For a couple of years, colleagues of mine and I have been writing about the need to protect privacy through rules and laws restricting how information is used, not just who can access the personal information. So, I was very happy to discover that a famous early exposition of privacy rights in United States law (Olmstead v. United States (1928)), by the most famous judicial advocate of privacy rights, Justice Louis Brandeis, expressed a clear sentiment in favor of protecting privacy based on how information is used, not just whether one is entitled to have access to it or not. In the course of explaining why earlier Supreme Court legal precedents should be understood to make wiretapping illegal, Brandeis wrote
Unjustified search and seizure violates the Fourth Amendment, whatever the character of the paper; [n4] whether the paper when taken by the federal officers was in the home, [n5] in an office, [n6] or elsewhere; [n7] whether the taking was effected by force, [n8] by [p478] fraud, [n9] or in the orderly process of a court’s procedure. [n10] From these decisions, it follows necessarily that the Amendment is violated by the officer’s reading the paper without a physical seizure, without his even touching it, and that use, in any criminal proceeding, of the contents of the paper so examined — as where they are testified to by a federal officer who thus saw the document, or where, through knowledge so obtained, a copy has been procured elsewhere [n11] — any such use constitutes a violation of the Fifth Amendment.
That is to say, even if the officer was in rightful possession of the private information, it still should be understood as a violation of privacy it the police use the information against the individual. This is privacy as a set of usage rules.
Brandeis was trying to argue that wiretapping should be considered illegal under the Courts existing precedents but the majority of the Court opposed him and asserted that wiretapping was constitutional because it did not involve any physical trespass into the private property of the telephone user. So, Brandeis lost the argument in this early case and wiretapping remained constitutional (though not always legal) in the US for another 40 years. Eventually, though, the Court came around to Brandeis’ view that how the government got access to the telephone call matters less than the fact that people have, and are entitled to have, an expectation that their calls are private; that government would become too powerful it allowed to use the contents of our private communications without a warrant.
Today a senior McCain advisor, Doug Holtz-Eakin, proudly held up Blackberry and declared:
“You’re looking at the miracle that John McCain helped create.”
AP, 16 September 2008
Bloggers on all sides of the partisan divide are having a field day with this, suggest that the McCain campaign is out of touch, desperate, or trying to top the trouble VP Al Gore got into when he was falsely accused of claiming to have invented the Internet. At best, it suggests that Eakin-Holtz was just careless. At worst, it suggests that the campaign and the candidate has deeply irrational ideas about how to promote innovation. It’s also been pointed out that there’s some irony in McCain claiming credit for the success of a Canadian company.
The real question is: what would a McCain presidency do to help enable the NEXT innovative device, service or revolutionary use of the Web? (**Full disclosure here: I’m an active supporter of Senator Obama, though this post is entirely my own and not in any way made on behalf of the Obama campaign.**)
McCain’s record in promoting innovation on the Internet and in the large information and communications marketplace is terrible. Mostly, he can claim credit for supporting incumbents over innovators and for failing, in his time as Chair of the Senate Commerce Committee to do anything at all to support the innovative and socially beneficial aspects of the Internet. While he was in the leadership of the Senate Commerce Committee (1997 - 2001, and 2003 - 2005) his contributions included:
- being entirely AWOL in defending the openness-protecting provisions of of the Telecommunications Act of 1996 — the parts of the Act that were supposed to help assure market access to innovative new services, such as the Blackberry, were weakened, ignored or attacked by the FCC and the courts. As Chair of the Committee responsible for the law, McCain did nothing. That’s why we have an anemic choice of broadband providers in most parts of the country. This is good news for incumbent cable and telecom companies but will make it harder for the next Blackberry to get to market.
- opposing eRate legislation that extended Internet access to schools and libraries. Not only were his policies as committee chair bad for innovators, he sought to make it harder for the non-profit sector to pay for Internet access.
What did McCain do has chair of the most powerful congressional body in the communication and information market? He mostly stood up for the interests of incumbents. He wrote letters to the FCC supporting higher cable television rates, encouraged consolidation in the telecommunications market reducing the number of local phone companies from 7 down to an eventual 3.
And today, even though he’s no longer in a leadership role on Internet and telecommunications policy, he’s still speaking up against innovation and for incumbents through opposition to even modest Net Neutrality provisions.
In the end, the campaign season slide of some advisor is nothing compared to the anti-innovation record of Senator McCain himself. We’re lucky (well, maybe ) to have Blackberry’s an other innovations today. They won’t likely go away. But the question is which presidential candidate is more likely to support policies that enable the NEXT Blackberry. History shows is certainly isn’t John McCain.
But in GRDDL and HTML5, Ian Hickson, editor of HTML 5, advocates dropping the profile attribute of the HTML head element in favor of rel="profile" or some such. I dropped by the #microformats channel to think out loud about this stuff, and Tantek said similarly, "we may solve this with rel="profile" anyway." The rel-profile topic in the microformats wiki shows the idea goes pretty far back.
Possibilities I see include:
- GRDDL implementors add support for rel="profile" along with HTML 5 concrete syntax
- GRDDL implementors don't change their code, so people who want to use GRDDL with HTML 5 features such as <video> stick to XML-wf-happy HTML 5 syntax and they use the head/@profile attribute anyway, despite what the HTML 5 spec says.
- People who want to use GRDDL stick to XHTML 1.x.
- People who want to put data in their HTML documents use RDFa.
I don't particularly care for the rel="profile" design, but one should choose ones battles and I'm not inclined to choose this one. I'm content for the market to choose.
I’m sitting at the Microsoft Faculty Summit, listening to Tony Hey (VP for External Research) talk about how critical it is for scientific researchers to have open access to data and open source tools (Tony actually said ‘free software tools’) in order to solve the most critical problems of the world. Among other things, Tony highlighted the importance of attaching metadata to documents and data, mentioning some of the MSFT tools such as a MS-Office plug-in that attaches Creative Commons labels to Office docs.
Anyone who thinks that institutional views of monolithic or easy to predict….
Today, the Senate passed a much-debated revision to the Foreign Intelligence Surveillance Act with Lots of different views out there, even amongst the mainstream liberal establishment on the upcoming FISA legislation (’Senate Passes Surveillance Bill With Immunity for Telecom Firms‘, Washington Post, William Branigin, 9 July 2008).
In advance of this vote, there has been much debate, recently because Sen. Obama announced that he would support this compromise bill and not vote in support of filibuster. (Full disclosure, I’m an Obama supporter and have helped the campaign on Internet policy issues.) In thinking about this, I thought I’d survey the range of opinion just on the liberal center. Here’s some of what I found:
Mort Halperin, highly regarded civil libertarian, former head of the ACLU Washington office, and himself a target of unwarranted government wiretapping when he was working for Henry Kissenger in the Nixon White House, writes in a New York Times Op-Ed (’Listening to Compromise‘, New York Times, 8 July 2008):
The compromise legislation that will come to the Senate floor this week is not the legislation that I would have liked to see, but I disagree with those who suggest that senators are giving in by backing this bill.
The fact is that the alternative to Congress passing this bill is Congress enacting far worse legislation that the Senate had already passed by a filibuster-proof margin, and which a majority of House members were on record as supporting.
What’s more, this bill provides important safeguards for civil liberties. It includes effective mechanisms for oversight of the new surveillance authorities by the FISA court, the House and Senate Intelligence Committees and now the Judiciary Committees. It mandates reports by inspectors general of the Justice Department, the Pentagon and intelligence agencies that will provide the committees with the information they need to conduct this oversight. (The reports by the inspectors general will also provide accountability for the potential unlawful misconduct that occurred during the Bush administration.) Finally, the bill for the first time requires FISA court warrants for surveillance of Americans overseas.
As someone whose civil liberties were violated by the government, I understand this legislation isn’t perfect. But I also believe — and here I am speaking only for myself — that it represents our best chance to protect both our national security and our civil liberties. For that reason, it has my personal support.
On the same day, the New York Times Editorial Board wrote against the bill (’Compromising the Constitution‘, 8 July 2008):
The Senate should reject a bill this week that would needlessly expand the government’s ability to spy on Americans and ensure that the country never learns the full extent of President Bush’s unlawful wiretapping.
Supporters will argue that the new bill still requires a warrant for eavesdropping that “targets” an American. That’s a smokescreen. There is no requirement that the government name any target. The purpose of warrantless eavesdropping could be as vague as listening to all calls to a particular area code in any other country.
The real reason this bill exists is because Mr. Bush decided after 9/11 that he was above the law. When The Times disclosed his warrantless eavesdropping, Mr. Bush demanded that Congress legalize it after the fact. The White House scared Congress into doing that last year, with a one-year bill that shredded FISA’s protections. Democratic lawmakers promised to fix it this year.
The bill dangerously weakens the 1978 Foreign Intelligence Surveillance Act, or FISA. Adopted after the abuses of the Watergate and Vietnam eras, the law requires the government to get a warrant to intercept communications between anyone in this country and anyone outside it — and show that it is investigating a foreign power, or the agent of a foreign power, that plans to harm America.
Proponents of the FISA deal say companies should not be “punished” for cooperating with the government. That’s Washington-speak for a cover-up. The purpose of withholding immunity is not to punish but to preserve the only chance of unearthing the details of Mr. Bush’s outlaw eavesdropping. Only a few senators, by the way, know just what those companies did.
And today, the Washington Post, often somewhat more centrist on civil liberties matters than the Times editorialized (’FISAs Fetters‘, 9 July 2008):
These are serious concerns, worth taking seriously. We are under no illusion that the measure is perfect; future fine-tuning may well be called for. The classified nature of the surveillance program makes it impossible to assess the implications with anything near certainty. But the legislation reflects, as far as we can tell, a reasonable compromise, worked out over long months of negotiations, between the legitimate needs of intelligence agencies and the legitimate privacy interests of Americans.
The measure requires an individualized, court-approved warrant to conduct surveillance targeted at Americans’ communications with those overseas and — in an expansion of existing FISA protections — at Americans abroad. Purely domestic-to-domestic communications, even among foreigners here, would require a warrant as well. Intelligence agencies would be able to target and collect the communications of non-Americans “reasonably believed to be located outside the United States,” even if their phone calls or e-mails passed through or were stored in the United States. But the agencies are required to adopt procedures to “prevent the intentional acquisition” of purely domestic communications and to minimize the retention and dissemination of such information.
more to come…
In all the recent uproar (New York Times, “Google Told to Turn Over User Data of YouTube,” Michael Helft, 4 July 2008) about the fact that Google has been forced to turn over a large pile of personally-identifiable information to Viacom as part of a copyright dispute (Opinion), there is a really interesting angle pointed out by Dan Brickley (co-creator of FOAF and general Semantic Web troublemaker). Dan points out in a blog entry today that while the parties before the court are arguing about whether the YouTube ID is, by itself, personally identifiable information, the fact is that the publicly visible part of this ID in the context of other information on the Web is sufficient to identify a lot about a person, not the least of which is their name. Dan explains:
YouTube users who have linked their YouTube account URLs from other social Web sites (something sites like FriendFeed and MyBlogLog actively encourage), are no longer anonymous on YouTube. This is their choice. It can give them a mechanism for sharing ‘favourited’ videos with a wide circle of friends, without those friends needing logins on YouTube or other Google services. This clearly has business value for YouTube and similar ’social video’ services, as well as for users and Social Web aggregators.
Given such a trend towards increased cross-site profile linkage, it is unfortunate to read that YouTube identifiers are being presented as essentially anonymous IDs: this is clearly not the case. If you know my YouTube ID ‘modanbri’ you can quite easily find out a lot more about me, and certainly enough to find out with strong probability my real world identity. As I say, this is my conscious choice as a YouTube user; had I wanted to be (more) anonymous, I would have behaved differently. To understand YouTube IDs as being anonymous accounts is to radically misunderstand the nature of the modern Web.
Dan makes a really important point here. One the on hand, the fact that we are all more identifiable as a result of social networks in which we exist suggests that the judge was just plain wrong (even wronger than others have already said) in saying that the YouTube IDs are not personally-identifiable. But on the other hand, to the extent that Dan is correct about the revealing nature of the social web (true for some of us now, more and more in the future), we have to face the fact that merely limiting disclosure of personal information from one source is less and less unlikely to protect privacy effectively across the Web.
Applying this view to the Viacom v. YouTube case suggests that privacy protection has to focus more limiting how people and institutions can *use* personal information even as we recognize that it is harder and harder to protect privacy by access control alone.
A little transparency would go a long way toward helping keep online political discourse open, especially in the particular corner of the blogosphere run by Google (ie. blogger.com). The Herald Tribune (Bloggers take aim at Google - International Herald Tribune) reports on a controversy involving pro-Clinton blogs that might have been blocked as spam due to what we might call a PDOS (Political Denial of Service Attack) in a skirmish between Obama and Clinton partisans. The IHT asks:
Was Google’s network of online services manipulated to silence critics of Barack Obama? That was the question buzzing on a corner of the blogosphere over the past few days, after several anti-Obama bloggers were unable to update their sites, which are hosted on Googles Blogger service.
It is alleged that some pro-Clinton blogs were blocked after a number of pro-Obama users marked them as ’spam’ on blogger.com. A Google spokesperson explained:
“It appears that our anti-spam filters caused some Blogger accounts to be blocked from creating new posts,” a Google spokesman, Adam Kovacevich, said in a statement. “While we are still investigating, we believe this may have been caused by mass spam e-mails mentioning the ‘Just Say No Deal’ network of blogs, which in turn caused our system to classify the blog addresses mentioned in the e-mails as spam.”
Kovacevich said that Google had restored posting rights to the affected blogs and that it was “very important” to Google “that Blogger remain a tool for political debate and free expression.” He gave no further details about Google’s spam-monitoring techniques or how they relate to the Blogger service.
It certainly would be useful if Google could provide some transparency into what they block and why. That way, either Google or the possibly malicious spam-flaggers could be help accountable for their behavior. (In a recent CACM piece on Information Accountability we explain why accountability is so important on the Web and how we might have more of it through additions to the architecture of the Web.)
Google does a very good job of giving transparent explanations when their search results contain information that has been blocked for legal reasons such as copyright takedown notices. I hope they can find a way to bring similar transparency to their part of blogosphere.
The New Jersey Supreme Court (State of New Jersey v. Shirley Reid (A-105-06)) has issued an important decision on Internet users’ right to privacy. The case involves a dispute about whether an ISP violated a user’s privacy rights by turning over subscriber information (name, address, billing details) associated with a particular IP address. It ends up the that subpoena served on the ISP was invalid for a variety of reasons. As the user had a ‘reasonable expectation of privacy’ in her Internet activities and identifying information, and because the subpoena served on the ISP was invalid, the New Jersey court determined that the ISP should not have turned over the personal data.
The important aspect of this case in the evolving understanding of privacy on the Internet is the court’s recognition that we must look at privacy from the broad perspective of what can actually be discovered about people online. In this way, the ruling has significant strengths and weaknesses from a privacy perspective. On the one hand, the court finds that there is, today, an expectation of privacy in IP addresses because they are currently hard to link to personal identity. There have been lots of disputes in the US and the EU about whether IP addresses are ‘personally identifying information.’ (”PII” in the jargon of privacy.) This court takes a pragmatic view of this question and finds that IP addresses should be considered private for now, but that this may change. The court finds:
the reasonableness of the privacy interest may change as technology evolves. A reasonable expectation of privacy is required to establish a protected privacy interest…. Internet users today enjoy relatively complete IP address anonymity when surfing the Web. Given the current state of technology, the dynamic, temporarily assigned, numerical IP address cannot be matched to an individual user without the help of an ISP. Therefore, we accept as reasonable the expectation that one’s identity will not be discovered through a string of numbers left behind on a website.
The availability of IP Address Locator Websites has not altered that expectation because they reveal the name and address of service providers but not individual users. Should that reality change over time, the reasonableness of the expectation of privacy in Internet subscriber information might change as well. For example, if one day new software allowed individuals to type IP addresses into a “reverse directory” and identify the name of a user — as is possible with reverse telephone directories — today’s ruling might need to be reexamined.
Others have written about the legal details of this case and have suggested that it is a big win for privacy. Given the reliance on the shifting state of identity technology, I’m a little less sanguine.
This case is yet another reason why I believe (as I’ve explained elsewhere) that meaningful privacy on the Web requires rules the govern how personal information is used, not just what can be collected. Under the court’s reasoning, as our lives become more and more transparent, that would justify increasing harmful use of personal data. While it’s pretty hard to control how exposed we are all become, we still can limit how powerful institutions (governments, etc.) use personal data about us.
Ethernet inventor, journalist and now venture capitalist Bob Metcalfe speaks on the lessons from the Internet community for the global warming arena. In looking at how to accelerate technical innovation to address climate change, Metcalfe asserts that:
“… the place to do research is in university labs. “The best vehicle for technology innovation is not patents, it’s students.”
Of course, Bob also manages to express is distain for monopoly, Bell Labs, and even Al Gore. (See report by Martin LaMonica.) I’m not sure about those but think he’s right on with respect to patents.
Ever the astute observer of the various features and bugs of our collective behavior, a longtime mentor of mine, Mitch Kapor, has coined a new defintion:
Meetingboarding: (n) the sensation of being unable to breathe arising from continuous immersion in meeting after meeting
I’d add to this a characterization of email that I learned from Mitch many years ago:
The problem with email is that it has low emotional bandwidth.
-Mitch Kapor, circa 1991