Full impact of privacy rules repeal; what you can do, too

The Register makes pretty clear that this is more than just selling what browsing history your ISP can collect. The repealed rules kept at bay some pretty terrible practices by ISPs, such as undelete-able, so-called super-cookies and search engine re-directs. So Tor or VPN it is since in the US, most of us don’t really have any alternative choices in the market.
Read More …

2015-12-05 The Command Line Podcast

old-newspaper-350376_1280This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

2015-11-15 The Command Line Podcast

old-newspaper-350376_1280This is an episode of The Command Line Podcast.

This time, I chat about some recent news stories that caught my attention, including:

You can subscribe to a feed of articles I am reading for more. You can follow my random podcast items on HuffDuffer too.

You can directly download the MP3 or Ogg Vorbis audio files. You can grab additional formats and audio source files from the Internet Archive.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Help Support a Critical, Free Software Privacy and Security Tool (Updated)

I noticed an update from the GNU Privacy Guard project (gnupg or gpg) come across my feeds the other day. If you have received an email from me that has a digital signature if you know what that is or a bunch of gobblety-gook characters at the bottom if you don’t, the tool that makes those signatures possible is gnupg.

More people seem aware of what encryption is and why it is important. We have had a string of increasingly distressing leaks, the ones from Edward Snowden just the latest, about how many governments in presumed open societies are participating in some very questionable trawling of their citizens’ personal communications. For those still not sure why encryption is important, it is the one technology answer everyone can agree upon that allows individual citizens any sense of secrecy and privacy in their online communications, regardless of who may want to snoop on it and how well resourced those eavesdroppers may be.

gnupg is especially important as it is is both free of charge and freely licensed. That second point is critical, it means that gnupg is open to scrutiny from any expert to help ensure it is free of back doors or other problems that might compromise its effectiveness. For users of alternate operating systems like BSD and GNU/Linux, it is often the only choice for certain applications of encryption. Thankfully, it happens to be a usable and useful one that interoperates with the commercial, proprietary choices available to users of more mainstream operating systems.

That post from the gnupg folks? They are in clear need of help in terms of funding.

Work on GnuPG is mostly financed from donations. To continue maintaining GnuPG so to keep it strong and secure against the ever increasing mass surveillance we need your support. Until the end of November we received a total of 6584 € (~5500 net) donations for this year. Along with the 18000 € net from the Goteo campaign this paid for less than 50% of the costs for one developer.

For a critical project of this size two experienced developers are required for proper operation. This requires gross revenues of 120000 Euro per year. Unfortunately there is currently only one underpaid full time developer who is barely able to keep up with the work; see this blog entry for some backgound. Please help to secure the future of GnuPG and consider to donate to this project now.

Support for half of one developer for a project that could easily engage a handful, full time, year round. Do please consider making a donation and if you are unfamiliar with gnupg, spend some time on the project site. It really is a great tool.

Updated 2014-01-06: At the request of the primary author of gnupg, I changed the title and a reference to GNU/Linux in recognition of gnupg’s formal status as part of the umbrella GNU project.

NYPD Anti-Terrorist Cameras Used for Much More

I wish I could say that this New York Times piece linked to by Slashdot surprises me in the least. It isn’t entirely clear that this is a case of mission creep. That uncertainty may be intentional, remarks from the law enforces responsible make it sound like they envisaged use of this growing network of automated cameras in regular criminal investigations was envisioned all along. The key question is whether that was part of the policy that funded their purchase, deployment and operation in the first place.

Donna Lieberman, the executive director of the New York Civil Liberties Union, nails the problem with the system right on the head.

She said it was hard to tell whether interest in “effective and efficient law enforcement” was being balanced with the “values of privacy and freedom.”

“We don’t know how much information is being recorded and kept, for how long, and by which cameras,” Ms. Lieberman said. “It’s one thing to have information about cars that are stopped for suspicious activity, but it’s something else to basically maintain a permanent database of where particular cars go when there is nothing happening that is wrong and there is no basis for suspicion.”

Most of the uses listed in the article seem innocuous enough but we don’t know if the system is restricted to just effectively extended human driven BOLOs. Operational transparency and privacy safeguards should really be inviolate conditions of establishing networks like this. How else can the public interest hold them accountable and audit they are not in fact creeping in their mission? Too bad that point is really only a very small part of the article which otherwise largely lionizes the cameras.

NYPD Anti-Terrorism Cameras Used For Much More, Slashdot

Case of a FOIA Request for a Public University Professor’s Email Messages

Dan Wallach at Freedom to Tinker has an interesting concern over a case that would otherwise seem easy to evade by using any number of free email services to simply compartmentalize correspondence an employee of a public institution does not wish to have subject to a Freedom of Information Act request. The circumstances he considers are very particular when asking questions about FOIA’s reach, or even that of an employers. Specifically, Wallach wonders if the practice of using Gmail or a comparable service to transparently handle professional email would blur the lines enough to erode any implicit protections from using an outside service.

Here’s another thing to ponder: When I send email from Gmail, it happily forges my rice.edu address in the from line. This allows me to use Gmail without most of the people who correspond with me ever knowing or caring that I’m using Gmail. By blurring the lines between my rice.edu and gmail.com email, am I also blurring the boundary of legal requests to discover my email? Since Rice is a private university, there are presumably no FOIA issues for me, but would it be any different for Prof. Cronon? Could or should present or future FOIA laws compel you to produce content from your “private” email service when you conflate it with your “professional” email address?

Bear in mind that norms have an impact of the law so what he is asking isn’t so far fetched. The potential fuzziness would suggest a better tactic would be to keep a much more explicit division, along with the overhead, that requires. Wallach ponders that practice, asking a final question as to whether that would be enough for purposes of insulating a personal account from such searches.

The case of Prof. Cronon and the FOIA requests for his private emails, Freedom to Tinker

Act Now in Support of Patriot Act Reform

Apologies that this is coming so late in the day but not too late. Some measures of the Patriot Act are set to expire at the end of this month. The Senate Judiciary Committee is to convene to review them tomorrow. EFF has posted an action alert to aid concerned citizens in contacting their elected representatives to urge a reigning in of powers under the Act. This dove tails with EFF’s analysis of documents recovered through dogged FOIA requests that show a sustained and clear pattern of abuse of these very powers.

Contact the Senate Judiciary Committee Today to Support Reforms to PATRIOT Act! EFF

California Supreme Court Allows Search of Cell Phones without a Warrant

As the Slashdot summary of this SFGate story makes clear, there are some big caveats on this ruling from the California Supreme Court. Warrantless searches of cell phones are only allowed after a defendant is arrested and taken into custody. The inclusion of cell phones is part of a larger rule allowing police to seize and search any personal effects.

The dissenting judges saw the massive amount of information potentially squirreled away in a modern cell phone as worthy of an additional barrier. This is consistent with rulings from other courts, including mostly notably the Ohio Supreme Court in a case from as recent as December of 2009.

In trying to reason through how a cell phone differs from other personal effects that would seem more reasonable for law enforcers to examine, I have to wonder what about a thumb drive? A personal media player? Laptops traditionally have posed more of a challenge, usual because of the addition of a password or even encryption. What about the pin codes and passwords offered by many smart phones? Would these raise the bar enough to make the California judges, or even the Supreme Court, see more of a bright line? I think there is more to consider here than just data capacity but am not clear in my own mind what would rise to the level of a domain outside of immediate and personal effects to something more like what the SCA and other laws cover in terms of stored data. (I realize the Stored Communications Act is a flawed analogy but the rulings protecting cell phones clearly beg some more definitional work.)

I haven’t seen much in the way of crypto for cell phones, beyond password safes. I wonder if rulings like these might encourage the development of encrypted alternatives to the built-in address book and other apps.

Police Can Search Cell Phones Without Warrants, Slashdot