the feds to snoop through financial records without a warrant and without demonstrating the person is actually a suspect in a crime, but also broadens the arena for snooping. The legal definition of "financial institution" previously referred only to banks. But now, the feds can examine financial records held by stockbrokers, car dealerships, casinos, credit card companies, insurance agents, jewelers, airlines, pawnbrokers, the U.S. Postal Service, and any other business "whose cash transactions have a high degree of usefulness in criminal, tax, or regulatory matters." Federal law enforcers need only draft a "National Security Letter" requesting the records in order to get them. This change ultimately passed the U.S. House, but not before a handful of legislators -- including Texas Rep. Ron Paul, R-Surfside -- voiced stern opposition. "These expanded internal police powers will enable the FBI to demand transaction records from businesses ... without the approval or knowledge of a judge or grand jury," Paul said during a speech from the House floor on Nov. 20. "This was written into the bill at the 11th hour over the objections of members of the Senate Judiciary Committee, which would normally have jurisdiction over the FBI. The Judiciary Committee was frozen out of the process. It appears we are witnessing a stealth enactment of the enormously unpopular 'Patriot II' legislation that was first leaked several months ago. Perhaps

the national outcry when a draft of the Patriot II act was leaked has led its supporters to enact it one piece at a time in secret. Whatever the case, this is outrageous and unacceptable." In the end Paul was one of 163 legislators (including fellow Texans Lloyd Doggett and Sheila Jackson Lee and presidential candidate Dennis Kucinich) to vote against the entire IAA solely because of the draconian amendment. "How this will take effect and what the limits of it are will probably be fought out in the courts," said Paul spokesman Jeff Deist. So far, Deist said, the IAA amendment is the first of the so-called Patriot II measures to make its way into legislation, but he expects it won't be the last. "January is a whole new ballgame," he said. from the New York Times, 2004-Jun-29, by Joe Sharkey: Want to Be Unpopular? Start With a Cellphone Last week, in a column about the proliferation of cellphone louts on Amtrak trains, including on the single, ostensibly cellphone-free Quiet Cars that Amtrak operates, I asked for reader responses. An avalanche of e-mail messages arrived. I have been traveling out of the country and have been unable to respond yet to most of the mail, though I have read it all avidly. Unfortunately, I can share only a few excerpts here. Let us just say that a powerful backlash has formed against the cellphone blabbing that reverberates through trains, planes, buses and in other public spaces. How powerful? Listen to David Patterson's trenchant suggestion: "Give train conductors guns. If a cell-yeller acts up in a Quiet Car (or any car), the conductor is permitted to confiscate his/her cellphone. If the passenger refuses to hand it over, the conductor may shoot him/her, and then redial the last number to inform the person on the other end that the caller will not be getting back to the office anytime soon." Outside the realm of such fantasy, strategies for dealing with phone delinquency range from the decorous to the slightly deranged. "Those who are emboldened enough to confront the offender would say, 'I'll see you in etiquette school!' " suggested Ruth F. Block. Such delicacy is not for William Aguiar Jr. who says his method is to parrot the offender's words - loudly. "At first the cell-intruders don't get it because they are so involved with their rantings," he wrote. "When they become conscious that I am repeating their words they look at me as if I am psychotic. Often, I've heard them say, 'There's some nut repeating my every word. I'll get back to you.' " Remember when public pay phones had doors? They were there to protect Americans' cherished privacy. But the doors are long gone and so, it would seem, is people's skittishness about spilling secrets to strangers. A large number of readers viewed the braying of personal matters by some cellphone users, like

the lawyer I overheard on an Acela train discussing intimate details of a client's case, as a symptom of the nation's cultural decline. "I certainly can't believe how people talk on their phone without thinking about the consequences," said Tony J. Williams. Michael Reed wrote, "The sense of decent privacy in public places has been lost. There used to be a decorum and an expected behavior associated with public places. This is/was essential because it permitted us to sanely coexist, by mostly unwritten rules." Carolyn Doyle added, "There is not enough time in the day to relay the daily torment I must endure from these cell-yellers." And airplanes, where cellphones are still banned in flight, don't guarantee a safe haven, she and others pointed out. Ms. Doyle recalled being on a flight from Las Vegas recently that was delayed on the runway by mechanical problems, forcing her to listen to "some loud, overweight blowhard yell on his phone for over an hour" until the plane finally took off. On the subject of Amtrak's Quiet Cars, Kristie Bramwell wrote that she would greatly welcome such an innovation on the Metro-North commuter trains she rides daily between Connecticut and New York City. "There's always some selfimportant jerk who must holler his business all the way into Manhattan," she said, adding that she would gladly "pay extra" to ride on a car where cellphone use was prohibited. Alan M. Lieberman, who said he always tried to get a seat in a Quiet Car, wrote: "I am a frequent business traveler on the Acela between New York and Washington, D.C. The boorishness of noise polluters on these trains with their cellphones and their beeping musical computers is astonishing," he said, adding that enforcement of the no-cellphone policy isn't consistent. "Some crews are vigilant," while "other Acela crews give no instructions, and when asked to enforce the rules of the car take the attitude that the nonoffender seeking quiet is at fault." Obviously, the problem isn't confined to Amtrak's popular Northeast corridor trains. Bill Witherup of Seattle wrote that when he complained about cellphone bedlam to a Seattle commuter line customer service official, "an officer approached me as if I were a serial killer." In fairness, perhaps his briefcase set off some alarm. Mr. Witherup wrote: "I have a sign on my briefcase. Shows a saber-tooth tiger ready to pounce and the words: 'Beware! This is a cellphone free zone.' " Many readers said that because of cellphone madness, they either had given up on the train as an alternative to the airline shuttles for business travel, or were prepared to.

Among them is Arline L. Bronzaft, an environmental psychologist who researches and lectures on the perils of noise. When she started taking Amtrak, she wrote, she "had not envisioned how unpleasant my train trips to Washington would become because of the cellphone." If the problem isn't solved, she said, "I will be forced to fly." Lots of readers shared horror stories. Janet McKee, a regular Amtrak rider, had a beauty. "I am one of those on the Quiet Car who polices the cellphone users," she wrote, recalling an Acela ride on March 11, 2002, when the conductor made an announcement asking passengers to observe a moment of silence to mark the sixth-month anniversary of the Sept. 11, 2001, terrorist attacks. "I was on the Quiet Car and a guy talked through the whole moment of silence on his cellphone." On the Road Appears each Tuesday. E-mail: jsharkey@nytimes.com from TheInquirer.net, 2003-Aug-11: China to chip up a billion people Privacy, they've never been threatened by it PAPER ID CARDS in China are to be replaced by cards that use semiconductors and which link in to vast databases controlled by all powerful government ministries, it has emerged. But if such a plan might meet with some mild objections from human rights groups in Europe and North America, it appears the scheme is being introduced without any consultation whatever. By diktat, so to speak. The ID cards will, according to reports, be encrypted so making them hard to forge, it appears. Big Brother in China is likely to start issuing the cards big time during 2005 and 2006, the reports added. Citizens in the world's largest autocracy won't be able to check whether the databases hold accurate information on them. According to a report on Dow Jones, most of the cards and the chip technology will be home produced, but a French firm Thales and an Israeli company, On Track, will help the Chinese government implement the scheme. from SecurityFocus.com via TheRegister.co.uk, 2004-Mar-6, by Kevin Poulsen: Feds: email subpoena ruling hurts law enforcement A federal appeals court has declined to reverse last year's decision that the issuance of an egregiously overbroad subpoena for email can qualify as a computer intrusion in violation of anti-hacking laws. This is despite an argument by the Justice Department that a side-effect of the ruling has already made it harder for law enforcement officials to obtain Americans' private email.

The defendant in the case, Alwyn Farey-Jones, was embroiled in commercial litigation with two officers of Integrated Capital Associates (ICA) when he instructed his then-attorney, Iryna Kwasny, to send a subpoena to the company's Internet service provider - California-based NetGate. Under federal civil rules, a litigant can issue such a subpoena without prior approval from the court, but is required to "take reasonable steps to avoid imposing undue burden or expense" on the recipient. "One might have thought, then, that the subpoena would request only email related to the subject matter of the litigation, or maybe messages sent during some relevant time period, or at the very least those sent to or from employees in some way connected to the litigation," reads last August's decision by the 9th Circuit Court of Appeals. Instead, the subpoena demanded every single piece of email ICA's officers and employees had ever sent or received. By the time ICA learned of the subpoena, NetGate had already provided FareyJones with a sample of 339 emails from ICA - most of them unrelated to the matter under litigation, and many of them privileged or personal. When ICA found out, it quickly got the subpoena quashed. An outraged district court magistrate termed the subpoena "massively overbroad" and "patently unlawful," and hit Farey-Jones with over $9,000 in sanctions. Criminal Penalties The ICA officers and employees whose email was accessed went on to sue Farey-Jones and his attorney under the civil provisions of three federal privacy and computer protection laws, but a federal judge threw out the lawsuit. The 9th Circuit partially reversed that ruling last August, finding that the subpoena didn't violate federal wiretap law, but could constitute a violation of the Computer Fraud and Abuse Act and the Stored Communications Act (SCA), which outlaw unauthorized access to computers and stored email respectively. Although the ruling addressed a civil suit, both laws include criminal penalties. That means civil attorneys issuing overbroad subpoenas - not an uncommon event - now risk lawsuits, and even potential criminal prosecution as computer intruders, under the decision. "In my view, the 9th Circuit decision... potentially criminalizes a broad swath of conduct," says San Francisco attorney Robert White, who represented FareyJones in the appeal. Electronic civil libertarians were split over the decision, seeing it as good for privacy, but a tempting tool for abuse by zealous prosecutors or litigious companies. But when White filed a motion for rehearing at the 9th Circuit, he found himself with an unlikely ally in the case: the US Justice Department, which filed an amicus brief supporting a new hearing. Justice Department lawyers didn't object to an expansion of the Computer Fraud and Abuse Act -- their most common weapon against accused computer

intruders and virus writers - but they were deeply troubled by the court's interpretation of the SCA, which they say hobbles their ability to obtain a suspect's email. Federal law protects email under two different standards: messages in "electronic storage" at an ISP can only be obtained by law enforcement officials only with a search warrant issued by a judge based on probable cause to believe that a crime has been committed. But messages that the recipient has read and chosen not to delete can be obtained with a simple administrative subpoena. "Difficulties for Law Enforcement Nationwide" Based on the Justice Department's interpretation of that law, the FBI is long accustomed to being able to obtain messages that the recipient has read by simply handing the ISP an administrative subpoena, only troubling a judge when they need access to unopened email, or, under another requirement of the law, messages older than 180 days. But in ruling against Farey-Jones, the 9th Circuit found that the ICA messages were still in "electronic storage" at NetGate, even though the recipients had read them. It may seem a fine point, but the Justice Department worries that that interpretation places all email less than 180 days old, and stored at an ISP, into the category that requires a search warrant. "The significance of this change for law enforcement cannot be overstated," wrote Justice Department attorney Mark Eckenwiler in the amicus brief. "Substantial quantities of evidence previously available to state and federal prosecutors are no longer available under this heightened standard." Prosecutors in the parts of the country governed by 9th Circuit case law - eight western U.S. states and Hawaii - have already stopped issuing administrative subpoenas for email, according to the brief, filed last September, forcing them to go to a judge and show probable cause when they want a peek into a netizen's inbox. "Moreover, because the Internet spans state and national borders, the panel's decision is likely to create difficulties for law enforcement nationwide," reads the filing, noting that some of the nation's largest email providers, including Yahoo and Hotmail, are located in the 9th circuit. "I was grateful - it's nice to have the government on your side," says White. "It's a question of whether something is considered to be a stored communication or not, and that's really what this case is about, to a very large extent." But despite Farey-Jones' unexpected help from Washington, last month, the appellate court rejected both Farey-Jones' bid for a new hearing, and the Justice Department's narrow argument over electronic storage.

"We acknowledge that our interpretation of the Act differs from the government's and do not lightly conclude that the government's reading is erroneous," the court wrote. "Nonetheless... we think that prior access is irrelevant to whether the messages at issue were in electronic storage." On Thursday, the court agreed to temporarily suspend the civil suit against Farey-Jones while he appeals to the US Supreme Court. from the Associated Press, 2004-Jan-13, by Gina Holland: Court OKs Roadblocks to Hunt Criminals WASHINGTON (AP) -- The Supreme Court, in a case watched anxiously by law enforcement agencies across America, held Tuesday that police may set up roadblocks to collect tips about unsolved crimes. In a 6-3 decision, the justices found roadblocks seeking such information do not violate the privacy rights of motorists. The court overturned a decision by the Illinois Supreme Court, which ruled that officers may solicit information from motorists only in an emergency. The case involved a man arrested for drunken driving at a Lombard, Ill., checkpoint set up to get information about an unrelated fatal hit-and-run accident. Justice Stephen Breyer, writing the majority opinion, said that short stops, "a very few minutes at most," are not too intrusive on motorists. Police may hand out a flyer, or ask drivers to volunteer information about crimes, he said. Lombard Police Deputy Chief Dane Cuny said the court's ruling was vindication for the department and "a victory for law enforcement and the public." Three justices expressed concerns the ruling could open up motorists to police interference without yielding useful information about crimes. "There is a valid and important distinction" between seizing a person to determine whether he or she has committed a crime and seizing a person to ask whether that person "has any information about an unknown person who committed a crime a week earlier," wrote Justice John Paul Stevens, joined by Justices David H. Souter and Ruth Bader Ginsburg. The case was a follow-up to a 2000 Supreme Court ruling that roadblocks intended for drug searches are an unreasonable invasion of privacy under the Constitution. Breyer said that in this case, authorities were investigating a specific crime, and one that resulted in a death. He said the ruling likely will not lead to widespread roadblocks in towns around the country because of limited police funding and community hostility to traffic delays.

Illinois Attorney General Lisa Madigan said the ruling "will allow law enforcement in Illinois and across the nation to seek voluntary assistance from citizens in their efforts to solve crime." The Illinois checkpoints had been challenged by Robert Lidster, who was arrested for drunken driving. The roadblock had been set up at the same spot and time of day that the hit-and-run took place, in hopes of getting tips. Authorities said that Lidster nearly hit an officer at the scene with his minivan. Justices were told during the November argument in the case that the roadblocks are used in all sorts of investigations, like an effort in Utah to try to produce leads after Elizabeth Smart was kidnapped in 2002. In the partial dissent, Stevens said motorists will be trapped by the checkpoints. "In contrast to pedestrians, who are free to keep walking when they encounter police officers handing out flyers or seeking information, motorists who confront a roadblock are required to stop, and to remain stopped for as long as the officers choose to detain them," he wrote. The delays "may seem relatively innocuous to some, but annoying to others ... still other drivers may find an unpublicized roadblock at midnight on a Saturday somewhat alarming." The three dissenting justices said the case should have been sent back to Illinois courts for more consideration. The case is Illinois v. Lidster, 02-1060. from the New York Times, 2004-Jan-21, by Susan Saulny: Appeals Court Backs Ban on Masks at Public Rallies A federal appeals court panel in Manhattan ruled yesterday that a state law banning the wearing of masks at public gatherings is constitutional, a decision that reverses a lower court's ruling in favor of Ku Klux Klansmen who were barred from wearing masks at a 1999 event. The lower court's ruling, by Judge Harold Baer Jr. of Federal District Court in Manhattan, had found that the city enforced the mask law selectively against the Church of the American Knights of the Ku Klux Klan. The American Knights had argued that anonymous expression was a protected right, and that the hooded masks linked members to Klan history and were expressive of certain beliefs. Advertisement In the decision released yesterday, a three-judge panel ruled that "New York's antimask statute does not, however, bar members of the American Knights from wearing a uniform expressive of their relationship to the Klan. The statute only proscribes mask wearing."

The judges, Dennis G. Jacobs, Jose A. Cabranes, and Sonia Sotomayor, continued, in the decision written by Judge Cabranes: "The masks that the American Knights seek to wear in public demonstrations does not convey a message independently of the robe and hood. That is, since the robe and hood alone clearly serve to identify the American Knights with the Klan, we conclude that the mask does not communicate any message that the robe and the hood do not. The expressive force of the mask is, therefore, redundant." The decision ends a case that had been meandering through the court system since 1999, when the American Knights applied for a parade permit from the Police Department and were denied it on the basis of the anti-mask law. In October 1999, the American Knights sought a preliminary injunction to force the Police Department to allow its members to wear masks wile demonstrating. Judge Baer issued an injunction. But the following day, an appeals court panel stayed part of the order. The Klansmen demonstrated on October 23, 1999, as planned, but without masks. After the demonstration, the American Knights went back to court, seeking declaratory relief and a permanent injunction. They were denied a permanent injunction, but were granted a favorable judgment on First Amendment grounds. But in the decision yesterday, Judge Cabranes wrote: "A witness to a rally where demonstrators were wearing the robes and hoods of the traditional Klan would not somehow be more likely to understand that association if the demonstrators were also wearing masks. The American Knights offers no evidence or argument to the contrary." The American Civil Liberties Union represented the Klan from the outset of the case and was disappointed at the outcome yesterday, an official with the group said. "Our societal commitment to free speech is often tested by the claims of unpopular groups and those who convey offensive ideas," said Arthur Eisenberg, the legal director of the A.C.L.U. "This case presented such a test. Judge Baer courageously recognized the group's First Amendment rights in this case and we are surprised that the Court of Appeals did not affirm." The issue, at its core, Judge Cabranes wrote in the decision, did not involve the First Amendment. He wrote that the court rejected the view "that the First Amendment is implicated every time a law makes someone - including a member of a politically unpopular group - less willing to exercise his or her free speech rights." He continued: "While the First Amendment protects the rights of citizens to express their viewpoints, however unpopular, it does not guarantee ideal conditions for doing so, since the individual's right to free speech must always be balanced against the state's interest in safety, and its right to regulate conduct that it legitimately considers potentially dangerous."

from Local6.com, 2004-Jan-26: Man Jailed For Days Over Face Mask On Cold Day 21-Year-Old Considers Legal Action Against Police A man visiting Atlanta from Jamaica is considering legal action after being arrested and jailed for three days for wearing a face mask on a cold day, according to a Local 6 News report Sunday. Baruch Walker, 21, was walking down the street on Dec. 9 when officers stopped and arrested him, allegedly for what he was wearing. According to a police report, Baruch Walker, 21, was wearing a coat and a mask that covered half of his face as he walked down a street in December. Officers reportedly stopped him and then arrested him. "About seven other officers came out after him, just from different directions and they told me they were going to arrest me for wearing a face mask," Walker said. A state statute says, "it is a misdemeanor for any person to wear a mask, hood or device by which any portion of the face is so hidden." The law was designed to keep KKK members from hiding their faces with hoods in public. The charges against Walker were eventually dropped, but that was after he spent three days in jail during the holidays. "The judge said that it was, like, one of the most ridiculous laws he ever heard of," Walker said. Authorities said there had been a lot of burglaries recently in the area where Walker was arrested. Watch Local 6 News for more on this story. from the New York Times, 2004-Jan-22, by Stephen Labaton: Easing of Internet Regulations Challenges Surveillance Efforts WASHINGTON, Jan. 21 -- The Federal Communications Commission's efforts to reduce regulations over some Internet services have come under intense criticism from officials at law enforcement agencies who say that their ability to monitor terrorists and other criminal suspects electronically is threatened. In a series of unpublicized meetings and heated correspondence in recent weeks, officials from the Justice Department, the Federal Bureau of Investigation and the Drug Enforcement Administration have repeatedly complained about the commission's decision in 2002 to classify high-speed Internet cable services under a looser regulatory regime than the phone system.

The Justice Department recently tried to block the commission from appealing a decision by a federal appeals court two months ago that struck down major parts of its 2002 deregulatory order. Justice Department officials fear that the deregulatory order impedes its ability to enforce wiretapping orders. The department ultimately decided to permit the F.C.C. to appeal, but took the highly unusual step of withdrawing from the lawsuit, officials involved in the case said. As a result of the commission's actions, said John G. Malcolm, a deputy assistant attorney general who has played a lead role for the Justice Department, some telecommunications carriers have taken the position in court proceedings that they do not need to make their networks available to federal agents for courtapproved wiretapping. "I am aware of instances in which law enforcement authorities have not been able to execute intercept orders because of this uncertainty," Mr. Malcolm said in an interview last Friday. He declined to provide further details. The clash between the commission and officials from the Justice Department and other law enforcement agencies pits two cherished policies of the Bush administration against each other. On one side stand those who support deregulation of major industries and the nurturing of emerging technologies; on the other are those who favor more aggressive law enforcement after the Sept. 11 terrorist attacks. The outcome of the debate has far- reaching consequences. Law enforcement officials say it will determine whether they can effectively monitor communications between suspects over new kinds of phone services that otherwise might allow them to escape detection. Also at stake is whether the government or industry will bear the considerable costs of developing the technology for such surveillance. By contrast, some F.C.C. officials and telephone industry executives say that if the commission buckles to the other agencies and forces the industry to take on a host of expensive obligations the development of promising new communications services may be stalled or squelched for years to come. The law enforcement officials have also raised concerns about recent statements by the commission's chairman, Michael K. Powell, that suggest he intends to propose rules soon that would place nascent Internet-based telephone services under a looser regulatory regime than the traditional phone system. Through a spokesman, Mr. Powell declined to discuss the subject. David Fiske, the commission's chief spokesman, said that he could not respond to Mr. Malcolm's statement that the F.C.C.'s interpretation of the rules was making it more difficult to execute surveillance orders.

A senior official at the F.C.C. said the commission was not unsympathetic to the concerns of the law enforcement agencies. "We're an economic regulatory agency as well as a law enforcement agency and we have to look at the interests of everyone," the official said. Some industry experts say that their biggest worry is that law enforcement demands may reshape the technical specifications of the new Internet voice services, an accusation that officials at the Justice Department and the F.B.I. deny. "What's most scary for industry and perhaps some people at the F.C.C. is the notion that the architecture of the Internet will depend on the permission of the F.B.I.," said Stewart A. Baker, a former general counsel of the National Security Agency, which monitors foreign communications. Mr. Baker now represents a number of telecommunications companies as a partner at the law firm of Steptoe & Johnson. But law enforcement officials say they are not seeking uniform technical standards but requirements that the new companies offering so-called "voice over Internet" services build into their systems easy ways for agents to tap into conversations between suspects. In a strange-bedfellows twist, officials from the F.B.I. and other agencies have found themselves the unlikely allies of groups like the American Civil Liberties Union, which have also argued that the new Internet services offered by cable companies should be under a regulatory regime like the phone system -- but for different reasons. The A.C.L.U. prefers that approach because it would prohibit cable companies from discriminating against Internet service providers, and as such would assure a greater diversity of voices. The law enforcement officials have repeatedly complained about the direction the agency has been taking on the issues. Last month, officials from the Justice Department, the F.B.I. and the drug agency warned officials of the F.C.C. that the commission's regulatory rulings on highspeed Internet access through cable systems "suffers from statutory interpretation problems" and "directly threatens" the ability to apply the law permitting them to monitor suspects, according to a letter on file at the F.C.C. describing a meeting on the issue. The meeting at the F.C.C. included lawyers from the Justice Department's criminal division, civil appellate division, narcotics and dangerous drugs section and solicitor general's office, as well as officials from the F.B.I., and D.E.A. Shortly before that meeting, the Justice Department tried to block the F.C.C. from appealing a decision by a three-judge panel of the United States Court of Appeals for the Ninth Circuit, sitting in Seattle, because of the problems it could pose for law enforcement, officials said.

The commission lost the case last October, when the panel issued a ruling that may force the cable companies to share their broadband networks with competing Internet service providers. The F.C.C. order, which was partly struck down, had classified cable broadband as an "information service" under the 1996 Telecommunications Act. In so doing, it threatened to undermine the ability of law enforcement agencies to use the Communications Assistance for Law Enforcement Act of 1994, a wiretapping law that applies to phone services but exempts information services. The Justice Department ultimately reached a compromise that permitted the commission to go forward and petition the entire Ninth Circuit to review the case, Brand X Internet Services v. Federal Communications Commission. But government lawyers removed the department from the case, rejecting the Justice Department's traditional role as the main legal advocate for the United States in nearly all cases before federal appeals courts. Law enforcement officials have also warned the F.C.C. that the approach that Mr. Powell has begun to articulate to have few regulations over the emerging technology that will permit consumers to use the Internet to send and receive phone calls could make it significantly more difficult for prosecutors and federal agents to monitor those calls. The F.B.I. and the Justice Department have told the commission that greater use of high speed Internet phone services "offers increasing opportunities for terrorists, spies, and criminals to evade lawful electronic surveillance," according to a document on file at the F.C.C. Classifying Internet-based phone services as "telecommunications" would allow law enforcement officials to require companies to provide them with access to contemporaneous conversations on their networks under the 1994 wiretapping law. But such a classification also imposes on the companies a host of onerous requirements under the 1996 act, including those intended to assure that telephones are universally available and that everyone has access to 911 emergency services. These obligations, purveyors of the new Internet telephone services say, are so expensive that they will deter their development. Government and industry lawyers say that the commission could try to define the new services as "telecommunications" under the 1994 surveillance law and "information" under the 1996 act. But taking that potentially conflicting approach could undermine the F.C.C. in court in the inevitable legal challenges that would follow its rulings. Mr. Powell, in a series of recent speeches and interviews, has suggested that the new technologies need to be classified as "information services" and thus be subjected to fewer regulations.

"Don't shove the round Internet into a square regulatory hole," Mr. Powell said at a luncheon appearance last week before the National Press Club. "We cannot contort the character of the Internet to suit our familiar notions of regulation. Do not dumb down the genius of the Net to match the limited visions of the regulator. "To regulate the Internet in the image of a familiar phone service is to destroy its inherent character and potential," Mr. Powell said. Such new technologies empower people, "giving them more choice and control." "And I think as consumers do more, governments do less, because we don't regulate our citizens." In the same speech, Mr. Powell added, "We will need to ensure the legitimate concerns of public safety and law enforcement are addressed." from TheRegister.co.uk, 2004-Feb-18, by Andrew Orlowski in San Francisco: Google touts stalking service The war between Yahoo! and Google has intensified, as Yahoo! introduced more of its own search engine technology for its US site yesterday. The portal has used Google's search for the past four years, but began to blendin its own listings eighteen months ago. Google responded by sending cofounder Sergey Brin on a rare press tour, which is as uncommon a sight as Dick Cheney leaving his bunker. The two web giants have a commercial relationship as complex as their technical relationship: but to oversimplify the situation somewhat, Yahoo! decided that it could do as good a job without paying Google. With its revamped search tool, Yahoo! has followed Google's winning formula closely, but indexes more of each web page than Google and returns, by default, twenty entries. Google has responded by touting an increased image database, and boasting of five new tweaks to its algorithm. It's too early to say how good the Yahoo! search really is, but for Yahoo! it may be good enough. It's as clean and fast as Google, and the results look remarkably similar. Both are wrestling with a formula that was appropriate for the Web in 1998 but is now prone to manipulation and pollution. Trackback For example, running the query "Mac OS X discussion" that so severely tripped up Google last year, Yahoo! returns just three "trackbacks" in the first 20 results, while Google returns six in the first ten. (The software authors responsible for trackbacks have corrected the problem in TypePad, and bloggers are advised to keep trackbacks inline.) So Yahoo! appears to take such problems more seriously than Google, although it's wise to wait several weeks before drawing any firm conclusions.

The much-cited "search engine business" is trivial in comparison to the much more significant war between the two over classified text advertisements, which sees Yahoo!'s Overture pitted against Google's Adwords and Adsense programs. As Search Engine Watch editor Danny Sullivan noted here, Yahoo! paid Google a mere $7.1m in 2001. But as advertising brokers, the pair are bringing in hundreds of millions of dollars, which has enabled Google's rapid and apparently chaotic growth over the twelve months. We know where you live But Google is fighting back to preserve its reputation as the world's favorite search engine. Google already performs a reverse lookup of US telephone numbers, and with one click, can take you to a map of the subscriber's house. Describing the enhanced features, Google co-founder Sergey Brin explained, "It helps, for example, if you're searching for a person like your next-door neighbor, you may get no result," said Brin this week. "Now you'll get one." We've always found knocking on your next-door neighbor's door with a bowl of sugar is a terrific way to make friends. However, for the sad, the lonely and for potential stalkers everywhere, this could be a boon. Remember: it's a feature, not a bug. from TheRegister.co.uk, 2004-Jan-10, by Andrew Orlowski in San Francisco: Avoid Friendster and its clones, warns security expert Computer users who value their privacy should stay clear of 'social networking' websites, and should warn their friends away too, according to a distinguished Australian security professional. And for good-measure, the rash of new websites - with names apparently inspired by artificial food preservatives such as Ryze, Plaxo and Orkut - make a mockery of existing data protection legislation. "In general, people would be well-advised firstly to stay well clear of all addressbook and 'social networking systems', and secondly to prevail upon their friends, colleagues and acquaintances that they should avoid making any data about them available to service-operators like Plaxo," says Professor Roger Clarke, a visiting professor at the Australian National University. Clarke has studied the leading contenders, of which the most famous is the revenue-free Friendster, and concluded that not only do they lack a basic understanding of privacy concerns, but they are not likely to either. Clarke describes the opt-in data harvesting as "disturbing" - a self-evident observation to anyone outside the self-referential Silicon Valley bubble from which many of these services have arisen - but not a concern to the creators.

The 'social network' sites present opportunities for ruthless marketroids and stalkers. Plaxo, the most notorious example Clarke cites, encouraged users to upload their entire address books to the servers. "Every IP-address, every email, and every social-network relationship that arises appears to be entirely free of any express contractual constraints." But Plaxo goes further by offering a weasel-worded privacy'guarantee'. Plaxo states: 'We respect the privacy of your contacts and maintain a strict policy of not sharing their contact information (received as a result of responding to your update requests) with other Plaxo users who are asking for this information.' But Clarke notes, "the emphasised words appear to exclude the data that is provided by the user when they upload their address-book, and hence the undertaking does not apply to the data about other people that users gift to the company. This assurance falls desperately far short of real privacy protection." The faddish websites also offer opportunities to be wrongly accused of nefarious activity. "Social networks are a primary way in which suspicion is generated about individuals. Acquaintances of terrorists, terrorism suspects, terrorism financiers, terrorist supporters and terrorist sympathisers are at risk of being allocated into a grey zone of terrorist associates. A tag of that kind is potentially as harmful to a person as have been negative categorisations made in previous contexts, such as 'etranger', 'subversive' and 'unamerican'," Clarke notes. Google's own social networking site Orkut has an innocuous looking privacy page, but as we reported last week, its 'Terms of Service' allow the company to take ideas users express there such as neat algorithms or business plans and use them for its own purposes, royalty free. (Microsoft implemented similar conditions but was forced to drop them after public protest). But there's another factor just as important as data flows, that almost everyone has over-looked. Social networking profiles flatten the rich diversity of human characteristics into a depressingly flat taxonomy. For example Orkut invites you to express a political inclination from ten choices Since when was political orientation a two-dimensional scale? Aren't values multi-dimensional? And are there only seven^2 varieties of humor? You can tick as many, but no more options, from a list containing: "campy/cheesy", "goofy/slapstick", "dry/sarcastic", "clever/quick-witted", "friendly", "obscure" (the vast steppes of the surreal are apparently unmappable in this taxonomy), or "raunchy". What would Borges' say? from the New York Times, 2003-Jun-5, by William Safire: Dear Darpa Diary

WASHINGTON Unless you work for the government or the Mafia, it's a great idea to keep a diary. I don't mean the minute-by-minute log that Florida Senator Bob Graham keeps in tidy, color-coded notebooks describing his clothes, meals and haircuts. That echoes the mythical Greek Narcissus. Rather, I have in mind the brief notation of the day's highlight, the amusing encounter or useful insight that will someday evoke a memory of yourself when young. Such a journal entry - perhaps an e-mail to your encoded personal file can now be supplemented by scanned-in articles, poems or pictures to create a "commonplace book." You will then have a private memory-jogger and resource for reminiscence at family gatherings. But beware too much of a good thing. The Defense Advanced Research Projects Agency, or Darpa, stimulates outsidethe-box thinking that has given us the Internet and the stealth bomber. On occasion, however, Darpa goes off half-cocked. Its Total (now Terrorist) Information Awareness plan - to combine all commercial credit data and individual bank and academic records with F.B.I. and C.I.A. dossiers, which would have made every American's life an open book - has been reined in somewhat by Congress after we privacy nuts hollered to high heaven. Comes now LifeLog, the all-remembering cyberdiary. Do you know those handheld personal digital assistants that remind you of appointments, store phone numbers and birthdays, tip you off to foibles of friends and vulnerabilities of enemies, and keep desperate global executives in unremitting touch day and night? Forget about 'em - those wireless whiz-bangs are already yestertech. Darpa's LifeLog initiative is part of its "cognitive computing" research. The goal is to teach your computer to learn by your experience, so that what has been your digital assistant will morph into your lifelong partner in memory. Darpa is sprinkling around $7.3 million in research contracts (a drop in its $2.7 billion budget) to develop PAL, the Perceptive Assistant that Learns. For those who suspect that I am dreaming this up, get that lumbering old machine in your back pocket to access www.darpa.mil/ipto, and then click on "research areas" and then "LifeLog." You are then in a world light-years beyond the Matrix into virtual Graham-land. "To build a cognitive computing system," says proto-PAL, "a user must store, retrieve and understand data about his or her past experiences. This entails collecting diverse data. . . . The research will determine the types of data to collect and when to collect it." This diverse data can include everything you ("the user") see, smell, taste, touch and hear every day of your life.

But wouldn't the ubiquitous partner be embarrassing at times? Relax, says the program description, presumably written by Dr. Doug Gage, who didn't answer my calls, e-mails or frantic telepathy. "The goal of the data collection is to `see what I see' rather than to `see me.' Users are in complete control of their own data-collection efforts, decide when to turn the sensors on or off and decide who will share the data." That's just dandy for the personal privacy of the "user," who would be led to believe he controlled the only copy of his infinitely detailed profile. But what about the "use-ee" - the person that PAL's user is looking at, listening to, sniffing or conspiring with to blow up the world? The human user may have opt-in control of the wireless wire he is secretly wearing, but all the people who come in contact with PAL and its willing user-spy would be ill-used without their knowledge. Result: Everybody would be snooping on everybody else, taping and sharing that data with the government and the last media conglomerate left standing. And in the basement of the Pentagon, LifeLog's Dr. Gage and his PAL, the totally aware Admiral Poindexter, would be dumping all this "voluntary" data into a national memory bank, which would have undeniable recall of everything you would just as soon forget. Followers of Ned Ludd, who in 1799 famously destroyed two nefarious machines knitting hosiery, hope that Congress will ask: is the computer our servant or our partner? Are diaries personal, or does the Pentagon have a right to LifeLog? And so, as the diarist Samuel Pepys liked to conclude, to bed. from TPDL 2002-Jun-3, from the Washington Times, by Nat Hentoff: The end of privacy Schoolboys used to learn what William Pitt said in the English Parliament, in the 18th century, when the king was ordering more searches of private homes and businesses: "The poorest man may in his cottage bid defiance to all the force of the Crown." Pitt said the roof of his cottage "may shake; the wind may blow through it; the storm may enter; the rain may enter; but the King of England may not enter all his forces dare not cross the threshold of the ruined tenement." But that was before J. Edgar Hoover and the FBI and cyberspace. In Attorney General John Ashcroft's USA Patriot Act, there is a sneak-and-peek provision, which resembles what in Hoover's time was called "black bag jobs." Last October, Congress overwhelmingly passed the bill. Most members didn't have time to read the lengthy document.

With a warrant, FBI agents may now enter homes and offices of citizens and non-citizens when they're not there. The agents may look around, examine what's on a computer's hard drive and take other records of interest to them. These surreptitious visits are not limited to investigations of terrorism, but can also be used in regular criminal investigations. Unlike many parts of the USA Patriot Act, these searches are not subject to the "sunset clause," which requires Congress to examine in four years whether the new law's incursions on American liberties have gone too far. This section of the USA Patriot Act is now a permanent part of American criminal law. While in the office or home, the FBI can plant a "Magic Lantern" in your computer. It's also called the "sniffer keystroke logger." The device creates a record of every time you press a key on the computer. Unless you are very technically savvy, it's hard to know where the Magic Lantern resides. "What the 'Magic Lantern' records is saved in plain text," says Jim Dempsey of the Washington-based Center for Democracy and Technology someone I've consulted repeatedly on advanced technological invasions of privacy. "During the next FBI secret visit to a home or office, that information is downloaded while the agents look for other papers and records they might want to take along." It is worth noting that a precursor to the Magic Lantern was being used during the Clinton administration. I have a copy of a May 9, 1999 application to a U.S. District Court in New Jersey from a U.S. attorney that authorizes a "surreptitious entry" to search and seize "encryption key-related pass phrases from a computer by installing a specialized computer program . . . which will allow the government to read and interpret data that was previously seized pursuant to a search warrant." Under previous criminal law, when the FBI made a furtive search of homes and offices, the agents had to leave notice that they'd been there, and list what they'd taken. That way the person whose records were taken could immediately challenge the search. The agents may have had a bad lead or gone to the wrong address or may have exceeded their legal authority. Now, the FBI is entitled to give what is called "delayed notice." For up to 90 days, the agents don't have to inform the occupant of their break-ins, and the FBI can delay notice even further by going to a judge and getting extensions of that 90day provision. Also, if they don't find anything the first and second times, they can keep coming back, hoping they may yet hit pay dirt. Eventually, they will have to give notice. Meanwhile, according to a Reuters dispatch, the FBI is developing a way that will allow it to plant the Magic Lantern without having to break into a home or office. " 'Magic Lantern,' " says Reuters, "would allow the agency to plant a Trojan horse keystroke logger on a target's PC by sending a computer virus over the Internet, rather than require physical access to the computer, as is now the case."

In 1928, Supreme Court Justice Louis Brandeis predicted that "ways may be developed, some day, by which the government, without removing secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home." Or of the office. Who knew how chillingly prophetic Justice Brandeis would be? EPC is the follow-on to the ubiquitous UPC (Universal Product Code) barcode symbol. Both are coordinated by the Uniform Code Council (UCC). EPC RFID (Radio Frequency Identifier) tags are privacy-invasive because they contain unique serial numbers, so that an RFID tag can be reliably associated with an individual, and the movements and purchases of that individual can - to one degree or another - be tracked whenever he comes within a few feet of an RFID interrogator. from RFID Journal, 2004-Jan-13: VeriSign to Run EPC Directory EPCglobal has awarded the company a contract to manage the system for looking up information related to Electronic Product Codes. Jan. 13, 2004--EPCglobal, the organization that is commercializing Electronic Product Code technology, has awarded Internet and telecommunications infrastructure services provider VeriSign a contract to manage the directory for looking up EPC numbers on the Internet. VeriSign manages the core Domain Name Service (DNS) directory that allows Internet users to look up the Internet Protocol address for Web sites that end with .com. It was chosen because it has the infrastructure needed to handle the vast number of EPC look-ups. Today, VeriSign handles 10 billion DNS look-ups per day. Jon Brendsel, director of products for the Naming and Directory Services division at Mountain View, Calif.-based VeriSign, says the company's infrastructure can handle 100 billion look-ups today. "A lot of people have talked about the EPC Network as if it were a fanciful concept that was developed by MIT and the Auto-ID Center," says Brendsel. "We're starting to drive home the fact that it isn't that fanciful. It's based on technology that's here today, and it will be available as of today." Under the EPC Network system, each company will have a server running its own Object Name Service (ONS). Like DNS, which points Web browsers to the server where they can download the Web site for any particular Web address, ONS will point computers looking up EPC numbers to information stored on something called EPC Information Services--servers that store information about products. Companies may maintain their own EPC Information Services or subcontract it out, but it will use a distributed architecture, with information about products in more than one secure database on the Web.

Under the deal with EPCglobal, VeriSign will manage the EPC Network's root directory: The system that points computers to each company's ONS. VeriSign has already set up the infrastructure at six sites around the world. These are servers that maintain a registry of ONS servers. Computers will access the registry via the Internet, and if one registry goes down temporarily, a computer requesting information about an EPC number will automatically be directed to another registry site, guaranteeing 100 percent up time. "This is a major step forward that gives momentum to the development of the EPC Network," says Jack Grasso, a spokesperson for EPCglobal. "There was a rigorous process for choosing the company to provide the service. We think this will give subscribers more reason to get actively involved in the development of the network." One question some observers have had is whether the EPC Network will be adopted or whether existing data synchronization services--such as UCCnet and Transor--might provide the look-up services for EPC numbers. Wal-Mart has said that, for now, it will use UCCnet's product registry and share data with suppliers via Wal-Mart's own extranet, called Retail Link. EPCglobal's Grasso and VeriSign's Brendsel sees the EPC Network and UCCnet as complementary. "I think it's important to look at them separately," says Grasso. "As we learn more about the deployment of EPC technology, needs are going to vary, the amount of data will be orders of magnitude different than we're used to, so I think to allow the EPC Network to evolve as it needs to." Brendsel says the two serve different functions. UCCnet is primarily a product catalog that provides product information to ensure that suppliers and retailers are sharing the same information related to a single class of product. It is accessed via the Internet and could be one source of data that the ONS points to on the EPC Network. But he says that the UCCnet's centralized system would be overwhelmed if you had to refer to it every time you scanned an EPC tag. VeriSign also announced the availability of managed services. It will host ONS servers for customers and guarantee 100 percent availability. It will also host EPC Information Services. Companies will be able to establish rules for allowing partners to access information on the service, and then VeriSign will control access and deliver information to authorized parties. VeriSign will provide these services, which were announced back in September, to customers for a fee. For more information, see /article/view/557/1/1/ The EPC Network Gets Real>. from RFID Journal, 2003-Sep-5: The EPC Network Gets Real VeriSign, a company best known for handling secure transactions on the Web, is offering businesses a way to leverage the Auto-ID Center's EPC Network.

Sept. 5, 2003 - Most of the focus on Electronic Product Code technology has been related to low-cost tags and readers. But the hardware and the numbering system aren't worth much if there's no way to look up what the serial number on the tag means. The Auto-ID Center developed the EPC Network to link serial numbers to product information stored in a database, but no companies had stepped up to build out the network. Until now. VeriSign, a Mountain View, Calif.-based company that provides digital security and network infrastructure services, is introducing three new services aimed at enabling companies to use the EPC Network to share data with their trading partners. The company will demonstrate how the system works at the Auto-ID Center's EPC Symposium, which is being held in Chicago from September 15 to September 17. "We want people to know the EPC Network is here because it's built on the existing Internet infrastructure," says Brian Matthews, VeriSign's VP of naming and directory service. "We don't have to build a whole new infrastructure. This is something we can have deployed in a month or two." The EPC Network is essentially a layer on top of the Internet. When you type in a URL in your Web browser, your computer goes to a Domain Name Service registry and looks up the IP address for that Web site. Similarly, the Auto-ID Center has developed an Object Name Service (ONS). When you scan an EPC tag, the serial number is sent to a computer that goes out to the ONS and finds where information associated with that serial number is stored on the Web. The Auto-ID Center has been testing its network infrastructure during its field trials. But up to now, there has been no way for companies to leverage it. Now companies that have been assigned EPCs for their products by AutoID Inc., a joint venture set up by the Uniform Code Council and EAN International to commercialize the technology, can register their company code and product identifiers (numbers associated with particular SKUs) with VeriSign. VeriSign turns the company code and SKU number into an IP address that is replicated through the ONS. That way, when a tag is scanned, ONS can point computers to where the information is stored. VeriSign will also host product information for companies. Under the Auto-ID Center's scheme, product information will be stored in Product Markup Language, a variant of the Web's Extensible Markup Language (XML). PML files will be stored on servers, which the Auto-ID Center now calls EPC Information Services (they were called PML servers). VeriSign will host PML files on secure servers, authenticate users and provide access to information based on classes defined by customers. A large manufacturer, for instance, might want to make some product information available to logistics partners but not to suppliers. The company will also offer an EPC Service Registry, which is a directory of EPC Information Services on the Web. Say, for instance, a manufacturer has PML files hosted on servers around the world. The EPC Service Registry will allow the

manufacturer to give its partners one place to look up where particular product information is stored. "Data sharing can be done at a fraction of the cost of what is required with pointto-point solutions today," says Jon Brendsel, VeriSign's director of product management. "And [the EPC Network] is broadly applicable to a variety of supply chains, not just consumer packaged goods." VeriSign will charge fees for these services. The fees have not yet been set, but Matthews says they will be cost-effective for companies. "We would expect that you'd be paying value-based pricing," he says. "Certainly it would be less than it would cost for a company to set up these services individually. And you'll be tapping into a scalable infrastructure that would cost you significantly more to create on your own." from TheInquirer.net, 2004-Mar-19, by Mike Magee at CeBIT: Hitachi shows off RFID dust CeBIT 2004 All that glitters is not geld JAPANESE GIANT HITACHI was showing off a mysterious bottle full of tiny blue metallic things. We asked at the stand what these were, and a representative declined to comment what this blue dust was. However, it has transpired, according to sources close to the company, that this blue dust is tracking material, capable of being built into any number of devices from soaps to CDs. The stuff is so light that if you were a Scot, you could probably draw a cross of St Andrew on your face with them. Unfortunately, Hitachi would be able to find you with your favourite single malt. from LexisNexis, from http://www.lexisnexis.com/batch/batchtrace/features.shtml: BatchTrace puts advanced skip trace technology at your fingertips BatchTrace is a large-volume, multi-source skip trace and locator service. It scrubs your accounts against our proprietary database, one of the industry?s largest and most current collections of locator information. BatchTrace helps you set new standards for locating debtors, increasing contacts, and improving turnover. BatchTrace uses a dynamic location process to identify the most current address and phone number for the individual you?re trying to contact. In addition to current address/phone number, we offer:

Historical residency and ?nearbys? Alias names

Household occupants Birth month and year Change of address processing/EDA

BatchTrace currently includes more than 3.5 billion name/address records compiled from hundreds of independent sources, including:

Real estate White pages Census Subscriptions Voter National Change of Address (NCOA Proprietary change of address database Electronic directory assistance (via RBOCs) Driver?s licenses Motor vehicle registrations Watercraft registrations Professional licenses Credit bureau header files Military directories Aircraft registrations Call center indexes Pizza delivery To experience the power and efficiency LexisNexis batch solutions can offer, test jobs can be ran for up to 500 records. Contact a LexisNexis representative at 1-866-747-5947.

from the Las Vegas Review-Journal, 2003-Nov-5, by J. M. Kalil and Steve Tetreault: PATRIOT ACT: Law's use causing concerns Use of statute in corruption case unprecedented, attorneys contend

The investigation of strip club owner Michael Galardi and numerous politicians appears to be the first time federal authorities have used the Patriot Act in a public corruption probe. Government officials said Tuesday they knew of no other instances in which federal agents investigating allegations such as racketeering and bribery of politicians have employed the act. "I don't know that it's been used in a public corruption case before this," said Mark Corallo, a spokesman for the Justice Department. An attorney for one of the defendants in the Galardi case said he researched the matter for hours Tuesday and came to the same conclusion. "I have discussed this with lawyers all over the country, and if the government has done this before, then this is definitely the first time it has come to light," said Las Vegas attorney Dominic Gentile, who represents former Clark County Commissioner Lance Malone, Galardi's lobbyist. Two of Nevada's lawmakers blasted the FBI for employing the act in the Galardi probe, saying the agency overstepped its bounds. Sen. Harry Reid, D-Nev., said Congress intended the Patriot Act to help federal authorities root out threats from terrorists and spies after the Sept. 11, 2001, attacks. "The law was intended for activities related to terrorism and not to naked women," said Reid, who as minority whip is the second most powerful Democrat in the Senate. "Let me say, with Galardi and his whole gang, I don't condone, appreciate or support all their nakedness. But having said that, I haven't heard anyone say at any time he was involved with terrorism." Rep. Shelley Berkley, D-Nev., said she was preparing an inquiry to the FBI about its guidelines for using the Patriot Act in cases that don't involve terrorism. The law makes it easy for citizens' rights to be abused, she said. "It was never my intention that the Patriot Act be used for garden-variety crimes and investigations," Berkley said. But Corallo insisted lawmakers were fully aware the Patriot Act had far-reaching implications beyond fighting terrorism when the legislation was adopted in October 2001. "I think probably a lot of members (of Congress) were only interested in the antiterrorism measures," Corallo said. "But when the Judiciary Committee sat down, both Republicans and Democrats, they obviously discussed the applications, that certain provisions could be used in regular criminal investigations."

Federal authorities confirmed Monday the FBI used the Patriot Act to get financial information in its probe of Galardi and his dealings with current and former politicians in Southern Nevada. "It was used appropriately by the FBI and was clearly within the legal parameters of the statute," said Special Agent Jim Stern of the Las Vegas field office of the FBI. One source said two Las Vegas stockbrokers were faxed subpoenas Oct. 28 asking for records for many of those identified as either a target or subject of the investigation. That list includes Galardi, owner of Jaguars and Cheetah's topless clubs; Malone; former Commissioner Erin Kenny; County Commission Chairwoman Mary Kincaid-Chauncey; former County Commission Chairman Dario Herrera; and former Las Vegas City Councilman Michael McDonald, defeated for reelection in June. A second source confirmed that stockbrokers had been faxed subpoenas asking for information on Galardi, Malone, Kenny, Kincaid-Chauncey, Herrera, McDonald and at least one of the former politicians' spouses. That source said the subpoena appeared to be a search for hidden proceeds that could be used as evidence of bribery. A source also indicated that records on Las Vegas City Councilman Michael Mack were sought. Sources said the FBI sought the records under Section 314 of the act. That section allows federal investigators to obtain information from any financial institution regarding the accounts of people "engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities." Gentile, Malone's attorney, said he plans to mount a legal challenge once he confirms the Patriot Act was used to investigate his client. "My research today indicates that this is the first time the government has used Section 314 in a purely white-collar criminal investigation." Attorney General John Ashcroft has touted the law as an effective homeland security tool, but coalitions of civil libertarians and conservatives concerned about a too-powerful federal government have led criticism against it. Corallo said federal law enforcement officials have no qualms about using the act to pursue an array of criminal investigations that have nothing to do with terrorism, such as child pornography, drug trafficking and money laundering. "I think most of the American people think the Patriot Act is a good thing and it's not affecting their civil liberties at all, and that the government should use any constitutional and legal tools it can, whether it's going after garden-variety criminals or terrorists."

But Gary Peck, executive director of the American Civil Liberties Union of Nevada, expressed outrage at Corallo's suggestion that lawmakers were largely aware the Patriot Act's provisions would equip the FBI with new investigative tools beyond the scope of terrorism investigations. "Those comments are disingenuous at best and do little to inspire confidence that the act won't be systematically abused," Peck said. Rep. Jim Gibbons, R-Nev., said it may be too soon to weigh its application to a Nevada investigation that still is largely under wraps. Prosecutors have announced no indictments. Citing the ongoing investigation, Sen. John Ensign and Rep. Jon Porter, both RNev., declined to be interviewed. Porter was not in Congress when lawmakers approved the Patriot Act, but the other four Nevada lawmakers voted as part of large majorities in favor of the measure. The Patriot Act will expire in 2005 unless Congress renews it. "More activity like this is going to cause us to take a close look at what was passed," Reid said of the law being invoked in the Galardi probe. Review-Journal writer Carri Geer Thevenot contributed to this report. Stephens Washington Bureau chief Steve Tetreault reported from Washington, D.C. from the Washington Times, 2002-Aug-17, by Frank J. Murray: NASA plans to read terrorist's minds at airports Airport security screeners may soon try to read the minds of travelers to identify terrorists. Officials of the National Aeronautics and Space Administration have told Northwest Airlines security specialists that the agency is developing brainmonitoring devices in cooperation with a commercial firm, which it did not identify. Space technology would be adapted to receive and analyze brain-wave and heartbeat patterns, then feed that data into computerized programs "to detect passengers who potentially might pose a threat," according to briefing documents obtained by The Washington Times. NASA wants to use "noninvasive neuro-electric sensors," imbedded in gates, to collect tiny electric signals that all brains and hearts transmit. Computers would apply statistical algorithms to correlate physiologic patterns with computerized data on travel routines, criminal background and credit information from "hundreds to thousands of data sources," NASA documents say. The notion has raised privacy concerns. Mihir Kshirsagar of the Electronic Privacy Information Center says such technology would only add to airport-

security chaos. "A lot of people's fear of flying would send those meters off the chart. Are they going to pull all those people aside?" The organization obtained documents July 31, the product of a Freedom of Information Act lawsuit against the Transportation Security Administration, and offered the documents to this newspaper. Mr. Kshirsagar's organization is concerned about enhancements already being added to the Computer-Aided Passenger Pre-Screening (CAPPS) system. Data from sensing machines are intended to be added to that mix. NASA aerospace research manager Herb Schlickenmaier told The Times the test proposal to Northwest Airlines is one of four airline-security projects the agency is developing. It's too soon to know whether any of it is working, he says. "There are baby steps for us to walk through before we can make any pronouncements," says Mr. Schlickenmaier, the Washington official overseeing scientists who briefed Northwest Airlines on the plan. He likened the proposal to a super lie detector that would also measure pulse rate, body temperature, eyeflicker rate and other biometric aspects sensed remotely. Though adding mind reading to screening remains theoretical, Mr. Schlickenmaier says, he confirms that NASA has a goal of measuring brain waves and heartbeat rates of airline passengers as they pass screening machines. This has raised concerns that using noninvasive procedures is merely a first step. Private researchers say reliable EEG brain waves are usually measurable only by machines whose sensors touch the head, sometimes in a "thinking cap" device. "To say I can take that cap off and put sensors in a doorjamb, and as the passenger starts walking through [to allow me to say] that they are a threat or not, is at this point a future application," Mr. Schlickenmaier said in an interview. "Can I build a sensor that can move off of the head and still detect the EEG?" asks Mr. Schlickenmaier, who led NASA's development of airborne wind-shear detectors 20 years ago. "If I can do that, and I don't know that right now, can I package it and [then] say we can do this, or no we can't? We are going to look at this question. Can this be done? Is the physics possible?" Two physics professors familiar with brain-wave research, but not associated with NASA, questioned how such testing could be feasible or reliable for mass screening. "What they're saying they would do has not been done, even wired in," says a national authority on neuro-electric sensing, who asked not to be identified. He called NASA's goal "pretty far out." Both professors also raised privacy concerns. "Screening systems must address privacy and 'Big Brother' issues to the extent possible," a NASA briefing paper, presented at a two-day meeting at Northwest

Airlines headquarters in St. Paul, Minn., acknowledges. Last year, the Supreme Court ruled unconstitutional police efforts to use noninvasive "sense-enhancing technology" that is not in general public use in order to collect data otherwise unobtainable without a warrant. However, the high court consistently exempts airports and border posts from most Fourth Amendment restrictions on searches. "We're getting closer to reading minds than you might suppose," says Robert Park, a physics professor at the University of Maryland and spokesman for the American Physical Society. "It does make me uncomfortable. That's the limit of privacy invasion. You can't go further than that." "We're close to the point where they can tell to an extent what you're thinking about by which part of the brain is activated, which is close to reading your mind. It would be terribly complicated to try to build a device that would read your mind as you walk by." The idea is plausible, he says, but frightening. At the Northwest Airlines session conducted Dec. 10-11, nine scientists and managers from NASA Ames Research Center at Moffett Field, Calif., proposed a "pilot test" of the Aviation Security Reporting System. NASA also requested that the airline turn over all of its computerized passenger data for July, August and September 2001 to incorporate in NASA's "passengerscreening testbed" that uses "threat-assessment software" to analyze such data, biometric facial recognition and "neuro-electric sensing." Northwest officials would not comment. Published scientific reports show NASA researcher Alan Pope, at NASA Langley Research Center in Hampton, Va., produced a system to alert pilots or astronauts who daydream or "zone out" for as few as five seconds. The September 11 hijackers helped highlight one weakness of the CAPPS system. They did dry runs that show whether a specific terrorist is likely to be identified as a threat. Those pulled out for special checking could be replaced by others who do not raise suspicions. The September 11 hijackers cleared security under their own names, even though nine of them were pulled aside for extra attention. from the San Francisco Chronicle, 2002-Sep-9, by Benny Evangelista: Surveillance Society Don't look now, but you may find you're being watched These days, if you feel like somebody's watching you, you might be right. One year after the Sept. 11 attacks, security experts and privacy advocates say there has been a surge in the number of video cameras installed around the country. The electronic eyes keep an unwavering gaze on everything from the Golden Gate Bridge to the Washington Monument.

And biometric facial recognition technology is being tested with video surveillance systems in a handful of places such as the Fresno airport and the resort area of Virginia Beach, Va. "Our business is booming," said Ron Cadle, an executive with Pelco, the Fresnoarea firm that is the biggest supplier of video security equipment. "Since the terrorist attacks, people are not only using video surveillance to protect their property and inventory," Cadle said. For example, "a lot of people are now using video to make sure someone who walks into a department store isn't a known terrorist or felon." Privacy rights advocates say that the increase in video surveillance has not turned the United States into a "Big Brother state" yet, but they fear Sept. 11 has opened the door to creating a "surveillance society." "It definitely could become widespread," said Jay Stanley of the American Civil Liberties Union. "Everybody's using the threat of terrorism to justify a lot of things that don't have a lot to do with terrorism." Video surveillance cameras began appearing in banks and other commercial buildings in the 1960s, but began to proliferate in the last decade as digital technology produced cameras with higher resolution at cheaper prices. Even before Sept. 11, the security industry conservatively estimated that there were more than 2 million surveillance cameras in the United States, and video equipment purchases made up the biggest slice of a $40 billion-a-year industry. Although there are no current estimates, a group of anti-surveillance activists who have mapped the location of cameras in Manhattan since 1998 say they've seen a 40 percent increase in new cameras in New York's financial district since last September. The terrorist attacks have led to a "rapidly expanding use" of closed- circuit video cameras and related technology, according to a March 2002 report by the research bureau of the California State Library. And studies show that a majority of people support the expanded use of video surveillance of public areas and of facial recognition technology to pick out suspected terrorists, said Marcus Nieto, the report's co-author. Nieto has been monitoring video surveillance since 1997, the year public opposition forced the Oakland City Council to withdraw its plans to set up a video surveillance system. "Before 9/11, cameras were something people didn't give much thought about, " he said. "Post 9/11, people are more accepting of cameras. There used to be vocal opposition. It's now passive." Potential terrorist targets such as bridges and airports are beefing up video security. Oakland International Airport, for example, has already begun replacing

60 older surveillance cameras with higher-resolution digital color cameras, new color monitors and digital video recorders. Earlier this year, Washington officials activated a state-of-the art command center that can monitor 12 cameras throughout the Capitol Mall area and has the capability to tap a network of other video surveillance cameras throughout the city. The ACLU and EPIC, the Electronic Privacy Information Center, argue that the system can be used to infringe on citizens' rights and are pushing for regulations and public oversight of its use. "It's open-ended surveillance," said EPIC President Marc Rotenberg. "It's the digital electronic equivalent of allowing police to go through your home without a warrant." Stanley, public education coordinator of the ACLU's newly-created Technology and Liberty program, said numerous studies have documented the misuse of surveillance video. The studies found that minorities were more likely to be targets of video surveillance and that one in 10 women were targeted by the predominantly male security monitors for "voyeuristic reasons," he said. Technology now being developed will make video surveillance equipment even more powerful. High-definition television, or HDTV, equipment makes it possible for surveillance cameras to capture an image of a person 3,000 feet away with as much detail as one taken by an older analog camera at 30 feet, said John Burwell, an executive with SGI. The Mountain View firm known for high-tech computer graphics developed an HDTV surveillance system with the Naval Research Laboratory that gives equally high resolution. "If you watch 'America's Most Wanted,' you get clips of (surveillance) video that are fuzzy," said Burwell, SGI's senior director for government and industry. With HDTV, "you can get crystal clear data," he said And a small Reston, Va., firm called ObjectVideo has created "video content analysis" technology that can, for example, automatically alert security officials whenever a surveillance camera detects a truck that has moved into an unauthorized area. "There are increasingly more cameras being installed and fewer people to watch them," said John Clark, an ObjectVideo vice president. "The ratio of security video feeds to eyeballs is going the wrong way." But the most controversial video surveillance technology has been biometric facial recognition, which can identify individuals using the unique distances

between specific points on a person's face. Critics maintain the technology is inaccurate and intrusive. So far, facial recognition systems from makers such as Identix Inc. and Imagis Technologies Inc. have only been installed in a handful of systems, mainly for test purposes. For example, passengers moving through the security checkpoint at Fresno Yosemite International Airport are scanned by a system called PelcoMatch, which uses Pelco's cameras and Identix's Visionics facial identification technology. Facial scanning is voluntary for the passengers, who still pass through metal detectors and undergo other security checks. "We're trying to get testing done and get the Transportation Security Administration to buy into it," said Cadle, the PelcoMatch project leader. "Then every airport in the U.S. will have it." And this past weekend, police in Virginia Beach, Va., began formally using a Visionics system that's plugged into a 10-camera surveillance network that has been used since 1993. Police use the cameras to control traffic and crime in a 42-block area filled with hotels, restaurants and bars. Police added three of Pelco's most advanced digital cameras to help scan a database of 2,500 people wanted on various warrants, said Deputy Chief Greg Mullen. In preliminary tests, the system correctly identified nearly nine of 10 people, Mullen said. Mullen said citizen groups like the NAACP and local Hispanic and Filipino organizations are part of the design and oversight of the system. "We know it's not going to be perfect," Mullen said. "But from my perspective, if I'm looking for a criminal or looking for a runaway or missing child, I'd rather have a seven- or eight-out-of-ten chance of finding that person than a zero-out-of-ten chance." from the Washington Post, 2002-Nov-14, by Brian Krebs: Tech Provisions Added to Homeland Security Bill The homeland security legislation heading for likely approval in Congress this week includes last-minute changes that could have far-reaching implications for computer security and Internet privacy. The latest version of the bill includes a provision that would shield Internet service providers (ISPs) from customer lawsuits if providers share private subscriber information with law enforcement authorities. Another addition would make it easier for law enforcement to trace the location and identity of an Internet user suspected of posing an "imminent threat to

national security interests" or perpetrating attacks on "protected computers" -- a term that encompasses both government computers and any system used in "interstate commerce or communication." Proponents of the changes -- including Senate Judiciary Committee top Republican Orrin Hatch (Utah) -- say the provisions will provide greater flexibility for law enforcement and help protect key systems against cyberattacks. Privacy advocates, however, say the new language is a back-door attempt to give the Bush administration the enhanced surveillance powers it failed to win in the USA Patriot Act, a law enacted in the wake of the 2001 terrorist attacks that significantly increased the capability of intelligence agencies to eavesdrop on personal conversations. "One of the best protections [under current law] is that communications providers can't simply become agents of the federal government and hand over customer information," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center. "These provisions weaken those protections." Another controversial provision added to the homeland security bill would allow companies to share information with the government about electronic vulnerabilities -- without having to worry that such disclosures would be publicized. The measure specifically would exempt cybersecurity disclosures from the Freedom of Information Act (FOIA), the law that allows citizens to obtain nonclassified information from the government. It also would make it a criminal offense for any government employee to publicize vulnerabilities revealed by companies to government agencies. American Civil Liberties Union Legislative Counsel Tim Edgar suggested that the FOIA exemption could prevent the public from learning about online threats. "The problem with the bill is that it creates an unnecessary preemption to FOIA for businesses that could undermine national security rather than enhancing it," Edgar said. Harris Miller, president of the Information Technology Association of America, said the technology industry supports the exemption. "This is going to remove one of the huge impediments to companies being willing to share extremely sensitive information with the government, and will be an important step forward in government and industry efforts to fight cyberterrorism," he said. Miller also said that a FOIA exemption without enforcement measures would be ineffective.

"Without meaningful disincentives against government employees overriding the law, there is nothing to keep employees from just ignoring the restrictions," he said. Other new language in the homeland security bill would increase penalties for a range of computer crimes, including the possibility of life in prison for hackers whose actions result in "serious bodily injury" or death. The bill also would establish law enforcement and corrections technology centers to develop investigative technologies to fight cybercrime. These cybersecurity components were added the same week that Congress approved legislation that would triple federal funding for computer security research. In addition, the legislation now includes a proposal passed by the Senate this year to establish an information technology equivalent of the National Guard. The "NET Guard" measure -- introduced by Sen. Ron Wyden (D-Ore.) -- would organize a volunteer force of federal, state, local and private programmers and engineers which could be called upon in an emergency to help restore communications networks and other vital systems. In other computer security news, the Senate approved legislation this week to extend by one year a law that requires federal agencies to test their computers and networks for common security vulnerabilities. washingtonpost.com Staff Writer David McGuire contributed to this report. from the New York Times, 2002-Jul-25, by Jennifer 8. Lee: Net Users Try to Elude the Google Grasp The Internet has reminded Camberley Crick that there are disadvantages to having a distinctive name. In June, Ms. Crick, 24, who works part time as a computer tutor, went to a Manhattan apartment to help a 40-something man learn Windows XP. After their session, the man pulled out a half-inch stack of printouts of Web pages he said he had found by typing Ms. Crick's name into Google, the popular search engine. "You've been a busy bee," she says he joked. Among the things he had found were her family Web site, a computer game she had designed for a freshman college class, a program from a concert she had performed in and a short story she wrote in elementary school called "Timmy the Turtle." "He seemed to know an awful lot about me," Ms. Crick said, including the names of her siblings. "In the back of my mind, I was thinking I should leave soon." When she got home, she immediately removed some information from the family Web site, including the turtle story, which her father had posted in 1995, "when

the Web was more innocent," she said. But then she discovered that a copy of the story remains available through Google's database of archived Web pages. "You can't remove pieces of yourself from the Web," Ms. Crick said. The gradual erosion of personal privacy is hardly a new trend. For years, privacy advocates have been spinning cautionary tales about the perils of living in the electronic age. But it used to be that only government agencies and businesses had the resources and manpower to track personal information. Today, the combined power of the Internet, search engines and archival databases can enable almost anyone to find information about almost anyone else, possibly to satiate a passing curiosity. As a result, people like Ms. Crick are trying to reduce their electronic presence -and discovering that it is not as simple as it would seem. The Internet, which was supposed to usher in an era of limitless information, is leading some people to restrict the information that they make available about themselves. "Now it's much more common to look up people's personal information on the Web," Ms. Crick said. "You have to think what you want people to know about you and not know about you." These days, people are seeing their privacy punctured in intimate ways as their personal, professional and online identities become transparent to one another. Twenty-somethings are going to search engines to check out people they meet at parties. Neighbors are profiling neighbors. Amateur genealogists are researching distant family members. Workers are screening co-workers. In other words, it is becoming more difficult to keep one's past hidden, or even to reinvent oneself in the American tradition. "The net result is going to be a return to the village, where everyone knew everyone else," said David Brin, author of a book called "The Transparent Society" (Perseus, 1998). "The anonymity of urban life will be seen as a temporary and rather weird thing." Some believe that this loss of anonymity could be dangerous for those who prefer to remain hidden, like victims of domestic violence. "If you are living in a new town trying to be hidden, it's pretty easy to find you now between Google and online government records," said Cindy Southworth, who develops technology education programs for victims of domestic violence. "Many public entities are putting everything on the Web without thinking through the ramifications of those actions." Of course, a lot of personal information that can be found on the Internet is already in the open, having been printed in newspapers, school newsletters, yearbooks and the like. In addition, the government records that are moving online -- tax assessments, court documents, voter registration -- are already public.

But much of that kind of information used to be protected by "practical obscurity": barriers arising from the time and inconvenience involved in collecting the information. Now those barriers are falling as old online-discussion postings, wedding registries and photos from school performances are becoming centralized in a searchable form on the Internet. "Google and its siblings are creating a whole that is much greater than the sum of the parts," said Jonathan Zittrain, director of the Berkman Center for Internet and Society at Harvard Law School. "Many people assume they are a needle in a haystack, simply a face in the crowd. But the minute someone takes an interest in you, the search tool is what allows the rest of the crowd to dissolve." As a result, people are considering how to live their lives knowing that the details might be captured by a big magnifying glass in the sky. "Anonymity used to give us a cushion against small mistakes," Mr. Brin said. "Now we'll have to live our lives as if any one thing might appear on page 27 in two years' time." Waqaas Fahmawi, 25, used to sign petitions freely when he was in college. "In the past you would physically sign a petition and could confidently know that it would disappear into oblivion," said Mr. Fahmawi, a Palestinian-American who works as an economist for the Commerce Department. But after he discovered that his signatures from his college years had been archived on the Internet, he became reluctant to sign petitions for fear that potential employers would hold his political views again him. He feels stifled in his political expression. "The fact I have to think about this," he said, "really does show we live in a system of thought control." David Holtzman, editor in chief of GlobalPOV, a privacy Web site, said that the notion of privacy was "undergoing a generational shift." Those in their late 20's and 30's are going to feel the brunt of the transition, he said, because they grew up with more traditional concepts of privacy even as the details of their lives were being captured electronically. "It almost gives you a good reason to name your kid something bland," Mr. Holtzman said. "You are doing them a good favor by doing that." Indeed, a generic name is what Beth Roberts, 29, was seeking when she changed back from her married name, Werbick, after a divorce. A Google search on "Beth Werbick" returns results only about her. But a search for "Beth Roberts" returns thousands upon thousands of Web pages. "I would have plausible deniability if someone wanted to attribute something to me," said Ms. Roberts, who lives in Austin, Tex. Mr. Fahmawi, the economist, said he envied the ability to be a name in the crowd. "If I had a more generic name, I'd sign petitions with impunity," he said.

But those who have become more conscious of their Internet presence can find that it is almost impossible to assert control over the medium -- something that copyright holders discovered long ago. The debate over privacy is particularly fervent in the field of online genealogy, where databases and family trees are copied freely, with or without the consent of the living individuals. Jerome Smith, who runs a genealogical Web site, recently removed some names at the request of a man who did not want his children's information on the Web. But Mr. Smith noted the information itself had been copied from a larger public database. "Once you put it out there, it's out there," said Mr. Smith, who lives in Lake Junaluska, N.C. Google says its search engine reflects whatever is on the Internet. To remove information about themselves, people have to contact Web site administrators. A disadvantage of instant Internet profiling is that there is no quality control -- and little protection against misinterpretation. The fragments of people's lives that emerge on the Internet are somewhat haphazard. They can be incomplete, out of context, misleading or simply wrong. John Doffing, the chief executive of an Internet talent agency called StartUpAgent, is surprised by how many job applicants ask him what it is like to be a gay chief executive in Silicon Valley. He says that even though he is heterosexual, some people assume he is gay because his name turns up on the Internet in association with his philanthropic work relating to AIDS and an online gallery devoted to gay and lesbian art. While this has been more amusing than troubling, he says, such information could be misused. "What happens if I were a job seeker and someone decides not to give me a job because of the same assumption?" he asked. There are also cases of mistaken Google-identity. Sam Waltz Jr., a business consultant in Wilmington, Del., met a woman through an online dating service. Before they met in person, she sent him an e-mail message saying that she did not think they were compatible. She had found his name on a Web site called SincereLust.com, which appeared to her to be run by a Delaware-based transvestite group. "I'm sitting here, reading her e-mail and thinking, `What is this?' " Mr. Waltz said. He discovered that the site was a drama group dedicated to "The Rocky Horror Picture Show." His son, Sam Waltz III, had been a member while he was at the University of Delaware. Mr. Waltz quickly explained the situation to the woman, and they have been dating for 18 months. "Now I periodically do a self-Google to make sure there is nothing else that needs to be challenged or checked," Mr. Waltz said.

Some say that the phenomenon of instant unchecked background searches could be manipulated to sabotage others' reputations. Jeanne Achille, the chief executive of a public relations firm called the Devon Group, was horrified that someone had used her name and e-mail address to post racist slurs in a French online discussion group. She has repeatedly had to explain the situation to potential clients who have asked her about the posting. "Whoever did this had to put some thought into it," Ms. Achille said. "Is it perhaps one of our competitors? Is it someone who felt we did something to them and wanted to get back at us? Is it a personal thing? Is it a disgruntled former employee?" The posting has been impossible to remove. "There is no cyberpatrol that you can go to and make all of this go away," Ms. Achille said. "You just have to live with it." from the Tampa Tribune, 2002-Jul-22, by Jim Sloan: `But Officer, I Didn't Do Anything!' LAKELAND - They call it a ``Voluntary Roadside Interview.'' But for hundreds of motorists flagged down by state troopers Monday on Interstate 4, there was nothing voluntary about it. Off-duty troopers, hired at $30 an hour, picked motorists at random and directed them to pull off the interstate into a rest stop, where Palm Pilot- toting interviewers waited. No, this roadside checkpoint wasn't looking for drunken drivers. The survey, which will cost about $150,000, was commissioned by the Florida High Speed Rail Authority to gauge public interest in riding a proposed 120 mph bullet train. The experience left some motorists wondering what's next: Publix hiring troopers to corral interstate travelers for a marketing survey? ``They freaked me out,'' said Alan Kent, pulled over Monday on his way home to Clearwater after a concert. ``I thought they had pulled me over to search me.'' A woman traveling with Kent, who declined to give her name, was even more blunt: ``It's illegal,'' she said. Not true, survey officials say. They said they checked with a lawyer for the Florida Department of Transportation. ``The bottom line is, we can do it. It's well within the law,'' said Adrian Share of HNTB Corp., general consultants for the rail authority. ``With the cooperation of state troopers, the state is allowed to pull people over just to seek information.''

Florida voters passed a constitutional amendment two years ago that requires the state to begin building a high- speed rail network by November 2003. The train could run down the median of I-4. Last week, the rail authority, which is responsible for building the rail system, conducted traffic interviews at I-4 entrance ramps in the Lakeland area. Sunday and Monday, the authority set up shop at an I-4 rest stop east of Lakeland. Bruce Williams, who helped design the survey, said interrogations are the only way to accurately target the people most likely to use a bullet train: I-4 commuters and tourists. The authority could take down license plate numbers and mail surveys to registered owners, but that also could backfire, Williams said. ``You don't have to stop traffic, but you get a very large negative reaction of `How did you find me? Big Brother is watching me through cameras.' '' Each interview took about 90 seconds. Questioners asked drivers about their travel habits, their daily commute and - a question some didn't feel was particularly relevant - how much money they make. `Income can be a very important determinant of people's willingness to choose a certain mode of travel,'' Williams said. Respondents were asked for a general income range and were asked to pick one, not a specific figure, he said. ``If people refuse to answer it, that's fine. We're not insisting that everybody answer every question,'' Williams said. David Vogel, directing the interviews on I-4, said most motorists were ``understanding and patient.'' But Farouk Kahn of Orlando said the authority's methods were sneaky. Instead of signs saying ``Traffic Survey Ahead,'' westbound traffic was greeted with red cones, ``Reduced Speed Ahead'' signs and drawings of men digging. ``I thought there was construction going on or something,'' Kahn said. ``It's like a tricky thing. You should tell the people instead of saying one thing and then doing something else.'' The traffic survey will be repeated at the rest stop Wednesday and then wrap up, officials said. Reporter Jim Sloan can be reached at (813) 259-7691. from The News Journal of New Castle, Delaware, 2002-Aug-25, by Adam Taylor: Wilmington police photo policy under fire

Two Wilmington police squads created in June to arrest street-level drug dealers have taken pictures of at least 200 people who were not arrested for any crimes. The pictures, names and addresses of the people - mostly minority men - are being used to create a database of potential suspects to investigate future crimes, Police Chief Michael Szczerba said. Legal experts and state and federal prosecutors say the tactic is legal. Criminal defense attorneys, the American Civil Liberties Union and minority groups say it is not. City Councilman Theo K. Gregory, who is a public defender, said he thinks the photographing is unconstitutional and morally wrong. "We should enforce the existing laws, but not violate them, to catch the bad guys," he said. "We've become the bad guys, and that's not right." Mayor James M. Baker said criticism of the photographing is "asinine and intellectually bankrupt," and he will not stop the practice. "I don't care what anyone but a court of law thinks," he said. "Until a court says otherwise, if I say it's constitutional, it's constitutional." No one has challenged the photographs in court here, Baker said. The police units taking the photographs are known in some Wilmington neighborhoods as "jump-out squads" because they descend on corners, burst out of marked and unmarked vehicles and make arrests in seconds. Up to 20 officers make up each squad. Police routinely line the people on the corners against a wall and pat them down for weapons. This is known as a "Terry stop," named for a 1968 Supreme Court decision, Terry vs. Ohio, that allows officers to stop, question and frisk people they think are suspicious or people in high-crime areas. On one shift this month, the officers told a group of men after a Terry stop that they were breaking the city's loitering laws, which bar anyone from blocking passage in a public place if asked to move, and could be arrested on the spot. During that stop, the police took the men's names and addresses, snapped their pictures and let them go. Carl Klockars, a professor in the University of Delaware's Criminal Justice Department, said officers "have the right to take a picture'' unless there is a local ordinance to the contrary. Defense attorney Joseph A. Hurley disagrees.

He said police have a right to photograph a citizen walking home from a grocery store or a library, but they cannot take a picture of someone they are temporarily detaining. "The second they say, 'We're the police, put your hands against the wall,' the photos become wrong," he said. "They're unconstitutional. Bad idea." Widener University School of Law school professor Thomas Reed said police in Delaware can detain anyone for up to two hours with no probable cause, so he thinks Hurley's analysis is wrong. "The questions here surround invasion of privacy and the rules for the Terry stop," he said. "I don't think loiterers on known drug corners have much of a privacy interest. And if the stop and frisk was legal, any kind of evidence [such as a photograph] you gather to identify the perpetrator for other purposes is going to be legal." State prosecutor Peter N. Letang and U.S. Attorney Colm F. Connolly said they think the practice is legal. Connolly would not say whether federal agents in Delaware photograph people who are not arrested. Szczerba said the police intend to use the pictures for photographic lineups in the future. Defense attorney Eugene J. Maurer Jr. said he thinks he could get a client acquitted in such a case by getting the use of the photo suppressed. "If they're not arresting these people and using the loitering laws as a subterfuge just to get these pictures, I think there are some serious constitutional problems," he said. "Absent individualized suspicion, you're not supposed to be able to detain somebody." Victor Valdez, 26, a resident of Connell Street, said he feels fortunate not to have been stopped by the jump-out squads. "But I've seen them - they jump out on whoever they want, whenever and wherever," he said. "If they stop someone and it turns out they don't have drugs or a gun, what's the point of taking their picture?" Edgar White, 33, of Wilmington, said he was photographed by police earlier this month at Ninth Street and Clifford Brown Walk. White said he was at the corner with a friend who has a criminal record. "I felt violated, but this is the only way I can think of for police to know which criminals hang out in certain spots," he said. But although White said he supports the practice, he said he thinks background checks should be conducted on the spot before photographs are taken.

"If you're as clean as the Board of Health, there's no reason to have your picture taken," he said. Craig Robinson, 41, a sanitation worker of the 700 block of N. Harrison St., said he is happy about the police assistance. He said he often chases drug dealers off his block. "I tell them to go sell their drugs in front of their mother's house, and that usually makes them leave," he said. "Maybe if they know something's on file about them, they won't come back." Drewry Nash Fennell, executive director of the American Civil Liberties Union of Delaware, said she finds the new police practice disturbing. "I don't want the police intimidating people who are lawfully assembled and intimidating them on the basis of loitering laws," she said. "And the retention of photographs is intimidating." Baker said that he would not permit the police to conduct wholesale sweeps, "where everyone on the corner gets rounded up and put into the van." "These are targeted, directed sweeps in high-crime areas where police have been turned loose to attack bad people," he said. "Good little kiddies in the wrong place at the wrong time are not getting their picture taken," he said. Cpl. Kevin Connor, a member of one of the jump-out squads, said his unit practices restraint. "We're careful," he said. "There are a lot of kids socializing on the corners who aren't necessarily doing anything wrong." Charles E. Brittingham, state president for the National Association for the Advancement of Colored People, said the photographs are troubling because the squads target low-income communities. "It does have some racial overtones to it," he said. "I disagree with what they're doing and would like to sit down and talk with city officials about it." Szczerba, the police chief, said his department has received no complaints about the squad's behavior. He said the areas the squads frequent - the East Side, Northeast Wilmington, Hilltop, Southbridge and the Riverside housing project - were picked because that is where the drugs are. "In reality, they're absolutely right," said Tony Allen, president of the Metropolitan Wilmington Urban League. "We recently studied handgun violence in the city of

Wilmington and most of the victims and suspects were African Americans in high-drug areas." Still, Allen said he would like to know more about the squads' practices to make sure they are being implemented correctly. Baker said the 289-officer department needs to be creative and aggressive. Otherwise, he said the city would need 100 more officers to reach his goal of cutting crime by 80 percent in eight years. Szczerba said he hears the mayor loud and clear, and has a message of his own for the city's criminal element: "Say cheese and tell the judge how you plead." Reach Adam Taylor at 324-2787 or ataylor@delawareonline.com. from the Associated Press via the San Francisco Chronicle, 2002-Aug-13, by Jill Barton: Critics target Florida adoption law requiring mothers to detail sexual pasts (08-13) 22:04 PDT WEST PALM BEACH, Fla. (AP) -Since Rodger and Dawn Schneider took in baby Neena a year ago, they have taught her to call them mommy and daddy and helped her get over a fear of Mickey Mouse with four trips to Disney World. The Schneiders would love to adopt the little 2-year-old girl given up by a 16year-old family friend. But they can't do that without potentially destroying the young mother's reputation. Under Florida law, any mother who doesn't know who fathered her child must bare her sexual history in a newspaper advertisement before an adoption becomes final. The goal is to find the father and stave off custody battles that can break up adoptive families. The law makes no exception for rape and incest victims or minors, like the girl who gave up legal custody of Neena. Adoption advocates have condemned the law as a draconian invasion of privacy and say it encourages abortions. "There's no comparable law in any other state and it's really hard to imagine how a legislature could pass such a law if they thought about it," said Bob Tuke, president of the American Academy of Adoption Attorneys. "It treats women like chattel." The law requires a mother to list her name, age and description, along with descriptions of any men who could have fathered the child. The ads must runs once a week for four weeks in a newspaper in the city where the child was believed to be conceived.

For example, Neena's mother lives in Florida but she would have to run the ad in Newsday on New York's Long Island, where her friends, classmates and grandmother could see it. "It's pathetic what we have to go through," Rodger Schneider said. "I feel that all these legislators didn't take into account how these laws are going to affect not just the girls who want the adoptions but also the families who want to adopt." Ads have appeared in at least two Florida newspapers so far. Florida has 5,000 to 7,000 adoptions a year and 80 percent of them are private. The law, which applies only to private adoptions, took effect last October. Only now are adoptions beginning to be held up in court. When lawmakers overwhelmingly signed off on the bill last year, they cited the three-year fight over Baby Emily, whose father, a convicted rapist, contested her adoption. The Florida Supreme Court ruled in 1995 that Emily's adoptive parents should keep her, but told lawmakers to set a deadline for challenging adoptions. The law prohibits anyone from opposing an adoption after two years. A judge has already ruled that the law should exempt rape victims in Palm Beach County. Later this month, an attorney representing six women plans to ask a judge in West Palm Beach to declare the entire law unconstitutional. Democratic State Sen. Walter Campbell, the law's prime sponsor, stopped short of saying the law violates privacy rights. But he said it needs to be changed so it does not embarrass mothers and their children. "The fairest system would be to let the birth mother make the final decisions," he said. Gov. Jeb Bush, who allowed the legislation to become law without his signature, supports a system that allows men who believe they might have fathered a child to put their name in a confidential registry that must be checked during adoption proceedings. "We should be making adoption easier, not more difficult and not stigmatizing women who are trying to do the right thing," Bush spokeswoman Elizabeth Hirst said. Adoption proponents say the registry provides the best balance of a father's rights and a mother's privacy. "How many potential birth fathers comb the newspapers every day to see if they might possibly have a child somewhere? It's a silly statute," Tuke said. "But for someone who's really interested, this gives them something to do, and that's what other states that are sensible have done."

The Schneiders, who cannot have a child of their own, are putting off Neena's adoption in hopes that the law will be tossed out. They don't want to force her mother to detail her past in the newspaper. For now, they will keep custody of the child. "The birth father has a right but where has he been? This child is 2 years old," Rodger Schneider said. "We want her to be ours, to have our name, but this is nobody's business except the family's." from Wired News, 2002-May-23, by Declan McCullagh: Act Would OK Snail Mail Searches WASHINGTON -- Just a few years ago, the U.S. Postal Service got savaged by privacy advocates after suggesting that private mailbox services were somehow objectionable. Since services like Mailboxes Etc. could encourage fraud, the post office declared, businesses must limit anonymity by demanding photo ID from all customers. Three years later, the Postal Service's lobbyists are fighting for Americans' privacy rights -- and opposing a bill in Congress that would allow U.S. Customs agents to open any internationally-mailed letter or parcel for almost any reason. So far, the Postal Service has had little luck: On Wednesday, the U.S. House of Representatives approved the new surveillance powers by a 327 to 101 vote. The bill, titled the Customs Border Security Act, says that incoming or outgoing mail can be searched at the border "without a search warrant." The vote on the larger bill -- which deals mostly with the budget for the U.S. Customs Service -- came after a surprisingly heated debate on the House floor over an amendment that would have deleted the mail-snooping sections. "Exercise of these new powers could infringe on the right of innocent Americans to travel and communicate internationally free of unnecessary federal control," says Rep. Ron Paul (R-Texas), Congress' most ardent libertarian. "Please say no to unconstitutional searches and unaccountable government, and say yes to liberty and constitutional government " Under current law, it is already legal for Customs agents to open packages they deem to be suspicious. Rep. Maxine Waters (D-California) sponsored the amendment, which also would have preserved the current legal status of Customs officers, who can be sued civilly for wrongful searches. It failed. On a largely party-line vote of 197-231, with only five Republicans voting in the affirmative, the House rejected Waters' proposal and voted to keep the bill intact.

In other words, that retains the Customs Border Security Act's original language, which says a customs agent cannot be held liable for any type of search, including racial profiling, as long as the "officer or employee performed the search in good faith." Last December, the House's previous attempt to pass the bill failed by a 256 to 168 vote. It was considered under a procedure reserved for ostensibly noncontroversial bills that requires a two-thirds majority. Even critics of the Postal Service say the agency has -- at least in this particular legislative tussle -- been sticking up for privacy rights. "While I have been publicly critical of the U.S. Postal Service for their poor overall record on privacy, I will admit that they have been consistent and resolute in their adherence to our Fourth Amendment protections against warrantless searches," says Brad Jansen, deputy director of the Center for Technology Policy at the Free Congress Foundation. But, Jansen says, the politicking may be mostly "a bureaucratic turf battle with Customs trying to poach authority from the Post Office." Customs boasts that it "is considered one of the most effective agencies at congressional" lobbying and says that the Customs Border Security Act "carries a great number of important legislative requirements for the agency." Katie Corrigan, legislative counsel for the American Civil Liberties Union, says she was heartened by Wednesday's floor debate. "They expressed concern that the bill would undermine individual privacy," Corrigan says. "With each step in the process, people become a little more educated. We hope that when it heads into (a future Senate-House conference committee), we can strip that section out." Last December, the ACLU sent a letter to Congress saying that: "People in the United States have an expectation of privacy in the mail they send to friends, family or business associates abroad. The Customs Service's interest in confiscating illegal weapons' shipments, drugs or other contraband is adequately protected by its ability to secure a search warrant when it has probable cause." In the Senate, a similar bill with identical mail-opening language is waiting for a floor vote, which is likely to happen as early as this week. Democratic senators Jon Corzine (New Jersey) and Dianne Feinstein (California) are expected to introduce amendments to delete the mail-surveillance sections. Other opposition to the mail-surveillance proposals comes from industry groups. The Direct Marketing Association says "this would be the first time since Ben Franklin created the Postal Service that seizure and searches, without warrants, of outbound international mail would be allowed."

from TheInquirer.net, 2002-Jun-11, by Paul Hales: UK government seeks to extend snooping laws All your email are belong to us DO WE HAVE A RIGHT TO PRIVACY? The answer to that question is increasingly 'no'. The Guardian today reveals that UK ministers are seeking to have all our communications records opened up to anyone in a vague position of power. Whitehall wants local authorities, NHS bodies in Scotland and Northern Ireland and 11 other public bodies ranging from the postal services commission to UK atomic energy authority constabulary (gulp!) to be allowed access to our data. Under the Regulation of Investigatory Powers (RIP) Act, police forces, the intelligence services, customs and excise and the inland revenue were handed the right to sniff through our communications. Now any Tom Dick or virtual Harry can check on what websites we visit, who we speak to on the phone and track our mobile phone signal to see where we are. The Home Office says the move is a necessary one in order to fight terrorism and crime in the communications age. But civil liberties groups are up in arms, aware that a Big Brother style poilce state is just around the corner. Simon Davies, director of Privacy International, told the Guardian: "The Home Office has absolutely breached its commitment that this law would not become a general surveillance power for the government. The exhaustive list of organisations who will be able to access data without a court order proves that this amounts to a systematic attack on the right to privacy." Also under threat are journalists who fill find it increasinly difficult to protect their sources. Removing the necessity of a court order to investigate an individual's communications will mean that any jumped-up official with an axe to grind could find out what you're up to. The ability of local authoirities to track our communications is quite a scary one. I dunno about you but where I live, local government is a virtual mason's monopoly. Can we trust all these new bodies with our data? The Home Office says, "all the bodies on the draft order have powers related to preventing crime. The aim is to bring them under the tighter regulatory framework of the RIP act." The legislation is likely to come into effect in August. From then on it'll just take a phone call from a local authority or, er, food standards official to your ISP and all your data will be theirs. from The Inquirer, 2002-Jun-18:

UK gov backs off from snoop extension For a week or two THE HOME OFFICE has decided to put plans to extend snooping on emails and mobile phone calls on ice after a storm of protest from peers, hacks and even members of parliament. A vote was to have been conducted today but now the government has backed off. Peers of the House of Lords had threatened to vote against the move. The UK Labour Party has a huge majority in the lower House of Commons, but the House of Lords has the ability to block or delay legislation. Bob Ainsworth, a junior minister at the Home Office, told BBC Radio 4 yesterday that the plans weren't a "snooper's charter". But the government has not completely thrown the snooper's charter out of the window -- MPs will debate the move towards the end of this month. The cops and our two tax departments here already have rights to request details of emails and mobile phone calls from ISPs and telecomm firms. The Home Office will announce "safeguards" to its plans today - so it obviously still wants to give these powers to government and local government snoopers. What piffle! Would they know what to do with all this data once it landed on their desks? We doubt it... from International Data Group/PCWorld.com via CNN.com, 2002-May-10, by Tom Spring: Consumer groups protest forced spying (IDG) -- Privacy rights groups and consumer electronics firms are banding together to oppose a California federal court order that mandates tracking ReplayTV users' TV viewing habits to determine whether they violate copyright laws. The Electronic Privacy Information Center calls the request "mind-boggling" and is drafting the amicus brief in support of SonicBlue's appeal. "It is unprecedented that a judge would force a company to spy on its customers and hand over results to plaintiffs," says Megan Gray, senior counsel at EPIC. The organization expects to submit its position to the court early next week. "George Orwell must be spinning in his grave," the Consumer Electronics Association says in a statement condemning the Central District Court of California for its decision. Who's Watching What?

The court action came during the pretrial discovery process in four separate lawsuits filed against SonicBlue by entertainment studios and networks. Their target: the $699 TV recording device ReplayTV 4000, introduced last September. The newest model in the ReplayTV line lets viewers record shows without commercials and transmit copies of recordings over a home network or the Internet. About 10,000 SonicBlue customers have the device. The federal judge ordered SonicBlue to monitor its customers' ReplayTV usage to see whether it meets the criteria of fair use permitted in the 1984 "Betamax" defense. In that instance, the U.S. Supreme Court ruled against banning VCRs, arguing that the devices were used primarily in ways that did not infringe on copyright. But constitutional law experts say SonicBlue may have damaged its own case in regard to tracking its customers. SonicBlue's privacy policy allows it to track ReplayTV customers' viewing habits, and its users agree to the policy whether they realize it or not. In fact, SonicBlue did monitor its customers' usage anonymously in the past, but it ceased doing so about a year ago. SonicBlue representatives acknowledge that the company changed its practice after competitor TiVo came under fire for noting its customers' usage. Ironically, the company also modified its software so that similar monitoring is not possible with the ReplayTV 4000 model. Consequently, it must revise and update the software in each unit to comply with the judge's order, says Andy Wolfe, SonicBlue's senior vice president and chief technology officer. The company calls the court's demand "draconian." Notorious Past Still, the monitoring clause in SonicBlue's current privacy policy may give courts leverage to insist upon its use, despite the company's legal appeal and its support from other organizations, say legal experts. "You can't complain about something that you yourself are doing," says Edward Steinman, a professor of law at Santa Clara University. Whether SonicBlue has halted its viewer tracking practices is a moot point, he says. Privacy groups say the primary issue is not a matter of the number of people affected, or even of past practices, but of the precedent such an order would set. SonicBlue's data about viewing habits cannot even be aggregated, but must identify customers by unique numbers, says Magistrate Judge Charles Eick of the Central District Court of California. He ordered SonicBlue to impose a tracking system by no later than June 24. Plaintiffs in the suit include Viacom, the NBC television network, ABC/Walt Disney, and AOL Time Warner. (AOL Time Warner is the parent company of

CNN.com.) They contend that they need the data to determine the extent of theft of copyrighted content enabled by ReplayTV. A central bone of contention is the device's SendShow feature, which enables a user to transmit a stored program between two ReplayTV 4000 units -- even over the Internet. At the moment, however, such an endeavor would require extremely patient pirates. A PC World evaluation found that transmitting a 30-minute broadcast show recorded by ReplayTV 4000 took more than 36 hours on a DSL line. Another Battle SonicBlue's case is just the latest in the ongoing battle between the principle of consumer fair use and copyright. Entertainment industry copyright-holders claim they'll be devastated by piracy as copying and electronic transmission of digital material becomes simpler and faster. They're waging war on several fronts, from the courthouse to legislative chambers. Congress has ordered the technology and entertainment industries to try to find a solution. Why should SonicBlue risk alienating its customers by reverting to usermonitoring tactics, argues Fred von Lohmann, senior intellectual property attorney with the Electronic Frontier Foundation. The EFF, an online civil rights organization, opposes the order and speaks out against related legislation. "The fact that plaintiffs are using a court order to go into people's homes and collect data for them is unheard of," von Lohmann says. "This is a company that has not been found guilty of doing anything wrong." SonicBlue's Wolfe says the company simply neglected to update its privacy policy to remove the clause permitting monitoring of subscriber usage. "Tracking users is not something we are interested in doing anymore," he said. Nevertheless, that past practice may put its supporters in an awkward spot. For example, the Consumer Electronics Association, a strident supporter of consumer privacy, was unaware of SonicBlue's past practices and its existing policy, says Jenny Miller, a CEA spokesperson. "I'm wondering whether SonicBlue is really the best one to question this ruling," notes law professor Steinman. from The Economist, 1999-Apr-29: The surveillance society New information technology offers huge benefits-higher productivity, better crime prevention, improved medical care, dazzling entertainment, more convenience. But it comes at a price: less and less privacy "THE right to be left alone." For many this phrase, made famous by Louis Brandeis, an American Supreme Court justice, captures the essence of a notoriously slippery, but crucial concept. Drawing the boundaries of privacy has

always been tricky. Most people have long accepted the need to provide some information about themselves in order to vote, work, shop, pursue a business, socialise or even borrow a library book. But exercising control over who knows what about you has also come to be seen as an essential feature of a civilised society. Totalitarian excesses have made "Big Brother" one of the 20th century's most frightening bogeymen. Some right of privacy, however qualified, has been a major difference between democracies and dictatorships. An explicit right to privacy is now enshrined in scores of national constitutions as well as in international human-rights treaties. Without the "right to be left alone", to shut out on occasion the prying eyes and importunities of both government and society, other political and civil liberties seem fragile. Today most people in rich societies assume that, provided they obey the law, they have a right to enjoy privacy whenever it suits them. They are wrong. Despite a raft of laws, treaties and constitutional provisions, privacy has been eroded for decades. This trend is now likely to accelerate sharply. The cause is the same as that which alarmed Brandeis when he first popularised his phrase in an article in 1890: technological change. In his day it was the spread of photography and cheap printing that posed the most immediate threat to privacy. In our day it is the computer. The quantity of information that is now available to governments and companies about individuals would have horrified Brandeis. But the power to gather and disseminate data electronically is growing so fast that it raises an even more unsettling question: in 20 years' time, will there be any privacy left to protect? Most privacy debates concern media intrusion, which is also what bothered Brandeis. And yet the greatest threat to privacy today comes not from the media, whose antics affect few people, but from the mundane business of recording and collecting an ever-expanding number of everyday transactions. Most people know that information is collected about them, but are not certain how much. Many are puzzled or annoyed by unsolicited junk mail coming through their letter boxes. And yet junk mail is just the visible tip of an information iceberg. The volume of personal data in both commercial and government databases has grown by leaps and bounds in recent years along with advances in computer technology. The United States, perhaps the most computerised society in the world, is leading the way, but other countries are not far behind. Advances in computing are having a twin effect. They are not only making it possible to collect information that once went largely unrecorded, but are also making it relatively easy to store, analyse and retrieve this information in ways which, until quite recently, were impossible. Just consider the amount of information already being collected as a matter of routine-any spending that involves a credit or bank debit card, most financial transactions, telephone calls, all dealings with national or local government. Supermarkets record every item being bought by customers who use discount

cards. Mobile-phone companies are busy installing equipment that allows them to track the location of anyone who has a phone switched on. Electronic tollbooths and traffic-monitoring systems can record the movement of individual vehicles. Pioneered in Britain, closed-circuit TV cameras now scan increasingly large swathes of urban landscapes in other countries too. The trade in consumer information has hugely expanded in the past ten years. One single company, Acxiom Corporation in Conway, Arkansas, has a database combining public and consumer information that covers 95% of American households. Is there anyone left on the planet who does not know that their use of the Internet is being recorded by somebody, somewhere? Firms are as interested in their employees as in their customers. A 1997 survey by the American Management Association of 900 large companies found that nearly two-thirds admitted to some form of electronic surveillance of their own workers. Powerful new software makes it easy for bosses to monitor and record not only all telephone conversations, but every keystroke and e-mail message as well. Information is power, so it is hardly surprising that governments are as keen as companies to use data-processing technology. They do this for many entirely legitimate reasons-tracking benefit claimants, delivering better health care, fighting crime, pursuing terrorists. But it inevitably means more government surveillance. A controversial law passed in 1994 to aid law enforcement requires telecoms firms operating in America to install equipment that allows the government to intercept and monitor all telephone and data communications, although disputes between the firms and the FBI have delayed its implementation. Intelligence agencies from America, Britain, Canada, Australia and New Zealand jointly monitor all international satellite-telecommunications traffic via a system called "Echelon" that can pick specific words or phrases from hundreds of thousands of messages. America, Britain, Canada and Australia are also compiling national DNA databases of convicted criminals. Many other countries are considering following suit. The idea of DNA databases that cover entire populations is still highly controversial, but those databases would be such a powerful tool for fighting crime and disease that pressure for their creation seems inevitable. Iceland's parliament has agreed a plan to sell the DNA database of its population to a medical-research firm, a move bitterly opposed by some on privacy grounds. To each a number The general public may be only vaguely aware of the mushrooming growth of information-gathering, but when they are offered a glimpse, most people do not like what they see. A survey by America's Federal Trade Commission found that 80% of Americans are worried about what happens to information collected

about them. Skirmishes between privacy advocates and those collecting information are occurring with increasing frequency. This year both Intel and Microsoft have run into a storm of criticism when it was revealed that their products-the chips and software at the heart of most personal computers-transmitted unique identification numbers whenever a personalcomputer user logged on to the Internet. Both companies hastily offered software to allow users to turn the identifying numbers off, but their critics maintain that any software fix can be breached. In fact, a growing number of electronic devices and software packages contain identifying numbers to help them interact with each other. In February an outcry greeted news that Image Data, a small New Hampshire firm, had received finance and technical assistance from the American Secret Service to build a national database of photographs used on drivers' licences. As a first step, the company had already bought the photographs of more than 22m drivers from state governments in South Carolina, Florida and Colorado. Image Data insists that the database, which would allow retailers or police across the country instantly to match a name and photograph, is primarily designed to fight cheque and credit-card fraud. But in response to more than 14,000 e-mail complaints, all three states moved quickly to cancel the sale. It is always hard to predict the impact of new technology, but there are several developments already on the horizon which, if the recent past is anything to go by, are bound to be used for monitoring of one sort or another. The paraphernalia of snooping, whether legal or not, is becoming both frighteningly sophisticated and easily affordable. Already, tiny microphones are capable of recording whispered conversations from across the street. Conversations can even be monitored from the normally imperceptible vibrations of window glass. Some technologists think that the tiny battlefield reconnaissance drones being developed by the American armed forces will be easy to commercialise. Small video cameras the size of a large wasp may some day be able to fly into a room, attach themselves to a wall or ceiling and record everything that goes on there. Overt monitoring is likely to grow as well. Intelligent software systems are already able to scan and identify individuals from video images. Combined with the plummeting price and size of cameras, such software should eventually make video surveillance possible almost anywhere, at any time. Street criminals might then be observed and traced with ease. The burgeoning field of "biometrics" will make possible cheap and fool-proof systems that can identify people from their voices, eyeballs, thumbprints or any other measurable part of their anatomy. That could mean doing away with today's cumbersome array of security passes, tickets and even credit cards. Alternatively, pocket-sized "smart" cards might soon be able to store all of a person's medical or credit history, among other things, together with physical data needed to verify his or her identity.

In a few years' time utilities might be able to monitor the performance of home appliances, sending repairmen or replacements even before they break down. Local supermarkets could check the contents of customers' refrigerators, compiling a shopping list as they run out of supplies of butter, cheese or milk. Or office workers might check up on the children at home from their desktop computers. But all of these benefits, from better medical care and crime prevention to the more banal delights of the "intelligent" home, come with one obvious drawbackan ever-widening trail of electronic data. Because the cost of storing and analysing the data is also plummeting, almost any action will leave a nearpermanent record. However ingeniously information-processing technology is used, what seems certain is that threats to traditional notions of privacy will proliferate. This prospect provokes a range of responses, none of them entirely adequate: * More laws. Brandeis's article was a plea for a right to sue for damages against intrusions of privacy. It spawned a burst of privacy statutes in America and elsewhere. And yet privacy lawsuits hardly ever succeed, except in France, and even there they are rare. Courts find it almost impossible to pin down a precise enough legal definition of privacy. America's consumer-credit laws, passed in the 1970s, give individuals the right to examine their credit records and to demand corrections. The European Union has recently gone a lot further. The EU Data Protection directive, which came into force last October, aims to give people control over their data, requiring "unambiguous" consent before a company or agency can process it, and barring the use of the data for any purpose other than that for which it was originally collected. Each EU country is pledged to appoint a privacy commissioner to act on behalf of citizens whose rights have been violated. The directive also bars the export of data to countries that do not have comparably stringent protections. Most EU countries have yet to pass the domestic laws needed to implement the directive, so it is difficult to say how it will work in practice. But the Americans view it as Draconian, and a trade row has blown up about the EU's threat to stop data exports to the United States. A compromise may be reached that enables American firms to follow voluntary guidelines; but that merely could create a big loophole. If, on the other hand, the EU insists on barring data exports, not only might a trade war be started but also the development of electronic commerce in Europe could come screeching to a complete halt, inflicting a huge cost on the EU's economy. In any case, it is far from clear what effect the new law will have even in Europe. More products or services may have to be offered with the kind of legalistic bumf that is now attached to computer software. But, as with software, most consumers are likely to sign without reading it. The new law may give individuals a valuable tool to fight against some of the worst abuses, rather on the pattern of

consumer-credit laws. But, also as with those laws-and indeed, with government freedom of information laws in general-individuals will have to be determined and persistent to exercise their rights. Corporate and government officials can often find ways to delay or evade individual requests for information. Policing the rising tide of data collection and trading is probably beyond the capability of any government without a crackdown so massive that it could stop the new information economy in its tracks. * Market solutions. The Americans generally prefer to rely on self-regulation and market pressures. Yet so far, self-regulation has failed abysmally. A Federal Trade Commission survey of 1,400 American Internet sites last year found that only 2% had posted a privacy policy in line with that advocated by the commission, although more have probably done so since, not least in response to increased concern over privacy. Studies of members of America's Direct Marketing Association by independent researchers have found that more than half did not abide even by the association's modest guidelines. If consumers were to become more alarmed about privacy, however, market solutions could offer some protection. The Internet, the frontline of the privacy battlefield, has already spawned anonymous remailers, firms that forward e-mail stripped of any identifying information. One website (www.anonymizer.com) offers anonymous Internet browsing. Electronic digital cash, for use on or off the Internet, may eventually provide some anonymity but, like today's physical cash, it will probably be used only for smaller purchases. Enter the infomediary John Hagel and Marc Singer of McKinsey, a management consulting firm, believe that from such services will emerge "infomediaries", firms that become brokers of information between consumers and other companies, giving consumers privacy protection and also earning them some revenue for the information they are willing to release about themselves. If consumers were willing to pay for such brokerage, infomediaries might succeed on the Internet. Such firms would have the strongest possible stake in maintaining their reputation for privacy protection. But it is hard to imagine them thriving unless consumers are willing to funnel every transaction they make through a single infomediary. Even if this is possible-which is unclear-many consumers may not want to rely so much on a single firm. Most, for example, already have more than one credit card. In the meantime, many companies already declare that they will not sell information they collect about customers. But many others find it more profitable not to make-or keep-this pledge. Consumers who want privacy must be ever vigilant, which is more than most can manage. Even those companies which advertise that they will not sell information do not promise not to buy it. They almost certainly know more about their customers than their customers realise. And in any case, market solutions, including infomediaries, are unlikely to be able

to deal with growing government databases or increased surveillance in public areas. * Technology. The Internet has spawned a fierce war between fans of encryption and governments, especially America's, which argue that they must have access to the keys to software codes used on the web in the interests of law enforcement. This quarrel has been rumbling on for years. But given the easy availability of increasingly complex codes, governments may just have to accept defeat, which would provide more privacy not just for innocent web users, but for criminals as well. Yet even encryption will only serve to restore to Internet users the level of privacy that most people have assumed they now enjoy in traditional (ie, paper) mail. Away from the web, the technological race between snoopers and anti-snoopers will also undoubtedly continue. But technology can only ever be a partial answer. Privacy will be reduced not only by government or private snooping, but by the constant recording of all sorts of information that individuals must provide to receive products or benefits-which is as true on as off the Internet. * Transparency. Despairing of efforts to protect privacy in the face of the approaching technological deluge, David Brin, an American physicist and science-fiction writer, proposes a radical alternative-its complete abolition. In his book "The Transparent Society" (Addison-Wesley, $25) he argues that in future the rich and powerful-and most ominously of all, governments-will derive the greatest benefit from privacy protection, rather than ordinary people. Instead, says Mr Brin, a clear, simple rule should be adopted: everyone should have access to all information. Every citizen should be able to tap into any database, corporate or governmental, containing personal information. Images from the video-surveillance cameras on city streets should be accessible to everyone, not just the police. The idea sounds disconcerting, he admits. But he argues that privacy is doomed in any case. Transparency would enable people to know who knows what about them, and for the ruled to keep an eye on their rulers. Video cameras would record not only criminals, but also abusive policemen. Corporate chiefs would know that information about themselves is as freely available as it is about their customers or workers. Simple deterrence would then encourage restraint in information gathering-and maybe even more courtesy. Yet Mr Brin does not explain what would happen to transparency violators or whether there would be any limits. What about national-security data or trade secrets? Police or medical files? Criminals might find these of great interest. What is more, transparency would be just as difficult to enforce legally as privacy protection is now. Indeed, the very idea of making privacy into a crime seems outlandish. There is unlikely to be a single answer to the dilemma posed by the conflict between privacy and the growing power of information technology. But unless society collectively turns away from the benefits that technology can offer-surely

the most unlikely outcome of all-privacy debates are likely to become ever more intense. In the brave new world of the information age, the right to be left alone is certain to come under siege as never before. from Wired News Report, 2002-Jun-3: Widespread wiretapping: VeriSign (VRSN) said it will provide a new service, NetDiscovery, to help U.S. telecommunications carriers comply with wiretapping regulations that have gained more prominence since the attacks of Sept. 11. Under the Communications Assistance for Law Enforcement Act of 1994, telecommunications companies must have systems that allow law enforcement officials acting with a court order or other legal authorization to intercept targeted telephone calls and access caller ID data quickly. The law also requires carriers to provide the resulting wiretap data to the police or the FBI in a way that allows it to delivered or transmitted offsite to government offices. from CNET News.com, 2002-May-28, by Stefanie Olsen: Documents reveal Carnivore failures A privacy watchdog group on Tuesday made public internal FBI documents that discuss failures of the agency's Carnivore online surveillance technology. The documents, obtained under the Freedom of Information Act (FOIA), detail at least one incident in which Carnivore inadvertently captured e-mail from people who were not under investigation, in apparent violation of federal wiretap laws. The FBI did not immediately return calls for comment. Carnivore, the FBI's Internet monitoring system that came into the public spotlight in July 2000, is used to monitor Internet traffic and communications through Internet service providers, once the technology's been installed on the ISP's system. Though much of how Carnivore works has remained a mystery as well as a perceived threat to consumer privacy, the FBI has said that the technology filters data to obtain only lawfully authorized information on suspects. Records on the technology were obtained by the Electronic Privacy Information Center (EPIC) after years of requests for disclosure. In 2000, EPIC filed a request to view all FBI records related to Carnivore, but following delays for response from the Department of Justice, the organization filed suit in U.S. District Court demanding the release of the data. Documents retrieved last week were part of a court summons issued by U.S. District Judge James Robertson that directed the FBI to complete a comprehensive search for documents. The search was to be conducted in the offices of General Counsel and Congressional & Public Affairs. As part of the documents published by EPIC, one internal FBI e-mail, dated April 5, 2000, discusses how the "software was turned on and did not work correctly,"

according to the e-mail. Carnivore not only gathered electronic communications on suspects that the FBI obtained a warrant to search, but it also retained e-mail from other individuals, according to the documents. The malfunction resulted in an FBI technician to destroy information on all parties. As a result, the act could have thwarted an investigation into terrorist threats involving Osama bin Laden, according to EPIC. The surveillance was performed by the FBI's International Terrorism Operations Section (ITOS) and its "UBL Unit," which refers to the government's official designation for bin Laden. "These documents confirm what many of us have believed for two years-Carnivore is a powerful but clumsy tool that endangers the privacy of innocent American citizens," EPIC's General Counsel David Sobel said in a statement. "Our FOIA lawsuit shows that there's a great deal about Carnivore that we still don't know." from NewsMax, 2001-Dec-19, by Charles R. Smith: U.S. Police and Intelligence Hit by Spy Network Spies Tap Police and Government Phones In the wake of the Sept. 11 terrorist attack, the FBI has stumbled on the largest espionage ring ever discovered inside the United States. The U.S. Justice Department is now holding nearly 100 Israeli citizens with direct ties to foreign military, criminal and intelligence services. The spy ring reportedly includes employees of two Israeli-owned companies that currently perform almost all the official wiretaps for U.S. local, state and federal law enforcement. The U.S. law enforcement wiretaps, authorized by the Communications Assistance for Law Enforcement Act (CALEA), appear to have been breached by organized crime units working inside Israel and the Israeli intelligence service, Mossad. Both Attorney General John Ashcroft and FBI Director Robert Mueller were warned on Oct. 18 in a hand-delivered letter from local, state and federal law enforcement officials. The warning stated, "Law enforcement's current electronic surveillance capabilities are less effective today than they were at the time CALEA was enacted." The spy ring enabled criminals to use reverse wiretaps against U.S. intelligence and law enforcement operations. The illegal monitoring may have resulted in the deaths of several informants and reportedly spoiled planned anti-drug raids on crime syndicates. Global Spy and Crime Network

The penetration of the U.S. wiretap system has led to a giant spy hunt across the globe by American intelligence agencies. U.S. intelligence officials now suspect the spy ring shared and sold information to other nations. "Why do you think Putin so nonchalantly and with such great fanfare announced the shutdown of the Lourdes listening post in Cuba?" noted Douglas Brown, president of Multilingual Data Solutions Inc. and program director at the Nathan Hale Institute. "Besides the PR benefit right before his visit here, the Russians don't need it anymore. They've scraped together a cheaper, more effective monitoring system. Is the Israeli company an element of that system? I don't know," stated Brown. "With all the whining and crying about Echelon and Carnivore, critics, domestic and foreign, of U.S. electronic eavesdropping vastly overestimate our abilities to process and disseminate the stuff," noted Brown. "The critics also underestimated the incompetence and total ineptness of the people running our intelligence and law enforcement services during the ClintonGore years. One guy uses his home computer for storing top secret documents; another high-tech guru guy can't figure out how to save and retrieve his e-mail, and the guy in charge of everything is having phone sex over an open line with one of his employees," said Brown. "On the other hand, the Europeans, including the Russians, have been much more focused on the nuts and bolts of practical systems to process the information they scoop up. The stories linking German intelligence and the L&H scandal got very little play here but were widely noted in the European software community," said Brown. "Except for a few Germans and an occasional Pole, nobody can match the Russians in designing and developing algorithms. We may have some of the world's greatest programmers, but the Russians and Europeans do a better job of matching up linguists and area experts with their programmers," noted Brown. The discovery of a major spy ring inside the United States is straining the already tense relations with Israel. Although, Israel denied any involvement with the penetration of the U.S. wiretap system, the CIA and FBI are investigating the direct government ties to the former Israeli military and intelligence officials now being held by the Justice Department. Israeli Company Provides U.S. Wiretaps One company reported to be under investigation is Comverse Infosys, a subsidiary of an Israeli-run private telecommunications firm. Comverse provides almost all the wiretapping equipment and software for U.S. law enforcement.

Custom computers and software made by Comverse are tied into the U.S. phone network in order to intercept, record and store wiretapped calls, and at the same time transmit them to investigators. The penetration of Comverse reportedly allowed criminals to wiretap law enforcement communications in reverse and foil authorized wiretaps with advance warning. One major drug bust operation planned by the Los Angeles police was foiled by what now appear to be reverse wiretaps placed on law enforcement phones by the criminal spy ring. Flawed laws Led to Compromise Several U.S. privacy and security advocates contend the fault actually lies in the CALEA legislation passed by Congress that allowed the spy ring to operate so effectively. Lisa Dean, vice president for technology policy at Free Congress Foundation, delivered a scathing critique of the breach of the U.S. law enforcement wiretap system. "We are exercising our 'I told you so' rights on this," said Dean. "From the beginning, both the political right and left warned Congress and the FBI that they were making a huge mistake by implementing CALEA. That it would jeopardize the security of private communications, whether it's between a mother and her son or between government officials. The statement just issued by law enforcement agencies has confirmed our worst fears," concluded Dean. "How many more 9/11s do we have to suffer?" asked Brad Jansen, deputy director for technology policy at the Free Congress Foundation. "The CALEA form of massive surveillance is a poor substitute for real law enforcement and intelligence work. It is an after-the-fact method of crime fighting. It is not designed to prevent crime. Massive wiretapping does not equal security. Instead, we have elected to jeopardize our national security in exchange for poor law enforcement," said Jansen. "For example, FINCEN monitoring of all money transactions did not detect alQaeda, nor did it find Mohamed Atta before he boarded his last flight. It was an ATM receipt left in his rental car that led the FBI to the bin Laden bank accounts," noted Jansen. U.S. National Security Compromised "The CALEA approach is the same approach law enforcement has been pushing for a number of years. It's the same approach that was used to push Carnivore, Magic Lantern, FINCEN and even the failed Clipper project. This approach leads to a compromise in national security and in personal security for the American public," said Jansen.

"In addition, there is always government abuse of these kinds of systems," stated Jansen. "Law enforcement on all levels does a very poor job in policing itself. We need to hold our police and government officials to the highest standards." "This also hurts the U.S. economy when the whole world knows that our communication systems are not secure. We cannot compete with inferior products when other countries are exporting secure software and hardware. New Zealand, India and Chile already offer security products that actually provide real security," stated Jansen. "The current mentality of law enforcement is what failed to protect us from 9/11. CALEA wiretaps will not protect us from terror attacks in the future. The system does not provide better intelligence information. It actually leads to less security and more crime. We get the worst of both worlds," concluded Jansen. from BBC News, 2002-Mar-4: Black editor backs stop and search A dramatic rise in gun crime can only be contained by the police increasing their use of stop and search, the editor of Britain's leading black newspaper has claimed. Mike Best, editor of The Voice, said the concerns felt by many black people about the practice were outweighed by figures showing that shootings are at an all time high in London and other British cities. He told the BBC: "I think most people would prefer not to be stopped and searched, but I think the increasing crime is warranting that and the majority of people who have nothing to hide won't mind very much." Stop and search was scaled back when the Macpherson Report into the murder of teenager Stephen Lawrence found that police were institutionally racist. 'Frustration' Mr Best said he supported stop and search despite the finding it was five time more likely to be used against black people than white people. He said police had moved away from the "unprofessional" standards of the past and the tactic could now be used more sensitively. "Stop and search really, we thought, mainly referred to stopping of black people. It has to be across the board, whether they are Asians, white, whatever," Mr Best added. "It must not be seen as just black people - this whole myth that black people commit the major crimes - that's not true."

Mr Best said the parents of many of those killed held the view that if their sons had been stopped and searched they would still be alive, even if they were in prison. 'Frustration' Mr Best's comments may cause concern among some in the black community and were not supported by Lee Jasper, London Mayor Ken Livingstone's adviser on police matters. Mr Jasper said: "I understand the frustration that some people have in relation to tackling this crime but again, it needs to be intelligence led in order to be effective." Metropolitan Police Commander Bob Quick also questioned the value of increasing the number of stop and searches carried out by officers. He said: "I don't think it would make a difference to bring in indiscriminate stop and search. "In the Met' and the service more generally we are in favour of targeted stop and search which is intelligence based - which is very much aimed at stopping the right people that we suspect carry weapons or firearms." 'Lawless' Last week Hackney MP Diane Abbott told the House of Commons prison sentences must be increased for people convicted of gun crime. Ms Abbott said London is suffering from a "lawless gun culture" and people living in the city are becoming increasingly frightened they will become a victim. Last year in London alone there were 21 "black on black" gun murders, 67 attempted murders and a further 80 shootings resulting in minor injury or criminal damage. The number of armed robberies rose to 776 from 500 the previous year and reports suggest guns are now available in the capital for as little as 200. from the Assocviated Press, 2002-Feb-15, by Jennifer Loven: FCC Approves Some Ultrawideband Use WASHINGTON - The nation's communications regulators approved limited use of a new technology Thursday that is capable of seeing through walls, finding earthquake victims and even preventing car crashes. The technology, known as ultrawideband, is a new method of wireless transmission promoted as a potential solution to the squeeze on the nation's airwaves created by the explosion of mobile phone, pager and other wireless device usage.

That's because ultrawideband devices operate over a wide swath of the airwaves, within frequencies already allocated to other uses, but by using millions of pulses each second that emit so little energy they do not interfere. The Federal Communications Commission voted unanimously to allow the technology to be used on an unlicensed basis. The commission, however, opted to ``err on the side of conservatism,'' at least for now, by requiring that ultrawideband be used only at certain frequencies and, in some cases, only by certain users. All real-life implications of the limits, described in a 100-page document few were able to digest immediately, were unclear. Still, companies involved in developing ultrawideband applications were happy to see the FCC take a step forward. ``We've gone from basically being illegal to being legal,'' said Jeffrey Ross, a vice president of Time Domain Corp. Based in Huntsville, Ala., Time Domain is one of a handful of companies that have received waivers to begin marketing the technology and were pursuing FCC approval. Mostly used now by the U.S. military, ultrawideband allows for wireless communications and accurate readings of location and distance that have a wide range of applications. Potential new commercial uses that could be allowed under the standards set by the FCC include: -Wireless, high-speed transmissions over short distances, such as sending video on a camera to a television set or data from a personal digital assistant to a laptop. -Sensors in cars that can alert a driver to movement near the vehicle, prevent collisions and promote ``smart'' air bag deployment. Otherwise, the FCC primarily limited ultrawideband technology to public safety uses. For instance, only police and fire officials, scientific researchers and mining or construction companies could use so-called ground-penetrating radar devices, which could help rescuers find victims in rubble or locate ruptured gas lines underground. The FCC also limited devices that can see through walls and detect motion within certain areas to law enforcement and firefighters, which could use them to see into a building during a hostage situation or evaluate a fire from the outside. It was unclear whether those applications will be possible at the low power levels set by the FCC. The FCC proceeded cautiously out of uncertainty whether ultrawideband could coexist safely with other services, such as military airwaves use, cell phones and the Global Positioning System, the U.S.-built network of navigation satellites.

Commissioners acknowledged the standards might be overprotective but pledged to consider the question again in six months to a year. Commerce Secretary Don Evans and Steven Price, a deputy assistant secretary at the Pentagon, praised the FCC's approach. ``To remain the world leader, we must continue to encourage deployment of important new technologies while protecting those that already exist,'' Evans said. --On the Net: Federal Communications Commission: http://www.fcc.gov from CNET News.com, 2002-May-14, by Robert Lemos: Latest privacy threat: Monitor glow BERKELEY, Calif.--Law enforcement and intelligence agents may have a new tool to read the data displayed on a suspect's computer monitor, even when they can't see the screen. Marcus Kuhn, an associate professor at Cambridge University in England, presented research on Monday showing how anybody with a brawny PC, a special light detector and some lab hardware could reconstruct what a user sees on the screen by catching the reflected glow from the monitor. The results surprised many security researchers gathered here at the Institute of Electrical and Electronics Engineers' (IEEE) Symposium on Security and Privacy because they had assumed that discerning such detail was impossible. "No one even thought about the optical issues" of computer information "leakage," said Fred Cohen, security practitioner in residence for the University of New Haven. "This guy didn't just publish, he blew (the assumptions) apart." Many intelligence agencies have worried about data leaking from classified computers through telltale radio waves produced by internal devices, and a recent research paper outlined the threat of an adversary reading data from the blinking LED lights on a modem. Kuhn's research adds the glow of a monitor to the list of dangers. Eavesdropping on a monitor's glow takes advantage of the way that cathode-ray tubes, the technology behind the screen, work. In most computer monitors, a beam of electrons is shot at the inside of the screen, which is covered in various phosphors, causing each pixel to glow red, green or blue, and thereby producing an image. The beam scans from side to side, hitting every pixel--more than 786,000 of them at--in sequence; the screen is completely scanned anywhere from 60 to 100 times every second. The light emitted from each pixel of phosphor will peak as the pixel is hit with electrons, creating a pulsating signal that bathes a room. By

averaging the signal that reflects from a particular wall over nearly a second and doing some fancy mathematical footwork, Kuhn is able to reconstruct the screen image. Not so fast Yet Kuhn, who is still completing his PhD thesis, is quick to underscore the problems with the system. "At this point, this is a curiosity," he said. "It's not a revolution." First off, Kuhn performed the experiments in a lab at a short distance--the screen faced a white wall 1 meter away, and the detector was a half meter behind the monitor. There have been no real-world tests where, for example, other light sources are present and the detector is 30 feet across a street. Other light sources, including the sun, make things much more difficult if not impossible. Normal incandescent lighting, for example, has a lot of red and yellow components and tends to wipe out any reflections of red from the image on a screen. And several countermeasures are effective, including having a room with black walls and using a flat-panel liquid crystal display. LCD monitors activate a whole horizontal line of pixels at once, making it immune to this type of attack. Still, other researchers believe that Kuhn may be on to something. "Anyone who has gone for a walk around their neighborhood knows that a lot of people have a flickering blue glow emanating from (their) living rooms and dens," said Joe Loughry, senior software engineer for Lockheed Martin. While Kuhn calculated that the technique could be used at a range of 50 meters at twilight using a small telescope, a satellite with the appropriate sensors could, theoretically, detect the patterns from orbit, said several security experts. That could open a whole new can of worms for privacy. If Kuhn's technique proves to be practical, the result of the research could be a new round of battles between law enforcement agencies and privacy advocates in the courts over whether capturing the faint blue glow from a home office is a breach of privacy. Until that's resolved, the safest solution is to compute with the lights on. from TPDL 2001-Mar-21, from the SF Chronicle, by Debra J. Saunders: Drug war vs. U.S. Constitution BE VERY AFRAID of what was said during Tuesday's U.S. Supreme Court hearing on a case in which three Tecumseh, Okla., students challenged a mandatory drug testing program for high school students participating in extracurricular activities.

Be afraid because statements made by some of the justices suggest that they are prepared to make the sort of results-oriented ruling -- based on ideology, not case law -- that conservatives used to lambaste when liberals made them. Enter the war on drugs. Exit the U.S. Constitution. Here's one example quoted in the New York Times: Justice Antonin Scalia asked ACLU attorney Graham Boyd, who opposed the testing program, "So long as you have a bunch of druggies, who are orderly in class, the school can take no action. That's what you want us to rule?" Yes, that's right, justice. In America, there's this little thing called probable cause. Right now, teachers can ask for drug tests when they suspect a student of drug use, but for the moment, the law has not allowed schools to test all students for no cause. Be afraid because precedent doesn't matter. In 1995, the Big Bench ruled that it was legal for an Oregon school to require athletes to submit to urine tests because the school had a big drug problem. The reasoning: Athletes were the main offenders, football players were role models and there were safety issues with football players in heavy gear charging other players while high on drugs. That was a narrow ruling. Now, some justices want to make members of Future Farmers of America and the band tuba player into role models. And they don't care if a school district doesn't have much of a drug problem. (Of 505 Tecumseh students tested, three tested positive.) Worse, as the Washington Times reported, Deputy Solicitor General Paul D. Clement suggested that public schools could test entire student bodies. Forget the Fourth Amendment protections against unreasonable searches. Be afraid because most justices apparently support drug testing for students who are less likely to be drug users than, as Justice Ruth Bader Ginsburg said, "students who don't do anything after school." Students who refuse to take the test or flunk it twice would be banned from interscholastic clubs. Be afraid because the Bush administration and some justices want the government to be Big Father, and pre-empt parental choice. Parents can give their kids drug tests if they suspect their kids are using drugs. There are parents who have argued that they want the school to test their kids. They shouldn't expect schools to do their dirty work for them. And they should want to keep the government out of the bathroom. Justice Anthony M. Kennedy suggested that he was helping parents when he gave an analogy of two schools, one with drug testing and one without. He then told the ACLU's Boyd that no parents would send their children to "the druggie school" -- "except perhaps your client."

I've received letters from readers who support 20-year sentences for low- level, first-time nonviolent drug offenders because they think those sentences will protect their kids. It doesn't occur to these folks that their kids could be drug offenders. According to the Bush administration's own brief, 54 percent of high school seniors have used illegal drugs. Be afraid because when schools give students a choice between clubs or drugs, marginal kids will choose drugs. "It's those kids who need those activities the most (who) are going to be the easiest to deter," said Daniel Abrahamson of the Drug Policy Alliance, who wrote a brief against the Tecumseh School Board for the American Academy of Pediatrics. The brief noted, "a strong record of extracurricular involvement is all but essential to securing admission to a competitive undergraduate college." Because the justices weren't focusing overly on precedent, let me pose a moral question: Would the justices support a policy labeled: Smoke a joint in high school, work at McDonald's for the rest of your life? from the Boston Globe, 2001-Nov-18, by Scott Bernard Nelson: New Federal Patriot Act Turns Retailers into Spies against Customers Nov. 18--Ordinary businesses, from bicycle shops to bookstores to bowling alleys, are being pressed into service on the home front in the war on terrorism. Under the USA Patriot Act, signed into law by President Bush late last month, they soon will be required to monitor their customers and report "suspicious transactions" to the Treasury Department -- though most businesses may not be aware of this. Buried in the more than 300 pages of the new law is a provision that "any person engaged in a trade or business" has to file a government report if a customer spends $10,000 or more in cash. The threshold is cumulative and applies to multiple purchases if they're somehow related -- three $4,000 pieces of furniture, for example, might trigger a filing. Until now, only banks, thrifts, and credit unions have been required to report cash transactions to the Treasury Department's Financial Crimes Enforcement Network, under the Bank Secrecy Act of 1970. A handful of other businesses, including car dealers and pawnbrokers, have to file similar reports with the Internal Revenue Service. "This is a big deal, and a big change, for the vast majority of American businesses," said Joe Rubin, chief lobbyist for the US Chamber of Commerce. "But I don't think anybody realizes it's happened." The impact is less clear for consumers, although privacy advocates are uncomfortable with the thought of a massive database that could bring government scrutiny on innocent people. Immigrants and the working poor are

the most likely to find themselves in the database, since they tend to use the traditional banking system the least. "The scope of this thing is huge," said Bert Ely, a financial services consultant in Alexandria, Va. "It's going to affect literally millions of people." The filing of so-called suspicious activity reports, though, is only the latest in a series of law enforcement moves the government has made in response to the Sept. 11 terrorist attacks on New York and Washington. And so far, the filing requirement has been overshadowed by debate over the other changes. The Patriot Act signed into law Oct. 26, for example, gives the government a vast arsenal of surveillance tools, easier access to personal information, and increased authority to detain and deport noncitizens. House and Senate negotiators came to terms Thursday on a bill that would add 28,000 employees to the federal payroll in an effort to bolster airport security, and Attorney General John Ashcroft has said he is reorganizing the Justice Department and the FBI to focus on counterterrorism efforts. As for the business-filing requirement, specifics about what companies have to do and when they have to do it still need to be worked out. The Treasury Department has until March 25 -- the date the Patriot Act becomes law -- to issue regulations about how to put the new rules into practice. "The law itself doesn't go into any detail, because you'd presume that's what the Treasury regulations are for," said Victoria Fimea, senior counsel at the American Council of Life Insurers. "And the devil, of course, is in the details." When he signed the legislation, President Bush said the new rules were designed to "put an end to financial counterfeiting, smuggling, and money laundering." The problem, he and others have said, was keeping tabs on the billions of dollars that flow outside the traditional banking system and across national borders each year. Money launderers often disguise the source of their money by using cash to buy pricey things. Later, they can resell the products and move the money into a bank account -- at which point it has been laundered, or made to look legitimate, by the aboveboard sale. Making a series of transactions just below the $10,000 filing threshold is also illegal under the new law if it's done to keep a business from contacting the government. Financial services companies such as banks, insurers, and stock brokerages face a higher standard under the new law than other businesses. In addition to the filing requirements, they have to take steps such as naming a compliance officer and implementing a comprehensive program to train employees about how to spot money laundering.

Unlike other businesses, though, most financial services companies already have a process in place to deal with government regulation. "Certainly for the bigger [insurance] companies, they most likely are already tooled up for this," said Fimea. "For other companies, this creates a whole new landscape." James Rockett, a San Francisco lawyer who represents banks and insurance companies in disputes with regulators, said he's skeptical the authorities will get any useful information from reports filed by nonfinancial companies. "You're trying to turn an untrained populace into the monitors of money laundering activity," Rockett said. "If you want to stop this, it's got to be done with police work, not tracking consumers' buying habits." Voices opposing any of the new law-enforcement measures appear to be in the minority, however. For now, at least, few people and few companies want to be perceived as being terrorist sympathizers. "In a political sense, it would have been very hard for us to go to Congress in this case and loudly argue that the legislation shouldn't include nonfinancial-services guys," said Rubin, of the US Chamber of Commerce. "Everybody wants to help and to stop money laundering right now." from TPDL 2001-Oct-27, from Fox News 2001-Oct-26, by Kelley Beaucar Vlahos: FBI Seeking to Wiretap Internet WASHINGTON The Federal Bureau of Investigation is seeking to broaden considerably its ability to tap into Internet traffic in its quest to root out terrorists, going beyond even the new measures afforded in anti-terror legislation signed by President Bush Friday, according to lawyers familiar with the FBIs plans. Stewart Baker, an attorney at the Washington D.C.-based Steptoe & Johnson and a former general consul to National Security Agency, said the FBI has plans to change the architecture of the Internet and route traffic through central servers that it would be able to monitor e-mail more easily. The plans goes well beyond the Carnivore e-mail-sniffing system which allows the FBI to search for and extract specific e-mails off the Internet and generated so much controversy among privacy advocates and civil libertarians before the Sept. 11 terrorist attacks. From the work Ive been doing, Ive seen the efforts the FBI has been making and it suggests that they are going to unveil this in the next few months, Baker said of the plan.

FBI Spokesman Paul Bresson said he was unaware of any development in the email surveillance arena that would require major architectural changes in the Internet, but acknowledged that such a plan is possible. Any new efforts would would be in compliance with wiretapping statutes, Bresson said. We would be remiss if we didnt. Such a move might have been unthinkable before Sept. 11. Last year, privacy groups and civil libertarians howled in protest when the FBI trotted out plans to start using the Carnivore system. The Electronic Privacy Information Center (EPIC) in Washington was ready to go full rounds with the government in court over Carnivore, and House Majority Leader Dick Armey, RTexas, asked Attorney General John Ashcroft to take another look at its constitutionality. Now, though, the country is asking for more, not less, law enforcement on the Internet, and even those who once complained are coming around. I have two minds on this, says Fred Peterson, vice president of government affairs for the Xybernaut Corporation, which manufactures computer technology for military and law enforcement. The past six weeks have left little doubt in most peoples mind, he said, that new measures must be taken. I think that the threat has increased and while (FBI) demands were unreasonable at a time when the threat was less immediate and less fatal its just not the same story anymore, he said. Others are still skeptical, though not as much. I dont think (FBI) motives are bad, but I do think theyre using peoples current state of mind theyre using it to their advantage, said Mikal Condon, staff attorney for EPIC. The new FBI plans would give the agency a technical backdoor to the networks of Internet service providers like AOL and Earthlink and Web hosting companies, Baker said. It would concentrate Internet traffic in several central locations where e-mail and other web activity could be wiretapped. Baker said he expects the agency will approach the Internet companies on an individual basis to ask for their help in the endeavor. But Jim Harper, staff counsel for privacy advocate Privacilla.org said the FBI may have a hard time convincing some companies to redesign the Internet on its behalf. Its not really surprising, but I would be shocked to see if it gets done, he said. Restructuring the Internet? I dont think so. Others say the Internet companies will not put up much of a fight.

Sue Ashdown, executive director of the Washington-based American ISP Association, an Internet company trade group, said most Internet companies arent healthy enough financially to take on the government in court to protect their subscribers privacy rights. And no one, she says, wants to appear hostile to law enforcement right now. I know there are a lot of members in the association with feelings on both sides, said Ashdown. In the current patriotic climate, enterprises of all types will likely play along with the FBI in order to avoid a public relations disaster, said Gene Riccoboni, an Internet attorney with the Stamford, Connecticut-based Grimes & Battersby. from TPDL 2001-Oct-2, from ZDNet, by Stefanie Olsen: Attacks put privacy into focus Companies are scrambling to ensure their online privacy policies do not run afoul of the sprawling investigation into last month's terrorist attacks, a move that could prompt some to rewrite their published statements, privacy experts said. Most online privacy policies contain provisions for sharing customer information with law enforcement agencies in the event of a criminal investigation or suspected illegal activity. Nevertheless, some companies that have been cooperating with authorities investigating the Sept. 11 suicide hijackings that destroyed the World Trade Center and damaged the Pentagon are now reviewing their actions for possible privacy violations, according to people familiar with their concerns. A key issue, privacy advocates say, has come from companies that worry they may have gone too far in handing over complete databases to law enforcement in the immediate aftershocks of the attacks without requiring a court order or a subpoena. "I've never seen a privacy policy that says that we will make all of our records available to authorities in a case of national emergency, and I think as a result of this, you're probably going to see companies adjust their privacy policies to take this into consideration," said Ray Everett-Church, senior privacy strategist at the Los Angeles-based ePrivacy Group. While companies typically require a warrant or a court order before relinquishing the contents of e-mail or electronic files to federal authorities or in civil cases-procedures mandated under the Electronic Communications Privacy Act--Internet companies can provide information about consumer identities without a court order. Many major companies have legal departments to handle such requests. But in the aftermath of the terrorist attacks, some companies may have ignored normal procedures for working with law enforcement, privacy experts said. Some experts

see an imminent and worrisome shift in the debate over online privacy toward greater surveillance. Larry Ponemon, CEO of the Dallas-based Privacy Council and former head of PricewaterhouseCoopers' privacy practice, said he's spoken with some companies that admitted giving over their databases to authorities wholesale, without a valid court order or subpoena. He declined to disclose the names of the companies but said consumers may soon begin receiving notifications and apologies informing them of possible privacy violations. "In some cases, trying to participate and cooperate with authorities led to the other extreme of actually violating all the privacy rights of customers and employees," said Ponemon. "It's scary. We have no assurances they are going to delete (this information). Are they going to return it? Are they going to make any warranty that they won't use it again?" Legal experts said that the risks of liability in such cases are small. "Suppression of evidence would be the most serious consequence of the government obtaining information in violation of privacy rights," said Dave Kramer, a partner in the Internet counseling group at Wilson Sonsini. "The likelihood of there being financial consequences...is limited." In the event that the FBI obtained information from a company without probable cause and a search warrant, the evidence would most likely be inadmissible in court under Fourth Amendment rights, lawyers say. But if the company volunteered the data, particularly in the event the act did not contradict its privacy policy, the evidence would be acceptable. Nevertheless, some companies seem to be taking precautions in their cooperation with authorities. Dave Steer of Truste, a company that vouches for Internet privacy policies, said his company is getting calls from members inquiring about the need to revise their policies after the attacks. "Members are asking, 'Does what happened impact our privacy policy, and does that change the way we should communicate to customers?' (Also), 'How do we insert a clause into the privacy statement that allows for such national incidents?'" from the San Francisco Chronicle, 2001-Oct-6, p.A1, by William Carlsen: Secretive U.S. court may add to power Bush wants to use terrorism panel in criminal probes Cloaked in secrecy and unknown to most Americans, a seven-judge court has been busy in a sealed room at the U.S. Justice Department approving "black bag" searches, wiretaps and the bugging of homes in the interests of national security.

The court, which has been operating for more than 20 years, has approved more than 10,000 government applications for clandestine searches and surveillance of foreigners, immigrants and U.S. citizens -- and only one request has ever been denied. In its anti-terrorism proposals, the Bush administration is asking Congress for a broad expansion of the enormous powers already granted to the executive branch under the 1978 Foreign Intelligence Surveillance Act, or FISA, which would allow it to bring a wider array of cases before the special court. Currently, the government is limited to using the act for the narrow purpose of gathering foreign or terrorist intelligence. The proposed change, according to experts, would permit the government to use FISA for criminal investigations as well. That request has raised serious privacy and civil liberty concerns. "There was already concern about the drift toward using the law beyond foreign intelligence gathering," said Jonathan Turley, a law professor at George Washington University who appeared before the FISA court in the 1980s as an attorney for the National Security Agency. "It is so much easier for the government to use the FISA court than go through regular criminal warrant procedures." For years, the FBI and other U.S. intelligence agencies have used FISA to gather information through phone taps and electronic bugs, all approved by a special panel of federal judges picked by Chief Justice William Rehnquist. President Bill Clinton expanded the law in 1995 to include what is known as "black bag" searches of homes, which are executed while residents are away and without their knowledge. Because FISA is intended to permit interceptions of foreign or terrorist intelligence and not criminal evidence, the government needs only to show the special court that "probable cause" exists that the target of the requested surveillance is a foreign power or agent, a definition that includes being a member of an international terrorist group. That is a lower standard than what is required in criminal law, where investigators must show probable cause to believe that a crime is being planned or committed in order to get wiretap or search warrants from a court. And unlike regular search warrants in criminal cases, which require a target to be notified at some point and given an inventory of any evidence seized, a target of a FISA "order" may never find out that eavesdropping or a search has taken place. CONCERNS ABOUT MISUSE

Civil liberty advocates say they fear the government will take advantage of the administration's proposed change and use the pretext of intelligence gathering under FISA to go after other criminal activity, making an end run around the stricter Fourth Amendment protections in criminal law. But supporters of the change say that the problem now is that any evidence of a crime -- say, the planning of a terrorist attack -- turned up under FISA surveillance might later be ruled inadmissible in a trial, ending the criminal prosecution. "Back when FISA was first enacted and you caught a spy, you threw him out of the country," said Stewart Baker, who served as NSA general counsel from 1992 to 1994 and is now in private practice in Washington, D.C. "But more and more now," he said, "criminal activity overlaps with intelligence activity. And if you find evidence of crime during an intelligence surveillance, you want to keep renewing those interception requests to gather more evidence." Baker said the anti-terrorism bill being debated in the House of Representatives, which contains an amended version of the administration's request, might be a good compromise because it would require that intelligence gathering be the "significant" purpose of FISA investigations. That language, he said, should clear the way for evidence gathered in most surveillance to be used in later criminal prosecutions, without leading to major abuses. INCREASE IN APPLICATIONS Privacy and civil liberty groups, however, have expressed increasing alarm in recent years about the rising number of government applications to the court. They argue that the total secrecy of the process has eliminated any public accountability to ensure that the process is not being misused. The number of eavesdropping orders granted by the special court has doubled from 509 in 1993 to more than 1,000 last year. That number is nearly equal to all such warrants granted by the rest of the federal judiciary annually for criminal investigations. When it was drafted, the 1978 law was intended primarily to uncover espionage activity during the lingering Cold War. But the act also includes as targets any "group engaged in international terrorism or preparation therefor, " a definition that certainly would have encompassed the group involved in the Sept. 11 attacks. How much of the recent surveillance has been directed at terrorist groups is not known, because all the information surrounding the searches and bugging is sealed -- and the government will not comment on any activities of the court. But experts such as Baker and Turley, and others familiar with FISA, guess that the government and the court have been working overtime since Sept. 11.

Despite the concerns raised by civil liberty groups, FISA was actually considered something of a victory by these same organizations when it was signed into law by President Jimmy Carter. At the time, it was viewed as a restraint on the highly publicized abuses in the 1960s and '70s by the FBI, the CIA and the Nixon White House, which had claimed executive branch authority to spy on U.S. citizens without any judicial oversight. SEVEN JUDGES ON FISA COURT The FISA court is composed of seven federal district judges from different sections of the country selected by the chief justice to serve staggered sevenyear terms. The individual judges rotate to Washington every two weeks to sit in a specially secured, windowless conference room on the sixth floor of the Justice Department headquarters to hear the surveillance applications. Opponents say that with only a single denial in more than 10,000 requests, the judges -- the only curb on any government excesses -- are, in effect, nothing more than a rubber stamp for expanding government power. But government officials, including the only judge on the court who has commented publicly, say that judicial review has been scrupulous. Speaking to the American Bar Association in 1997, U.S. District Judge Royce Lambreth of Washington, D.C., the presiding judge of the FISA court, said he "bristles" at the "rubber stamp" characterization. He said that surveillance applications are "well scrubbed" by the U.S. attorney general and top staff before they are submitted, that the judges often ask for modifications and that some requests are withdrawn and revised before being resubmitted. "I ask questions," he said. "I get to the nitty-gritty. I know exactly what's going to be done and why." EVIDENCE USED IN CRIMINAL TRIALS FISA evidence has already found its way into more than 90 criminal proceedings, including the 1993 World Trade Center bombing case. Opponents say that when it does, defendants are not able to challenge the evidence because they are never allowed to see the information relied on by agents making the surveillance requests. Despite the secrecy, some details of the sweeping scope of FISA eavesdropping emerged recently in an 1998 espionage case in which a Washington, D.C., couple was convicted on charges of passing four Defense Department documents to an FBI agent posing as a South African intelligence officer.

In a brief filed last year with the U.S. Supreme Court, it was revealed that the government conducted 550 consecutive days of surveillance, which included phone taps, an electronic bug in their bedroom, two clandestine searches of their home, downloads from their computer, and listening in on conversations that the woman, Theresa Squillacote, and her husband, Kurt Strand, had with her psychotherapists. A request to examine the secret affidavits to the FISA court that had prompted the eavesdropping was denied by the judge in their trial. The couple appealed, saying their constitutional rights had been violated because they were denied necessary information to challenge the legality of the surveillance. The Supreme Court denied their petition for a hearing in April. Surveillance Court The federal judges who sit on the Foreign Intelligence Surveillance Court: Royce Lamberth, the court's presiding judge, U.S. District Court in Washington, D.C. Harold Baker, U.S. District Court in Illinois. Stanley S. Brotman, U.S. District Court in New Jersey. Michael J. Davis, U.S. District Court in Minnesota. Nathaniel Gorton, U.S. District Court in Maine. Claude M. Hilton, U.S. District Court in Virginia. William H. Stafford Jr., U.S. District Court in Florida. from Nature, 2001-Oct-25, by David Adam: Cryptography on the front line As the `war on terrorism' unfolds, some politicians are calling for controls on the availability of encryption software. But many computer scientists claim such moves would play into the terrorists' hands. David Adam reports. Bankers, shoppers and other Internet users now have access to standards of privacy previously only available to the military. Off-the-shelf encryption software is effectively unbreakable - even by the massed computing power of organizations such as the US National Security Agency and the Federal Bureau of Investigation (FBI). Put that power in the hands of a terrorist network, and the potential for harm is all too obvious. No surprise, then, that in the wake of the terrorist atrocities in New York and Washington, attention has focused on the ability of individuals to communicate securely over the Internet through encrypted e-mails. Although there is little

evidence that those behind the attacks used such coded messages,some politicians are already calling for stronger controls on encryption software. In a speech just days after the attacks, Republican Senator Judd Gregg of New Hampshire called for the US government to be given back-door access into all encryption software. Britain's Foreign Secretary, Jack Straw, has also entered the fray, dismissing those who have fought against such moves in the past as "naive". And on 6 October, the Dutch government announced that, as part of its counter-terrorism action plan, it intends to regulate the use of cryptography. Coded warning The events of 11 September had an immediate impact on public opinion - a poll conducted two days later indicated that 72% of Americans believed that antiencryption laws would help to prevent repeat attacks. But most experts on computer security argue that restrictions on encryption software would be expensive and impractical. Worse, they say that the net result would be to undermine the security of legitimate Internet users - rendering government and business more vulnerable to cyber-attack. But given the public statements of politicians such as Gregg and Straw, computer scientists are preparing for a reprise of the debate over privacy and security that they thought they had won in the 1990s. "We've been through these arguments before, but legislators seem to have short memories, "says Bruce Schneier, chief technical officer at Counterpane Internet Security, a company based in Cupertino, California, that provides computer security services." Limits on encryption and systems that ensure governments have access to encrypted messages will do little to thwart terrorist activities," he argues. "At the same time they will significantly reduce the security of our own critical infrastructure." (see Commentary,page 773.) [item right below -AMPP Ed.] Encryption software uses mathematical algorithms both to scramble the contents of e-mails, by reordering the underlying data, and to decipher the encoded version. The algorithms are activated - and so protected - by numerical `keys' typically containing 10 or more digits. One set of keys is widely circulated, and these are used to encrypt messages. But individual users also have private keys, which are used to decode messages. The algorithms and their mathematical relationships with the keys are too complex for security agencies to crack, so access to the private key is in practice the only way to read an encoded message. Intelligence and law-enforcement chiefs have long been concerned about the potential misuse of such programs. Indeed, former FBI director Louis Freeh in the late 1990s warned repeatedly that terrorists could be using encryption software to plan their actions, and he urged the US Congress to approve restrictions on its use and distribution. Added restrictions

But Schneier claims it is impossible to limit the spread of cryptography." Cryptography is mathematics and you can't ban mathematics," he says. There are almost 1,000 software products that use cryptography, available in more than 100 countries." You would have to ban them in every country and even then it won't be enough, as any terrorist organization with a modicum of skill can write its own cryptography software," he says. Blanket restrictions on the use of encryption might also impede the use of computers and the Internet in activities such as online banking and shopping which rely on encryption for security. A degree of disruption to e-commerce may seem a small price to pay for greater security, but cryptography systems also protect vital safety systems, such as the computers used in air-traffic control. "Restrictions are not possible from a practical point of view," argues Matt Blaze, a principal research scientist with AT&T Laboratories in Florham Park, New Jersey. If governments cannot crack encrypted e-mails and they are unable to stop people using them, what options do they have? One is to force manufacturers to introduce `back doors' into their encryption software, allowing the content of encrypted messages to be monitored routinely. This can be achieved by a system known as key escrow, in which copies of all private keys are handed over to a third party and can be accessed on demand by government security agencies. The arguments for and against key escrow raged through the 1990s. Agencies such as the FBI argued that it would allow secure monitoring of communications with little disruption to normal Internet use. Civil-liberties groups campaigned against key escrow on privacy grounds, whereas computer scientists concentrated on practical flaws. Researchers in the field say that it is currently impossible to build a system that is secure enough to hold all of the private keys and guarantee that they could not be accessed by those intent on committing fraud or wreaking cyber-havoc. Particularly daunting are the human factors ensuring that individuals working for the key-holding organizations cannot be bribed or otherwise manipulated into releasing keys. "It's all very well protecting bars of gold because at least you can see if they're gone in the morning," says Richard Clayton, who works in the computer security group at the University of Cambridge. "But when you're talking about lots of numbers hidden on behalf of people and you can't even tell if they've been stolen, then you're talking about needing a very secure system indeed. We're just not capable of building such systems." Schneier agrees: "Stockpiling keys in one place over an extended time period is a huge risk just waiting for attack or abuse." Another problem with key escrow is that there is little commercial demand for encryption software that can be accessed at will by a third party - even in the name of national security. "It's not easy to demand that individuals use designated software," says Wenbo Mao, a researcher in the mathematics, cryptography and security group at Hewlett Packard's UK laboratories in Bristol.

"There is no market demand for it." Computer security experts are concerned that legislation enforcing key escrow would make legitimate computer users wary of using encryption technology - rendering their systems more vulnerable to attack. With little incentive for software manufacturers to develop reliable key-escrow technology, the task falls to government agencies, which traditionally have kept this kind of research classified. But this approach is a problem, argues Mao users have low confidence in a product that has not been subjected to widespread attempts to crack its codes. Indeed, the US government in the mid1990s abandoned attempts to introduce its own key-escrow scheme, based on a system known as `Clipper', after Blaze at AT&T exposed flaws soon after it was released." Government-certified systems developed behind closed doors would be a potential disaster," agrees Brian Gladman, a computer security consultant who formerly served as secure systems director with Britain's Ministry of Defence. Computer scientists thought that they had won these arguments - but now the world has been thrown into conflict, they are not so sure. "If encryption is used in issues such as terrorism, and there is no legal way that law enforcement has access, then that has to be an issue," says a spokeswoman for the British government's National Criminal Intelligence Service. Britain, in fact, last year passed a law that computer security experts point to as an example of the sort of legislation that might be proposed elsewhere in the current climate. The Regulation of Investigatory Powers Act, championed by Straw when he was home secretary, gives police wide-ranging powers to intercept e-mail traffic, and also allows them to force individuals to surrender their private decryption keys. Refusing to comply, or revealing that you have been asked to surrender your keys, can be punished with up to two years'imprisonment. Key questions These powers have not yet been invoked, so the impact of the law cannot be assessed. One problem is that the police must first show that seized private keys can be held securely. The scale of security needed for this more limited number of keys - which would not make such a tempting target - is not the same as that required for a full key- escrow system. But developing an appropriate system is still not easy. The British government admits that practicalities remain to be worked out, but says that it hopes to implement the law by the end of the year. Given this, many computer scientists argue that the focus should not be on restricting the use of encryption, but on encouraging the development of stronger security systems to protect computer infrastructure vital for national and economic security.

To this end, President George W. Bush on 9 October appointed Richard Clarke, a former member of the National Security Council, to the post of special White House adviser for cyberspace security. "America built cyberspace and now it must defend cyberspace," Clarke said, in accepting the position. Clarke's position on cryptography remains unclear. But even if he doesn't reopen the debate on encryption, other politicians and officials are determined to do so. Computer scientists who oppose such moves, it seems, will be forced to do battle once again. from Nature, 2001-Oct-25, by Bruce Schneier: Protecting privacy and liberty The events of 11 September offer a rare chance to rethink public security. Appalled by the events of 11 September, many Americans have declared so loudly that they are willing to give up civil liberties in the name of security that this trade-off seems to be a fait accompli. Article after article in the popular media debates the `balance' of privacy and security - are various types of increase in security worth the consequent losses to privacy and civil liberty? Rarely do I see discussion about whether this linkage is valid. Security and privacy are not two sides of an equation. This association is simplistic and largely fallacious. The best ways to increase security are not at the expense of privacy and liberty. Giving airline pilots firearms, reinforcing cockpit doors, better authentication of airport maintenance workers, armed air marshals travelling on flights and teaching flight attendants karate are all examples of suggested security measures that have no effect on individual privacy or liberties. Security measures that reduce liberty are most often found when system designers fail to take security into account from the beginning. They're BandAids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedom. Take, as an example, securing a room. Option one: convert the room into an impregnable vault. Option two: put locks on the door, bars on the windows and alarms on everything. Option three: don't secure the room; instead, post a guard to record and check the identity of everyone entering. Option one is the best, but is unrealistic. No vault is impregnable, getting close would be extremely expensive, and turning a room into a vault greatly reduces its usefulness as a room. Option two is the realistic best, combining the strengths of prevention, detection and response to achieve resilient security. Option three is the worst, as it is far more expensive than option two, and the most invasive and easiest to defeat of all three options. It's also a sign of bad planning: designers built the room, and only then realized that they needed security. Rather than installing door locks and alarms, they take the quick way out and invade people's privacy.

A more complex example is Internet security. Preventive countermeasures help significantly to protect sites against `script kiddies' but fail against smart attackers. Detection and response are key to providing security on the Internet. My company catches hackers all the time, by monitoring the audit logs of network products: firewalls, IDSs, routers, servers and applications. We don't eavesdrop on legitimate users, read mail or otherwise invade privacy. We monitor data about data, and find abuse that way. We detect yesterday's attacks by watching for their signatures, and tomorrow's by noticing and investigating anomalies. We can respond in time to thwart these attacks. This monitoring doesn't work automatically; it requires people to separate real attacks from false alarms, to investigate anomalies and to pursue attackers relentlessly. It's not perfect, but combined with preventive security products it is more effective, and more cost-effective, than anything else. There are strong parallels between Internet security and the real world. All criminal investigations look at surveillance records. The lowest-tech version of this is questioning witnesses. In the current investigation, the FBI is looking at airport videotapes, airline passenger records, flight-school class records and financial records. The effectiveness of the investigation is directly related to the quality of the examination. Some criminals and terrorists are copycats, who do what they've seen done before. To a large extent, this is what hastily implemented security measures try to prevent. But others invent new methods, as we saw on 11 September. We can build security to protect against yesterday's attacks, but we can't guarantee protection against tomorrow's: the hacker attack that hasn't been invented, or the terrorist attack still to be conceived. Demands for even more surveillance miss the point. The problem is not obtaining data, it's deciding which are worth analysing and interpreting. Everyone leaves an audit trail through life; the FBI quickly pieced together the terrorists' identities once it knew where to look. More data can even be counterproductive. The National Security Agency and the CIA have been criticized for relying too much on signals intelligence, and not enough on human intelligence. The East German police collected data on four million people, yet they did not foresee the overthrow of the government because they invested heavily in data collection instead of interpretation. We need more intelligence agents on the ground in the Middle East debating the Koran, not sitting in Washington arguing about wiretapping laws. People are willing to give up liberties for vague promises of security because they think they have no choice. What they're not being told is that they can have both. It would require us to discard the easy answers. It would require designers to build security into systems from the beginning instead of tacking it on at the end. It would require the structuring of incentives to improve overall security rather than simply decreasing its costs. And it would make us all more secure.

Some broad surveillance, in limited circumstances, might be warranted as a temporary measure. But surveillance should not be designed into our electronic infrastructure. As the saying popularized by Thomas Jefferson goes: "Eternal vigilance is the price of liberty." Historically, liberties have always been a casualty of war, but a temporary casualty. This war - a war without a clear enemy or end condition - has the potential turn into a permanent state of society. We need to design our security accordingly. Bruce Schneier is at Counterpane Internet Security, 19050 Pruneridge Ave, Cupertino, California 95014, USA. This is an edited version of an article in Crypto-Gram at www.counterpane.com. from Wired, 2001-Oct-17, by Declan McCullagh with Ben Polen contributing: Senator Backs Off Backdoors WASHINGTON -- Sen. Judd Gregg has abruptly changed his mind and will no longer seek to insert backdoors into encryption products. A spokesman for the New Hampshire Republican said Tuesday that Gregg has "no intention" of introducing a bill to require government access to scrambled electronic or voice communications. "We are not working on an encryption bill and have no intention to," spokesman Brian Hart said in an interview. Two days after the Sept. 11 attacks, Gregg strode onto the Senate floor and called for a global prohibition on data-scrambling products without backdoors for government surveillance. Gregg said that quick action was necessary "to get the information that allows us to anticipate and prevent what occurred in New York and in Washington." A few days later, Gregg told the Associated Press that he was preparing legislation "to give our law enforcement community more tools" to unscramble messages in hopes of fighting terrorists. Gregg received support from defense hawks, conservative columnists and some newspapers, and even a poll conducted by Princeton Survey Research Associates for Newsweek magazine. The poll asked: "Would you favor reducing encryption of communications to make it easier for the FBI and CIA to monitor the activities of suspected terrorists -- even if it might infringe on people's privacy and affect business practices?" Fifty-four percent of those polled answered "yes," and 72 percent said antiencryption laws would be "somewhat" or "very" helpful in thwarting similar terrorist attacks. Complicating the debate were conflicting reports about whether the Internetsavvy terrorists who attacked the World Trade Center and the Pentagon used encryption. Citing unnamed sources, Reuters reported "the hijackers did not use encryption," while WorldNetDaily claimed they did.

"There will be some point in the future where a criminal or terrorist uses encryption to pull off a horrific crime," says Mike Godwin, a policy fellow with the Center for Democracy and Technology. "What we have to ultimately recognize is that we're safer from those criminals if we have those encryption tools than we would be if we didn't have them." In response to then-FBI director Louis Freeh's entreaties, a House committee in 1997 approved a bill that would have banned the manufacture, distribution or import of any encryption product that did not include a backdoor for the federal government. The full House never voted on that measure. Many cryptographers and legal scholars believed that following a catastrophic terrorist attack, the U.S. Congress would move swiftly to impose backdoors on anyone manufacturing or distributing encryption products -- a requirement that would not only hamstring American firms, but wreak havoc in the open-source world. In a 1995 law review article, University of Miami law professor Michael Froomkin foresaw that possibility. He wrote: "In the wake of a great crime, perhaps by terrorists or drug cartels -- the detection of which could plausibly have been frustrated by encryption -- that which today looks clearly unconstitutional might unfortunately appear more palatable." "I've never been happier to be wrong," Froomkin said Tuesday. Froomkin said there may be a greater awareness among politicians of encryption's double-edged sword: It can cloak the communications of criminals, but shield the Internet from miscreants. "I think if they put a crypto provision in this bill, it would have passed," Froomkin said. "Look at what the administration got." Froomkin was talking about additional eavesdropping and surveillance powers requested by the Bush administration, which the Senate and the House overwhelmingly voted for last week. That bill is called the USA Act (PDF). After Gregg's floor speech following the Sept. 11 attacks, crypto-buffs mobilized to oppose laws limiting encryption. Rob Carlson, who organized an emergency meeting of activists the following weekend at the University of Maryland, said he's relieved to hear Gregg appears to have changed his mind. "I'm glad to hear it's gone. Whether or not it's true is another matter," Carlson said. "(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again." from the Associated Press, 2001-Sep-21: Gregg wants codes, secrets unscrambled

CONCORD Computer software companies would have to install a backdoor for law enforcement agencies to unscramble secret messages on phones, emails and other communications used by suspected terrorists under a proposal by U.S. Sen. Judd Gregg, R-N.H. We are in a new world and we have to give our law enforcement community more tools, Gregg said yesterday. Were blind . . . as to what these people want to do to us, he added. We need this information. Some investigators say suspected terrorist Osama bin Laden has used scrambled messages, steganography a complex digital masking technology to send photos over the Internet bearing hidden messages and pornography Web sites to communicate with collaborators. If investigators are given the technological capability to intercept these messages, they may have a better chance of anticipating events similar to the terrorist attacks in New York and Washington on Sept. 11, Gregg said. He pointed out that before the attacks, former FBI Director Louis Freeh identified encryption capability as the greatest problem the agency faced. But critics of Greggs proposal are unimpressed. David Sobel, general counsel of the Washington-based Electronic Privacy Information Center, noted its an old issue and lawmakers have rejected similar measures. If the argument is that terrorists are currently using encryption technology passing a law is not going to take that technology out of their hands, he said. Some critics point to reports that bin Laden purposely shunned communications technologies to stymie efforts to track him relying instead on messengers and close-knit groups such as family members. I think the senator is wasting his time, said Richard Smith, chief technology officer of the Privacy Foundation, a Denver-based non-profit that researches privacy issues. I dont think encryption is used that much. Its just a minor issue in the scheme of things. Critics also say the measure would infringe on individual privacy. Claire Ebel, director of the New Hampshire Civil Liberties Union, compared the proposal to allowing the government to open any sealed letter addressed to anyone in the country. Although the average person doesnt send encrypted e-mail messages, it is a widespread security means used by businesses and when citizens make Internet transactions with their credit cards, experts say.

Gregg, who is still drafting the measure, stresses it would be used cautiously. Police agencies could access encryption keys only with permission from a quasijudicial commission appointed by the U.S. Supreme Court, and their requests would be subject to search and seizure standards, he said. Greggs goal is to make it mandatory for U.S. companies to provide law enforcement agencies a backdoor to decode messages. As for foreign companies, the U.S. should use its marketplace power to insist that international businesses comply with those requirements, he said. Gene Poteat, president of the Association of Former Intelligence Officers, said he hopes the recent attacks will provide the impetus to move the bill forward. He believes the measure is necessary to fight terrorism. We dont want to give up our Constitutional rights and freedoms, he said. But I want my children to be safe. from CNET via MSNBC, 2001-Sep-18, by Wendy McAuliffe: Americans back encryption controls 72 percent say new laws could help prevent repeat of attacks LONDON, Sept. 18 - A poll in the United States has found widespread support for a ban on "uncrackable" encryption products, following proposals in Congress to tighten restrictions on software that scrambles electronic data. The survey found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C. The poll, conducted by Princeton Survey Research Associates on Sept. 13 and 14, reveals that the question of banning encryption tools without "backdoors" for government interception is under serious debate in the United States. Congress was quick to blame sophisticated encryption methods for the massive intelligence failure last week and is proposing that government officials should have backdoor access to encryption products to aid national security. The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers. Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future. But privacy groups have accused Congress of political and economic opportunism-influencing public opinion while the nation is still coming to terms with last week's unprecedented events.

"No one should ever trust figures collected in the aftermath of a disaster; people are confused and emotional and will be led easily by imagery," said Simon Davies, director of human-rights group Privacy International. "It would be extremely irresponsible to shape public policy in response to a tragedy." In the United Kingdom, the Home Office is scheduled this winter to enforce the final stages of the Regulation of Investigatory Powers Act (RIPA), which will grant law enforcement the power to demand decryption keys from the place where data is encrypted. Privacy groups are concerned that Britain's enthusiasm for a unilateral global approach toward surveillance could re-energize the key escrow debate. Key escrow is a controversial mechanism whereby individuals and businesses must lodge a decryption key with a government-appointed body in case lawenforcement officials need to decrypt the data. "I expect that the U.K. government will do everything in its power to claw back the ground that they lost in the public debate over RIPA," Davies said. "If it means subverting and amending legislation, the Home Office will propose this, and it will go through Parliament on the nod. Such a move would be a travesty and subvert the democratic process." from the New York Times, 2001-Sep-15, by Robin Toner: Some Foresee a Sea Change in Attitudes on Freedoms WASHINGTON, Sept. 14 - The political pressure to do something - anything - to ensure that there is never a repeat of this week's terrorist attacks is immense on Capitol Hill. And civil liberties advocates are watching with quiet concern. Across the political spectrum, lawmakers are arguing that the United States has entered a new and more dangerous era that demands heightened security measures, including armed guards on commercial airliners and greater surveillance powers for federal agents. Senator Trent Lott, the Republican leader, declared the day after the attacks: "When you are at war, civil liberties are treated differently. We cannot let what happened yesterday happen in the future." The attitude shift is not confined to conservative Republicans. Representative Barney Frank, Democrat of Massachusetts, said, "The general assumption in this country is freedom and individual privacy." But he added, "When conditions turn adverse, you respond to them." In his case, Mr. Frank said, "I think I will be more supportive of more freedom for electronic surveillance than I was before, and I think more of an armed presence on airplanes." Civil liberties groups, while initially muted as the nation grieved, were just beginning to voice their concerns today.

"It's very important at a time of crisis to reaffirm national principles, national ideals," said Marc Rotenberg, director of the Electronic Privacy Information Center. "I certainly understand the sense of frustration and tragedy - my own family has been touched by what's happened this week - but it would be an enormous cost to severely limit American freedoms." Some advocates were dismayed by a proposal the Senate approved on Thursday night that would, among other things, make it easier for federal law enforcement to wiretap computers. Senator Jon Kyl, Republican of Arizona, who is a member of the Senate Intelligence Committee, declared: "We are in a race to the finish line with agents of terror. Will we enhance our security and defenses before they are able to strike again?" But Barry Steinhardt, associate director of the American Civil Liberties Union, said today, "This amendment proposes significant and dangerous changes to our wiretapping laws and should not have been adopted literally in the middle of the night without debate or scrutiny." Civil liberties groups are also concerned about ideas like expanding use of facerecognition technology, which allows security cameras tied to computers to search a crowd for criminals. Representative Martin T. Meehan, Democrat of Massachusetts, said: "I don't think we've done a good enough job in this country utilizing the technology available, like facial recognition technology. We need to make greater investments there." Mr. Meehan, who was interviewed while the Capitol was being evacuated on Thursday night, also felt that the nation's attitudes had fundamentally changed after the attacks. "Given this unspeakable act, Americans will tolerate some restraint on their liberties for the sake of security," he said. And polling suggests that they are more than willing to make that tradeoff. With many of these proposals, like face-recognition systems, "we have to really reflect on how much we value privacy," said Walter Dellinger, who served as acting solicitor general in the Clinton administration. "With terrorism, our only defense might be infiltration and surveillance," Mr. Dellinger said, "so we're going to have to choose between security and privacy." To monitor such proposals from both Congress and the administration in the coming months, a new coalition of civil rights, civil liberties, religious and other organizations is beginning to form, advocates said. Already, such groups were sounding the alarm about the possibility of a backlash and discrimination against Arab-Americans.

In part, such fears are a reaction to history. "We know what happened post- Pearl Harbor; we know what happens when you have these national security situations," said Ralph Neas, president of People for the American Way, a liberal rights group, recalling the wartime relocation and internment of Japanese- Americans after the 1941 attack. "Many times," Mr. Neas said, "there are overreactions, not based on fact or careful analysis, that lead to a violation of the Constitution." from Wired Magazine, 2001-Sep-13, by Declan McCullagh: Congress Mulls Stiff Crypto Laws WASHINGTON -- The encryption wars have begun. For nearly a decade, privacy mavens have been worrying that a terrorist attack could prompt Congress to ban communications-scrambling products that frustrate both police wiretaps and U.S. intelligence agencies. Tuesday's catastrophe, which shed more blood on American soil than any event since the Civil War, appears to have started that process. Some politicians and defense hawks are warning that extremists such as Osama bin Laden, who U.S. officials say is a crypto-aficionado and the top suspect in Tuesday's attacks, enjoy unfettered access to privacy-protecting software and hardware that render their communications unintelligible to eavesdroppers. In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance. "This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," Gregg said, according to a copy of his remarks that an aide provided. President Clinton appointed an ambassador-rank official, David Aaron, to try this approach, but eventually the administration abandoned the project. Gregg said encryption makers "have as much at risk as we have at risk as a nation, and they should understand that as a matter of citizenship, they have an obligation" to include decryption methods for government agents. Gregg, who previously headed the appropriations subcommittee overseeing the Justice Department, said that such access would only take place with "court oversight." Gregg, the GOP's chief deputy whip, predicted that without such a requirement, "the quantum leap that has occurred in the capacity to encrypt information" will frustrate the U.S. government's efforts to preserve the safety of Americans. Gregg's speech comes at a time when privacy and national security, long at odds, had reached an uneasy detente. In response to business pressure and the

reality of encryption embedded into everything from Linux to new Internet protocols, the Clinton administration dramatically relaxed -- but did not remove -regulations intended to limit its use and dissemination. Janet Reno, Clinton's attorney general, said in September 1999 that the new regulations struck a reasonable balance between privacy and security. "When stopping a terrorist attack or seeking to recover a kidnapped child, encountering encryption may mean the difference between success and catastrophic failures," Reno said at a White House briefing. "At the same time, encryption is critically important for protecting our privacy and our security." Now the balance has abruptly shifted -- and new laws that were unthinkable just three days ago are, suddenly, entirely plausible. As a measure of how suddenly the political winds have shifted from business to national security, consider this: Gregg recently has won 100 percent ratings from the National Federation of Independent Business and the U.S. Chamber of Commerce. An Associated Press dispatch on Thursday, written by Dafna Linzer, reports: "These days, terrorists can download sophisticated encryption software on the Internet for free, making it increasingly difficult to tap into their communications." The Los Angeles Times, in an article by Charles Piller and Karen Kaplan, predicted "calls for new restrictions on software encryption." Frank Gaffney, head of the Center for Security Policy, a hawkish think tank that has won accolades from all recent Republican presidents, says that this week's terrorist attacks demonstrate the government must be able to penetrate communications it intercepts. "I'm certainly of the view that we need to let the U.S. government have access to encrypted material under appropriate circumstances and regulations," says Gaffney, an assistant secretary of defense under President Reagan. Gaffney said that he's unsure, however, if a global encryption-restriction regime is wise: "I'm not sure if I'm in favor of trying to foster an international regime whereby hostile goverments, or for that matter governments that may not be hostile at the moment but may be hostile in the future, can take advantage of backdoors." Instead of privacy being in the minds of legislators, as it was until Tuesday, domestic security concerns have become paramount. The four hijacked airplanes and the disasters they created have abruptly returned the debate on Capitol Hill to where it was years ago, when FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use. "We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh told the

Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices." He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult." In response to the FBI director's entreaties, a House committee in 1997 approved a bill that would have banned the manufacture, distribution, or import of any encryption product that did not include a backdoor for the federal government. The full House never voted on that measure. Another Clinton administration initiative was the Clipper Chip, a cryptographic device that included both a data-scrambling algorithm and a method for certain goverment officials to decode intercepted, Clipper-encoded communications. After a public outcry, the federal government eventually abandoned its plans to try to convince American businesses to build Clipper-enabled products. Gregg, in his speech Thursday, said that the kind of court oversight Clipper was intended to have would let "our people have the technical capability to get the keys to the basic encryption activity." It's far too early to know how serious foes of encryption are, what kind of a hearing business and privacy lobbyists will receive on Capitol Hill, and whether Democratic and Republican leaders will encourage or discourage Gregg's approach. But some of encryption's brightest lights are already worrying about the effect of Draconian new laws and regulations. In a post to a cryptography mailing list that he moderates, Perry Metzger wrote: "Cryptography must remain freely available to all." "In coming months, politicians will flail about looking for freedoms to eliminate to 'curb the terrorist threat.' They will see an opportunity to grandstand and enhance their careers, an opportunity to show they are 'tough on terrorists,'" wrote Metzger, president of Wasabi Systems of New York City. "We must remember throughout that you cannot preserve freedom by eliminating it." During the early and mid 1990s, when e-mail was a rarity and good encryption programs even more scarce, it was easy for encryption's proponents to argue that terrorists and other malcontents were not cloaking their communications. Now, with readily available applications like hushmail.com and PGP, crypto buffs are left with one less argument than before. Matt Blaze, the AT&T Research scientist who was a chief critic of Clipper, said in an essay this week that: "I believed then, and continue to believe now, that the benefits to our security and freedom of widely available cryptography far, far outweigh the inevitable damage that comes from its use by criminals and terrorists."

Wrote Blaze: "I believed, and continue to believe, that the arguments against widely available cryptography, while certainly advanced by people of good will, did not hold up against the cold light of reason and were inconsistent with the most basic American values." In an open letter this week, cypherpunk co-founder Eric Hughes offered a public plea not to restrict privacy or anonymity -- such as that offered by anonymous remailers -- in an attempt to preserve national security. "We will find that there are internal champions of liberty that have without conspiracy or knowledge furthered the plans of our opponents, who have taken advantage of the liberties that America offers all who enter her shores," Hughes predicted. from Wired Magazine, 2001-Feb-7, by Declan McCullagh: Bin Laden: Steganography Master? WASHINGTON -- If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet. So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using messagescrambling techniques to evade law enforcement. USA Today reported on Tuesday that bin Laden and others "are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, pornographic bulletin boards and other websites, U.S. and foreign officials say." The technique, known as steganography, is the practice of embedding secret messages in other messages -- in a way that prevents an observer from learning that anything unusual is taking place. Encryption, by contrast, relies on ciphers or codes to scramble a message. The practice of steganography has a distinguished history: The Greek historian Herodotus describes how one of his cunning countrymen sent a secret message warning of an invasion by scrawling it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank. Both Axis and Allied spies during World War II used such measures as invisible inks -- using milk, fruit juice or urine which darken when heated, or tiny punctures above key characters in a document that form a message when combined. Modern steganographers have far-more-powerful tools. Software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files, that are sent to a recipient.

The software usually works by storing information in the least significant bits of a digitized file -- those bits can be changed without in ways that aren't dramatic enough for a human eye or ear to detect. One review, of a graphical image of Shakespeare before and after a message was inserted, showed JPEG files that appeared to have no substantial differences. Steghide embeds a message in .bmp, .wav and .au files, and MP3Stego does it for MP3 files. One program, called snow, hides a message by adding extra whitespace at the end of each line of a text file or e-mail message. Perhaps the strangest example of steganography is a program called Spam Mimic, based on a set of rules, called a mimic engine, by Disappearing Cryptography author Peter Wayner. It encodes your message into -- no kidding -what looks just like your typical, quickly deleted spam message. So if steganography is so popular, is there anything the feds can do about it? Some administration critics think the FBI and CIA are using potential terrorist attacks as an attempt to justify expensive new proposals such as the National Homeland Security Agency -- or further restrictions on encryption and steganography programs. The Clinton administration substantially relaxed -- but did not remove -regulations controlling the overseas shipments of encryption hardware and software, such as Web browsers or Eudora PGP plug-ins. One thing's for certain: All of a sudden, the debate in Washington seems to be heading back to where it was in 1998, before the liberalization. "I think it's baloney," says Wayne Madsen, a former NSA analyst and author. "They come out with this stuff. I think it's all contrived -- it's perception management." Three years ago, FBI Director Louis Freeh spent much of his time telling anyone who would listen that terrorists were using encryption -- and Congress should approve restrictions on domestic use. "We are very concerned, as this committee is, about the encryption situation, particularly as it relates to fighting crime and fighting terrorism," Freeh said to the Senate Judiciary committee in September 1998. "Not just bin Laden, but many other people who work against us in the area of terrorism, are becoming sophisticated enough to equip themselves with encryption devices." He added: "We believe that an unrestricted proliferation of products without any kind of court access and law enforcement access, will harm us, and make the fight against terrorism much more difficult." But Freeh never complained about steganography -- at least when the committee met in open session.

Some of the more hawkish senators seemed to agree with the FBI director, a former field agent. "I think the terrorist attacks against United States citizens really heighten your concern that commercial encryption products will be misused for terrorist purposes," said Sen. Dianne Feinstein (D-Calif). Sen. Jon Kyl (R-Ariz) added he was concerned about "the sophistication of the terrorists, the amount of money they have available (and) their use of technology like encryption." In March 2000, Freeh said much the same thing to a Senate Judiciary subcommittee headed by Kyl. He echoed CIA Director George Tenet's earlier remarks, saying: "Hizbollah, HAMAS, the Abu Nidal organization and Bin Laden's al Qa'ida organization are using computerized files, e-mail and encryption to support their operations." from Wired Magazine, 2001-Sep-14, by Declan McCullagh: Senate OKs FBI Net Spying WASHINGTON -- FBI agents soon may be able to spy on Internet users legally without a court order. On Thursday evening, two days after the worst terrorist attack in U.S. history, the Senate approved the "Combating Terrorism Act of 2001," which enhances police wiretap powers and permits monitoring in more situations. The measure, proposed by Orrin Hatch (R-Utah) and Dianne Feinstein (DCalifornia), says any U.S. attorney or state attorney general can order the installation of the FBI's Carnivore surveillance system. Previously, there were stiffer restrictions on Carnivore and other Internet surveillance techniques. Its bipartisan sponsors argue that such laws are necessary to thwart terrorism. "It is essential that we give our law enforcement authorities every possible tool to search out and bring to justice those individuals who have brought such indiscriminate death into our backyard," Hatch said during the debate on the Senate floor. Thursday's vote comes as the nation's capital is reeling from the catastrophes at the World Trade Center and the Pentagon, and politicians are vowing to do whatever is necessary to preserve the safety of Americans. This week, Sen. Judd Gregg (R-New Hampshire) called for restrictions on privacy-protecting encryption products, and Carnivore's use appears on the rise. In England, government officials have asked phone companies and Internet providers to collect and record all their users' communications -- in case the massive accumulation of data might yield clues about Tuesday's terrorist attacks. Under the Combating Terrorism Act, prosecutors could authorize surveillance for 48-hour periods without a judge's approval.

Warrantless surveillance appears to be limited to the addresses of websites visited, the names and addresses of e-mail correspondents, and so on, and is not intended to include the contents of communications. But the legislation would cover URLs, which include information such as what Web pages you're visiting and what terms you type in when visiting search engines. Circumstances that don't require court orders include an "immediate threat to the national security interests of the United States, (an) immediate threat to public health or safety or an attack on the integrity or availability of a protected computer." That covers most computer hacking offenses. During Thursday's floor debate, Sen. Patrick Leahy (D-Vermont), head of the Judiciary committee, suggested that the bill went far beyond merely thwarting terrorism and could endanger Americans' privacy. He also said he had a chance to read the Combating Terrorism Act just 30 minutes before the floor debate began. "Maybe the Senate wants to just go ahead and adopt new abilities to wiretap our citizens," Leahy said. "Maybe they want to adopt new abilities to go into people's computers. Maybe that will make us feel safer. Maybe. And maybe what the terrorists have done made us a little bit less safe. Maybe they have increased Big Brother in this country." By voice vote, the Senate attached the Combating Terrorism Act to an annual spending bill that funds the Commerce, Justice and State departments for the fiscal year beginning Oct. 1, then unanimously approved it. Since the House has not reviewed this version of the appropriations bill, a conference committee will be created to work out the differences. Sen. Jon Kyl (R-Arizona), one of the co-sponsors, said the Combating Terrorism Act would give former FBI Director Louis Freeh what he had lobbied for years ago: "These are the kinds of things that law enforcement has asked us for. This combination is relatively modest in comparison with the kind of terrorist attack we have just suffered." "Experts in terrorism have been telling us for a long time and the director of the FBI has been telling us (to make) a few changes in the law that make it easier for our law enforcement people to do their job," Kyl said. It's unclear what day-to-day effects the Combating Terrorism Act would have on prosecutors and Internet users. Some Carnivore installations apparently already take place under emergency wiretap authority, and some civil liberties experts say part of this measure would give that practice stronger legal footing. "One of the key issues that have surrounded the use of Carnivore is being addressed by the Senate in a late-night session during a national emergency," says David Sobel, general counsel of the Electronic Privacy Information Center.

A source close to the Senate Judiciary committee pointed out that the wording of the Combating Terrorism Act is so loose -- the no-court-order-required language covers "routing" and "addressing" data -- that it's unclear what its drafters intended. The Justice Department had requested similar legislation last year. "Nobody really knows what routing and addressing information is.... If you're putting in addressing information and routing information, you may not just get (From: lines of e-mail messages), you might also get content," the source said. The Combating Terrorism Act also expands the list of criminal offenses for which traditional, court-ordered wiretaps can be sought to explicitly include terrorism and computer hacking. Other portions include assessing how prepared the National Guard is to respond to weapons of mass destruction, handing the CIA more flexibility in recruiting informants and improving the storage of U.S. "biological pathogens." from Wired Magazine, 2001-Sep-12, by Declan McCullagh: Anti-Attack Feds Push Carnivore WASHINGTON -- Federal police are reportedly increasing Internet surveillance after Tuesday's deadly attacks on the World Trade Center and the Pentagon. Just hours after three airplanes smashed into the buildings in what some U.S. legislators have dubbed a second Pearl Harbor, FBI agents began to visit Webbased, e-mail firms and network providers, according to engineers at those companies who spoke on condition of anonymity. An administrator at one major network service provider said that FBI agents showed up at his workplace on Tuesday "with a couple of Carnivores, requesting permission to place them in our core, along with offers to actually pay for circuits and costs." The person declined to say for publication what the provider's response was, "but a lot of people" at other firms were quietly going along with the FBI's request. "I know that they are getting a lot of 'OKs' because they made it a point to mention that they would only be covering our core for a few days, while their 'main boxes were being set up at the Tier 1 carriers' -- scary," the engineer said. The FBI's controversial Carnivore spy system, which has been renamed DCS1000, is a specially configured Windows computer designed to sit on an Internet provider's network and monitor electronic communications. To retrieve the stored data, an agent stops by to pick up a removable hard drive with the information that the Carnivore system was configured to record. Microsoft's Hotmail service has also been the target of increased federal attention, according to an engineer who works there.

"Hotmail officials have been receiving calls from the San Francisco FBI office since mid-(Tuesday) morning and are cooperating with their expedited requests for information about a few specific accounts," the person said. "Most of the account names start with the word 'Allah' and contain messages in Arabic." By Tuesday evening, nearly 12 hours after the twin attacks that crippled Manhattan and left Washington deserted by mid-afternoon, it was unclear who was responsible. The Washington Post, citing anonymous government sources, reported that former Saudi businessman Osama bin Laden appears to be the prime suspect. In February, U.S. officials claimed that bin Laden had turned to data-hiding steganography software to conceal communications with his operatives by means of public websites. In Washington, use of data-scrambling encryption software is also frequently mentioned in conjunction with terrorists. "Uncrackable encryption is allowing terrorists Hamas, Hezbollah, al-Qaida and others to communicate about their criminal intentions without fear of outside intrusion," then-FBI Director Louis Freeh told a Senate panel last year. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Those comments, and the prospect of congressional reaction to Tuesday's terrorist attacks, have prompted some civil libertarians to fret about possible domestic regulation of encryption products. A few years ago, one House committee approved a bill that would have banned any encryption product without a back door entrance for the federal government. By Tuesday afternoon, at least one NBC affiliate had interviewed defense expert Jim Dunnigan, who warned that "PGP and Internet encryption" would be blamed for the attacks. "Those of us who value our liberty, even in the face of danger, will need to be vigilant in the days to come," says Thomas Leavitt, an online activist who cofounded Webcom. Other civil libertarians say it's a mistake to believe that the U.S. government will overreact to Tuesday's disasters. Marc Rotenberg of the Electronic Privacy Information Center said he believes that the better approach is to argue that the U.S. must not allow a terrorist attack on our form of open government to succeed. It's too early to tell whether he's right or not, but by late Tuesday, operators of anonymous remailers were already so worried about being conduits for terrorist communications -- or being blamed for the communications, rightly or wrongly -that they pulled the plug. Operator Len Sassaman said in a post to a remailer-operators list: "I don't want to get caught in the middle of this. I'm sorry. I'm currently unemployed and don't

have the resources to defend myself. At this point in time, a free-speech argument will not gain much sympathy with the Feds, judges and general public." Remailers forward messages but remove the originating information, so that the resulting e-mail is anonymized. They customarily don't keep logs, so if the system works as designed, it should be nearly impossible for anyone to find who sent the message. from the Los Angeles Times, 2001-Sep-12, by Charles Piller and Karen Kaplan: Officials Call for More Net Security But technical experts say new surveillance efforts would not deter terrorism because of the high level of encryption. Politicians and policymakers on Tuesday called for the broader use of technology to flag terrorism attacks. But technical experts said increased monitoring of Internet messages and data would do little to deter terrorist attacks because sophisticated encryption technology already makes their messages unreadable. "The idea that we can magically install technology to prevent [terrorism] is the wrong way to think," said Bruce Schneier, chief technology officer of Counterpane Internet Security in San Jose, and a noted cryptographer. "You can't eavesdrop on everybody--it doesn't work, you don't have the resources." But in Washington, the former chairman of the Senate Select Committee on Intelligence expressed strong support Tuesday for modernizing the National Security Agency, the federal agency that conducts most of the nation's electronic spying. "We've got to modernize the NSA," said Sen. Richard C. Shelby (R-Ala.), the ranking Republican on the Senate Select Committee on Intelligence. "The NSA used to be on the cutting edge of technology. A lot of people think they've fallen way behind." Rep. Christopher Cox (R-Newport Beach), chairman of the House Select Committee on National Security, said he would not support draconian new surveillance efforts. "Frisking everyone on the planet to find the one person with the weapon is a high-cost, low-yield way to go. That's a fair analogy to searching through everyone's e-mail," Cox said. "Not only do such schemes threaten civil liberties, they are such scattershot approaches that they're bound to fail. . . . The notion that we can reorganize every aspect of civil society to protect against terrorism is fool's gold." Rep. Bob Stump (R-Ariz.), chairman of the House Armed Services Committee, urged more emphasis on developing spy networks. "We can listen to anybody around the world talking on the phone that we want to. [But] we can't penetrate these groups," he said. "We've said for a long time that we've been short on human intelligence."

Civil libertarians found such sentiments reassuring, but predicted there would be pressure to implement more Big Brother-style technological responses. This could include calls for new restrictions on software encryption, and the increased use of biometric monitors in public places. Biometrics precisely measure physical characteristics--such as facial contours or eye color--as a means of positively identifying individuals. But the mass use of such methods has proved unreliable, according to experts. At the 2001 Super Bowl in Tampa last January, about 100,000 fans were scanned by secret cameras to snare criminals in the crowd. "To these systems . . . one out of every 50 people looks like [the infamous terrorist] Carlos the Jackal," Jim Wayman, a biometrics expert at San Jose State University, said at the time. "And the real Carlos has only a 50% chance of looking like himself." Wholesale biometric screening also has been criticized as a threat to personal privacy. "When you have a national catastrophe, there's a very quick and swift reaction to try and give lots of security at the expense of civil liberties," said Shari Steele, executive director of the Electronic Frontier Foundation in San Francisco. "There has always been a tension between security and freedoms." from Newsweek online via MSNBC, 2001-Sep-11, by Steven Levy: Did Encryption Empower These Terrorists? And would restricting crypto have given the authorities a change to stop these acts? Sept. 11 - "Well, I guess this is the end now. . . ." So wrote the first Netizen to address today's tragedy on the popular discussion group, sci.crypt. The posting was referring what seems like an inevitable reaction to the horrific terrorist act: an attempt to roll back recent relaxations on encryption tools, on the theory that cryptography helped cloak preparations for the deadly events. But the despondency reflected in the comment can be applied more generally. The destruction of the World Trade Center and the attack on the Pentagon comes at a delicate time in the evolution of the technologies of surveillance and privacy. In the aftermath of September 11, 2001, our attitude toward these tools may well take a turn that has profound implications for the way individuals are monitored and tracked, for decades to come. The first issue on the docket will be the fate of tools that enable citizens to encrypt their e-mail, documents and phone conversations as they zip through cyberspace and the ether. Over the past decades there have been heated debates over whether this technology should be restricted-as it can clearly

benefit wrong-doers as well as businesspeople and just plain average people. The prime government argument in favor of restrictions invoked the specter of precisely this kind of atrocity. Quite literally, it was the fear of "another World Trade Center" that led the Clinton administration in the 1990s to propose a system whereby people could encode their e-mails and conversations, but also provide the Feds with a "back-door" means of access. Now that those fears have come to pass, it's fair to ask those who lionized crypto as a liberating tool to face a tough question: Did encryption empower these terrorists? And would restricting crypto have given the authorities a chance to stop these acts? The answer to the first question is quite possibly yes. We do know that Osama Bin Laden, who has been invoked as a suspect, was a sophisticated consumer of crypto technology. In the recent trial over the bombing of the Libyan embassy, prosecutors introduced evidence that Bin Laden had mobile satellite phones that used strong crypto. Even if Bin Laden was not behind it, the acts show a degree of organization that indicates the terrorists were smart enough to scramble their communications to make them more difficult, if not impossible, to understand. If not for encryption, notes former USAF Col. Marc Enger (now working for security firm Digital Defense) "they could have used steganography [hiding messages between the pixels of a digital image] or Web anonymizers [which cloak the origin of messages]." But that doesn't mean that laws or regulations could have denied these tools to the terrorists. After all, many of the protocols of strong cryptography are in the public domain. Dozens of programs were created overseas, beyond the control of the U.S. Congress. The government used to argue that allowing crypto to proliferate, particularly to the point of being built into popular systems made by Microsoft or AOL, would empower even stupid criminals. But these were sophisticated terrorists, not moronic crooks. Before September 11, commercial interests, privacy advocates and most in the government had reached a sort of common ground, balancing high-tech with threats. Cryptography was regarded as a fact of life, one with some benefit to national secruity as well as risks. (In an age of Info-Warfare, we are the most vunerable nation, and cryptography can help secure our infrastructure.) Intelligence agencies could make up for the difficulties that crypto creates for them by several means, including heightened work in codebreaking, more use of "human assets" (spies), and-most of all-taking advantage of the bounty of new information that the telecom revolution has forced out into the open. E-mail, pagers, faxes, cell phones, Blackberries, GPS systems, Web cookies-every year another device or system seems to emerge to expose information to eavesdroppers. Even if terrorists encrypt content on some of those tools, simply tracking who talks to whom, and measuring the volume of messages, can yield crucial intelligence. (Indeed, this form of "traffic analysis" did produce evidence that was used in the Embassy bombing trial.) The challenge to our spy agenciesone tragically not met this time around-is to use those means to compensate for whatever information might have been lost to encryption.

Beyond the crypto issue are a raft of controversies involving other technologies of surveillance. Before this attack, there was a general feeling that we would see legislation to protect privacy on the Web and perhaps limit tools that threatened civil liberties. Some feared that face-scanning devices like the one used at the last Super Bowl can track individuals as they move from one publicly mounted surveillance camera to another. There was criticism directed toward the FBI's "Carnivore" device, capable of scooping up massive numbers of e-mails from Internet service providers. There was concern over Web bugs that tracked people's movements on the Internet. There were objections to the Department of Justice's scheme to insure that cell phones were also tracking devices, presumably to aid 911 services, but potentially becoming homing devices to follow our roamings. Until today, a pro-privacy consensus was building. Will those concerns be set aside in the rush to do something-anything-to assure ourselves that we can prevent another September 11, 2001? Privacy advocate Richard Smith anticipates big changes in airport security, but not necessarily a reboot on overall privacy outlook. "Those types of restrictions just don't work against people like [these terrorists]," he says. Let's hope that he's right-that wisdom and courage, and not fear, dictates future policy. Otherwise, the legacy of this terrible day may become even more painful. from PRIVACY Forum Digest 08.07 1999-May-4, by Dick Mills: Date: Mon, 19 Apr 1999 20:55:04 -0400 From: Dick Mills <dmills@albany.net> Subject: Activism Without Principles is Futile As I read the most recent issue, PRIVACY Forum Digest Volume 08 : Issue 06, I was struck by the repetitive nature of the privacy gripes. They follow a common theme. We have a laudable motive for intrusion that must be "balanced" with a privacy interest. Because there can never be unanimity about laudability, balances are always compromises. I'm sick and tired of balancing my privacy. Thousands of times per year we balance away some tiny bit of it. After a long time, big mountains are eroded to molehills, one grain of sand at a time. If our approach to protecting privacy is to strike balance after balance, the end result is inevitable. We loose. In the USA, our primary claim to a legal right to privacy comes from Warren and Brandeis' famous 1890 essay. But their concept of "reasonable expectation of privacy" is deficient. What is reasonable to expect today is less than it was in 1890, and it will be still less tomorrow and the day after that. Reasonable expectation is a slippery and increasingly steep slope. The slide down is a one way trip.

Every time one of us says, "Because of your laudable motives, I approve of your intrusion of someone else's privacy," we lower the bar of reasonable expectation another notch. Laudable motives are seldom considered justification to encroach upon the rights of speech or religion. We consider those rights absolute, not relative. We try to hold them inviolate. Are there no inviolate principles of privacy? If privacy activism is worthwhile, then we must foresee the point where the general erosion of privacy will bottom out and perhaps rebound. If that's not reasonably foreseeable, what's the point? -Dick Mills http://www.albany.net/~dmills Big Brother's Camera Tomorrow, as millions of Americans drive to Fourth of July celebrations, many will encounter a worrisome new import from Europe: photo radar traps that automatically send traffic violators a ticket. While such devices could be a useful tool in discerning traffic patterns or dangerous intersections, right now they're little more than Orwellian cash cows. Camera technology has been used for years in countries like England and France to catch those who speed or run red lights. A machine-generated ticket arrives in the mail with a de facto presumption of guilt, and in almost all cases it costs more to go to court than pay the fine. Unlike normal tickets, no points are added to a driver's record. That fact helps give the government's game away: Many of the 50 U.S. cities with traffic cameras appear to be using them as a revenue-raising device with safety concerns taking a back seat. Last year, a notorious camera on Washington's Capitol Hill was shut down after police reluctantly agreed its huge ticket volume made it nothing more than a hightech trap. San Diego's red-light cameras were shuttered last month after a lawsuit uncovered documents showing the private contractor based almost all its camera placements on the volume of traffic and the length of the yellow waiting time. One intersection was rejected with the notation: "Long yellow, volume not there." A 1998 study by the Insurance Institute for Highway Safety found that some 80% of red-light violations occur in the first second of red. Safety engineers know how to deal with problem intersections by lengthening the yellow light. It's also possible that rather than fix traffic problems, cameras create a new one. Regular motorists on a road eventually learn where the cameras are, but newcomers don't know. This creates two different reactions to yellow lights or speed limits. Drivers slowing down suddenly can cause those behind them who are ignorant of the cameras to rear-end them.

from TPDL 2001-Jul-3, from the Wall Street Journal:

Nonetheless, government officials still insist the cameras are only there for safety reasons. "If Big Brother saves lives," says Florida's Palm Beach County Commissioner Burt Aaronson, "then I'm happy to be Big Brother." But Ontario, the largest Canadian province, scrapped radar speed-cameras in 1995 after Premier Mike Harris said: "We've concluded that photo-radar is a government cash grab." No kidding. Montgomery County, Maryland, has issued 54,000 camera citations since 1999 and county leaders now want to raise the fine for running a red light to $250 from $75. The federal government is also getting into the act. The National Park Service has posted two cameras along the George Washington Parkway in northern Virginia as a prelude to deploying them throughout its 5,000 miles of roads. House Majority Leader Dick Armey says the camera placement violates an executive order requiring a full review of any Park Service action that raises "novel legal or policy issues." Virginia Governor Jim Gilmore also opposes the cameras, and he and Mr. Armey hope to persuade Interior Secretary Gale Norton to drop the idea. It is hard to reconcile traffic camera tickets with a free society. There is no due process and no right to confront your accuser. Imaginative police chiefs are already coming up with new uses for the technology. Tampa, Florida's Ybor entertainment district has 36 mounted cameras that can capture images of up to eight people at a time and compare them with a computer database filled with the facial features of people wanted on active warrants. What's next? Cameras to catch those smoking, using cell phones or not wearing seat belts? We're all for traffic enforcement, but there is a danger that this technology could ultimately be used to monitor the comings and goings of citizens. In addition to marking an appreciation of the freedoms we enjoy, the Fourth of July could also use a little reflection on how to make sure we don't lose any of them. from BBC News Online, 2001-Aug-22, by BBC News Online technology correspondent Mark Ward: Warning over wiretaps Laws designed to catch computer criminals could result in a huge increase in the amount of covert surveillance carried out on British citizens by the police and intelligence services. The controversial Regulation of Investigatory Powers Act requires many companies providing communication services to install technology that allows up to one in 10,000 of their customers to be watched at the same time. Experts and lobby groups fear that this requirement could drive a "tenfold" increase in the number of wiretaps and threaten the fundamental rights to privacy of many citizens.

But the government said just because it would soon be possible to covertly watch thousands of people using phones, fax machines and the net, this did not mean that all these potential wiretaps will actually be used. People watching Last year the government pushed through the controversial Regulation of Investigatory Powers Act which was intended to update existing legislation to cope with the migration of life into more electronic forms. The Act also made it easier for law enforcement agencies to carry out surveillance on computer-savvy criminals, and to get hold of keys to unscrambled [unscramble -AMPP Ed.] encrypted data. The Act was criticised almost from the moment it was drafted by privacy watchdogs, lobby groups and business leaders. They said it gave too much power to police and intelligence services, placed too few safeguards on their actions, eroded rights to privacy and placed a heavy burden on companies forced to comply with it. Just how heavy a burden is now becoming clear. Section 12 of the RIP Act requires many large Communication Service Providers (any company offering telecommunication, net or data services) to put in place links to a government monitoring centre so law enforcement agencies can quickly turn on wiretaps to start watching suspects. The government is currently talking to all the organisations who will have to comply with this requirement on how to do it. Under current proposals large CSPs could be forced to install enough equipment to concurrently monitor one in 10,000 of their customers. The consultation period ends on 24 August. Watching worries Security experts, net thinktanks and lobby groups are worried that this demand could drive a huge increase in the number of wiretaps and the amount of covert surveillance carried out every year. "It could allow a tenfold increase in the current level of interceptions that are going on," said Caspar Bowden, director of internet thinktank the Foundation for Information Policy Research. According to the most recent figures, the government currently issues over 2000 interception warrants every year. If the one in 10,000 figure survives the consultation process, the amount of surveillance the government could carry out every year could rocket.

BT would have to install equipment to monitor over 2000 people just for its 21 million domestic customers. More equipment would have to be put in place to monitor business customers, or those using its mobile phones or net services. The only organisations exempt are CSPs servicing financial companies. Suspicious activity "The agendas being pursued here are not police agendas but intelligence agendas," said Tim Snape, head of West Dorset Internet and a member of the industry committees debating the regulations. He fears that the intelligence services will be able to carry out "trawling" expeditions to look for suspicious activity rather than restrict surveillance to individuals as they are forced to do now. But a Home Office spokesman said just because there was the potential to covertly watch thousands of citizens did not mean the government would actually use all of it. He said: "The capacity maybe there but there's no indication that it would all be used." He added that that one in 10,000 figure was a "maximum" and the restrictions the RIP Act places on the issuing of interception warrants would likely limit the amount of wiretapping carried out. Net experts dispute this interpretation and said that the RIP Act actually makes it easier for police forces to get initial approval for surveillance and to renew warrants. Assistant Information Commissioner Francis Aldhouse said: "Interceptions should be authorised by judicial warrant, but that's not the policy that has been adopted." He added that any interference with communications is interference with a fundamental human right guaranteed by the European Convention on Human Rights which is already part of UK law. from TPDL 2001-Sep-3, from the Los Angeles Times, by Jube Shiver Jr., staff writer: Single-Number Plan Raises Privacy Fears Technology: System would link telephones, faxes and Web addresses while creating giant databases. WASHINGTON -- A controversial technology under development by the communications industry that links Internet addresses with phone numbers has quietly picked up key government support as concern mounts among critics that the technology will broadly undermine privacy.

The technology, known as e-number, or ENUM, would link phone numbers to codes that computer servers use to route traffic on the Web. Proponents say the technology would improve communication for consumers and marketers alike. The industry envisions a sophisticated electronic address book that would be able to direct messages to virtually any fax machine, computer or telephone, using a new 11-digit e-number. As a result, a fax could be sent to someone who lacked a fax machine but had an e-mail address. Likewise, cell phone users would only have to key in 11-digits to send e-mail, not a cumbersome alphanumeric address. But privacy advocates fear the system could undermine online privacy and erode the security of the public phone system as well. They worry that the system would destroy a pillar of Internet privacy: the assumption by users that they enjoy anonymity in cyberspace. The government's endorsement of the technology, disclosed in interviews and outlined in an Aug. 21 letter distributed to an industry group, is seen as critical in pushing it forward. "The United States does see merit in pursing discussions regarding implementation of a coordinated, global [system] . . . for ENUM," Julian E. Minard, a State Department advisor to the International Telecommunication Advisory Committee, wrote to representatives of AT&T and other companies. But Minard cautioned in the letter that aspects of the technology advocated by industry "go beyond what is prudent or necessary." ENUM is likely to be voluntary, requiring users to sign up for the service. But privacy experts say it will not be worth the time and investment the industry is making in the technology unless it is widely used. So they expect ENUM will be aggressively promoted. "We believe that ENUM raises serious questions about privacy and security that need to be addressed before it's widely deployed," said Alan Davidson, associate director of the Center for Democracy and Technology, a privacy watchdog group based in Washington. "They are promoting this as a system that is going to make it really easy for people to find you in all kinds of ways. Well, we want to make sure that consumers can opt out if they don't want to be found." Today, vigilant Web surfers can maintain a high degree of anonymity because email and other Web addresses contain little personal information. What's more, Web addresses under aliases can easily be created to cloak the identity of the sender. As a result, marketers have been forced to spend millions of dollars to get Web surfers to voluntarily give up personal information. By contrast, a phone number has a wealth of personal information associated with it, including a street address, billing records and dialing data. Marrying such information to Web addresses would represent a leap in private data

warehousing in cyberspace and dramatically increase the risk of privacy invasions, experts say. "Someone could write a program to query the ENUM database and obtain every line of your contact information and send spam to every communications device you own," said Chris Hoofnagle, legislative director of the Electronic Privacy Information Center in Washington. Hoofnagle added that industry claims that consumers would be able to opt out of the system, or otherwise protect their private information, are hollow. "There could be coercion down the road [by marketers] to push consumers to use ENUM to store their contact information. Absent legislation, there is likely to be abuse." Since the Federal Communications Commission regulates the nation's telephone industry and the Commerce Department administers key contracts that allow private firms such as Mountain View, Calif.-based Verisign Inc. to register Internet domain names, the government is likely to play a powerful role in the outcome of ENUM. Its backing of further ENUM development is the most significant support yet for the technology. It comes as a newly created industry group, called the ENUMForum, agreed last week to an ambitious schedule to conclude work on ENUM by next May. "This is a big milestone," Gary W. Richenaker, of Telcordia Technologies Inc., said of the group's first meeting last Monday. Richenaker, who chaired the gathering, said that officials of the State Department, Federal Trade Commission and Commerce Department attended. ENUM would work by combining two massive electronic databases: North American telephone numbers now administered by a Washington company called NeuStar Inc. and the main database that routes Internet messages, which is largely controlled by Verisign. An ENUM address reverses a standard phone number and appends "e164.arpa" to it. For example, the toll-free directory assistance number would be converted to ENUM would recognize both the e164.arpa address and the phone number as belonging to directory assistance. With some software tweaks to the current Internet system, computers could be made to route messages to such 11-digit ENUM addresses in much the same way they now use up to 12-digits to send e-mail and display Web pages. Although industry engineers recently completed technical specifications for ENUM, AT&T, Cisco Systems Inc., SBC Communications Inc. and more than 20 members of the ENUM-Forum agreed last week to work out additional critical details of the system.

ENUM-Forum players also include AOL Time Warner Inc., British Telecommunications plc and NetNumber.com Inc.--a Web start-up that has been operating a private, volunteer ENUM system for nearly a year. The companies will tackle operational and security issues, such as who would be authorized to make service changes. Phones are ordinarily associated with street addresses, not individuals, so businesses and households with more than one person or phone would need to determine who has control over the ENUM associated with the phones. The State Department's Minard said his Aug. 21 letter reflected the input of several government agencies but termed the document a "draft" that could change as industry details about ENUM evolve. Minard declined to elaborate on the misgivings expressed about ENUM in the letter. Other sources say ENUM is most strongly supported by the Commerce Department, while the FCC and State Department remain wary of the potential political fallout from embracing the technology. The industry, too, is divided over how much the government should be involved. The heavily regulated telephone industry supports a broader government role than do Internet companies such as Verisign and AOL Time Warner. Stacy M. Cheney, an attorney for the Commerce Department, said the government has not decided whether to play any regulatory role. But he said officials support "continuing discussions" on ENUM and would send representatives to a Sept. 12 meeting of an International Telecommunication Union panel to discuss the technology. Industry officials liken ENUM's potential effect to the introduction of touch-tone dialing in 1963. That advance paved the way for a host of modern phone features, including the ability to bank by phone and navigate voicemail menus. ENUM "could be a huge boon to Internet telephony and basic communications convergence," said Aristotle Balogh, vice president of technology at Verisign. ENUM, however, may never be embraced by businesses or consumers because of the privacy concerns. The technology will also require support from Internet service providers, software developers, phone carriers and others. Still, ENUM is expected to gain momentum with the government's support. It could also get a big boost from efforts by Microsoft Corp. and AOL Time Warner to make new versions of their software support ENUM technology. from NewsMax, 2001-Mar-31, by David M. Bresnahan: Fingerprint May Soon Be Needed to Buy Groceries The day will come when you put your finger on a scanning device to prove who you are before you engage in transactions at retail stores, ATMs, banks and

even when you buy groceries. One company making such a device is engaged in a pilot project with the nation's largest grocery chain. Biometric Access Corp. has teamed up with four Kroger stores in the Houston area to test a point-of-sale finger-scanning device for retail transactions. The pilot project has been under way for just over a year and is working well, even though some customers don't like it, according to Kroger spokesman Gary Huddleston. The Kroger stores are using the device to provide positive identification for payroll check cashing, not for actual sales. Huddleston says customer acceptance is one of the challenges that must be overcome if the device is to be used for all transactions. "Many customers have seen the value of the security in the system. The finger image is positive identification," Huddleston told NewsMax.com in a phone interview. He said a personal identification number was not very secure. Will the finger-image scanner become common in all retail stores in the future? "I'm sure it will," said Huddleston. "Customer acceptance is one challenge, and cost is the other challenge. As soon as we overcome those." Use of the finger image for check cashing at the four pilot Kroger stores is optional, but Huddleston said most customers use it once they understand how it works and that they can get their check cashed faster if they submit to the fingerimage scan The finger-image scanner can easily be used for all point-of-sale transactions, including the use of checks, credit cards and debit cards, according to Biometric Access Corp. spokesman Hal Jennings. The system is also used for computer security and for clocking workers in and out of work, replacing old-fashioned time cards. The use of finger-image scans is hailed by some and highly criticized by others. "My primary objection is to government surveillance of citizens, more so than that of private businesses. However, the trend by retailers and employers to use biometrics to screen customers and employees is alarming," said activist Scott McDonald, who has a Web site (www.networkusa.org/fingerprint.shtml) that fights the use of fingerprints. Conditioning the Public He says the use of finger-image scans by retail stores is one way the government can "condition" the public to "accept the same kind of perpetual scrutiny by government using the same technologies." McDonald told NewsMax.com that he was concerned about an increase in the number of government and business partnerships.

"It is likely the information generated by private biometric scanning by banks, businesses and employers will eventually be linked to, or accessible by, government computers," explained McDonald. Biometric Access Corp. has also established a contract with H.E. Butt Grocery Co. in Texas "which will result in a large-scale implementation of the SecureTouch On-Time(tm) time and attendance system," Jennings said. More than 700 units will be installed in stores using biometric fingerprint readers to keep track of 50,000 employees as they clock in and out of work. Biometric Access Corp. also sold 6,000 similar readers to the state of New York for the Office of Mental Health to be used to protect highly confidential files. David M. Bresnahan (David@Bresnahan.com) is an independent journalist. An archive of his work is available at http://InvestigativeJournal.com. from TPDL 2000-Oct-31, from Reuters via Yahoo, by Judith Crosson: Colorado Bookstore Records Sought in Drug Case DENVER (Reuters) - One of the nation's most famous bookstores is fighting an effort by prosecutors to force it to reveal the names of people who bought books on how to make methamphetamines in a freedom-of-speech case that is being closely watched by book stores nationwide. The Tattered Cover Book Store, one of the largest independent bookstores in the United States, has until the end of the week to appeal a judge's order to open its records on who bought two books on drug making found in a suspected methamphetamine laboratory. Store owner Joyce Meskis has said the order could have a ''chilling effect'' on the First Amendment and on readers who may hesitate to buy certain books. Bookstore owners around the country are concerned about the case, according to Oren Teicher, chief operating officer of the American Booksellers Association in Tarrytown, New York. ``Book stores feel very passionate about the importance of preserving the privacy of our customers,'' Teicher said by telephone. The case is reminiscent of Independent Counsel Kenneth Starr's attempt to get a Washington bookstore to turn over records of Monica Lewinsky's book purchases in 1998. Starr was trying to confirm whether the former White House intern gave President Clinton a book about phone sex. Lewinsky ultimately gave Starr the information he wanted. The Tattered Cover's troubles began last April when five police officers showed Meskis a search warrant to review records on book sales. She refused and went to court.

Police Raid Mobile Home, Find Lab In March, suburban police raided a mobile home that had been used as a suspected methamphetamine laboratory but they could not determine who lived in the mobile home because a number of people were seen going in and out. However, they did find two books, ``Advanced Techniques of Clandestine Psychedelic and Amphetamine Manufacture'' and ``The Construction and Operation of Clandestine Drug Laboratories.'' Police found an envelope with an invoice number from the bookstore and wanted to know who that invoice was sent to. A judge granted a temporary restraining order earlier this year, but 10 days ago said police could look at the records, calling them important to the case and saying police had tried to obtain the information through other means. ``We engage in a whole host of transactions like buying books that reveal a part of our private life,'' Denver District Attorney Bill Ritter said. But he did say the suburban police should have told his office that a neighboring county had earlier turned them down for a search warrant. ``It's a sign of how fundamental freedoms and privacy are being eroded because of the drug war,'' said David Kopel, research director at the Independence Institute, a conservative think tank in Golden, Colorado. He was one of a dozen people who showed at the district attorney's office to protest the court order. (The following is strange, in that it creates an unreasonably high standard of privacy.) from TPDL 2001-Jun-11, from the Associated Press via the Las Vegas Sun: Court Rules on Heat-Sensor Searches WASHINGTON (AP) - Police violate the Constitution if they use a heat-sensing device to peer inside a home without a search warrant, the Supreme Court ruled Monday. An unusual lineup of five justices voted to bolster the Fourth Amendment's protection against unreasonable searches and threw out an Oregon man's conviction for growing marijuana. Monday's ruling reversed a lower court decision that said officers' use of a heatsensing device was not a search of Danny Lee Kyllo's home and therefore they did not need a search warrant. In an opinion written by Justice Antonin Scalia, by many measures the most conservative member of the court, the majority found that the heat detector allowed police to see things they otherwise could not. "Where, as here, the government uses a device that is not in general public use to explore details of the home that would previously have been unknowable

without physical intrusion, the surveillance is a 'search' and is presumptively unreasonable without a warrant," Scalia wrote. While the court has previously approved some warrantless searches, this one did not meet tests the court has previously set, Scalia wrote. The decision means the information police gathered with the thermal device namely a suspicious pattern of hot spots on the home's exterior walls - cannot be used against Kyllo. The court sent the case back to lower courts to determine whether police have enough other basis to support the search warrant that was eventually served on Kyllo, and thus whether any of the evidence inside his home can be used against him. Justices Clarence Thomas, David H. Souter, Ruth Bader Ginsburg and Stephen Breyer joined the majority. Justice John Paul Stevens wrote a dissenting opinion joined by Chief Justice William H. Rehnquist, and Justices Sandra Day O'Connor and Anthony M. Kennedy. At issue was how modern police technology fits into the court's long line of decisions on what should be considered a search requiring a court warrant. Last year, the Supreme Court ruled that police must get bus passengers' consent or a search warrant before squeezing their luggage to see if drugs might be inside. The court also requires a warrant to put a "bug" in someone's home or in a telephone booth. But the justices have said police do not need a warrant to go through someone's garbage left on the curb, fly over a backyard to see what is on the ground, or put a beeper on a car to make it easier to follow. Kyllo was arrested in January 1992 and charged with growing marijuana at his home in Florence, Ore. Police had been investigating his neighbor, but they focused on him after they trained a thermal imaging device on his home and saw signs of high-intensity lights. Using those images, electricity records and an informant's tip, police got a warrant and searched Kyllo's home, finding more than 100 marijuana plants. Kyllo contended the marijuana plants could not be used as evidence against him because the police did not have a search warrant when they used the heatsensing device. A judge ruled against him, and Kyllo pleaded guilty on condition he could appeal the search issue. The 9th U.S. Circuit Court of Appeals upheld the use of the device, saying it should not be considered a search.

During arguments at the Supreme Court in February, Kyllo's lawyer told the justices that people should feel free to let down their guard at home without fear of the government unreasonably looking over their shoulder. The Justice Department contended the heat-sensing device did not intrude on Kyllo's home but instead passively detected the heat that escaped from it, and the court's dissenters apparently agreed. Police gathered only information available on the outside walls, and used "a fairly primitive" device to do so, Stevens wrote. Using the Thermovision device "did not invade any constitutionally protected interest in privacy," Stevens wrote. The case is Kyllo v. U.S., 99-8508. from TPDL 2000-Aug-8, from WorldNetDaily 2000-Aug-2, by Charles Smith: Al Gore bugs America? The written proof that Vice President Al Gore worked to bug America is freely available; the documentation was obtained from the Justice Department, the CIA and the Commerce Department through the Freedom of Information Act. In 1993, Vice President Gore and Attorney General Janet Reno were ordered to form an IWG or "interagency working group" in a secret White House memo. The sign off sheet on the secret memo specifically sought Gore and Reno's signature. Included in the working group were White House Counsel Vince Foster and convicted Whitewater figure Webster Hubbell. Gore quickly went to work with the secret group of Clinton advisers and delivered a report to the president. "Simply stated, the nexus of the long term problem is how can the government sustain its technical ability to accomplish electronic surveillance in a advanced telecommunications environment characterized by great technical diversity and many competing service providers (numbering over 1500, some potentially antagonistic) who have great economic and political leverage," states the top secret report prepared by Gore's Interagency Working Group. "The solution to the access problem for future telecommunications requires that the vendor/manufacturing community translate the government's requirements into a fundamental system design criteria," noted the Gore report. "The basic issue for resolution is a choice between accomplishing this objective by mandatory (i.e., statutory/regulatory) or voluntary means." This chilling conclusion, that there is no choice but to be monitored by Big Brother is backed by several other documents. One such document released by the Justice Department is a March 1993 Justice memo from Stephen Colgate, assistant attorney general for administration. According to the Colgate memo, Vice President Al Gore was to chair a meeting with Hubbell, Reno, Commerce

Secretary Ron Brown, and Leon Panetta in March 1993. The topic of the meeting was the "AT&T Telephone Security Device." According to Colgate, AT&T had developed secure telephones the U.S. government could not tap. The Clinton administration secretly contracted with AT&T to keep the phones off the market. Colgate's memo noted that the administration was determined to prevent the American public from having a private phone conversation. "AT&T has developed a Data Encryption Standard (DES) product for use on telephones to provide security for sensitive conversations," wrote Colgate. "The FBI, NSA and NSC want to purchase the first production run of these devices to prevent their proliferation. They are difficult to decipher and are a deterrent to wiretaps." Buried in the Colgate memo is the first reference to government developed monitoring devices that would be required for all Americans. According to the March 1993 Colgate memo to Hubbell, "FBI, NSA and NSC want to push legislation which would require all government agencies and eventually everyone in the U.S. to use a new public-key based cryptography method." In 1993, the "public-key" system referenced by Colgate had already been developed by the Federal government. The system, a special computer chip called "Clipper," provided the Federal government with an "exploitable feature" allowing a wiretap of any secure phone communications. However, the only way to force "everyone in the U.S. to use" the new Clipper chip was to enact "legislation" which would require that it be manufactured into all phones, fax machines and computers. There was a final solution to the problem. According to a presidential directive of April 1993 on the Clipper project, "Should (U.S.) industry fail to fully assist the government in meeting its requirements within a reasonable period of time, the Attorney General will recommend legislation which would compel manufacturers to meet government requirements." Al Gore quickly embraced the Clipper chip and the concept of monitoring America at all costs. In 1994, Gore wrote a glowing letter supporting the Clipper chip and the government approved wiretap design. According to Gore, "As we have done with the Clipper Chip, future key escrow schemes must contain safeguards to provide for key disclosures only under legal authorization and should have audit procedures to ensure the integrity of the system. Escrow holders should be strictly liable for releasing keys without legal authorization." "We also want to assure users of key escrow encryption products that they will not be subject to unauthorized electronic surveillance," wrote Gore in his July 20, 1994 letter to Rep. Maria Cantwell.

However, Gore did not tell the truth. In 1994, federal officials were keenly aware that the Clipper chip design did not have safeguards against unauthorized surveillance. In fact, NASA turned down the Clipper project because the space agency knew of the flawed design. In 1993, Benita A. Cooper, NASA associate administrator for management systems and facilities, wrote, "There is no way to prevent the NSA from routinely monitoring all (Clipper) encrypted traffic. Moreover, compromise of the NSA keys, such as in the Walker case, could compromise the entire (Clipper) system." Yet, Al Gore pressed ahead, continuing to support a flawed design, despite warnings that the design could "compromise" every computer in the U.S. A 1996 secret memo on a secret meeting of DCIA Deutch, FBI Director Freeh and Attorney General Janet Reno states, "Last summer, the Vice President agreed to explore public acceptance of a key escrow policy but did not rule out other approaches, although none seem viable at this point." According to the 1996 report to Gore, by then CIA Director Deutch, Ms. Reno proposed an all-out federal takeover of the computer security industry. The Justice Department, proposed "legislation that would ... ban the import and domestic manufacture, sale or distribution of encryption that does not have key recovery. Janet Reno and Louis Freeh are deeply concerned about the spread of encryption. Pervasive use of encryption destroys the effectiveness of wiretapping, which supplies much of the evidence used by FBI and Justice. They support tight controls, for domestic use." The move to tighten domestic controls has so far failed. The Clipper chip was canceled in 1997 after wasting over a billion dollars. Yet, history often repeats itself, especially for those who refuse to learn from it. The FBI recently aroused much trouble in July by unveiling a new program called "Carnivore." The FBI Carnivore software is designed to monitor e-mail by intercepting all mail at the Internet provider. The FBI installed the Carnivore software initially at several Internet providers with little requirements for legal authority. Testimony by software expert Matt Blaze revealed the FBI Carnivore program might not be smart enough to recognize a target's e-mail, thus false prosecutions are possible. In addition, the Carnivore programs scoops up all data without regard to legal problems. Carnivore is clearly open for abuse. While Federal law does provide for an audit trail to prevent abuse of Carnivore data, the audit only occurs if there is a federal prosecution. No prosecution -- no audit trail. Data acquired by the FBI e-mail tap could be accumulated on anyone without an audit. The problems of privacy, e-mail and government wiretapping are not unfamiliar to Vice President Al Gore. The Clinton-Gore White House recently lost a large portion of the vice president's e-mails and is now unable to deliver them to investigators involved in the 1996 campaign finance probe.

The vice president has a darker side yet to be covered by the media. Al Gore knows much about the federal government efforts to wiretap every home and office in America. He should. Al Gore has led that effort to bug America since 1993. As part of the Clinton administration, Al Gore made the policy that endorsed the Clipper chip and created the FBI Carnivore software program. from TPDL 2000-May-1, from the New York Times, by William Safire: Consenting Adults WASHINGTON -- Politicians of the left and right are finally beginning to pay attention to the groundswell of resentment about invasions of privacy. In the Senate, transportation subcommittee chairman Richard Shelby leads the way: the law he sponsored to prevent states from selling to private investigators information and pictures required from motorists seeking a driver's license was upheld by the Supreme Court. He also led repeal of the ill-advised federal standard for licenses that would have used Social Security numbers to create an Orwellian national identification card. In the House, Texas Representative Ron Paul's bill to prohibit the use of the Social Security number as an all-purpose identifier is no longer in limbo. Ways and Means subcommittee chairman Clay Shaw reports that this action to combat widespread identity theft will be taken up this month. Chairman Dan Burton's Government Reform Committee will move on that privacy bill in June, as well as the bill to create a Privacy Protection Commission pressed by the G.O.P.'s Asa Hutchinson and Democrat Jim Moran. Here's evidence that we're getting traction: President Clinton and Vice President Al Gore have detected the growing political appeal of personal privacy in a time of data rape. To a commencement audience yesterday, Clinton unveiled his plan to repel the invaders, challenging the Republican Congress to get on with legislation to stem the tide of snooping. Up to now, the Clinton-Gore record has been troubling to civil libertarians; under the rubric of searching for "deadbeat dads," this administration now forces private employers to inform on workers to federal bureaucrats as never before. But Clinton's belated concern about penetrations of our privacy by marketers and esnoops, often in support of legislation already in work, is welcome. In assessing his proposals, keep in mind the key words consumer consent. Should banks and credit card companies be able to sell our financial secrets to outside pitchmen? Clinton favors forbidding this practice, so ardently hailed as efficient by believers in "targeted marketing," unless the individual specifically gives an informed consent. That's good; Treasury Secretary Larry Summers tells me, "It's got to be wrong for my stockbroker to see my life insurance physical and where I shop."

When banks merge with insurance companies or H.M.O.'s, should we allow medical records to be passed around within the conglomerate? Clinton says no, unless the patient or consumer affirmatively consents. That's also good; none of this "opt out" trickery, by which marketers piously claim to be sensitive to privacy but put the burden of protecting personal information on the patient. What about sharing financial data having nothing to do with medical records? Here the Clinton-Gore plan caves in to the secret salesmen. "We will preserve financial firms' ability to share the information that they need," goes the administration proposal, "to develop new products and manage their risks . . ." No bank is required to obtain depositor's consent; it's up to the individual to "opt out" -- to take the difficult initiative of demanding that the bank not make his life an open book. In defense of this weakness, Summers explains "We're trying to strike a balance between the efficient use of information and the need to protect privacy. Opinions have certainly changed over the past couple of years. In terms of what you want," Summers tells the privacy nut who has long been badgering him, "last year we were on our 15-yard line. Now we're within field-goal range." A man to carry the ball as Clintonians head for the showers is "Senator Privacy," Shelby of Alabama. His bill in the Banking Committee against "behavioral profiling" stops bankers and credit card issuers from disclosing transactions unless "the consumer has affirmatively consented in writing to the transfer of such information." Harangues on this issue will continue in this space, while apostles of efficiency, in bureaucracies public and private, try to pooh-pooh concerns of newly energized asserters of privacy. Consent! is our byword. And our first line of defense is the private, personal Social Security number; we won't let anybody coerce us into giving it out. from The New Hampshire (the student newspaper of the University of New Hampshire, 2000-Sep-12, by Steven Callahan: About a month ago the University Police pulled me over for a faulty brake light. Almost immediately, however, the officer's true reason for stopping me became readily apparent. He asked if there was any alcohol in my car. There wasn't, and I told him so. Apparently, my word was not good enough, and he asked if I'd mind him "taking a look in the trunk." Although there was nothing in there, I denied the request. Why, one might wonder, if there really wasn't anything there? Simple. Because in a free society, we have protections against unreasonable searches and seizures. As a student advisor for the judicial programs office for the past year I have seen many students bullied into allowing R.A.'s to search their rooms. I have seen instances of R.A.'s searching refrigerators, trashcans and other personal belongings with impunity and, in some cases, malice. Many times, these students

do indeed have alcohol in their rooms. Other times, R.A.'s find nothing. The larger issue here, though, is the fact that R.A.'s have absolutely no right to search a resident's room. Listen closely the next time one confronts you. They'll say, "I have reason to suspect that drinking is going on in your room, do you mind if I take a look?" or, "If you have nothing to hide, then why can't I look in the fridge?" They'll never say, "I'm going to search your room," or, "You have to let me search." They simply have no legal right to do so. The department of residential life knows this, and therefore trains them to act accordingly. Moreover, many students here at UNH have very good reasons for refusing searches. For instance, many of us have medical conditions which require medications to be stored our rooms. Some might be stored in desk drawers. Others, believe it or not, in refrigerators. The only people who might have a reason to rummage through our personal belongings in search of alcohol would be the police. And, even here, their search must conform to constitutional requirements. Certainly R.A.'s hold no search and seizure power, and the reason they search and seize so much is out of the University community's ignorance. Unless we, as students and members of a free society, come to understand and employ our privacy rights, they mean nothing. What good is the right to refuse an illegal search if we never utilize it? Remember, the next time you are asked to allow someone to search your belongings, politely tell them no. Eventually, if everyone does this, the department of residential life will come to realize that they can no longer intimidate, harass students and the abuse of our privacy rights might one day come to an end. Steven Callahan Senior (In the fallout from the above letter to the editor, Callahan was administratively ejected from his position as a student advisor.) from the Associated Press via CNET, 2000-Feb-6: Government sites disregard children's privacy law WASHINGTON--Contrary to a federal directive, some government Web sites-including the one operated by the White House--are not adhering to a law that requires companies to obtain parental consent before soliciting personal information from children. The White House Web site invites children to submit personal information, such as their name, address and age along with email messages to the president and first family. Sites operated by the Environmental Protection Agency and NASA also collect personal information from children who submit art work to be posted on the site. Both agencies show the child's name, age and hometown along with posted drawings.

Federal law that took effect earlier this year requires private sector Web sites to protect the privacy of children. The law does not apply to government sites, but the Office of Management and Budget (OMB) recently ordered federal agencies to comply with the statute. The Federal Trade Commission is readying a crackdown on commercial sites that fail to comply with the law. "My jaw dropped," said Jim Harper, administrator of Internet privacy site Privacilla.org. "This very concern with commercial Web sites giving where children lived and what their ages are was the supposed justification for COPPA (Children's Online Privacy Protection Act)." The federal law requires commercial Web sites to carry privacy policy statements, get "verifiable parental consent" before soliciting information, and give an opportunity to remove the information. Peter Swire, OMB's chief counselor for privacy, refused to say in an interview whether the government sites would be investigated or any of their content changed. He stressed that the law was targeted against commercial sites and that the administration tried to exceed those standards. "We comply with the spirit of COPPA, given the special legal rules that apply to the White House," Swire said, adding that the Presidential Records Act would keep the correspondence secret for up to 12 years. Swire also said that all federal Web sites have been directed to provide their privacy practices along with their budget requests at the end of the year, though there is no plan to audit the agencies to review their practices. "We think that putting privacy compliance into the agency's budget process is a new and useful tool for spreading good privacy practices throughout the federal government," Swire said. Harper says he has no objection to how the government sites communicate with children, calling the methods "neat." But he points to how businesses have had to remove seemingly harmless content to comply with the law. "This illustrates the kind of things that commercial Web sites would be doing," Harper said. "But rather prematurely, the COPPA law cut off the right of commercial Web sites to provide this kind of interaction." A company that has run afoul of COPPA, calling it a "terrible law," said the government obviously has no ill will toward children, and they were both caught in the same trap. "COPPA goes far beyond limiting the practice of a business collecting personal information for its own use to include the responsibility that the business not provide any tool or service that would permit a child to send their personal

information to anyone." said Steven Bryan, CEO of Zeeks.com, a site aimed at children. Zeeks.com said it had to take down its chat area, free email system and other features because it couldn't afford the cost of getting and verifying a parent's permission. Bryan said the features were always monitored and had security systems to check for suspicious activity. Lee Peeler, the FTC's associate director for advertising practices, was unapologetic for the situation faced by Zeeks.com, saying it "goes to the safety issue of giving kids the ability to communicate with predators without any parental involvement." Peeler said the commission will start its formal sweep of noncomplying businesses within the next two months and confirmed that federal sites won't be on the list. COPPA requires the commission to provide a report to Congress on compliance and to identify law enforcement targets. Zeeks.com's bulletin boards are filled with messages signed by children upset that the features are gone. Bryan said COPPA won't make children safer but will simply drive them to other free email services and unmonitored sites not designed for youngsters. "Without question, that is where the kids will go to find these activities," Bryan said. "We've closed the playgrounds and sent the kids to play in the street." from TPDL 2000-Jul-31, from WorldNetDaily, by David M. Bresnahan: Bank privacy bill 'dangerous' Official calls proposed legislation 'Know Your Customer' in disguise Even though an unprecedented public outcry stopped regulators in their tracks when they tried to enact invasive "Know Your Customer" banking regulations just over a year ago, Congress has found a back door way to accomplish the same goal -- and more -- according to one concerned congressman. The "International Counter-Money Laundering and Foreign Anticorruption Act of 2000," H.R. 3886, was recently passed by the House Banking and Finance Committee, of which Rep. Ron Paul, R-Texas, is a member. Paul told WorldNetDaily that while the bill appears to be aimed only at international banking transactions, it also gives the secretary of the treasury the ability to expand those regulations to apply to all transactions without further approval from Congress. The bill is now being prepared for a final vote in the House this fall. "I think they're limiting it to the international aspect because the average guy on the street isn't going to be affected and this is the way they set the precedent," explained Paul. There is an international effort to eliminate privacy from financial transactions, and this proposed change will affect Americans soon, he believes.

"Know Your Customer" -- although the wording is not used in the current bill -refers to regulations that would require banks to obtain unprecedented amounts of information about customers, monitor all financial transactions and report transactions that do not fit set profiles established by those customers. After WorldNetDaily broke the original "Know Your Customer" story, publicity resulted in a massive public response -- with over 300,000 individuals and banks protesting efforts to establish the regulation -- and "Know Your Customer" was withdrawn. Paul led the earlier effort, and has again sounded the alarm. He told WorldNetDaily H.R. 3886 gives the treasury secretary essentially unlimited powers to change and make regulations without additional approval from Congress. In fact, H.R. 3886 includes a section entitled: "GUIDANCE TO FINANCIAL INSTITUTIONS OPERATING IN THE UNITED STATES ON TRANSACTIONS BY OR ON BEHALF OF CORRUPT FOREIGN OFFICIALS." It states: "The Secretary of the Treasury, in consultation with the Attorney General of the United States and the Federal functional regulators (as defined in section 509(2) of the Gramm-Leach-Bliley Act), shall, before the end of the 180-day period beginning on the date of the enactment of this Act, issue guidance to financial institutions operating in the United States on appropriate practices and procedures to reduce the risk that such institutions may become depositories for, or transmitters of, the proceeds of corruption by or on behalf of senior foreign officials and their close associates." Paul sees these new powers granted to the secretary of the treasury and the attorney general as extremely broad, and is concerned that they will be enabled by this legislation to establish any regulation they wish with no guidance or oversight from Congress. "There are those who want to know what we're doing with all citizens' personal finances. They are determined and they haven't let up," he said. "They probably have calculated correctly that not as many American people will be riled up over this, but hopefully we can alert a lot of people to what's happening so that they are prepared and can object to this, even if it doesn't personally affect them yet." The bill is part of a major push by the Treasury Department and banking regulators to eliminate "harmful tax practices" worldwide. Treasury recently issued a news release announcing that six countries long known for the privacy protections they provide bank depositors -- Bermuda, the Cayman Islands, Cyprus, Malta, Mauritius and San Marino -- have agreed to change drastically the way they permit bank customers to conduct financial transactions. As a result, offshore banking with numbered accounts may soon be a thing of the past. All six countries have signed virtually identical letters promising to end those protections.

"The jurisdictions have pledged changes to help ensure that their financial sectors will meet international standards of fairness, transparency and disclosure, including the exchange of information in the context of criminal and civil tax matters," said Secretary of the Treasury Lawrence Summers in a prepared statement. Summers has a great deal of experience dealing with international banking. He came to the Clinton administration from the World Bank where he served as vice president of development and chief economist. President Clinton first appointed him as undersecretary of the treasury for international affairs in 1993. He then moved on to deputy secretary of the treasury, and in July 1999 became secretary. Summers is a strong supporter of the Organization for Economic Co-operation and Development -- a 29-member-nation group that "provides governments a setting in which to discuss, develop and perfect economic and social policy, according to its website. Summers has worked closely with the OECD to bring about the current actions. "In today's global economy, it is vital that we put an end to international tax practices that encourage tax evasion and improper tax avoidance and that distort capital flows. We encourage all jurisdictions that have not previously made commitments to eliminate harmful tax practices to do so," said Summers. Based on the principles outlined in OECD's "report on Harmful Tax Practices," each of the six nearly identical letters state that the country involved "commits to refrain from: 1."Introducing any new regime that would constitute a harmful tax practice under the OECD (Organization for Economic Cooperation and Development) Report; 2."For any existing regime related to financial and other services that currently does not constitute a harmful tax practice under the OECD Report, modifying the regime in such a way that, after the modifications, it would constitute a harmful tax practice under the OECD Report; and 3."Strengthening or extending the scope of any existing measure that currently constitutes a harmful tax practice under the OECD Report." All six letters promise to provide information previously held in highly guarded confidence -- effectively ending offshore banking advantages of privacy in financial transactions. The change will take place no later than by the end of 2005, according to the promises in the letters. The published goals of the OECD are "to build strong economies in its member countries, improve efficiency, hone market systems, expand free trade and contribute to development in industrialized as well as developing countries."

The six countries that signed the historic letters are well known as tax havens, where their unique tax laws help many shelter funds from their home country. So why would those six countries suddenly change their banking laws? "I think they might be intimidated by the powerhouse -- the American Empire -- as it spreads its wings militarily and economically. We probably put tremendous pressures on them. Some of these tax havens are not dependent on foreign aid or things like this, but they must feel intimidated that they could be put off limits if they don't go along with our regulators," Paul told WorldNetDaily. The Treasury Department has also created a list of 47 other countries known for banking privacy -- a list that will be used to institute sanctions and punitive actions to force those countries into compliance as well, according to Treasury Department reports. The list of 47 comes from a report prepared by the OECD and released in June. "We encourage all jurisdictions that have not previously made commitments to eliminate harmful tax practices to do so," said Summers. Tax evasion and tax avoidance have become so extensive that the tax revenues of many countries, including the United States, are now suffering, according to the OECD. "I personally was a tax lawyer for many years and I know these definitions can be tricky. Tax evasion is easy -- it involves breaking the law. By 'tax avoidance' OECD means 'unacceptable avoidance' where the taxpayer has circumvented or even subverted the law in order to avoid paying taxes due. This can be contrasted with acceptable tax planning. What is critical is transparency," said Donald J. Johnston, secretary general of the OECD speaking to a high-level symposium on "Harmful Tax Competition" June 29. Recently, the OECD has been "setting its analytical sights on those countries -today nearly the whole world -- that embrace the market economy," according to OECD policy documents. Johnston also pointed a finger at those countries openly advocating the avoidance of taxes and providing privacy for those who wish to do so. He called the practice "tax poaching" and said it undermines the revenue base of other countries. "Every government or jurisdiction that is not engaged in harmful tax competition is threatened and must protect itself from those that do," Johnston said. He warned that individual governments are helpless unless they join forces to stop the so-called "tax poachers." "Cooperation among governments and jurisdictions is the prerequisite to managing this aspect of globalization -- just as it is the prerequisite for managing

other aspects of globalization such as trade, investment, capital flows," said Johnston. He also proposed an international enforcement agency to go after tax offenders. "Tax authorities must develop global cooperative networks -- among themselves and with other law enforcement authorities such as those who fight money laundering, namely, the Financial Action Task Force (FATF), attached also to the OECD and supported by the Secretariat. Such co-operation can be reinforced if governments set minimum requirements for regulation, transparency, and cooperation with other jurisdictions," said Johnston. Countries with a zero income tax are not the problem, according to Jeffrey Owens, OECD Financial, Fiscal and Enterprise Affairs Directorate. Countries that do not provide access to financial records for tax authorities are the target. "We define harmful tax practices by any of three operative criteria: lack of effective exchange of information, lack of transparency, and attracting business with no substantial domestic activities where coupled with low or zero tax rates," explained Owens in a written statement. He said the "tax problem" caused by the offending countries is growing bigger every day. "Over 1 trillion dollars (US) is invested in offshore funds, and that the number of funds has increased by more than 1,400 percent over the last 15 years," he said. According to a report issued by the OECD, member countries are putting pressure on those countries currently providing offshore banking to come into compliance by the end of 2005. The pressure is being exerted through threats to change treaties in place and under negotiation, according to the OECD. Member nations of the OECD have been told, "the harmful features of preferential regimes must be eliminated before the end of five years. The guidelines also provide that "the Forum should be used by Member countries to co-ordinate their national and treaty responses to harmful tax practices." The OECD told member nations that the six nations that have signed compliance letters are expected to be joined by others soon in an effort to have all nations embrace "international tax standards for transparency, exchange of information, and fair tax competition." What must the problem countries do to gain the approval of the OECD? "The international standard means, for example: (1) The beneficial ownership of shares and trusts must be kept on records that can be accessed by governmental authorities. (2) There are audited or filed financial accounts. (3) There is an efficient administrative process to all the tax authorities of another state to obtain information needed to enforce its own revenue laws with regard to geographically mobile income. These are some examples of the international

standards of transparency and disclosure that tax havens are being asked to meet. And let me emphasize that it is going to be the same standards for all member countries and non-member countries," explained Owens. Owens acknowledged that many "tax havens" would be financially damaged if they were no longer able to offer privacy in banking. He said the OECD is studying ways to provide assistance, but he did not offer much sympathy for countries that may be hurt by the changes. "Let's be clear. For decades some of these states have been eroding the tax base of not just OECD countries but those of developing countries as well. They have been assisting dishonest taxpayers to avoid paying their fair share of taxes in their countries of residence. And who has borne the burden of these activities? Honest taxpayers," said Owens. Meanwhile, Paul has created a website to provide information and recommend action for those concerned, like he is, about the loss of domestic banking privacy rights. Under the proposed law, insists Paul, banks would be forced to collect information on every depositor, including those who are not engaged in foreign transactions. Since every depositor has the potential to conduct an international banking transaction, banks will be asked to keep records and profiles on everyone. "It leads eventually to the government knowing everything we do all the time," explained Paul. "It's very, very dangerous. We have to watch out." "The regulations seem to affect the honest, law-abiding citizen," warned Paul. "It never gets to the criminal. I don't think all these regulations will catch the criminals, and it will take away some of our personal liberties and our personal privacy, which we in the Congress should be doing more to protect instead of carelessly undermining. "When you're reported, your obligation is to prove yourself innocent," he said. "It isn't like you're being suspected and we have a search warrant with a judge's authorization. This is just surveying everybody and then if you look like you're out of line, you better explain yourself. I think it's just a horrible precedent. The idea that we are considered guilty of something and then the obligation's on us to prove that we're innocent I think is a bad sign," said Paul. Does he really believe Summers will push the regulations to their limit, as the bill's wording allows? "I think he can, and I think he will try. And the only thing that will stop him -- it won't be the courts, and it won't be the Congress -- it must come from the people when they just hear about it and do a bit of shouting," said Paul. from TPDL 2001-Jun-12, from Insight magazine, by John Berlau:

Postal Service Has Its Eye on You Since 1997, the U.S. Postal Service has been conducting a customersurveillance program, `Under the Eagle's Eye,' and reporting innocent activity to federal law enforcement. Remember ``Know Your Customer''? Two years ago the federal government tried to require banks to profile every customer's ``normal and expected transactions'' and report the slightest deviation to the feds as a ``suspicious activity.'' The Federal Deposit Insurance Corp. withdrew the requirement in March 1999 after receiving 300,000 opposing comments and massive bipartisan opposition. But while your bank teller may not have been snooping and snitching on your every financial move, your local post office has been (and is) watching you closely, Insight has learned. That is, if you have bought money orders, made wire transfers or sought cash cards from a postal clerk. Since 1997, in fact, the window clerk may very well have reported you to the government as a ``suspicious'' customer. It doesn't matter that you are not a drug dealer, terrorist or other type of criminal or that the the transaction itself was perfectly legal. The guiding principle of the new postal program to combat money laundering, according to a U.S. Postal Service training video obtained by Insight, is: ``It's better to report 10 legal transactions than to let one illegal transaction get by.'' Many privacy advocates see similarities in the post office's customer-surveillance program, called ``Under the Eagle's Eye,'' to the ``Know Your Customer'' rules. In fact, in a postal-service training manual also obtained by Insight, postal clerks are admonished to ``know your customers.'' Both the manual and the training video give a broad definition of ``suspicious'' in instructing clerks when to fill out a ``suspicious activity report'' after a customer has made a purchase. ``The rule of thumb is if it seems suspicious to you, then it is suspicious,'' says the manual. ``As we said before, and will say again, it is better to report many legitimate transactions that seem suspicious than let one illegal one slip through.'' It is statements such as these that raise the ire of leading privacy advocates on both the left and right, most of whom didn't know about the program until asked by Insight to comment. For example, Rep. Ron Paul, R-Texas, who led the charge on Capitol Hill against the ``Know Your Customer'' rules, expressed both surprise and concern about ``Under the Eagle's Eye.'' He says the video's instructions to report transactions as suspicious are ``the reverse of what the theory used to be: We were supposed to let guilty people go by if we were doing harm to innocent people'' when the methods of trying to apprehend criminals violated the rights of ordinary citizens. Paul says he may introduce legislation to stop ``Under the Eagle's Eye.'' The same sort of response came from another prominent critic of ``Know Your Customer,'' this time on the left, who was appalled by details of the training video.

``The postal service is training its employees to invade their customers' privacy,'' Greg Nojeim, associate director of the American Civil Liberties Union Washington National Office, tells Insight. ``This training will result in the reporting to the government of tens of thousands of innocent transactions that are none of the government's business. I had thought the postal-service's eagle stood for freedom. Now I know it stands for, `We're watching you!''' But postal officials who run ``Under the Eagle's Eye'' say that flagging customers who do not follow ``normal'' patterns is essential if law enforcement is to catch criminals laundering money from illegal transactions. ``The postal service has a responsibility to know what their legitimate customers are doing with their instruments,'' Al Gillum, a former postal inspector who now is acting program manager, tells Insight. ``If people are buying instruments outside of a norm that the entity itself has to establish, then that's where you start with suspicious analysis, suspicious reporting. It literally is based on knowing what our legitimate customers do, what activities they're involved in.'' Gillum's boss, Henry Gibson, the postal-service's Bank Secrecy Act compliance officer, says the anti-money-laundering program started in 1997 already has helped catch some criminals. ``We've received acknowledgment from our chief postal inspector that information from our system was very helpful in the actual catching of some potential bad guys,'' Gibson says. Gillum and Gibson are proud that the postal service received a letter of commendation from then-attorney general Janet Reno in 2000 for this program. The database system the postal service developed with Information Builders, an information-technology consulting firm, received an award from Government Computer News in 2000 and was a finalist in the government/nonprofit category for the 2001 Computerworld Honors Program. An Information Builders press release touts the system as ``a standard for Bank Secrecy Act compliance and anti-money-laundering controls.'' Gibson and Gillum say the program resulted from new regulations created by the Clinton-era Treasury Department in 1997 to apply provisions of the Bank Secrecy Act to ``money service businesses'' that sell financial instruments such as storedvalue cash cards, money orders and wire transfers, as well as banks. Surprisingly, the postal service sells about one-third of all U.S. money orders, more than $27 billion last year. It also sells stored-value cards and some types of wire transfers. Although the regulations were not to take effect until 2002, Gillum says the postal service wanted to be ``proactive'' and ``visionary.'' Postal spokesmen emphasize strongly that programs take time to put in place and they are doing only what the law demands. It also was the Bank Secrecy Act that opened the door for the ``Know Your Customer'' rules on banks, to which congressional leaders objected as a threat to privacy. Lawrence Lindsey, now head of the Bush administration's National Economic Council, frequently has pointed out that more than 100,000 reports are

collected on innocent bank customers for every one conviction of money laundering. ``That ratio of 99,999-to-1 is something we normally would not tolerate as a reasonable balance between privacy and the collection of guilty verdicts,'' Lindsey wrote in a chapter of the Competitive Enterprise Institute's book The Future of Financial Privacy, published last year. Critics of this snooping both inside and outside the postal service are howling mad that the agency's reputation for protecting the privacy of its customers is being compromised. ``It sounds to me that they're going past the Treasury guidelines,'' says Rick Merritt, executive director of PostalWatch, a private watchdog group. The regulations, for example, do not give specific examples of suspicious activity, leaving that largely for the regulated companies to determine. But the postal-service training video points to lots of ``red flags,'' such as a customer counting money in the line. It warns that even customers whom clerks know often should be considered suspect if they frequently purchase money orders. The video, which Gibson says cost $90,000 to make, uses entertaining special effects to illustrate its points. Employing the angel-and-devil technique often used in cartoons, the video presents two tiny characters in the imagination of a harried clerk. Regina Goodclerk, the angel, constantly urges the clerk to file suspiciousactivity reports on customers. ``Better safe than sorry,'' she says. Sam Slick, the devil, wants to give customers the benefit of the doubt. Some of the examples given are red flags such as a sleazy-looking customer offering the postal clerk a bribe. But the video also encourages reports to be filed on what appear to be perfectly legal money-order purchases. A black male teacher and Little League coach whom the female clerk, also black, has known for years walks into the post office wearing a crisp, pinstriped suit and purchases $2,800 in money orders, just under the $3,000 daily minimum for which the postal service requires customers to fill out a form. He frequently has been buying money orders during the last few days. ``Gee, I know he seems like an okay guy,'' Regina Goodclerk tells the employee. ``But buying so many money orders all of a sudden and just under the reporting limit, I'd rather be sure. He's a good guy, but ... this is just too suspicious to let go by.'' Gillum says this is part of the message that postal clerks can't be too careful because anyone could be a potential money launderer. ``A Little League coach could be a deacon in the church, could be the most upstanding citizen in the community, but where is that person getting $2,800 every day?'' Gillum asks. ``Why would a baseball coach, a schoolteacher in town, buy [that many money orders]? Our customers don't have that kind of money. If he's a schoolteacher, if he's got a job on the side, he's going to have a bank account and going to write checks on it, so why does he want to buy money orders? That's the point.''

Despite the fact that the Little League coach in the video was black, Gillum insists that the postal service tells its employees not to target by race or appearance. One thing that should set off alarms, the postal service says, is a customer objecting to filling out an 8105-A form that requests their date of birth, occupation and driver's license or other government-issued ID for a purchase of money orders of $3,000 or more. If they cancel the purchase or request a smaller amount, the clerk automatically should fill out Form 8105-B, the ``suspiciousactivity'' report. ``Whatever the reason, any customer who switches from a transaction that requires an 8105-A form to one that doesn't should earn himself or herself the honor of being described on a B form,'' the training manual says. But the ``suspicious'' customers might just be concerned about privacy, says Solveig Singleton, a senior analyst at the Competitive Enterprise Institute. And a professional criminal likely would know that $3,000 was the reporting requirement before he walked into the post office. ``I think there's a lot of reasons that people might not want to fill out such forms; they may simply think it's none of the post office's business,'' Singleton tells Insight. ``The presumption seems to be that from the standpoint of the post office and the Bank Secrecy regulators every citizen is a suspect.'' Both Singleton and Nojeim say ``Under the Eagle's Eye'' unfairly targets the poor, minorities and immigrants people outside of the traditional banking system. ``A large proportion of the reports will be immigrants sending money back home,'' Nojeim says. Singleton adds, ``It lends itself to discrimination against people who are sort of marginally part of the ordinary banking system or who may not trust things like checks and credit cards.'' There's also the question of what happens with the information once it's collected. Gillum says that innocent customers should feel secure because the information reported about ``suspicious'' customers is not automatically sent to the Treasury Department's Financial Crimes Enforcement Network (FinCEN) to be shared with law-enforcement agencies worldwide. Although he says FinCEN wants the postal service to send all reports along to it, the postal authorities only will send the clerks' reports if they fit ``known parameters'' for suspicious activity. ``We are very sensitive to the private citizenry and their rights,'' Gillum insists. ``For what it's worth, we have every comfort level that, if we make a report, there are all kinds of reasons to believe that there is something going on there beyond just a legitimate purchase of money orders.'' But Gillum would not discuss any of the ``parameters'' the postal service uses to test for suspicious activity, saying that's a secret held among U.S. lawenforcement agencies. And if a clerk's report isn't sent to the Treasury Department, it still lingers for some time in the postal-service database. Gillum says that by law the postal service will not be able to destroy suspicious-activity reports for five years.

Gillum says the postal service is very strict that the reports only can be seen by law-enforcement officials and not used for other purposes such as marketing. A spokeswoman for the consulting company Information Builders stated in an email to Insight, ``Information Builders personnel do not have access to this system.'' Observers say problems with ``Under the Eagle's Eye'' underscore the contradiction that despite the fact that the postal service advertises like a private business and largely is self-supporting, it still is a government agency with lawenforcement functions. Gibson says his agency must set an example for private businesses on tracking money orders. ``Being a government agency, we feel it's our responsibility that we should set the tone,'' he said. The Treasury Department ``basically challenged us in the mid-nineties to step up to the plate as a government entity,'' Gillum adds. In fact, Gillum thinks Treasury may mandate that the private sector follow some aspects of the postal-service's program. He adds, however, that the postal service is not arguing for this to be imposed on its competitors. In the meantime, the private sector is getting ready to comply with the Treasury regulations before they go into effect next January. But if 7-Eleven Inc., which through its franchises and company-owned stores is one of the largest sellers of money orders, is any guide, private vendors of money orders probably will not issue nearly as many suspicious-activity reports as the postal service. ``Our philosophy is to follow what the regulations require, and if they don't require us to fill out an SAR [suspicious-activity report] ... then we wouldn't necessarily do it,'' 7-Eleven spokeswoman Margaret Chabris tells Insight. Asked specifically about customers who cancel or change a transaction when asked to fill out a form, Chabris said, ``We are not required to fill out an SAR if that happens.'' So why does the U.S. Postal Service? That's one of the major issues raised by critics such as PostalWatch's Merritt. He says that lawmakers and the new postmaster general, Jack Potter, need to examine any undermining of customer trust by programs such as ``Under the Eagle's Eye'' before the postal service is allowed to go into new businesses such as providing e-mail addresses. ``Let's hope that this is not a trend for the postal service, because I don't think the American people are quite ready to be fully under the eagle's eye,'' he says. from TPDL 2000-Aug-18, from NewsMax, by Dr. James Hirsen: Prying Eyes, Round Two A little more than one year ago, there was an attempt in Congress to turn bank executives into dutiful informants. It seems that government officials want precious information about our individual, personal patterns of finance. In fact, they want it so badly that despite an initially

resounding defeat of some incredibly meddlesome regulations they are trying for a second time. The original proposal was heralded as the "Know Your Customer" rules. But Americans who cherish liberty weren't about to be hoodwinked, particularly when it came to the invasion of their financial profiles. A coalition of 300,000 ordinary people from all parts of the political spectrum banded together to preserve a vital component of the Constitution, and they succeeded in stopping the measure cold. Challengers celebrated its failure to pass, not only because an illicit and intrusive mechanism had been halted, but more so because a sinister effort was terminated through bold expression of citizen action. The victory celebration, though, may have been premature. Know Your Customer is paying a visit once again, but this time it is sporting a new look. H.R. 3886, an anti-money laundering bill entitled International Counter-Money Laundering and Foreign Anticorruption Act of 2000, is its most recent attempt at disguise. Although the champion of liberty, Rep. Ron Paul of Texas, tried valiantly to attach some pro-privacy amendments to the bill, he has of yet been unsuccessful. The bill's title and content are designed to convince the public that the presumed target is the international banking community. But, if passed, discretion and power to expand regulations so that they encompass all banking transactions will be granted to the Secretary of the Treasury, and no further approval from Congress will be needed. It appears as though this legislative maneuver will be portrayed, at least initially, as a basic method of dealing with international transactions. That way the average person on the street will remain unconcerned and, most likely, uninvolved. Supporters of the initiative could get the legislation passed first and save the task of expanding it for a later date. Essentially, the Know Your Customer regulations that irate citizens had previously opposed could silently slip into law through a cleverly designed trap door. One would ordinarily be surprised that our representatives would try to pass the same kind of legislation after the chilly reception they received from their constituents the first time around. Perhaps they believe that it would be more difficult for advocates of individual liberty to rally the same degree of support, since attachment of an international label provides such a tidy distraction. But Americans must prove these misguided legislators wrong if the notion of privacy is to be sustained. Limited government is based upon unalienable rights that emanate from a divine source. Government is charged with securing those rights. The rights of life, liberty and the pursuit of happiness, as stated in the

Declaration of Independence, and the rights of life, liberty and property, as enumerated in the Constitution, can only flourish when government is restrained. Underlying our foundational structure is a simple yet exquisite maxim born of a hands-off philosophy: Whenever possible, leave the citizen alone. Traditionally, our body of law has viewed personal financial information as an area of privacy requiring even greater protection. Those who believe that government should have more depth and scope of authority have demonstrated an intense persistence in pursuit of their goals. The public would be well served to reassemble the coalition that defeated the original Know Your Customer operation. Our representatives need to know, whether hidden by dark brush or shrouded away in a high rise office building, America hates a snoop. from TPDL 2000-Aug-2, from the Wall Street Journal, by Holman W. Jenkins Jr.: On Web Privacy, What Are We Really Afraid Of? Most people have figured out by now you can't do anything on the Web without leaving a record. E-mail lingers long after it's been deleted. Your Internet service provider can't help but have a record of pages you downloaded. The nature of information technology is to create information. If the issue of Web privacy makes the public sweat, it's because the average user knows he's already gone beyond the point of no return. He left his name and click trails all over the Internet. He sent e-mail saying any ninny thing that popped into his head; he visited chat rooms and pretended to be a CEO or a 15-year-old cheerleader. About 3 a.m., he sits upright in bed and wonders: Is all that information sitting out there on an AOL server? What if my wife (neighbor, employer) were to have access? If he has a streak of paranoia, he further wonders: What if a site I visited was placed there for the specific purpose of seducing me into creating some embarrassing information? Two words that should be central to any Internet privacy debate are "subpoena" and "entrapment." At the moment the debate is still tangled up in distractions. The issue was pushed into the arena by those whose primordial agenda is the regulation of business, as if our greatest fear in life is another catalog in the mailbox. It's not. If targeted advertising is effective, people are going to like it more not less. Nothing is more annoying than clutter, but relevant ads are not perceived as clutter. And if targeting doesn't work, we're no worse off than before. Amazon's sales per customer so far aren't what you'd expect if the ability to personalize a sales pitch were such a powerful lever to open wallets.

As the worm continues to turn, governmental spying has now emerged as a new focal point of the privacy warriors. Kudos to the genius who applied the name "Carnivore" to the FBI's plan for Web taps, which despite the media overreaction would still leave the courts in charge. Most of us who aren't Mafia dons don't worry about phone taps. This episode should blow over too. Fears of marketing and Big Brother have been stoked by unimaginative interest groups trodding their well-worn paths. Less attention has been paid to assurances like AOL's that it will release personal data only to a "valid legal process." In the case of "boysrch," a gay Navy man, AOL handed over his personal details without troubling the Pentagon to get a lawyer. And Yahoo didn't put up much fight when Raytheon sought the names of 21 employees who had been griping on a Yahoo message board; four of them lost their jobs and the rest were sentenced to "corporate counseling." A rash of companies have hit upon the tactic of filing defamation suits to ferret out the real names of those posting critical comments on investment sites. Worse is coming. According to the Boston Herald, the ABA's Family Law Section recently conducted a seminar "to help divorce lawyers learn how to get at the emails, hard drives and computer sites of one spouse or the other for divorce or child-custody cases." How long before an SEC sting sets up a chat room to nab stock touts? Or the FDA to catch patients seeking drugs for non-approved purposes? Last month a federal judge nixed the money-laundering conviction of a Miami banker because the FBI's informant had been told in advance by the agency that he'd be allowed to keep a percentage of any laundered funds. He had a clear incentive, in other words, to conceal from the banker that she was doing anything illegal. That stinks. And now the Web threatens to turn such enterprising law enforcement into a mass-market opportunity. Take the case of Patrick Naughton, the disgraced Infoseek/Disney executive. He was prosecuted on a morals charge after agreeing to meet an FBI agent who had been posing as a 13-year-old girl in a chat room. Eventually he copped a plea when his first trial ended in a hung jury. Mr. Naughton never tried to conceal his true identity and the "girl" had energetically pursued the dialogue over several months. We can't peer into Mr. Naughton's heart, but his lawyer argued convincingly during the trial that his client couldn't be accused of expecting to meet a 13-yearold girl because nobody in a sex chat room is who they say they are. That's a hard idea for law enforcement to get its mind around, especially when it would take away some of the easy busts the cyber patrol has been making lately. But it seems to be true.

Why do so many surfers use multiple screen names? Why have employees learned to go outside company e-mail systems, using Yahoo or Hotmail to exchange messages during working hours without their bosses monitoring? Long before Web privacy became a debate about "personal rights," it was a matter of personal strategy, with deception and disguise being standard operating procedure. MIT's Judith Donath, who studies social behavior on the Web, says concealment has become the norm because it's almost effortless and "makes people feel safer." EBay has been pilloried because sellers have been using fake screen names to bid up their own goods. Should this be illegal or a case of caveat emptor? Stamping out fraudulent stock chatter is mission impossible. The SEC's biggest mistake would be to give the public the false comfort that such activities are under control. Maybe we all just need to be skeptical about what we hear and see on the Web. As for personal privacy, information that you have a right to conceal someone else might have a right to try to find out. Why did you get fired from your last job? Do you really qualify for a non-smoker insurance policy? It's not too hard to think of Web stratagems for trying to elicit such information from you. Hence a prediction: In the future we won't be fighting over marketing databases. And we won't be fighting over whether the police can use the same means to snoop for crime on the Web that they use in the rest of life. The battle will be over tools. The Clinton administration has already fought one knock-down battle trying to keep the lid on private encryption. Look for more such fights. Anonymizer.com and Privada already offer services that let users surf or send e-mail untraceably. Even venerable Bell Labs recently came out with "Publius" software that allows untraceable postings on the Web. Nobody expects the police to save them if they don't bother to lock their doors and take normal precautions against their fellow man. On the Web, too, the first line of defense is "protect thyself." from USA Today 2000-Aug-10, from the Associated Press: Netscape revising software after privacy suit SPRINGFIELD, Va. (AP) - Web browser designer Netscape Communications said it will revise a program for downloading files from the Internet so that it will no longer collect data about users' online activity. The software, called SmartDownload, is the subject of a federal class-action lawsuit that claims it violates a federal law protecting computer users' privacy. The program is designed to make it easier for people to download large files. If a transfer is interrupted, SmartDownload allows a user to resume from the interruption instead of starting over.

It also provides information to Netscape about what kinds of files a user is downloading. Andrew Weinstein, a spokesman for Dulles, Va.-based America Online, which owns Netscape, said Wednesday the information was designed to give Netscape's technical experts insight into what kinds of files were difficult to download. Weinstein said neither Netscape nor AOL ever looked at the information and that it is regularly purged from Netscape's databank. Because the information is never used, Weinstein said the new version of SmartDownload will not collect the data. Regardless, it is illegal for Netscape to collect the information at all under the Electronic Communication Privacy Act, said Joshua Rubin, the plaintiffs' lawyer in a class-action suit filed against Netscape in U.S. District Court in the Southern District of New York. ''The SmartDownload product essentially spied on SmartDownload users,'' Rubin said. The law allows aggrieved parties to collect damages up to $10,000 a person, Rubin said. It's unclear exactly how many people use SmartDownload. It is not included with Netscape's popular Navigator Web browser, but users can download SmartDownload any time they update the browser or visit Netscape's home page. AOL's Weinstein said the class action suit is ''totally without merit.'' No release date had been set for the new version. from TPDL 1999-Feb-14, from WorldNetDaily, by Joseph Farah: Meet the 'Digital Angel' -- from Hell 'Twas Lord Byron who said it first, I believe: "'Tis strange but true; for truth is always strange; Stranger than fiction." In the 21st century, I'm certain we will find that truth is even stranger than science fiction. You had better sit down for this one, privacy fans. A company called Applied Digital Solutions has what sounds to me like the final solution. The NASDAQtraded high-tech company is excited about its acquisition of the patent rights to a miniature digital transceiver -- which it nicknamed "Digital Angel (R)." Personally, I think it should be rated X -- or worse. The product is billed as a versatile transceiver that can send and receive data -and which can be implanted in humans.

It can provide a tamper-proof means of identification for enhanced business security, the company boasts. It can locate lost or missing individuals, say the proud owners. It can track and locate valuable property, they claim. It can monitor the medical conditions of at-risk patients. And it can slice, dice and destroy the last vestiges of personal privacy in an increasingly impersonal world. The implantable transceiver's signals can be tracked continuously by global positioning satellites. When implanted in the body, the device is powered electromagnetically through the movement of muscles, and it can be activated either by the wearer or by the monitoring facility. "While a number of other tracking and monitoring technologies have been patented and marketed in the past, they are all unsuitable for the widespread tracking, recovery and identification of people due to a variety of limitations, including unwieldy size, maintenance requirements, insufficient or inconvenient power-supply and activation difficulties," explains a company prospectus. "For the first time in the history of location and monitoring technology, Digital Angel(R) overcomes these limitations." Oh, goody. The company projects a global market for this technology in excess of $100 billion. But the applications it discusses just don't add up to that kind of number. The math doesn't work for me. You decide. Here's what the company is talking about: business security, locating individuals, monitoring medical conditions, tracking and locating essential military and diplomatic personnel, tracking personal property. The only way that adds up to a hundred billion in my calculator is if every human being on earth gets one of these implants. And maybe that's the idea. On Jan. 31, APS accepted the special "Technology Pioneers" award from the World Economic Forum for the company's contributions to worldwide economic development and social progress through technology advancements. And what is the World Economic Forum? It bills itself as an independent organization committed to improving the state of the world. It does this by "creating the foremost global partnerships of business, political, intellectual and other leaders of society to define and discuss key issues on the global agenda." Now, I want you to use your imagination here, for a moment. Why would an organization committed to breaking down nationalist barriers and moving the world toward global government give a technology award to a company that just acquired the patent to a sophisticated, implantable identification device? Hmmmmm? And guess what one of the foremost goals of WEF is? You got it -vaccinating every human being on the planet. How convenient! What a coincidence.

President Clinton recently addressed the WEF in Davos, Switzerland. He boasted about asking the Congress to give pharmaceutical conglomerates tax credits to make vaccines more widely available at low cost. He appealed for a similar effort from the World Bank, other nations and the corporate world to deliver the vaccines to the people who need them -- meaning everyone. How could ADS ever hope to make $100 billion with this new technology? By implanting it in every human being in the world. And how could that be done? At vaccination time, of course. Let's see now. The application is buying and selling. The technology is implantable. The plans are global. This sounds remarkably like something I read in Revelation 16-18: "And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name. Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six." Digital Angel? Sounds more like we could be entering the age of the Digital Devil. from TPDL 2000-Mar-17, from the Washington Times, by James Bovard: Census intrusions ''There are three certainties in life death, taxes and the continuation of the Census Bureau's proud tradition of keeping information it collects about individuals strictly private." So announces the Census Bureau's web page, seeking to assure Americans that they have nothing to fear by opening their lives to the prying of this year's Census. Regrettably, after seven years of the Clinton administration, some Americans may be a little skeptical about this "trust us - we're the government" line. And, considering the Census Bureau's dark history, people have plenty of reason to fear that their answers could be used against them. In 1942, the Census Bureau made up a special list telling the U.S. Army how many Japanese-Americans lived in each neighborhood in the United States. The Army used the Census lists to send out trucks to round up Japanese-Americans for internment camps during World War II. Census Bureau spokeswoman Paula Schneider stressed that, because the Census Bureau did not disclose the specific names and addresses of JapaneseAmericans, it did not compromise the confidentiality of Census respondents. Ms. Schneider noted, "unfortunately, what was used was data for small geographic areas that showed where the Japanese lived." This is like someone claiming he has no responsibility for setting loose a wolf on your street that just happened to gnarl your leg - simply because he didn't set the wolf free at your doorstep and tell the wolf to bite you personally.

Why should Americans believe the Census Bureau would be more trustworthy than the White House? In 1993-94, the Clinton White House illegally requested and received from the FBI 900 confidential background files that the FBI had compiled on Bush and Reagan administration nominees. When news of this abuse surfaced in 1996, Mr. Clinton shrugged off the gross violation of privacy as a "completely honest bureaucratic snafu." Congressional investigators recently discovered the White House had wrongfully refused to turn over thousands of subpoenaed e-mails regarding the use and abuse of the files. No White House official has faced a serious prospect of jail time for breaking the law. Federal law states that "in no case shall [Census] information be used to the detriment of any respondent or other persons to whom such information relates." But, according to the U.S. General Accounting Office, Census responses have also been used for government housing code crackdowns. Responses are especially helpful in allowing local governments to know where to carry out raids for allegedly overcrowded housing. When asked about such uses of Census data, Ms. Schneider replied: "You balance the need for small area data with the possibility that it could possibly be used for purposes for which it was not intended." Such housing crackdowns sometimes appear little more than a pretext to evict blacks, Hispanics, or other low-income people. The information the Census gathers will help fuel new government interventions. A Census Bureau press release noted that "Race data are required . . . to assess racial disparities in health and environmental risks." This is part of the Clinton administration's "environmental justice" campaign - an effort to portray routine business decisions as part of a racist conspiracy. These policies have helped discourage new factories from locating in areas of high unemployment. The Census Bureau is also trying to whip up enthusiasm by telling people of all the federal benefits their localities will receive thanks to their cooperation. The Census has degenerated from a method of counting the population into a scheme for generating grist for the expansion of the welfare state. Information on occupations is used to construct affirmative action quotas for different industries. Information on "place of birth" is used by the Civil Rights Commission as a base line for determining discrimination by national origin. Information on home value and rental levels is used by housing agencies to establish subsidy programs. Census Director Kenneth Prewitt declared that people's Census answers affect "power, money, group interests, civil rights; in short, who gets how much of what." But the federal government has no right to dictate "who gets how much of what." The Census, by providing reams of information, allows politicians to further manipulate people's lives. The more information government collects, the more control government can exert. The Constitution mandates that an enumeration of the citizenry be conducted every 10 years in order to apportion seats in the House of Representatives. Citizens should refuse to answer any Census question except for the number of

residents at an address. A partial boycott of the Census questionnaire is necessary to safeguard our liberties. James Bovard is the author of ``Freedom in Chains: The Rise of the State & the Demise of the Citizen'' (St. Martin's Press, 1999). from TPDL 2000-Apr-3, from the Boston Herald, by Don Feder: Senseless count adds up to intrusion Senate Majority Leader Trent Lott is urging citizens not to answer census questions they deem to be an invasion of their privacy. On the long form, that would be 52 out of 53 questions, everything except the number residing in your household. The census isn't the dumbest thing the federal government does, or the most wasteful, or the most immoral. But it is intrusive and expensive ($6.8 billion for the 2000 census) and unconstitutional. But isn't a decennial census mandated by the Constitution? Article I does require Washington to take a head count every 10 years to apportion congressional seats - period. It does not give the Census Bureau the authority to inquire about your race, the number of bedrooms in your home or how long it takes you to get to work. To encourage compliance with this indignity, the bureau is employing a tried and true elitist technique - inducing guilt. One of its TV ads shows a class meeting in a janitor's closet. Message: If you don't fill out your senseless form, the feds won't know how much aid to direct to your school district and students at the Millard Fillmore Elementary School will receive instruction in a windowless cubicle. It's true, some of the data collected is used to distribute $2 trillion a year in federal largess. If you like the idea of Washington taking 22 percent of your income and doling it out in the form of welfare, subsidies and various grants, then of course you'll want to facilitate its acts of plunder and redistribution by completing your census form ASAP. It isn't just your money, but your life that interests them. As Washington has grown from the relatively modest republican institution it was at the beginning of the 20th century to the musclebound ape it is today, its curiosity has increased proportionally. Now, its appetite for details of our private lives is insatiable. If yours was among the one in six American households lucky enough to get the long form, you were subjected to 53 impertinent interrogatories. (Gov. George Bush has said he's not sure he would fill out the form.)

How old are you? What's you race? There are 15 choices here. George Getz, the Libertarian Party's spokesman, sardonically notes that South Africa's apartheid government had only four racial classifications. What's your level of education? What do you earn? Where do you work? How do you get there? How long does it take? Where do you live? Who lives with you? What's your rent or mortgage payments? What's your house worth? What's the annual cost of utilities? How many kinds of different flowers are there in an English country garden? Just kidding. Like a blob creature in a sci-fi movie, the census is growing at an alarming rate. The current assault on privacy costs twice as much as the 1990 count. Where will it end? In 2010, the census long form might include the following: What do you usually eat for breakfast (choices include cereal, eggs or yogurt)? What's you favorite TV show? How many guns do you own? What caliber? Don't you know that's dangerous? What's your weight? Have you gained or lost weight in the past year? List the fatty foods you consume in a typical week? Do you smoke? Do you exercise? How often? Did you vote? If not, don't you know it's your civic duty? If yes, for whom did you vote (include third-party candidates)? Do you subscribe to any publications that disparage the federal government and/or elected officials? List alphabetically. Do you ever have bad thoughts about your government? How bad? How often? Have you read the preamble of the Declaration of Independence, which enunciates the people's right to revolt when government becomes tyrannical? If yes, report to one of the centers listed in the accompanying brochure for further interrogation. By statute, the Census Bureau can fine you $100 for refusing to complete your form and $500 for supplying false information. (The provision is never enforced. The bureau doesn't want to publicize non-compliance and lacks an enforcement mechanism.) Even if it did come after you, $100 is a small price to pay to defend your constitutional rights. from the Associated Press, 2000-Apr-5: States' Census Return Percentages The percentage of Census 2000 forms mailed back to the Census Bureau in each state, as well as Puerto Rico and the District of Columbia, as of Wednesday: State Pct. State Pct. State Pct.

Ala. 52 Alaska 46 Ariz. 53 Ark. 56 Calif. 59 Colo. 58 Conn. 60 Del. 55 D.C. 50 Fla. 54 Ga. 55 Hawaii 52 Idaho 58 Ill. 57 Ind. 59 Iowa 62 Kan. 59 Ky. 57

La. 50 Maine 54 Md. 59 Mass. 60 Mich. 63 Minn. 59 Miss. 51 Mo. 58 Mont. 58 Neb. 64 Nev. 55 N.H. 59 N.J. 59 N.M. 50 N.Y. 55 N.C. 52 N.D. 57 Ohio 63

Okla. 51 Ore. 58 Pa. 62 P.Rico 37 R.I. 58 S.C. 49 S.D. 62 Tenn. 55 Texas 52 Utah 58 Vt. 52 Va. 61 Wash. 56 W.Va. 54 Wis. 61 Wyo. 57 U.S. 57

Source: Census Bureau from the Star Tribune of Minneapolis/St. Paul, 2000-Jun-30, by Paul Gustafson with Curt Brown: Officials angered by St. Paul officers posing as census takers Two St. Paul police officers investigating an alleged drug house posed as U.S. censusworkers earlier this month. Patricia Waller, the U.S. Census Bureau manager for Ramsey and Washington counties, said Thursday that she was "just awed" by the officers' duplicity and that she was checking with the regional office in Kansas City to determine whether impersonating a censusworker constitutes a federal offense. And Ramsey County public defenders, who informed the Census Bureau of the ruse by the officers, questioned whether it was legal or ethical. "I don't know if [the officers] broke the law, but it seems to me that what they did was highly unethical and so unprofessional that it should be discontinued immediately," said Diane Alshouse, an assistant public defender. Federal officials, concerned that members of minority groups are undercounted in the census, have waged a campaign this year to convince the public that census data is kept private and that censusworkers can be trusted.

St. Paul police spokesman Michael Jordan confirmed that the officers said they were censusworkers, but his account of the incident differs from a written police report. Jordan said that he couldn't explain the differences between the accounts, but that he may have more information today. Department officials haven't talked to the officers about the incident because one was on vacation and the other was away at training, he said. Asked whether the department believes such conduct is proper, Jordan said, "I'll give you a response to that at a different time." According to Jordan, the incident on June 6 began as the two officers were talking to a resident who complained about an alleged drug house on St. Paul's East Side. When a person suspected of selling drugs at the house approached the officers and demanded to know who they were and what they were talking about, the officers replied that they were census takers, Jordan said. But a written report filed the day of the incident says that the two officers, posing as censusworkers, went to the alleged drug house in the 1000 block of Greenbrier St. and asked Heidi Frison for information about who lived at the house. The report doesn't name the officers. Several hours later, officers executed a search warrant at the house and arrested four people, including Frison. Some of those arrested were black and some were white. Frison and two other people were issued citations for operating a disorderly house, but charges were later dropped against Frison and one of the other people. Frison confirmed Thursday that two men who said they were censusworkers talked to her outside of the house before it was searched. "They just said they were censusworkers," she said. "They said they were sent out because two houses had not filled out their forms. I took them as who they said they were. But I'm learning." Concerned about trust Several public defenders said that, at the request of census officials, they have been encouraging clients, many of whom are poor and minorities, to cooperate with censusworkers. Now, the public defenders worry they have lost their clients' trust. Waller said Thursday that she fears the St. Paul incident may undermine public confidence in Census Bureau workers who don't condone and had no knowledge that officers were posing as census takers.

"I really want people to know that if they have any concerns about this, I will take their calls directly. I don't want the credibility of the St. Paul census office injured by this. We had absolutely no idea about this," she said. The Washington Post reported in February that census officials in Texas earlier this year rejected an FBI agent's demand for a censusworker badge and other identification in order to impersonate a census employee. Federal law states that "whoever falsely assumes or pretends to be an officer or employee acting under the authority of the United States or any department, agency, or officer thereof, and acts as such, or in such pretended character demands or obtains any money, paper, document, or thing of value, shall be fined under this title or imprisoned not more than three years, or both." Census Bureau officials have yet to contact the Police Department about the incident, Jordan said. He added that he is not aware of any other incidents in which officers posed as censusworkers. from TPDL 2000-Jan-5, from The Libertarian, by Vin Suprynowicz: Coming soon: mandatory government home inspections Companies that allow employees to work at home -- even part-time -- are responsible for keeping conditions at those home work sites up to federal health and safety standards, according to a new Labor Department advisory. The decision covers millions of people, "not only the estimated 19.6 million adult workers who regularly telecommute from their homes to their jobs, but also millions more who work at home occasionally -- even the parent who has to dash out of the office to be with a sick child and finishes a memo at home," The Washington Post reported Tuesday. Of course, OSHA sidesteps any requirement that such new rules be subject to public hearings or congressional approval by simply declaring the letter is "not a proposed rule, but rather a declaration of existing policy the agency deems already to be in effect." "This is nuts. They're trying to match a 30-year-old law with a Year 2000 workforce," protests Pat Cleary, vice president of human resources policies at the National Association of Manufacturers. "The law doesn't contemplate everyone painting their (home) banisters yellow." But Peg Seminario, health and safety director of the AFL-CIO, says she agrees with the policy spelled out in the new advisory. "It makes sense," she said. "Employers have to provide employees a workplace free from hazards." Needless to say, OSHA was quick to assure all parties the agency has no intention of conducting inspections at private homes the way it does at employer work sites. They also insist the ruling will not require employers to routinely inspect the home work sites of their employees -- though (wink wink, nudge

nudge) OSHA warns that employers should require home workers to certify they have first aid kits at hand, and also to file "emergency medical plans." Also, any injuries occurring at the home work site must now be reported on the employer's injury log just as though they'd happened at the employer's office or factory. OSHA officials also insist they're not particularly concerned about the state of an employee's home outside the designated work site -- though the advisory letter offers as one example: "If work is performed in the basement space of a residence and the stairs leading to the space are unsafe, the employer could be liable if the employer knows or reasonably should have known of the dangerous condition." In other words, all disclaimers aside, this is precisely a first extension of the government's slimy tentacles into the business of having someone inspect "home work stations," where everything from locked exit doors and heaps of papers (fire hazards, you understand) to the presence of smoking materials, "unsecured" self-defense firearms, and the kind of reading material or home hobby equipment that might raise a curious agent's eyebrow, will be duly noted. (Furs and fancy cars? IRS might be interested. Bruises on the kids? Inform Child Protection. Hispanic nanny? Memo INS. Grow lights on the aquarium? Wonder what else they might be growing?) Why? Labor unions and their pet Labor Department bureaucrats have fought for years against the "telecommuting" movement, identifying it with the old tradition of farming out "piecework" to home knitters -- a practice much harder to regulate and oversee than work in traditional, 19th-century factories. Times have changed, of course. Salesmen and brokers and attorneys who e-mail work product to the office aren't generally recruiting their children to string beads for a nickel an hour. But government's urge to regulate and "rent-seek" never changes. The bureaucrats have learned better than to start by threatening "mandatory government home inspections." But by holding employers responsible for making sure home work sites now have "ergonomically correct furniture, as well as proper lighting, heating, cooling and ventilation systems" (the Post) -- even leaving open the possibility of a workers' comp claim should a worker electrocute him or herself while doing the laundry barefoot during those hours when the home PC is "logged into the office" -- they clearly mean to make it either prohibitively expensive, or reminiscent of Orwell's "1984," for anyone to continue developing a new 21st century employment paradigm featuring flextime and cyber-commuting. How ironic that this overdue breakdown of the long-outdated "9 o'clock factory whistle" mentality -- a boon to young working parents, particularly -- is now so fiercely resisted by the very "labor movement" which once claimed to hold workers' best interests at heart.

Republican leaders had already vowed to scrutinize OSHA after Congress returns from its holiday break, after the agency proposed new regulations requiring employers to spend billions making workplaces more "ergonomic" -despite a lack of hard data that such redesign is likely to reduce injuries. Adding this new "advisory" to the mix, it should now be clear to all that OSHA has gone completely nuts. If the engine of America's economic growth is to stay on track, Congress should contemplate a lot more than merely reining this agency in. from New Scientist, 1999-Dec-11, by Duncan Graham-Rowe: Warning! Strange behaviour Nobody sees the thief looking for a car to break into, or the woman steeling herself to jump in front of a train--- but somehow the alarm is sounded. Duncan Graham-Rowe enters a world where machines predict our every move GEORGE IS BLISSFULLY UNAWARE that a crime is about to be committed right under his nose. Partially obscured by a bag of doughnuts and a half-read newspaper is one of the dozens of security monitors he is employed to watch constantly for thieves and vandals. On the screen in question, a solitary figure furtively makes his way through a car park towards his target. The miscreant knows that if the coast is clear it will take him maybe 10 seconds to get into the car, 15 to bypass the engine immobiliser and 10 to start the engine. Easy. But before he has even chosen which car to steal, an alarm sounds in the control room, waking George from his daydream. A light blinking above the screen alerts him to the figure circling in the car park and he picks up his radio. If his colleagues get there quickly enough, they will not only catch a villain but also prevent a crime. The unnatural prophetic powers of the security team would not exist but for some smart technology. The alarm that so rudely disturbed George is part of a sophisticated visual security system that predicts when a crime is about to be committed. The remarkable research prototype was developed by Steve Maybank at the University of Reading and David Hogg at the University of Leeds. Although in its infancy, this technology could one day be used to spot shoplifters, predict that a mugging is about to take place on a subway or that a terrorist is active at an airport. Once connected to such intelligent systems, closed- circuit television (CCTV) will shift from being a mainly passive device for gathering evidence after a crime, to a tool for crime prevention. But not everyone welcomes the prospect. The technology would ensure that every security screen is closely watched, though not by human eyes. It would bring with it a host of sinister possibilities and fuel people's fears over privacy.

Criminals certainly have reason to be worried, with the car park system, for example, the more thieves try to hide from a camera--by lurking in shadow, perhaps--the easier it is to spot them. Underlying the system is the fact that people behave in much the same way in car parks. Surprisingly, the pathways they follow to and from their cars are so similar as to be mathematically predictable--the computer recognises them as patterns. If anyone deviates from these patterns, the system sounds the alarm. "It's unusual for someone to hang around cars," says Maybank. "There are exceptions, but it's rare." To fool the system, a thief would have to behave as though they owned the car, confidently walking up to it without casing it first or pausing to see if the real owner is nearby. In short, they have to stop behaving like a thief. It sounds easy, but apparently it isn't. Another surprising thing about the system is that it employs relatively unsophisticated technology. For decades, researchers have been devising clever ways for a computer presented with a small section of a face, arm or leg to deduce that it is looking at a person. Maybank and Hogg have rejected all this work, giving their prototype only the simplest of rules for recognising things. "If it's tall and thin it's a person," says Maybank. "If it's long and low it's a car." It's the trajectory of these "objects" that the system follows. An operator can constantly update the computer's notion of "normal behaviour" by changing a series of threshold values for such things as the width of pathways and walking speed. In this way it can be made more reliable over time. If trained on enough suitable footage, the system should be able to view children running in the car park or somebody tinkering with their engine without raising the alarm. Its ability to calculate where people are likely to go even allows the system to predict which car a thief is aiming for, though Maybank concedes that the crook's target cannot be guaranteed. The system should identify more than just potential car thieves. Because it spots any abnormal behaviour, the computer should sound the alarm if a fight breaks out--though this hasn't been tested yet. Of course, not all unusual activity is criminal. But if the system flags up an innocuous event, says Maybank, it doesn't really matter. The idea is to simply notify the Georges of this world when something out of the ordinary happens. It's up to them to decide whether or not they need to act on what they see. Maybank plans now to join forces with Sergio Velastin of King's College London and others in a project funded by the European Commission to develop a full range of security features for subways. Velastin has already broken new ground in this area. In a recently completed project, called Cromatica, he developed a prototype that has been tested on the London Underground for monitoring crowd flows and warning of dangerous levels of congestion. It will also spot people behaving badly, such as those going where they shouldn't.

Most impressive of all, Cromatica can identify people who are about to throw themselves in front of a train. Frank Norris, the coroner's liaison officer for London Underground, says there is an average of one suicide attempt on the network every week. These incidents are not only personal tragedies but also cause chaos for millions of commuters and great distress for the hapless train drivers. Keeping track of thousands of people in a tube station is impossible for a human or a computer. Following individuals is tough enough: as people move, different parts of their bodies appear and disappear, and sometimes they are completely obscured. To get round this problem, Velastin rejected completely the idea of identifying objects--people, that is. Instead, Cromatica identifies movement by monitoring the changing colours and intensities of the pixels that make up a camera's view of a platform. If the pixels are changing, the reasoning goes, the chances are that something is moving and that it's human. The system compares its view second by second with what it sees when the platform is empty. The more its view changes from this baseline, the more people are passing, and the speed of change gives a measure of how quickly those people are moving. If things stay constant for too long, it's likely that the crowd has stopped and there may be dangerous congestion--so an alarm would sound. Averting a tragedy Cromatica's ability to spot people contemplating suicide stems from the finding, made by analysing previous cases, that these individuals behave in a characteristic way. They tend to wait for at least ten minutes on the platform, missing trains, before taking their last few tragic steps. Velastin's deceptively simple solution is to identify patches of pixels that are not present on the empty platform and which stay unchanged between trains, once travellers alighting at the station have left. "If we know there is a blob on the screen and it remains stationary for more than a few minutes then we raise the alarm," says Velastin. Security guards can then decide whether or not they need to intervene. So far, Cromatica has not seen video footage of real suicide cases--it has only identified people who have simulated the behaviour. In trials where Cromatica was pitted against humans it proved itself dramatically, detecting 98 per cent of the events--such as congestion--spotted by humans. In fact, the humans performed unrealistically well in the tests because they had to watch just one screen, whereas they would normally check several screens at once. Cromatica also scored well on false alarms: only 1 per cent of the incidents it flagged up turned out to be non-events. This low rate is vital, says Velastin, if operators are to trust the system.

Velastin and Maybank's present project, which includes partners such as the defence and communications company Racal, aims to detect other forms of criminal activity, "anything for which eventually you would want to call the police", says Velastin. This will include people selling tickets illegally and any violent behaviour. But detecting violent crime is not as straightforward as it might appear. Certainly if a fight breaks out the characteristic fast, jerky movements of fists flying and bodies grappling would show up as unusual activity. But what of a mugging? Often a mugging is a verbal confrontation with no physical contact. To a vision system, someone threatening a person with a knife looks much the same as someone offering a cigarette to a friend. Indeed, recognising that there is any interaction at all between people is still a monster challenge for a machine. No one yet has the answer. Nevertheless, Maybank is taking the first tentative steps into this field, incorporating into his car park system a method for identifying what people are doing and then annotating the videotape with the details. The technique works by attaching virtual labels to objects, such as cars and people, and then analysing the way they move and interact. So far the system can distinguish between basic activities such as walking, driving and meeting (or mugging). It is here, provided the system can be perfected, that Maybank sees the potential for sinister uses of the technology. In places such as the City of London--the capital's main business area--CCTV cameras are so widespread that it's difficult to avoid them. With such blanket coverage, and as it becomes possible to track a person from one camera to the next, it would be relatively easy to "tail" people remotely, logging automatically their meetings and other activities. Maybank and his colleagues worry about this type of use. "This is something that will have to be considered by society as a whole," he says. Simon Davies, director of the human rights group Privacy International, is scathing about the technology. "This is a very dangerous step towards a total control society," he says. For one thing, somebody has to decide what "normal behaviour" is, and that somebody is likely to represent a narrow, authoritarian viewpoint. "The system reflects the views of those using it," he argues. Anyone who does act out of the ordinary will be more likely than now to be approached by security guards, which will put pressure on them to avoid standing out. "The push to conformity will be extraordinary," Davies says. "Young people will feel more and more uncomfortable if that sort of technology becomes ubiquitous." On the other hand, to fully grasp the benefits of a system that can recognise and record details of different activities, consider the following scenario: a future, technology-savvy George keeps watch as thousands of people flow through an airport. The security team has been tipped off about a terrorist threat. But where to begin?

One starting point is to watch for unattended baggage. Most airports do this continuously, with the majority of cases turning out to be lost luggage. So how do you distinguish between a lost item and one deliberately abandoned? The best way would be if George could rewind to the precise moment when a bag was left by its owner. George takes a bite of doughnut and washes it down with some tepid coffee when suddenly an alarm sounds: "Suspect package alert. Suspect pack..." He flicks a switch. The system has zoomed in on a small bag on the ground next to a bench. "Where is it?" he demands. "Terminal three, departure gate 32," squawks the computer. "How long?" "Four minutes." "Show event," orders George. The system searches back until it finds the electronic annotation that marks where the bag and its carrier parted company. The screen changes to show a man sitting on the bench with the bag at his feet. He reaches into it briefly, looks around, then stands and walks away. "Where is he now?" asks George. "Terminal three, level 2, departure lounge." "Show me." The screen changes again, this time showing the man walking quickly towards the exit. George picks up his radio: "Jim. We've got a two-zero-three coming your way. Red shirt, black denim jacket. Pick him up." After alerting the bomb squad and clearing the departure gate, he pops the remainder of the doughnut into his mouth and turns back to that pesky crossword . . . Seamless tracking There are plenty of instances where it would be helpful to refer back to specific events. And though this scenario may sound far-fetched, it isn't. The Forest of Sensors (FoS), developed by Eric Grimson at the Massachusetts Institute of Technology, near Boston, already has all the foundations of such a system--apart from speech recognition. "We just haven't put it all together yet, so I don't want to say we can definitely do it now," he says. Grimson's system, which is partly funded by the US government's Defense Advanced Research Projects Agency, sets itself up from scratch with no human intervention. The idea behind it was that dozens of miniature cameras could be

dropped at random into a military zone and FoS would work out the position of every camera and build up a three-dimensional representation of the entire area. The result is a network of cameras that requires no calibration whatsoever. You simply plug and play, says Grimson. Quick and dirty In order to build up a three-dimensional image, most 3D surveillance systems, such as those used in the car park and subway, need every camera to be "shown" where the floor and walls are. Grimson's system does this automatically. And provided there is a little bit of overlap between the cameras' images, FoS will figure out where in the big scheme of things every image belongs. "We do it purely on the basis of moving objects," he says. "As long as we can track anything in sight, we can use that information to help the system figure out where all the cameras are." Having decided what is background movement, such as clouds passing or trees blowing in the wind, FoS then assumes that other objects are moving on the ground. From these movements, it calculates the ground plane and reconstructs the 3D space it's looking at. The system then allows seamless tracking from one camera to the next. FoS is smart in other ways too. The system can learn from what it sees and build up a profile of what is and what is not normal behaviour. It differentiates between objects by sensing their shapes, using quick-and-dirty methods to detect their edges and measure their aspect ratios. It then classifies them as, for example, individuals, groups of people, cars, vans, trucks, cyclists and so on. Moreover, the system can employ its inbuilt analytical powers to decide for itself what activities the camera is seeing, such as a person getting into a car or loading a truck. Of course, the system doesn't understand what these activities are, says Grimson, it merely categorises activities by learning from vast numbers of examples. It's up to a human to give each activity a name. Like Maybank and Hogg, Grimson is still struggling to distinguish a meeting from a mugging. He hopes that higher resolution cameras, that can spot small details and movements, will help to crack the problem, and that's what he's working on now. Higher resolution should also allow him to exploit progress made in recent years in gesture recognition. In particular, he thinks that "gait recognition" will make its mark as a way to identify people. It needs lower resolution than face recognition and its reliability is growing fast (New Scientist, 4 December, p 18). FoS can already perform many of the tasks that gives Maybank the jitters. Grimson, too, has reservations about what his research might be used for. His system could conceivably be used by intelligence agencies to monitor the behaviour of individuals. But he would be unhappy if his research were used in this way. "You have to rely on the legal system to strike a balance," he says. "It is a real worry." Fortunately, both these tasks are probably impractical at present. "The volume of data is so huge it's incredibly unlikely," he says.

One place where Grimson is keen to deploy FoS is in the homes of elderly people. Many old folk are unhappy about being monitored in their homes by CCTV because of the lack of privacy, he says. But with FoS, there would be no need for a human to watch at all. The system would train itself on a person's patterns of behaviour and ask them if they were all right if they failed to get up one morning or fell over. If the person didn't respond, the system would issue a distress call to a help centre. Another George would send someone round to help, without even once seeing inside the person's home. Is this, then, an unequivocally good use for a smart surveillance system? Davies reckons not. "This is like justifying road accidents because they provide hospital beds," he says. Elderly people will end up trying to conform to the system so as not to trigger the alarm. But, whether for good or bad, surveillance machines are going to to get smarter. They're already starting to recognise people's faces in the street (New Scientist, 25 September, p 40), and systems that spot abnormal behaviour will not be far behind. So, if you have a hanker- ing to cartwheel down main street you'd better do it now. Wait a few years and it will be recorded, annotated and stored--just waiting to come back and haunt you. Further reading:

For more information about Hogg and Maybank's work, see: www.cvg.cs.rdg.ac.uk/papers/list.html Details of Velastin's research are at: www.research.eee.kcl.ac.uk/~vrl/ Information about the Forest of Sensors is at: www.ai.mit.edu/projects/vsam/

from Electronic Privacy Information Center's front page 1999-Aug-27 (http://www.epic.org/ - follow this link for the latest update): Latest News[August 27, 1999]

EPIC has expressed its concern that a Federal Communications Commission (FCC) decision issued on August 27 could result in a significant increase in government interception of digital communications. In its decision, the FCC largely has adopted technical standards proposed by the Federal Bureau of Investigation (FBI) that would dictate the design of the nation's telecommunications networks. Included is a requirement that cellular telephone networks must have the ability to track the physical location of cell phone users. See EPIC's Wiretap Archive for background information.

On August 18, the U.S. Tenth Circuit Court of Appeals handed down a decision that erodes consumer control over telephone usage information. The court ruled that phone companies can sell or give consumer proprietary network information (CPNI) -- which includes the location, duration, and frequency of phone calls -- to telemarketers without the explicit permission of customers. The Federal Communications Commission has announced that it will appeal the decision.

[...] from TPDL 2000-May-24, from Capitol Hill Blue, by Michael Hedges: Obscure Drug Law Could Expand Police Search and Seizure Powers Federal agents would have enhanced authority to search your house, vehicle or workplace without telling you, and take property without immediately informing you of what was seized if a proposed law passes Congress, critics charge. That would be one of the consequences of a seemingly innocuous bill designed to increase criminal penalties for the production or distribution of methamphetamine, according to both liberals and conservatives who have targeted the measure for defeat. The Justice Department backs the bill called the Methamphetamine AntiProliferation Act saying it provides, "important and necessary tools for deterring the spread of methamphetamine manufacturing and abuse in our nation," according to Assistant Attorney General Robert Raben. The bill was sponsored by Sen. Orrin Hatch, R-Utah, chairman of the Senate Judiciary Committee, whose staff said the law merely standardizes practices that already occur, but are handled inconsistently by federal judges. But a provision of the law that would allow police and federal agents to "delay giving notice" of the intention to serve a search warrant has drawn fire. What that means, according to a statement from the American Civil Liberties Union, is that, "the government could enter your house, apartment or office with a search warrant when you were away, conduct a search, seize or copy things such as your computer hard drive, and not tell you until months later." Marvin Johnson, the ACLU's legislative counsel, said, "If a man's home is his castle, this is a tunnel under the moat." That assessment is shared by Rep. Bob Barr, R-Ga., a former federal prosecutor, who said the controversial provision "would in very substantial ways change the law about notice of a search warrant being given. It would loosen two aspects of search warrants, when notice of a search had to be given and when a person had to be told of property seized."

The proposed law was inspired by difficulties that federal anti-drug agents experienced in busting those processing "meth," a powerful stimulant that is the drug of choice among white teenagers in much of the country. Federal law already allows for so-called "sneak and peek" searches in which federal agents go into a suspected drug warehouse or laboratory and document their suspicions without immediately informing the occupants, said Jeanne Lopatto, a spokeswoman for the Senate Judiciary Committee. And, in limited cases, federal judges can approve wiretaps, listening bugs or tracking devices without the knowledge of the person being investigated. But there had been confusion about when such warrants are appropriate. The proposed law was designed to set a uniform standard for when federal courts could issue a search warrant, especially in drug cases, said Lopatto. "Our ultimate goal is cracking down on methamphetamine labs," she said. "It does nothing to lessen the standard for a search warrant. You'd still have to convince a court you have probable cause. This would allow a delayed notice, for a limited time, in cases where you want to prevent destruction of evidence, flight from prosecution or putting a witness in jeopardy." But the ACLU and Barr said the provisions of the bill, if they become law, would not be restricted to searches for suspected methamphetamine labs. Instead, they could easily be applied to any type of search for which a judge issued a warrant. "These provisions would apply generally; they have nothing to do with drug laws," Barr said. "They are not limited in any way, shape or form." The ACLU's Johnson said the law would make it much easier to get a search warrant that would allow federal agents to refrain from informing the subject of the investigation that property was taken. Now those warrants are granted under "highly unusual circumstances" when there is no other way to gather the evidence, he said. The bill has cleared the Senate and is scheduled to be considered by the House Judiciary Committee this week. If the House accepts the Senate version without changes, the bill could pass to the president to be signed into law soon. from WorldNetDaily, 1999-Aug-31, by Joseph Farah: The latest from Big Brother Attorney General Janet Reno, who brought you Waco, has a new plan to protect the federal government from the people. She wants the FBI to have the authority to break into the homes of those suspected of encrypting information on their computers, steal their hard drives and leave permanent bugging equipment behind. I'm not kidding. That's the latest Big Brother snooping plan from the Department of Injustice.

What's most interesting about this proposal is not that it represents any significant breakthrough in the government's ability to snoop on you or me. The fact of the matter is that the FBI has the means and motive to accomplish such monitoring activities without entering our homes. The audacity of this proposal is that it would permit the government to snoop not on a few select individuals but on a massive number of citizens at bargainbasement costs "just in case" they might be up to something. You see, for a long time the technology has existed to pick up computer screen images and CPU and data transfers from as much as a mile away from the target using the radiated RF energy generated by a normal PC. The only problem, from the government's point of view, with such procedures is that they require a van, personnel, man-hours and about $15,000 worth of equipment. The easiest and cheapest way to do long-term surveillance on suspected "troublemakers" is to break into the home or office, copy the hard drive with the encrypted data, replace the keyboard connector with a radio transmitter and wait to capture the keystrokes with the help of a simple receiver with solid state storage in a telephone box or electric meter. The total equipment cost, according to one friendly hacker, would be less than $150. This is obviously a much cheaper method than continuous monitoring, which easily starts at $100,000 for a typical wiretap and monitoring personnel. So, you see, this plan is not intended, as Reno and the FBI would suggest, to help them monitor the activities of potential terrorists or drug kingpins. They already have the means to accomplish that. This is a plan to broaden its surveillance on you, me and everyone else concerned enough about privacy to use some form of encryption on computer-generated communications. The first assumption of this crowd in Washington is that people who attempt to protect their privacy must have something to hide. Their second assumption is that if they have something to hide, it is the government's right and duty to find out about it. This is about power -- the power to intimidate, the power to monitor, the power to read our very thoughts. I don't know how any intelligent observer could watch this renegade government in Washington without concluding that it is making big plans for massive population control. We're on the verge of a great leap into authoritarianism. America is not that far from totalitarianism. Fascism is just an emergency or two away. There are so many of these Big Brother eavesdropping and surveillance proposals coming down on us that it is nearly impossible to keep track of them, let alone mobilize opposition. I believe this is part of a deliberate strategy to overwhelm and demoralize those of us who are aware enough to fight back.

Think about it. You know how effective the "scandal fatigue" strategy has been. So many have given up. So many have lost track. So many have lost interest. So many have missed the point. We've been overwhelmed with corruption so thick, you can't see the forest for the trees. The same is true with corrupt policies designed to curtail our freedom. Perhaps we will be successful at beating back one or two. But when they are coming at us by the dozens, what are the chances we as a people can preserve our freedom? So what hope is there for us? The only hope is to land a stunning blow to the forces of creeping fascism. The architects of such plans, not just the plans themselves, must be laid low. from the Washington Post p.A1, 1999-Aug-20, by Robert O'Harrow Jr.: Justice Dept. Pushes For Power to Unlock PC Security Systems Covert Acts Could Target Homes, Offices The Justice Department wants to make it easier for law enforcement authorities to obtain search warrants to secretly enter suspects' homes or offices and disable security on personal computers as a prelude to a wiretap or further search, according to documents and interviews with Clinton administration officials. In a request set to go to Capitol Hill, Justice officials will ask lawmakers to authorize covert action in response to the growing use of software programs that encrypt, or scramble, computer files, making them inaccessible to anyone who does not have a special code or "key," according to an Aug. 4 memo by the department that describes the plan. Justice officials worry that such software "is increasingly used as a means to facilitate criminal activity, such as drug trafficking, terrorism, white-collar crime, and the distribution of child pornography," according to the memo, which has been reviewed by the Office of Management and Budget and other agencies. Legislation drafted by the department, called the Cyberspace Electronic Security Act, would enable investigators to get a sealed warrant signed by a judge permitting them to enter private property, search through computers for passwords and install devices that override encryption programs, the Justice memo shows. The law would expand existing search warrant powers to allow agents to penetrate personal computers for the purpose of disabling encryption. To extract information from the computer, agents would still be required to get additional authorization from a court. The proposal is the latest twist in an intense, years-long debate between the government and computer users who want to protect their privacy by encryptin