Thanks to David Brin for linking to this article in reason.com about the debate over arresting people for recording active duty police officers. In general the specific law being broken is about making audio recordings without the concent of all parties.

As a privacy advocate, I find this situation puts me in an uncomfortable situation. On the one hand there is concern about the privacy interests of the police officers. On the other hand, this is one of the only ways of demonstrating police abuse or other bad actions. It also acts to balance the playing field where the police are already routinely recording most interactions through the use of dashboard cameras.

The origin of the term surveilance is the latin from sur- “over” + veiller “to watch,”. It implies that surveillance is about being watched by those in power (above).

Sousveillance is a term that has been coined recently to describe participant recording, or recording from “below”. That feels like a very different thing that should be fine as long as it is not hidden. Especially in circumstances where there is not a clear expectation of privacy.

I guess my solution to the conundrum would be to state that there should be no expectation of privacy on the part of authorities from recording when they are exercising those authorities. The citizens being interacted with would have a possible privacy expectation with respect to recording third parties however.

I am very interested in feedback and other thoughts on this one.

There has been a lot of excitement in the privacy community around the introduction of a social location service by Facebook. Having blown the dust off my test account, I don’t really understand all the fuss.

It appears that this capability only applies to mobile devices right now (although I have blogged in the past about the ability to locate your computer). When using the mobile site, or the FaceBook app, there is a button that allows you to “Check In” at your current location. It appears that this is exclusively an overt act, and that nothing is taking place passively in the background.

The privacy defaults (at least for me) were fairly restrictive. My check-in is only shared with “friends” by default. The only really interesting setting was that it defaults to show your location to others who are checked-in at the same location around the same time, but that was easily changed.

The FAQ talks about and links to the privacy settings in a prominent way. It feels strange to say this, but I don’t think they have done a bad thing here. Obviously there are major privacy and security implications to telling people where you are all the time, and it may lead to stalking and/or home robberies, but you really have to ask them to do it to you. Caveat emptor.

Of course, none of this should suggest that I have any intention of ever using the service myself.

I note that most of the other social location players, like Gowalla, Yelp, Booyah and Foursquare were at the announcement. This could certainly impact them in a big way, either for good or ill. That seems like the real story, and my thoughts on that are well out of scope for this blog.

In this interview with Eric Schmidt, CEO of Google, comes out very strongly against anonymity starting at about 5:10 in the video. His argument is that: "If you are trying to commit a terrible evil crime it is not obvious that you should be able to do so with complete anonymity."

The problem is that absolute and complete anonymity is easy for criminals. There is a robust economy in stolen account, botnets, stolen credit cards, open networks and other capabilities that enable absolute anonymity for anyone willing to violate the law. It is only anonymity for the law abiding that is difficult, and the reason Anonymizer exists. Arguing against anonymity is, for all practical purposes, only arguing against anonymity for legitimate purposes while it thrives for illegitimate purposes.

I will spare you the lecture on the history of anonymity and anonymous speech dating back to the founders of the United States.

BTW, this was delayed for a while while I struggled with getting embedding working within WordPress. It seems to be working now on FireFox, but not when I view in Safari. Please comment with how I am being stupid if you know what is going wrong.

There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications.

I have been following this story closely, but wanted to wait until I had all the facts before blogging about it. At this point I don’t think I am going to get the whole story. The statements I am seeing are absolutely contradictory and the whole thing is getting really fishy.

UAE/SA say that they need to be able to access BlackBerry communications, but they can’t.

RIM says that their technology makes interception impossible because the communications are encrypted end to end between the BES server (located at the users place of business) and the handset. RIM claims not to have access to the decryption keys.

Third parties claim that RIM has arrangements with other countries (including the US and Russia) which allows such access.

RIM responds that this is false and that they don’t have this ability.

It looks like RIM and UAE/SA will come to an agreement while both continue to claim that they have not compromised their positions.

The moral of this story is that you should not trust security you can not fully analyze yourself. Anonymizer Universal uses strongly encrypted L2TP VPN technology to secure your information so even if your telecommunications provider is cooperating with surveillance they still can’t read the contents of your messages.

Unfortunately Anonymizer Universal does not support BlackBerry yet, but iPhone, Windows, and Mac users are protected.

Browser ‘Privacy Modes’ Not So Private After All – PCWorld

This article does a good job of discussing why the built in “privacy mode” built in to most browsers is less effective that you might have thought or wished.

In an interesting CNET article Google CEO Schmidt talks about how new technologies are going to impact society. One of his comments really struck me. Schmidt said that the only way to handle the new technologies is “much greater transparency and no anonymity.”

I have not seen the arguments and evidence behind such a bold claim. I would have argued exactly the opposite. We need MORE anonymity for users and more transparency and accountability from data collectors like Google.

In April, Apple Ditched Google And Skyhook In Favor Of Its Own Location Databases:

This article reports on Apple’s admission that they are building their own location database to replace Skyhook (which is a WiFi location database).

Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).

BBC News – Details of 100m Facebook users collected and published

Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.

The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.

While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.

The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.

This link will download the big (2.79GB) compressed database for you right now using a BitTorrent client (it may break at some point).

UK ISP TalkTalk Monitoring its Customers Online Activity Without Consent − ISPreview UK:

Here we go again with an ISP monitoring users without consent and collecting information about their activities.

In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.

Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.

Once again, this shows that you can’t trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.

Privacy Digest reports on a new White House proposal to extend the powers of FBI “national security letters” to include gathering of “electronic communication transactional records”. While this may appear to be a small change, the potential impact is huge.

These records include all the header information from emails: To:, From:, Time, and often Subject:.

It may also include a list of the full URLs that you visit.

While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.

The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.

From the Privacy Digest article:

The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information “not permitted by the [surveillance] statute.”