Obama Faces Major Online Privacy Test

CNET has a piece on the prospects for an initiative to revamp privacy law for the digital age being put forward by an unlikely coalition that includes Microsoft, Google, privacy advocates, and conservative and libertarian organizations. "When Barack Obama was campaigning for the presidency in 2008, he promised that as president, he would 'strengthen privacy protections for the digital age.' That pledge will be put to the test as the Obama administration considers whether to support a new privacy proposal released by a coalition including Google, eBay, Microsoft, AT&T, the ACLU, and Americans for Tax Reform... The [so-called] Digital Due Process coalition already has met with attorneys from the Justice Department's computer crime unit, White House attorneys, FBI representatives, and Commerce Department officials... the law enforcement meetings were 'respectful' and 'substantive.'"

Double Speak

[Monkeedude1212]

"'strengthen privacy protections for the digital age"

In other words, watch your every online movement?

Re:

[negRo_slim]

Involvement of citizenry in their government is the only answer, not wallowing in paranoia.

Re:Double Speak

[Runaway1956]

I really don't understand your point. Wallowing in paranoia? Dude - it's NOT paranoia, when every lackwit in the world is TRYING to pry into your computer via malware, cookies, supercookies, etc ect ad nauseum. Wallowing in paranoia? You think that citizens should eliminate antivirus, antispam, malware scanners, and all the rest, open all their ports, and accept all incoming requests on all ports?

Personally, I don't think it's paranoid to close the drapes when I'm getting laid, nor do I think it's paranoid to close ports, and refuse unsolicited connections from Liberia, Surinam, Nigeria, Latvia, and China.

Re:

[jhoegl]

Strawman argument is strawman....

Re:

[feepness]

Personally, I don't think it's paranoid to close the drapes when I'm getting laid,

Perhaps not. But I really wish you'd quit doing it anyway.

Re:Double Speak

[joocemann]

Under bush the liberals/dems wallowed in paranoia.

Under obama the conservatives/repubs wallow in paranoia.

This country is hardly enough of a bother to induce real action. Its hard to get people to actually do something when what they really care about is the next episode of Lost and their acceptance of the generally unimpeded path between work and the couch.

Re:

[AHuxley]

Within spitting distance of the LRAD trucks.
You are allowed to protest under Obama so the gov can get a face pic, your car's licence plate and your personal 'web 2.0' electronic chatter as you protest.
All that needs to be done in "freedom" for later processing and sorting.
Protest with style, next time you will make a new best friend.
Over time they will have suggestions - if you follow them you will be facing FBI changes.
When Google, eBay, Microsoft, AT&T talk of " privacy" they are thinking of thei

Re:

[joocemann]

I haven't seen enough of the Obama administration to agree with your claims. Bush, yes... Within several years of his presidency it was clear what he would do. Obama, though, hasn't really shown us enough to be as skeptical as you appear to do.

I'm not saying you've got a tinfoil hat, but I don't think you've got enough cotton to make a real one.

Re:

[geminidomino]

Obama, though, hasn't really shown us enough to be as skeptical as you appear to do.

I don't know about that. It would seem that he's shown us a significant LACK of anything that suggests skepticism is out of line.

It seems pretty much a mix between "Business as usual" from the last administration (Abuse of surveillance, industry insiders to government appointments, etc...) , or "completely fails to accomplish ANYTHING useful from the citizens' POV" (Healthcare 'reform' after caving on public option and Pfizer, e.g.)

I'd say we have enough information to extrapolate with reasonable certainty

Re:

[Idiomatick]

Thank you for a perfect example of wallowing in paranoia. You illustrated GP's point brilliantly.

Re:

[Idiomatick]

I'm flattered to have a fan. Impressed you seem to be upset with that particular post. I'm sure I've said far more contentious things in past.

End-to-end encryption.

[DrYak]

Once more proof that end-to-end encryption(*) should be the norm to guarantee someone's privacy.

---

(*) as provided out-of-the box by several chat programs supporting Off-The-Record [cypherpunks.ca] such as Adium on Mac [adium.im]. Or Pidgin on Linux [pidgin.im] if you take into account the plug-in [cypherpunks.ca] that most Linux distribution are offering into their base repository, and is available through an installer on Windows.

It's not some complex arcane setup that only a couple of criminals bother to use to hide the evil doing. It's a pretty much standard and freely available technology that everyone can use, just because you shouldn't help anyone spying on you.

Re:

[Dhalka226]

If you're going to copy and paste somebody's post, you could at least remove Slashdot's URL display.

I really hope it was yours to begin with.

Bad move - missing URLS

[DrYak]

It was mine to begin with.
I just happened to hit "Reply" in the wrong thread and wanted to move where appropriate. I fucked up the copy-paste. And of course it does look the same in the preview pane, which didn't help.

Here are the missing links :
- Adium : http://adium.im/ [adium.im]
- Pidgin : http://pidgin.im/ [pidgin.im]
- OTR: http://www.cypherpunks.ca/otr/ [cypherpunks.ca]
- plugins downloads : http://www.cypherpunks.ca/otr/index.php#downloads [cypherpunks.ca] middle column. It offers a Windows installer. For Linux there's source code (I use it), but it should be much simpler to use the package provided by your distribution's repository (it's in OpenSUSE, Ubuntu, Debian and Gentoo. Don't know about the others)

(Checking in preview pane : Yup this time I didn't fuck up the URLs ;-) )

Re:

[maxume]

That only assures your privacy to the extent that the person on the other end is trustworthy.

So what

[Mathinker]

That only assures your privacy to the extent that the person on the other end is trustworthy.

And how this is different than the problem of non-digital privacy? The discussion is about the extra problems caused by our (and our government's) use of new technologies.

Re:

[maxume]

It isn't. I was mostly replying to the word 'guarantee'.

Re:

[Idiomatick]

No Apparently they mean enforce the government needing warrants and things like that. As others have said the EFF is a member. I think the topic/summary is a troll.
I don't mean to rock the boat and not jump to conclusions though. For that I apologize.

Re:

[Carewolf]

"'strengthen privacy protections for the digital age"
In other words, watch your every online movement?

Yeah... Privacy-activists joining with the bad guys, and the on this specific issue really really bad guys ..

I smell astroturf!

vs ACTA?

[MrMista_B]

Interesting. Can this initiative stand against ACTA?

I hope to god that it can, but I suspect that ACTA will, if not defeat this initiative entirely, at the very least gut it to uselessness.

'Online Privacy! As long as you register your name, age, social security and credit card numbers with the RIAA, MPAA, IPAA and all other major media conglomerates and corporate entities' /Then/ you can have your meaningless privacy.

Revamp Privacy Laws

[nurb432]

Don't you mean eradicate instead?

Define rules

[fermion]

Like the no-call lists, I am sure companies would like this to get a formal definition of what is allowed and what is not. OTOH, it is unclear to me that any of the companies are concerned about privacy. Maybe the ACLU might be able to get some protective language in there. With online privacy, though, if the EFF does not support I have to assume it is astroturf, especially with Google supporting it.

Re:

[slashqwerty]

With online privacy, though, if the EFF does not support I have to assume it is astroturf, especially with Google supporting it.

The EFF is a member [digitaldueprocess.org]. With that said, take a look at the URL. That giant code raises all kinds of red flags about tracking who posted the link.

Re:

[Idiomatick]

Mod parent up. I'm signifigantly less worried about an action if the eff is supporting it. Hell many /.ers are eff donors as well so I can only assume the people freaking out didn't know this fact.

Re:

[Protoslo]

The ACLU is a member too; I cannot believe that they would support something inimical to liberty. As for the suspicious number, it is clear that the website is just using unique and ostensibly random GUID-style static links for all of their pages to avoid the bother of naming them.

Re:

[antirelic]

LOL... Seriously??? You know that Santa Claus isnt real either right? Did you honestly believe that the ACLU and the EFF have anything to do with freedom?

Just because an organization that promotes filth and dirtbags in the name of "freedom" doesnt mean they like "freedom". They are pursuing an agenda of cultural corrosion. A culture that believes in "liberty" and have rights given to them by their "Creator"... not government. ACLU hates liberty, this is proof positive.

Re:

[Attila Dimedici]

There are three groups that support this that between them make me think it is a good idea: ACLU, EFF, and Americans for Tax Reform. Between them the three offset the potential partisan bias of the others. While none of them are strongly biased, they each tend to attract people with partisan leanings in different directions.

Their priciples

[beakerMeep]

From the coalition's website: [digitaldueprocess.org]

----

1. The government should obtain a search warrant based on probable cause before it can compel a service provider to disclose a user’s private communications or documents stored online.

• This principle applies the safeguards that the law has traditionally provided for the privacy of our phone calls or the physical files we store in our homes to private communications, documents and other private user content stored in or transmitted through the Internet "cloud"-- private emails, instant messages, text messages, word processing documents and spreadsheets, photos, Internet search queries and private posts made over social networks.
• This change was first proposed in bi-partisan legislation introduced in 1998 by Senators John Ashcroft and Patrick Leahy. It is consistent with recent appeals court decisions holding that emails and SMS text messages stored by communications providers are protected by the Fourth Amendment, and is also consistent with the latest legal scholarship on the issue.

2. The government should obtain a search warrant based on probable cause before it can track, prospectively or retrospectively, the location of a cell phone or other mobile communications device.

• This principle addresses the treatment of the growing quantity and quality of data based on the location of cell phones, laptops and other mobile devices, which is currently the subject of conflicting court decisions; it proposes the conclusion reached by a majority of the courts that a search warrant is required for real-time cell phone tracking, and would apply the same standard to access to stored location data.
• A warrant for mobile location information was first proposed in 1998 as part of the bipartisan Ashcroft-Leahy bill. It was approved 20 to 1 by the House Judiciary Committee in 2000.

3.Before obtaining transactional data in real time about when and with whom an individual communicates using email, instant messaging, text messaging, the telephone or any other communications technology, the government should demonstrate to a court that such data is relevant to an authorized criminal investigation.

• In 2001, the law governing "pen registers and trap & trace devices" - technologies used to obtain transactional data in real time about when and with whom individuals communicate over the phone - was expanded to also allow monitoring of communications made over the Internet. In particular, the data at issue includes information on who individuals email with, who individuals IM with, who individuals send text messages to, and the Internet Protocol addresses of the Internet sites individuals visit.
• This principle would update the law to reflect modern technology by establishing judicial review of surveillance requests for this data based on a factual showing of reasonable grounds to believe that the information sought is relevant to a crime being investigated.

4.Before obtaining transactional data about multiple unidentified users of communications or other online services when trying to track down a suspect, the government should first demonstrate to a court that the data is needed for its criminal investigation.

• This principle addresses the circumstance when the government uses subpoenas to get information in bulk about broad categories of telephone or Internet users, rather than seeking the records of specific individuals that are relevant to an investigation. For example, there have been reported cases of bulk requests for information about everyone that visited a particular web site on a particular day, or everyone that used the Internet to sell products in a particular jurisdiction.
• Because such bulk requests for information on c

DISCLAIMER: IANAL

[waspleg]

I'm the son of one. That word "Should" is pesky. Usually law enforcement will just ask the 3rd party for the information and it's handed over without question (I know this first hand). Just because they Should ask for a warrant just means that unless it's written as Shall, it won't happen. I didn't read the article. If Obama is going to use this as the basis for the law I hope it's carefully edited; the saddest part being that one is needed at all.

Re:

[GeckoAddict]

Those are the coalition's principles, not the proposed law(s).

Re:

[Idiomatick]

I imagine they would use the proposed bills listed as a basis for the legal jargon. I really don't think they would be taking this as is. And can't...

Re:

[zoloto]

There is no need to keep the data of where your cell phone has gone or connected. There simply is no reason to store this information at all.

Warrent vs Demonstrate to a Court?

[mdmkolbe]

As a warrant is only requested in 1 and 2.

Can anyone explain what this distinction really means? I thought "demonstrating to a court" was the point of a warrant.

Also, why would the coalition want to make such a distinction? I could understand the government or law enforcement trying to put in these kinds of weasel words, but I don't understand the coalition putting those words in their statement of principles. Any ideas why?

Re:

[dlgeek]

I would assume that it's based on the common-law definition of "warrant" which is probably very specific. However, I'm too lazy to actually do research on this....

Re:

[RecoveringOptimist]

A correct reading of the US Constitution / Bill of Rights would render the coalition's four principles both obvious and binding (with "should" replaced by "shall"). Unfortunately, the Justice Department continues (even under Obama) to press for policies that violate the US Constitution. The Justice Department, for example, still claims under the Obama administration that the government should be permitted unfettered access to real time cell phone location data on any citizen, at any time, for any reason,

What?

[Anonymous Coward]

[quote]strengthen privacy protections for the digital age[/quote]

Yeah, maybe for government agencies and big business.

Is their such a thing?

[alex67500]

Is there such a thing as privacy at the digital age?

Can someone follow all your whereabouts with your electronic traces?
Yes, they can !

Re:

[ZDRuX]

This depends how you define "someone". If it's that 16-year old kid down the street, then I've got no problems with it. But if it's my own Government, yes - I have issues with that, that's why we try and make laws restraining entities such as government first and foremost, other citizens second.

Re:Is there such a thing?

[alex67500]

well, of course I meant the Government. If the 16-yo kid down the street can do it, I bet your Government can -- unless you live in England, but apparently they're working on it [zdnet.co.uk].

Re:Is there such a thing?

[alex67500]

wow! excuse my previous spelling, it seems I was thinking about early post more than about making sense...

A good step forward, but...

[sloanesky]

The fact that a handful of these corporations are anywhere near privacy reform legislation makes me nervous. I think a quote from a NY Times article [nytimes.com] explains why.

...AT&T, Google and Microsoft, and advocacy groups from across the political spectrum said Tuesday that it would push Congress to strengthen online privacy laws to protect private digital information from government access.

They want to protect our information from the government, but what about themselves? Some of their very business models depends on people giving their information to the company (Google). Such a coalition is not likely to recommend privacy laws that also apply to their own corporations, so any privacy reform spearheaded by these members will be incomplete and potentially damaging.

On their principles page [digitaldueprocess.org] they only make mention of limiting the government's access to information, and don't even reference anything about corporations. While I applaud their attempt to limit government access to our private information, their (understandable) bias in favor of their corporate needs kind of limits this effort in my opinion. I am more concerned about the amount of data that google and other such companies have about me at this point.

Any privacy legislation needs to restrict the amount and kinds of information these companies can collect about us in order to really protect privacy on the internet, since the internet is really more the domain of corporations than the federal government.

Re:

[Starcub]

I think corporations are mainly interested in restrictions on govt's for cost reasons. I don't think that corporations are going to want to devote the same amount of resources to intelligence gathering that a bankrupt and shrinking govt. would want them to. I'm more concerned with the following statement FTA:

It took the better part of a decade for the White House to side with privacy interests over law enforcement.

My guess is that the reason that it took govt. so long to come around to attempting to strengthen privacy regulations is that they have managed to figure out how to circumvent any such restrictions th

Re:A good step forward, but...

[pin0chet]

Unlike government, not one of the firms in the coalition has the power to force you to hand information over to them. If you don't want Google or Microsoft or AT&T to have your information, don't use their services. Also, if a firm fails to adequately protect your data and you suffer harm as a result, depending on the terms of service you may be able to sue the firm. But if government wrongfully seizes your data, you generally cannot sue (absent acts of blatant bad faith.) And government has no financial incentive to safeguard your data, while companies like Google have a LOT to lose if their privacy reputation is damaged due to a data breach or other unscrupulous practice.

Re:A good step forward, but...

[sloanesky]

I am aware of this, and never said that I was against the reforms they suggested. In fact I think a lot of them are desperately needed. The problem I see though, is that no attention is given to the non-government entities that are amassing information on us. If some of these same entities are the ones pushing legislation for privacy reform, they are of course going to keep their corporate self-interest in mind. If the privacy reforms regarding the government are passed, who is going to go back and say that we need to limit what corporations themselves can collect? By getting involved they can work to protect their interests in any potential privacy reforms.

And like I said in another post, a lot of people lack awareness of how much information is being collected. How is a typical technologically-ignorant grandmother to know about tracking cookies, google analytics and other such things? How would they even know if their information was not being adequately protected? They probably wouldn't.

Re:

[thePowerOfGrayskull]

Unlike government, not one of the firms in the coalition has the power to force you to hand information over to them. If you don't want Google or Microsoft or AT&T to have your information, don't use their services

True, but they do collect it without your knowledge. Every site that uses google analytics collects data for google. Web sites use it because it helps them -- but google provides it for "free" to those sites because it builds *their* database of user activity tracking which applies very broadly and across sites. This isn't to mention the information you're sharing smply by viewing doubleclick.net and direct google ads.

It's not as simple as "don't use it". Consumers provide information to these compan

Re:

[Moridin42]

Why would they mention corporations? If you volunteer to give your information to a corporation, no one should be stopping you.

If you volunteer to give your information to the government, no one should be stopping you.

The government is the one entity that will compel others to give up your information against your will. Your privacy cannot be violated when you volunteer. It can be violated when you do not volunteer.

Also, good luck getting legislation passed that restricts government power, while at the same

Re:A good step forward, but...

[sloanesky]

Here on slashdot most of us are aware of the information that the corporations are collecting on us (to some degree) and we have the means to limit this through our internet experience. Most of the people who are new to the internet don't know know about google's extensive data collection, they have no idea how much of their information is being collected by marketing companies, they don't know that it is being indexed by other sites and that even if they delete it there is a good chance it is stored somewhere. They are simply incapable of the informed consent required to "volunteer" such information.

The companies who are collecting data aren't informing you that they are doing it, they aren't telling you what it will be used for, and you rarely have a chance to challenge it. It might be hidden in their EULA or Terms of Service, but those are often written in legalese and in such length that a vast majority of people just check the box and accept it. I do it myself, and I do care about what information is being collected about me. I personally know what is going on behind the scenes, but how can one expect the grandmother who logs into facebook to play farmville and interact with her family to?

The government can compel you to give up information sure, but at least you are aware of what information is being collected and why you are being compelled to furnish it. Your point about the government being able to compel others to give up your information against your will is spot on, and I feel that a lot of the ideas proposed by this coalition are actually good in protecting us from the government. Just incomplete since we also need to have tougher privacy laws in regard to corporations too.

And sadly you are correct about the difficulty in getting such legislation passed. The lack of knowledge about how much data is really being collected about people online among the general public is one of the root causes of this whole mess. If people knew about what was going on, and what they could do to prevent it, such legislation would probably be pointless. Unfortunately that is just a dream at this point, as people who don't know enough about computers and the internet to protect themselves keep flooding onto the internet.

Re:A good step forward, but...

[Trepidity]

I think it's a bit more gray-area than "volunteer to give your information to a corporation". Most sites from which Google collects data don't even inform the user that Google is collecting statistical data on their browsing of the site, much less ask their permission.

Re:

[shutdown -p now]

The fact that a handful of these corporations are anywhere near privacy reform legislation makes me nervous.

There is one simple reason why the corps want strengthening of privacy laws: they have a weak spot with those that are standing when they preach cloud computing/storage today. A keen customer would immediately ask, "but how safe is my data with you?". And they can write privacy policies etc, and compete on those (like MS recently tries to positively spin its relatively lax retention policies vs Google ones), but they cannot ignore the law.

Looking at Senator Obama's record...

[PinchDuck]

Particularly at his FISA vote, I'm guessing he will go with guidelines that strengthen privacy of individuals wrt companies, but will go for even more of a Federal power grab. Governments hate privacy and love power. Given any opportunity, they will weaken one and strengthen the other.

Dear Mr. Obama

[Yvan256]

Here are the answers for your Major Online Privacy Test:
1) A
2) D
3) B
4) F
5) B
6) C
7) D
8) A
9) B
10) A
11) D
12) E
13) B
14) A
15) C

Fingerpoint-o-rama

[Bob9113]

I love how all the oligarchs are snooping on our communications and pointing the fingers at everyone else.

Google & Microsoft accuse the Federal Gov't:
http://yro.slashdot.org/article.pl?sid=10/04/03/1728214 [slashdot.org]

Microsoft accuses Google:
http://yro.slashdot.org/article.pl?sid=10/03/31/2223228 [slashdot.org]

The Federal Gov't accuses Google:
http://yro.slashdot.org/article.pl?sid=10/03/31/1428244 [slashdot.org]

Hey, here's an idea: What say we actually consider the spirit of the 4th amendment, eh? We need an example though... Some form of remote communication that existed back in the day when people had more recent knowledge of the importance of the Bill of Rights. Ideally something that could regularly fall into the hands of both the government and third parties. Something like United States Postal Service mail.

See, USPS mail is pretty much the earliest significant form of remote communications in the United States. It goes all the way back to 1775. The policies regarding the privacy of postal mail are pretty much exactly what the founding fathers intended, so we can be pretty sure they are what a bunch of smart, argumentative guys would come up with when seriously considering -- from up close and personal -- the dangers of invasion of privacy.

Now what are those standards? Well, if you tamper with the mail, you go to jail. If you open someone else's mail, you go to jail. If the government wants to open your mail, they need a warrant. They need a real warrant, from a judge and supported by oath or affirmation, not a flunky clerk with a rubber stamp and a pen register.

That is what the 4th amendment is about: You have a right to be secure in your papers. Genuinely secure. Not "the government won't look unless they feel like it", but genuinely secure that it won't happen for light or transient reasons. Even if those papers are not in your home or your possession. Even if they are in an envelope that can be seen through. Even if that envelope could be opened and resealed without anyone knowing. You mess with the mail, you go to jail.

That is the standard of the people who actually faced, fought, and defeated oligarchy. It is a good one. It is fundamental to true liberty -- the liberty of having a truly free mind. It is the standard we should apply to all private communications. Google, Microsoft, FBI, everybody -- keep your cotton picking noses out of my private communications unless you have a real warrant or my express written permission (notarized, of course).