Municipal privacy law, a proposal

As we now know, the technical capabilities for governments and corporations outpace the public’s ability to identify and react to the consequences of unchecked surveillance. Personal information and metadata collection technology can have grave consequences on human rights that have been proven to negatively affect populations including health practitioners, journalists, lawyers, activists, and the Muslim community. Coupled with policy makers’ lack of technical knowledge in information systems, my goal is to do most of the work that our politicians are failing to do.

I would like to present a plan that will aim to create a new set of privacy ordinances that will focus on these three tasks:

1) research and analyze existing privacy laws

2) design a framework that is similar to what the International Modern Media Institute is doing for freedom of expression — create a bundle of proven laws from all over the world as a base.

3) design new laws that are knowledgeable of and target technical capabilities to support people’s right to privacy

To start, we might look at the Electronic Communications Privacy Act. Law enforcement and “national security” have overly-broad exemptions in the act, particularly for the collection of metadata. A group of technical professionals might then create a city law that makes it clear that a warrant is explicitly needed in any case that data or information about a person or person’s communications is sought after. This, of course, brings in a recent ruling about the “third party doctrine”, which now provides further precedent that data collected as a business need does not deserve privacy protections. This, of course, is absurd. Facebook needs a list of your friends in order to operate, so it’s free game to law enforcement? The electricity company needs personally identifiable power usage data, should that be free to law enforcement?

We can show how the abuse of data collection has negatively affected specific people and specific organizations. Government has unjustly and unconstitutionally hacked the system to increase its own power. While a city law might only impact people and organizations in Seattle, this would be a great start. What works in Seattle might be good for Redmond or Bellevue, too. Maybe Olympia will adopt this progress and blanket the state with hardened civil liberty protections.

As an avid Internet user, I sometimes try to delete my data and information. For example, when I tried to delete my LinkedIn profile, the language of their responsibilities merely says they’re going to hide the profile. No where do they day they assure deletion. And then there’s Facebook who makes “black profiles” of people even if said people never visited Facebook.com in their life. I want control over my data and information. Maybe we can create a law that allows me to request data and information about me, along with legal tools to correct or delete it. I’m not talking about public information, but data and information put into a third party application I expected to have specific levels of confidentiality. I want explicit information, like business address and contact information, about who said data was shared with and when. And if a company refuses to help my see, correct, or delete my data and information, I want legal tools to file malicious charges.

Obviously, the legal tools that I”m asking for would end up costing companies a lot of money. Aside from my ideals and their lack of respect for me, a package of privacy laws should offer protections to companies, too. To start, it probably costs technology providers a lot of money to process law enforcement requests. And if any given company decides to do what’s right and fight gag orders, now we’re talking about hundreds of thousands or even millions of dollars. We need privacy laws that help companies defend against these kinds of attacks, too.

I think data is the new oil. Governments and corporations are extraordinarily greedy. New technology is creating new holes in ourselves that governments and corporations are pumping data from with no respect and it’s sold to the highest bidder.

All the metadata

When looking at the quality of schools, I don’t want to know who the teachers are. I mean, I do, but I don’t. I’ll read former student’s and parent’s reviews. I want to know who the administrators are. The school board. The superintendent. They drive the long term objectives and they dictate the narrative of the teacher’s content. Who did they donate money to in past elections?

Great, you’re using these books as an information authority to teach our kids. Who are the publishers of the books? How often do they update their content, and why? Where do they stand on open access issues? Are they publishing for profit or because the content needs updating?

When I look for news sources, I don’t want to know who the authors are. I do, but I don’t. Looking at the publisher helps me understand bias. Who’s the editor? Who’s on the board of directors? Why have past employees left the company?

Wikipedia is churning out extremely high quality information on complex topics. They’re teaching me (and many others) a few things about the nature of information.

I remember how valuable my Microsoft Encarta DVD was to me. It meant access. It meant solving problems and understanding my complex world. But it, like books in school, suck.

They suck compared to Wikipedia. Books in school are on par with news media. What is the source of this information? Why is it here? Not “here in this article”, but here in between ‘this’ argument and ‘that’ argument. Who put it here? What else has this author written? What else has the editor edited, and manager, managed? Wikipedia solves a lot of this. Citation is a critical aspect to high quality information consumption and production.

It’s no longer acceptable to accept information as fact. Complex information, about people and organizations of people, doesn’t work that way.

The future of news media needs to learn from Wikipedia. Great, I see who “authored” the piece. But who’s funding it? Who’s editing it? What restrictions are placed on the authors and editors by the administrators?

Metadata matters. The NSA knows this. Metadata provides required facts in order to understand specific aspects of the story.

No, mass surveillance is still unethical and illegal (in the United States). But I completely understand why they want it. They want it all for the same reasons I want it. It makes me an informed individual in the ways I want to be informed. Ideally, holistically.

I’m not calling for the surveillance of news media organizations. I’m asking for their transparency because of how critical their public good is for society to act intelligently to complex events. The more that people are exposed to higher quality ‘anything’, the more they want it. The public needs high quality information.

Surveillance tech, the third party doctrine, and the fourth amendment

Regarding:
Eleventh Circuit rules for the feds on cell-site records — but then overreaches

Facebook, Twitter, Google, Apple, all copy your contact list from your phone often times without explicit permission. This is done for third-party “business purposes”. Should police be able to have a copy of all your contacts, too? What’s different about your physical location information? These are all types of mass surveillance technology with the cover of business as usual. Should police have access to mass surveillance technology? What about the information the technology generates? The fourth amendment is clear. Get a warrant.

Citations:
Facebook ‘Phonebook Contacts’ Stores Your Friends’ Phone Numbers But Doesn’t Share Them
Twitter uploads contact list data without consent; retains for 18 months

My Microsoft Bing Proposal: Support The Tor Project

This proposal represents my personal views and not those of Microsoft.

The better technology can adapt to you, the more you can be yourself.

Tor (TorProject.org), the open source privacy tool, is as important to some people as public education, grocery stores, and 24/7 emergency services. Microsoft is a global technology company that should aim to maximize the privacy of its users. This proposal consists of four parts:

1) Deploy site-wide, always on Bing.com HTTPS

Just like Outlook.com, people’s ordinary Bing searches deserve the same respect and privacy as personal and workplace emails.

2) Deploy Tor relays (non-exits) in Bing datacenters

Microsoft should contribute to the Tor network by deploying at least 10 Gbps of Tor relay throughput, distributed globally.

3) Deploy a Bing.com Onion address

Many people are not able to reach various parts of the Internet because of government censorship. Giving Bing users direct access through Tor maximizes search accessibility and privacy.

4) Dedicate $100,000 a year for the next 5 years to Tor Project

In an effort to minimize US government donations, Tor Project is asking for the public’s help. Help The Tor Project directly by supporting their not-for-profit organization.

How will Microsoft help?

Since 2013, DuckDuckGo, a popular privacy-focused search engine, has had an Onion address for some time. Popular news outlets such as The New Yorker, Forbes, The Washington Post, and The Guardian have all deployed Tor-based “SecureDrop” instances in order to privately and securely collect information from concerned citizens. In 2014, Facebook deployed their own Onion address for its users. This year, Reddit users voted to donate $82,000 to Tor Project.

Brochures
https://blog.torproject.org/blog/spread-word-about-tor

There are three different versions of the brochure, all with the same front and different backs:

– Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).

– The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.

– Freedom & Privacy Online: The target audience here is the general public – helping educate people about the reasons that protecting their privacy is important.