This is one of the lost chapters from "Invasion of
Privacy”, my last book. The publisher deemed it
too controversial to publish in 2004 when the book was
released. You be the judge of
that.
The
Politics of Privacy
This era, “the information
age”, is an accident of history, a perfect storm in
which the future rear-ended the present. It was quite a
fender-bender! Do you remember our fixation with the
Y2K bug, all the news coverage and dire predictions and
money down the drain? We took our eye off the ball! It
wasn’t the end of the world, after all. It was one of
the great miscalculations or hoaxes of our time! The
cynic in me saw Y2K as a vehicle for the technology
industry to sell yet another unnecessary incremental
upgrade. I was not alone in my skepticism that the Y2K
bug was mostly sales hype. The money wasted might have
been spent securing the Web and upgrading the FBI’s
antiquated technology infrastructure but the
opportunity was wasted on Millennium madness. The
credibility of the entire technology industry suffered
when it became apparent that the Y2K bug was much ado
about nothing.
Privacy is governed by the law, and our laws have not
kept pace with technology! Events such as The Stock
Market crash, the emergence of convergence, and 9-11,
complicate matters. We lost more than our innocence on
that tragic day when the Twin Towers collapsed in a
plume of blood and dust. We lost civil liberties long
since taken for granted and the freedom that America
stands for! I’m referring to the passage of THE U.S.A.
PATRIOT Act enacted by President Bush on October 26,
2001, which is based on the erroneous supposition that
America’s national security must come at the expense of
the civil liberties of its citizens. According to Laura
W. Murphy, Director of the ACLU's Washington National
Office, "The USA Patriot Act gives law enforcement
agencies, nationwide, extraordinary new powers
unchecked by meaningful judicial review."
Gregory T. Nojeim, the ACLU’s Associate Director adds,
"For immigrants the law is a dramatic setback that
gives the government the authority to detain -
indefinitely in some cases - non-citizens who are not
terrorists on the basis of vague allegations of a risk
to national security." Among the USA Patriot Act's most
troubling provisions, the ACLU cites:
• Indefinite detention of non-citizens who are not
terrorists, on minor visa violations.
• Minimized judicial supervision of federal telephone
and Internet surveillance by law enforcement.
• Expanded government capability to conduct secret
searches.
• The power of the Attorney General and the Secretary
of State to designate domestic groups as terrorist
organizations and deport any non-citizen who belongs to
them.
• Grants the FBI broad access to sensitive business
records about individuals without having to show
evidence of a crime.
• Large-scale investigations of American citizens for
"intelligence" purposes.
The wiretapping and surveillance provisions in the USA
Patriot Act minimizes the ability of a judge to ensure
that law enforcement conducts legal wiretaps with the
proper justification, and permits the government to
by-pass criminal procedures that would normally protect
our privacy. In addition, the USA Patriot Act
dramatically expands the use of secret searches.
Normally, a person is notified when law enforcement
conducts a search. In some cases regarding searches for
electronic information, law enforcement authorities can
now get court permission to delay notification of the
search. The USA Patriot Act extends the authority of
the government to request "secret searches" to every
criminal case. This vast expansion of power goes far
beyond anything necessary to conduct terrorism
investigations.
The Patriot Act also allows for the broad sharing of
sensitive information in criminal cases with
intelligence agencies, including the CIA, the NSA, the
INS and the Secret Service. It also permits sharing of
sensitive grand jury and wiretap information without
judicial review or any safeguards regarding the future
use or dissemination of such information. These
information sharing authorizations and mandates
effectively put the CIA back in the business of spying
on Americans! Once the CIA makes clear the kind of
information it seeks, law enforcement agencies can use
tools like wiretaps and intelligence searches to
provide data to the CIA. In fact, the law specifically
gives the Director of Central Intelligence - who heads
the CIA -- the power to identify domestic intelligence
requirements. The fine print reads like George Orwell
wrote it, not George Bush.
The USA Patriot Act allows the government to use its
intelligence gathering power to circumvent the standard
that must be met for criminal wiretaps. Surveillance
under FISA, the Foreign Intelligence Security Act, does
not contain many of the checks and balances that govern
criminal wiretaps, and can be used only when foreign
intelligence gathering is the primary purpose. The new
law allows use of FISA surveillance even if the primary
purpose is a criminal investigation. Intelligence
surveillance merely needs to be only a "significant"
purpose. This provision authorizes unconstitutional
physical searches and wiretaps. Although it is
searching primarily for evidence of crime, law
enforcement can conduct a search without probable cause
of a crime.
The USA Patriot Act extends a very low threshold of
proof for access to Internet communications that are
far more revealing than numbers dialed on a phone.
Under current law, a law enforcement agent can get a
pen register or trap and trace order requiring the
telephone company to reveal the numbers dialed to and
from a particular phone. To get such an order, law
enforcement must simply certify to a judge - who must
grant the order -- that the information to be obtained
is "relevant to an ongoing criminal investigation."
This is a very low level of proof, far less than
probable cause. This provision apparently applies to
law enforcement efforts to determine what websites a
person had visited, which is like giving law
enforcement the power - based only on its own
certification -- to require the librarian to report on
the books you had perused while visiting the public
library. This provision extends a low standard of proof
- far less than probable cause -- to actual "content"
information.
In allowing for "nationwide service" of pen register
and trap and trace orders, the Patriot Act further
marginalizes the role of the judiciary. It authorizes
what would be the equivalent of a blank warrant in the
physical world: the court issues the order, and the law
enforcement agent fills in the places to be searched.
This is not consistent with the important Fourth
Amendment privacy protection of requiring that warrants
specify the place to be searched. Under this
legislation, a judge is unable to meaningfully monitor
the extent to which her order was being used to access
information about Internet communications.
The USA Patriot Act grants the FBI broad access in
"intelligence" investigations to records about a person
maintained by a business. The FBI need only certify to
a court that it is conducting an intelligence
investigation and that the records it seeks may be
relevant. With this new power, the FBI can force a
business to turn over a person's educational, medical,
financial, mental health and travel records based on a
very low standard of proof and without meaningful
judicial oversight.
The USA Patriot Act expands the trend of government
access to personal financial information. While the
need is real to shut down the financial resources of
terrorists, the USA Patriot Act goes beyond its stated
goal of combating international terrorism by prying
into innocent consumer transactions.
The USA Patriot Act enables law enforcement to cast an
even broader net for student information without any
particularized suspicion of wrongdoing. When the
changes in federal law dealing with the privacy of
student records is combined with other
information-sharing provisions contained in the new
law, it becomes clear that highly personal student
information will be transmitted to federal agencies in
ways likely to invade the innocent students' privacy.
Particularly troubling, the USA Patriot Act is
absolutely unnecessary! Laws were already in place
before 9-11 that could have prevented the World Trade
Center attack. We now know it was human error,
bureaucratic bungling, and antiquated technology, not
the law, which hampered authorities from protecting our
American shores from terrorism. In his best-selling
book, "THE BUREAU - THE SECRET HISTORY OF THE FBI",
Ronald Kessler finds that FBI director Louis J. Freeh
"almost destroyed the Bureau through colossal
mismanagement, borne of sheer donkey-like stubbornness
and arrogance." Kessler portrays an FBI that failed to
grasp the importance of computer-assisted intelligence
gathering during the height of the technology boom.
According to Kessler, “When Louis Freeh first took
office in 1993, the first thing he did was get rid of
the computer in his office. He didn't use e-mail. That
tells you a lot about why the FBI's computers today are
so primitive that they are 386 and 486 machines that no
one would take even as a donation to a church. Freeh
thought he knew all the answers, didn't listen to
advice, and that is why the FBI's computers are such a
scandal.”
Kessler reassuring concludes, "With the appointment of
Robert Mueller, the FBI's eleventh director, the Bureau
appears to be in good hands. The FBI has stopped
terrorist plots in the past (some 40 in all), including
the al-Qa'eda plot to blow up the tunnels around
Manhattan. So the FBI isn't totally broken. But the FBI
needs to learn to analyze a vast quantity of
information and look for clues. Bob Mueller, the new
FBI director, is creating analysis functions that will
take care of that.”
Kessler, a former FBI agent himself, believes the
Bureau’s human resources -- not its legal scope --
requires expansion. In an online chat hosted by USA
Today in June 2002 Kessler stated, “It's easy to forget
what happened on September 11 and to put out of one's
mind the very real possibility that al-Qa'eda could
unleash biological or nuclear weapons that could kill
millions of people. I think any amount of money is
worth it. The FBI budget of $4 billion is equal to
perhaps two Stealth bombers.
Their agents of 11,500 compare to 40,000 officers in
New York City. I think the FBI could be doubled in
size, and we'd be a lot safer.” He thoughtfully added,
“The reason I think the FBI should be doubled in size,
is so that the Bureau can not only devote far more
agents to counter-terrorism, but also to increase the
focus on organized crime, white collar crime,
espionage, political corruption, and violent crime.”
From J. Edgar Hoover to Louis Freeh, “The Bureau”
provides a proverbial timeline of historic FBI
blunders. First, there was the standoff at Ruby Ridge
in which the FBI killed the suspect's wife, who was
holding a baby, and their 14-year old son. Then, the
FBI was involved in the fiery siege at Waco that killed
80 Branch Davidians, including many children. A U.S.
special prosecutor found the FBI wasn't to blame, but
it tarnished the Bureau's reputation and image all the
same. Timothy McVeigh admitted that he planned the
Oklahoma City bombing in retaliation for the Branch
Davidian siege. The FBI then withheld evidence from
defense attorneys in the Oklahoma City bombing case
jeopardizing the government’s own case.
Then the FBI fingered the wrong man, Richard Jewell,
for the Atlanta Olympic bombing. When they finally
fessed-up and charged Eric Robert Rudolph with the
fatal bombings at Centennial Olympic Park in downtown
Atlanta, in addition to the bombing of an abortion
clinic in Birmingham, Alabama, in which a police
officer was killed and a nurse critically wounded, the
double bombings at the Sandy Springs professional
building north of Atlanta, and the double bombings at a
Lounge in midtown Atlanta, the
FBI sent a posse into the woods to capture Rudolph but
never could find him.
Due largely to hubris, the FBI refrained from
administering polygraph exams to its own agents or
doing periodic background investigations. As a result,
Robert Hanssen, who had access to America’s top
secrets, betrayed his country and the Bureau for
fifteen years. Spurred by allegations from Frederic
Whitehurst, an FBI lab chemist, the Bureau's lab came
under scrutiny. Justice Inspector General Michael
Bromwich investigated the facility for 18 month and
subsequently blasted the FBI facility for flawed
scientific work and inaccurate, pro-prosecution
testimony in major cases, including the Oklahoma City
bombing.
An FBI agent admitted giving false testimony against
Wen Ho Lee, who was accused of passing nuclear secrets
to China. Lee, a former Los Alamos scientist indicted
on 59 criminal counts of mishandling nuclear weapons
secrets, spent nine months in solitary confinement in a
New Mexico jail. Lee was eventually released after 58
out of the 59 counts were dropped!
Finally, if there’s any doubt that J. Edgar Hoover kept
secret files on celebrities and politicians obtained
from illegal break-ins and wiretaps, which he then used
for blackmail and to keep them in line, Kessler
provides ample proof. Those files kept Hoover in office
48 years! Kessler views the Bureau as an agency
comprised of mostly intelligent and dedicated employees
plagued by a history of disastrous management. In my
opinion the FBI in action bears a more striking
resemblance to Jimmy Breslin’s
“The Gang That Couldn’t Shoot Straight!” The question
that lingers is this.
DOES THE FBI REQUIRE THE UNCHECKED JUDICIAL AUTHORITY
THE “USA PATRIOT ACT” UNLEASHES TO FIGHT TERRORISM OR
DOES THE BUREAU SIMPLY NEED TO GET ITS OWN ACT
TOGETHER?
If the FBI’s bungling of the recent anthrax
investigation is any indication, they haven’t mended
their ways. Heavy-handed tactics remain the Bureau’s
forte. Didn’t they learn anything from Richard Jewell
or Wen Ho Lee? Without a shred of physical evidence
linking Dr. Steven J. Hatfill – who has forcefully
proclaimed his innocence -- to the anthrax attacks, the
FBI is still unwilling to clear him. I don’t know
whether Hatfill is innocent or not. He certainly didn’t
look guilty to me when I watched him face down the
media, tearfully declare his innocence, and blast the
FBI and Attorney General John Ashcroft for ruining his
life. The FBI seems incapable of learning from its own
mistakes! Even if the USA Patriot Act were necessary,
which I doubt, I question whether the FBI is
trustworthy of its newfound authority.
This is only a hypothesis. If the FBI
had been using Google’s patented search technology
instead of whatever database it was using, Google might
have prevented 9-11! Think about it. Could a July memo
by an FBI agent in the Phoenix field office “about
Middle Eastern men possibly connected to Osama bin
Laden taking flight lessons” have been linked by
Google’s sophisticated search algorithm to the August
arrest of Zacarias Moussaoui in Minnesota? In a
stinging rebuke to FBI Director Robert Mueller, FBI
attorney Coleen Rowley accused FBI headquarters of
hampering field agents from fully investigating
Moussaoui, the man officials now believe intended to be
the 20th hijacker. Could Google have prevented 9-11? I
posed this question to Google and to Ronald Kessler,
the author of “The Bureau”.
Ron Kessler’s response... "Yes, absolutely. The FBI's
computer technology is a joke, and all this info should
have been brought together and analyzed. The FBI is now
putting old info in a sophisticated data mining system.
My point was only that doing that, while necessary to
prevent the next attack, connecting the dots would not
have prevented 9/11 because the information was not
there. If the FBI had properly assimilated and analyzed
the existing info, it might have started more
aggressive investigations that could conceivably have
uncovered something. We'll never know."
THE DEATH OF PRIVACY
“You have zero privacy. Get over it!” quipped Scott
McNealy, the CEO of Sun Microsystems, in 1999. The
debate over the death of privacy is nothing new.
Compare these quotes from two essays bearing the name,
“The Death Of Privacy”, which span the centuries.
“Recent inventions and business methods call attention
to the next step which must be taken for the protection
of the person, and for securing to the individual the
right to be let alone. Instantaneous photographs and
newspaper enterprise have invaded the sacred precincts
of private and domestic life and numerous mechanical
devices threaten to make good the prediction that…
“What is whispered in the closet shall be proclaimed
from the housetops.”
The legal titans of their day, Louis D. Brandeis and
Samuel D. Warren, wrote that in their famous essay,
“The Death of Privacy”, which appeared in The Harvard
Law Review in December 1890. Over a century later, in
May 2000, A. Michael Froomkin, a technology expert, law
professor, and privacy advocate, published this
counterpart to the oft-quoted Warren and Brandeis essay
in the Stanford Law Review. It’s called “The Death of
Privacy?” (ending with a question mark) and the
similarity between the titles -- and the question mark
-- are no coincidence.
“Information, as we all know, is power. Both collecting
and collating personal information are means of
acquiring power, usually at the expense of the data
subject. Whether this is desirable depends upon who the
viewer and subject are and who is weighing the balance.
A data subject has significantly less control over
personal data once information is in a database. The
easiest way to control databases, therefore, is to keep
information to oneself: If information never gets
collected in the first place, database issues need
never arise.
The rapid deployment of privacy-destroying technologies
by governments and businesses threatens to make
informational privacy obsolete. These include: routine
collection of transactional data, growing automated
surveillance in public places, deployment of facial
recognition technology and other biometrics, cell phone
tracking, vehicle tracking, satellite monitoring,
workplace surveillance, Internet tracking from cookies
to “clicktrails,” hardware-based identifiers,
intellectual property protecting “snitchware,” and
sense-enhanced searches that allow observers to see
through everything from walls to clothes.
The cumulative and reinforcing effect of these
technologies may make modern life completely visible
and permeable to observers; there could be nowhere to
hide. Privacy-destroying technologies can be divided
into two categories: those that facilitate the
acquisition of raw data and those that allow one to
process and collate that data in interesting ways.
Although both real and useful, the distinction can be
overstated because improvements in information
processing also make new forms of data collection
possible.
Cheap computation makes it easy to collect and process
data on the keystrokes per minute of clerks,
secretaries, and even executives. It also makes it
possible to monitor their web browsing habits. Cheap
data storage and computation also makes it possible to
mine the flood of new data, creating new information by
the clever organization of existing data.
Privacy encompasses much more than just control over a
data trail, or even a set of data. It encompasses ideas
of bodily and social autonomy, of self-determination,
and of the ability to create zones of intimacy and
inclusion that define and shape our relationships with
each other.”
Froomkin’s arguments are far more eloquent than mine so
I encourage you to visit the Stanford Law Review Web
site at the link above and read his entire essay.
Froomkin ends the title of his homage to Brandeis and
Warren with a question mark because he believes – as do
I – that a vigilant mindset and point-and-click
technological countermeasures will stem the
technological tide threatening our privacy until new
laws are enacted that protect us.
Froomkin concludes.“All is not yet lost. While there
may be no single tactic that suffices to preserve the
status quo, much less regain lost privacy, a
smorgasbord of creative technical and legal approaches
could make a meaningful stand against what otherwise
seems inevitable.”
POLITICS AND PRIVACY
Two things stand in the way of stricter privacy laws:
politicians and lobbyists! Last year Senator Ernest
"Fritz" Hollings sponsored sweeping privacy legislation
that would have put the “opt-in” shoe on the other
foot. S. 2201 --The Online Personal Privacy Act of 2002
– as proposed, would have opted-out an individual, by
default, when entering into any Privacy Agreement.
Hollings didn’t mince words when expressing his
rational for The Online Personal Privacy Act, either.
“How can we trust companies with our personal
information when their every economic incentive is to
collect, compile, enhance, target and disseminate it
for profit? It is like letting the fox guard the
henhouse. Our bill grants consumers, not companies,
control over their personal information on the
Internet. And our opt-in component is the only method
for ensuring that Internet users have the ultimate
control in deciding where and for what their personal
information is used. Public concerns over Internet
privacy are the largest obstacles to individual users'
true confidence in the Internet. Establishing good
privacy protection is ultimately good business.”
Hollings was right on the money! His bill would have
contemporaneously addressed evolving technology, which
is exactly what good legislation should do. Had S. 2001
passed, as proposed, it would have been the biggest
boon to consumer privacy in the history of congress!
Unfortunately, Hollings’ bill didn’t pass as proposed
because other senators, Bob Kerrey and Conrad Burns
among them, cut Hollings off at the pass. Burns and
Kerrey proposed competing legislation that persisted in
“letting the fox guard the henhouse” and by the time S.
2001 did pass it was a watered-down compromise that
lulled consumers into a false sense of security. As
enacted, “The Online Personal Privacy Act of 2002” is
the diametrical opposite of what Hollings originally
proposed. It offers little, if any, real protection.
S. 2201 does extend privileged status to “sensitive
personal information” defined as “financial, medical,
Social Security, ethnicity, religion, sexual
orientation, and political affiliation”.
“OPT-IN” CONSENT FOR “SENSITIVE” PERSONALLY
IDENTIFIABLE INFORMATION: Internet companies must
obtain affirmative consent from the consumer (Opt-in)
before collecting and using or disclosing “sensitive”
personally identifiable information.
Everything else is considered “non-sensitive personal
information” and may be used for marketing purposes. In
other words, it’s open season for corporate America to
spy on, traffic in and profit from our personal
information!
ROBUST NOTICE AND OPT-OUT FOR “NON-SENSITIVE”
PERSONALLY IDENTIFIABLE INFORMATION: Internet companies
must provide individuals ‘robust notice’ and provide
opportunity to “opt-out” prior to collection and use or
disclosure of “non-sensitive personally identifiable
information”. Such notice must only be provided
initially, at first collection of “non-sensitive”
personally identifiable information.
“Robust Notice” by any other name is a USER AGREEMENT
and the “opportunity to opt-out” is a PRIVACY
AGREEMENT. Your “non-sensitive personally identifiable
information” is virtually the story of your life! The
names of you, your wife, children, pets, your address,
phone numbers, vehicles, charge accounts, where your
kids attend school, their ages, your buying patterns,
employer, occupation, personal habits, favorites
websites, email address, and that’s just the salt on
the peanut. The techniques and technology used to
harvest your confidential information could fill a
book, and will be examined in detail throughout this
one. Don’t be fooled into thinking this clause applies
strictly to the Internet. The same law applies also to
User and Privacy Agreements entered into with
CONTRACTORS in the retail sector, covered on page _ in
chapter 3.
PERMANENCE OF CONSENT: A user’s consent or denial of
consent to information practices shall remain in effect
until changed by the user, and applies to successor
entities to the provider or operator that originally
collected the information.
This means if you don’t take the time and effort to opt
out early, anyone can collect virtually everything
there is to know about you and use it in myriad
exploitive and commercial manners not governed under
the law. It also means that your information is out
there in perpetuity and “successor entities” of the
information seller can use your information in ways not
governed under your original Privacy
Agreement.