City of Seattle could lead privacy and transparency efforts with SecureDrop and Tor

Draft 2

The City of Seattle has an opportunity to become the first city in the world to adopt cutting edge technology that supports personal data privacy, information security, and government transparency. SecureDrop and Tor, both free software solutions, independently designed and independently important, together create an ecosystem for government accountability.

Tor is an encrypted networking protocol used in conjunction with Tor Browser, an application that allows anyone to maintain confidentiality of certain personal data when browsing the Internet. Tor Browser is advocated to many underserved communities, like the Cambridge domestic violence prevention organization Transition House [1]. Similarly, Seattle Public Library discussed how they plan to support Tor Browser in a recent blog post titled, Online Privacy and the Use of the Tor Network in the Library [2].

Another Tor application is called “Hidden Services”. Hidden Services provide end-to-end encryption just like using “HTTPS” when connecting to your bank, but with the benefit of Tor routing that further protects personal data. There are many ethically-centered reasons why the social platform Facebook and the search engine DuckDuckGo provide their users access via Hidden Service, but mainly it is to give their users identity control.

SecureDrop is a secure and anonymous document submission system that employs Hidden Services. It is currently used by law firms like the ACLU of Washington for client intake, in addition to news media organizations like the New Yorker and the Washington Post for protecting journalist sources. SecureDrop would help satisfy the requirements of “internal institutional and external oversight mechanisms” discussed in the recently published United Nations Report of the Special Rapporteur to the General Assembly on the Protection of Sources and Whistleblowers [3].

According to Tor Project, Hidden Services provide a means for Tor users to create sites and services that are accessible exclusively within the Tor network, with privacy and security features that make them useful and appealing for a wide variety of applications. The potential of Hidden Services is huge, and much of it is yet to be explored [4].

To maximize trust building opportunities, the City should exclusively use free software when deploying technologies that interface with the public. Adopting Tor privacy applications would not just set a high bar for data privacy expectations, it would establish trust because anyone can independently review how the software works and how personal data is protected. There are several ways that City government departments could take advantage of these privacy applications. Each would provide real-world benefits that defend the rights of City residents:

1. Tor Browser

Deploying Tor Browser on certain City government computers, or supporting Tor Browser through explicit policy and education, would provide certain assurances about data privacy and demonstrate a commitment to web based data privacy initiatives. The target audience could be City government employees or the general public depending on location and goals.

Additionally, providing educational material to targeted groups of people about how to use Tor Browser effectively from personally owned computers will decrease the apprehension of accessing certain public resources or providing meaningful but anonymous feedback to specific City government organizations.

2. Hidden Services

City government organizations supply many web-based resources, but sometimes accessing these resources carry potential social or legal consequences that turn people away. These resources can be made available via Hidden Service, allowing people to access web-based resources with less stress.

3. SecureDrop

Internal: City government organizations can use SecureDrop to strengthen their commitments to accountability. By sharing a SecureDrop server address internally, organizations can deploy a dependable whistleblowing avenue, or a powerful tool for soliciting anonymous feedback.

External: Having SecureDrop for secure and anonymous document submissions would guarantee certain data privacy and information security protections because of the design of the system. Like Tor and other free and open source software projects, anyone can read about and comprehensively understand both the code and the operations of how the application is supposed to work. Public complaints, public feedback, perceived government abuse, and issues pertaining to the City of Seattle can all be securely and anonymously received with a publicly shared SecureDrop server.


1 http://www.betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/

2 https://shelftalkblog.wordpress.com/2015/09/22/online-privacy-and-the-use-of-the-tor-network-in-the-library/

3 http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/ProtectionOfSources.aspx

4 https://blog.torproject.org/blog/crowdfunding-future-hidden-services

A resolution for Seattle: encryption and anonymity as moral imperatives

Published: 2015-Sep-19
Updated: 2015-Sep-19, revision 17


CITY OF SEATTLE
RESOLUTION _________________

title

A RESOLUTION affirming the human right to encryption and anonymity as consistent with the findings of the United Nations report on encryption, anonymity, and the human rights framework, advancing previously adopted human rights resolutions.

body

WHEREAS, in December 2012, the Seattle City Council adopted Resolution 31420 proclaiming Seattle to be a Human Rights City, endorsing the human rights set forth in the Universal Declaration of Human Rights, recognizing the importance of using the international human rights framework for cities to work on their commitment to protecting, respecting, and fulfilling the full range of universal human rights; and

WHEREAS, in July 2015, the Seattle City Council adopted Resolution 31598 affirming privacy as a human right and aligning the work of the City’s privacy initiative with the right to privacy as described in the Universal Declaration of Human Rights; and

WHEREAS, in May 2015, the United Nations report on encryption, anonymity, and the human rights framework was published and finds that encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age; and

WHEREAS, with respect to encryption and anonymity, the City of Seattle should adopt policies of non-restriction or comprehensive protection: (1) only adopt restrictions on a case-specific basis and that meet the requirements of legality, necessity, proportionality and legitimacy in objective, (2) require court orders for any specific limitation, and (3) promote security and privacy online through public education; and

WHEREAS, potential criminality and emergency situations do not relieve the City of its obligation to ensure respect for international human rights law; and

WHEREAS, legislative proposals for the revision or adoption of restrictions on individual security or privacy online should be subject to public debate and adopted according to regular, public, informed and transparent legislative process; and

WHEREAS, the City must promote effective participation of a wide variety of civil society actors and minority groups in such debate and processes and avoid adopting such legislation under accelerated legislative procedures; and

WHEREAS, all Seattle organizations should not block or limit the transmission of encrypted communications and should permit anonymous communication; and

WHEREAS, all Seattle organizations should support secure technologies for websites and software applications, develop widespread end-to-end encryption, and employ anonymity-preserving software to support privacy-sensitive populations; and

WHEREAS, the City’s laws must recognize that individuals are free to protect the privacy of their communications by using encryption technology and tools that allow anonymity online; and

WHEREAS, the City’s legislation and regulations protecting human rights defenders and journalists must include provisions enabling access and providing support to use the technologies to secure their communications; and

WHEREAS, the City must avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows; and

WHEREAS, the City must refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users; and

WHEREAS, all Seattle organizations should consider their own policies that restrict encryption and anonymity (including through the use of pseudonyms); and

WHEREAS, all Seattle organizations should follow internationally and regionally accepted principles for conducting business in accordance with human rights law; and

WHEREAS, court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals; and

WHEREAS, all Seattle organizations will not conduct any manner of intentional or unintentional mass tracking, monitoring, or surveillance of person-linkable information or metadata without strict anonymization processes during collection, transfer, and storage processes; and

WHEREAS, if strict anonymization processes during person-linkable information or metadata collection, transfer, and storage cannot be performed, then those tracking, monitoring, or surveillance technologies will not be used; and

WHEREAS, given the relevance of new communication technologies in the promotion of human rights and development, all those involved should systematically promote access to encryption and anonymity without discrimination; and

WHEREAS, given the threats to freedom of expression online, corporate actors should review the adequacy of their practices with regard to human right norms; and

WHEREAS, Seattle companies should adhere to principles such as those laid out in the Guiding Principles on Business and Human Rights (PDF), the Global Network Initiative’s Principles on Freedom of Expression and Privacy (PDF), the European Commission’s ICT Sector Guide on Implementing the UN Guiding Principles on Business and Human Rights, and the Telecommunications Industry Dialogue Guiding Principles; NOW, THEREFORE,

BE IT RESOLVED BY THE CITY COUNCIL OF THE CITY OF SEATTLE, THE MAYOR CONCURRING, THAT:

Section 1. In accordance with the findings of the UN Report on encryption, anonymity, and the human rights framework, the City Council affirms the human right to encryption and anonymity are foundational to human dignity, intellectual freedom, and democratic governance in the digital age.

Section 2. The City Council implores that all City of Seattle past, present, and future technology projects maximize person anonymity during the collection, transference, and storage of person-linkable data and information.

Section 3.

ACLU-WA encryption evangelism internship proposal

Goal

Further the use of FOSS encryption technologies within Washington legal and journalism circles.

Tor

Tor relay and Tor exit relay adoption by organizations because of resources and stability. EFF “Tor Challenge” is unsuccessful at gaining long-term relays because they are focused on individuals that are largely not focused or lack stable resources. ACLU-WA support could happen in three ways: write to local organizations who are likely to
deploy a Tor relay, provide written education or in-person training, and create public reports on successes and failures. Supporting Tor supports human rights work 24/7/365, globally.

HTTPS and StartTLS

Many organizations who require privacy lack website/service transport security. Focusing on specific types of organizations, such as law firms and news agencies, would benefit the public and overall Internet health. HTTPS is critical for keeping private specific pages and forms visited in addition to any transmitted information. StartTLS is critical for keeping entire emails confidential. In light of recent developments in Texas [1], it would be timely to push Washington state legal policy organizations to adopt similar rules. The “Let’s Encrypt” project has been pushed out to November 16th, 2015 [2] — it would be great to have 2 months to start an ACLU-WA parallel initiative (focused on law firms and news agencies, for example) when it launches in order to benefit and enhance the initial press.

TextSecure, RedPhone, & Signal

While HTTPS and StartTLS are important for public and private communication, mobile apps can greatly strengthen inter-org privacy. Classic telephony and SMS communications are insecure. The Open Whisper Systems ecosystem uses state of the art encryption, is scalable, and is free and open source software. Purchasing 5th gen iPod Touch devices is a small cost for law firms and allows lawyers to register their work phone number with Signal. Doing so would let anyone with their regular work phone number to leverage end-to-end encryption instead. No wiretaps, no SS7 tracking, no IMSI catcher tracking, and no baseband or SIM card vulnerabilities that are inherent with any cellular device.

SecureDrop

Whistleblowing is a critical part in a democracy by keeping the public informed and organizations accountable. SecureDrop, by Freedom Press Foundation, is a powerful tool that allows anyone to leak information to targeted organizations. SecureDrop has been around for 2 years and is largely used by news agencies. That being said, a very small fraction of news agencies support SecureDrop which creates two problems: overall diversity and market diversity. Overall, there are too few options in terms of trusted organizations for whistleblowers to choose from. If a specific person who has access to specific information is only comfortable providing information to a specific organization or person, but secure a whistleblowing platform does not exist, nothing will get leaked. Similarity, if only news agencies support secure
whistleblowing platforms, other NGOs who might be better equipped to handle response will not get leaks. ACLU-WA could work with Freedom Press Foundation to focus on evangelizing SecureDrop to NGOs.

Conclusion

It is ethics and education apathy that is preventing people from adopting FOSS security systems that provide privacy. It is one thing to be apathetic in our personal lives, but it is not acceptable in professions that demand privacy in order to keep people safe.

1 http://ridethelightning.senseient.com/2015/07/when-must-lawyers-ethically-encrypt-data-texas-answers.html

2 https://letsencrypt.org/2015/08/07/updated-lets-encrypt-launch-schedule.html

Anonymous surveillance self-defense survey process

Following January’s activist training, I have one objective that requires your help putting together two things:

1) create the content for a survey and-or survey template.

2) create a mechanism, compatible with WordPress, that distributes and collects anonymous survey data.

Regarding #2, Seattle Privacy Coalition could host an onion site, but that would require our activists to be comfortable with downloading and using Tor Browser Bundle before their training. Is that an acceptable requirement? a public Apache server could be configured to minimize the logged data, but the activist’s ISP and our website’s ISP would still have records. Is that an acceptable risk?

The survey as it exists:

  1. Do you use a cell phone when participating in protests?
  2. What is the operating system of the cell phone that you take to protests?
  3. Select the capabilities of said cell phone:
    1. Phone calls
    2. SMS (text messaging)
    3. Data (internet access via 2G, 3G, or 4G)
    4. Bluetooth
    5. Camera
    6. Video camera
    7. (fill in the blank)
  4. When participating in protests, what communication platforms do you use?
    1. Google Hangouts
    2. Apple iMessage
    3. SMS/texts
    4. Facebook Chat
    5. Email
    6. Twitter
    7. (fill in the blank)
  5. Do you know any differences between HTTP and HTTPS?
  6. Have you used privacy enhancing tools such as a VPN or Tor, either on a computer or on a cell phone?
  7. Have you ever sent an encrypted email before?
  8. Is your cell phone password protected?
    1. Yes, with a pin number
    2. Yes, with a password
    3. Yes, with a pattern
    4. Yes, with a fingerprint
    5. Yes, with a faceprint
    6. No
  9. Is your cell phone’s storage encrypted?
  10. Do you know what an IMSI-catcher, or “Stingray”, is?
  11. Regarding the personal computer that you use to coordinate protests, what is its operating system?
  12. Have you ever had a personal computing device seized or confiscated?
  13. Are you currently a victim of active surveillance?
  14. Do you drive, carpool, bus, bike, or walk to protests?
    1. Drive
    2. Carpool
    3. Bus
    4. Bike
    5. Walk
  15. Do you use your electronic debit, credit, and/or bus card(s) before, during, or after attending a protest?
    1. Yes, debit/credit
    2. Yes, bus (Orca) card
    3. No
  16. Do you have access to a technical specialist when you have questions about digital safety tools and practices?
  17. What topics would you like to see covered at this workshop?
  18. Will you be bringing your cell phone or laptop to the workshop? We encourage you to for our hands-on training.

My Microsoft Bing Proposal: Support The Tor Project

This proposal represents my personal views and not those of Microsoft.

The better technology can adapt to you, the more you can be yourself.

Tor (TorProject.org), the open source privacy tool, is as important to some people as public education, grocery stores, and 24/7 emergency services. Microsoft is a global technology company that should aim to maximize the privacy of its users. This proposal consists of four parts:

1) Deploy site-wide, always on Bing.com HTTPS

Just like Outlook.com, people’s ordinary Bing searches deserve the same respect and privacy as personal and workplace emails.

2) Deploy Tor relays (non-exits) in Bing datacenters

Microsoft should contribute to the Tor network by deploying at least 10 Gbps of Tor relay throughput, distributed globally.

3) Deploy a Bing.com Onion address

Many people are not able to reach various parts of the Internet because of government censorship. Giving Bing users direct access through Tor maximizes search accessibility and privacy.

4) Dedicate $100,000 a year for the next 5 years to Tor Project

In an effort to minimize US government donations, Tor Project is asking for the public’s help. Help The Tor Project directly by supporting their not-for-profit organization.

How will Microsoft help?

Since 2013, DuckDuckGo, a popular privacy-focused search engine, has had an Onion address for some time. Popular news outlets such as The New Yorker, Forbes, The Washington Post, and The Guardian have all deployed Tor-based “SecureDrop” instances in order to privately and securely collect information from concerned citizens. In 2014, Facebook deployed their own Onion address for its users. This year, Reddit users voted to donate $82,000 to Tor Project.

Brochures
https://blog.torproject.org/blog/spread-word-about-tor

There are three different versions of the brochure, all with the same front and different backs:

– Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).

– The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.

– Freedom & Privacy Online: The target audience here is the general public – helping educate people about the reasons that protecting their privacy is important.

Operational security training for Seattle activists and journalists

UPDATE! The date *may* change! An announcement to our first activist training will be posted on SeattlePrivacy.org within the first week of January 2015.

Starting on MLK day, to cover January 19th TA3M, I will be hosting a 3 to 5 hour event specific to digital security for on-the-ground activism. In February, I am going to host a related event specifically for journalists. This style of training is going to happen every month with activist and journalist training happening on alternating months. This program will happen in addition to TA3M, I’m just going to jump start off of TA3M in January.

Curriculum is going to be facilitated by the SaferJourno guide (https://saferjourno.internews.org/ — “digital safety and online security”). Technical material can be adopted from many sources, but I will be asking for specialists to facilitate various trainings. A new website will be created that will be breaking this content down in wiki format. The content will be duplicated and modified for activists. The goals include enhancing and contributing back to the SaferJourno project.

The distinction between activists and journalists is critical. Risk analysis and legalities are totally different for the two groups, even though they sometimes share the same threats. In addition, SaferJourno has many hands-on training and conversation-oriented coursework. Sharing similar experiences with one another is important, and also making the attendees feel as comfortable and secure as possible is important. The registration process will be constructed to be as anonymous as possible, and participation will remain as private as possible. Registration is interesting because there are pre-surveys that have to be filled out for the trainers.

As for journalists, I will be working with various volunteers to create curriculum specific to SecureDrop; part for its use, and part for its technical implementation. Also concerning journalists, I plan to make available tailored training for Seattle news organizations who wish to incorporate their working environments into the training.

Meeting space is TBD. Sadly, the Seattle Public Library closes too early.

A name for this new program has not been created. At this time, I have people interested in starting the same program in other cities, but will probably not happen as soon as MLK day.

Aside from me, I plan on keeping the identities of volunteers related to this new program private unless they wish to provide public support. My preferred methods of communication are TextSecure, PGP email, XMPP/OTR, and Ricochet — most details kept up to date on my website, https://yawnbox.com/.

I expect that trainers will write reports based on their experiences as educators and contribute (anonymously, if desirable) to the program in the form of SaferJourno (or SaferActivist) wiki edits. I’ll try to get trainers repeatable structure for said reports. Those not familiar with SaferJourno should know that it’s CC-BY-NC-SA. We can freely copy, remix, and redistribute the content with reference to the original, plus maintaining the same license or more-open, like CC-BY-SA or CC0.

What I currently need:

Does anyone know the activists who organized the WTO protests? I’d like to get them involved.

I need assistance breaking down the various needs of activist topics to cover. This will help copy the SaferJourno guide and modify it for activists. For January, time should not exceed 5 hours total, including breaks. Following January, events will likely be on weekends that could span an entire weekend.

I need technical specialists for iPhone and Android security. I could instruct Android, but there are many people who know more than I do. If we can’t rely on one person, we can break down various aspects of phone security to accommodate training. I also need someone to manage the topic of social media and video distribution.

Please be critical in thought and response. I look forward to pushing this forward in light of increased worldwide surveillance with as much help as I can get. I prefer to simply be an organizer, but I will facilitate/educate when/where needed. Please be aware than any involvement with this program will likely garner increased surveillance of yourself and connections, if TA3M wasn’t enough.

Ideas to support the Tor Project: Wikipedia IdeaLab proposal

Special thanks to my open-access comrade-in-arms Lane Rasberry.

Lane emailed me this morning asking for my input on a current proposal that’s on Jimmy Wales very own Wikipedia talk page.

After CC’ing Runa Sandvik from the Tor Project to verify the factuality of my feedback for the Wikipedia community, I posted my comments.

The ongoing issue, that Jacob Appelbaum repeatedly vocalizes, is that Tor users, Jacob included, is not able to protect his identity and contribute to the knowledge base that exists on Wikipedia.

Political activists and dissidents create a critical feedback loop into the controversial dialogue that is only made possible through the Internet and social media. Not only are these people self-empowering, they are the ones most likely to seek out the truth.

From Lane:

If you would be willing to write a brief set of proposals about what Wikipedia should do with Tor, then [Lane] would format those with you in the IdeaLab. This is a space where ideas are stored on Wikipedia so that they would always be found if anyone ever wanted them. I think it would be a good idea just to establish the conversation.

https://meta.wikimedia.org/wiki/Grants:IdeaLab

[If] it is of interest to you, I would help you start a proposal, format it properly, publicize it, and if you know anyone in the Tor community that might want to make a grant proposal for funding to establish and document the relationship between Tor and Wikipedia, then I might be able to advise on how to do that also.

This conversation is happening now live and it does have Jimbo Wales’ attention. It would be awesome to get input from established Tor supporters.

If you would like to create a proposal and have the support of a Wikipedia veteran, please contact Lane directly, and ask for other peoples input! I’m also extremely interested in supporting, I just don’t know what an ideal proposal would look like, and I don’t want to speak on behalf of Tor Project.

Thank you!

Developing an Open Educational Resource on Encryption

Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

— Edward Snowden, answering questions live on the Guardian’s website

Society needs an educational resource, covering the complex topics involved with information encryption, that is modular, openly accessible, and freely remixable. This is my proposal to create such a resource.

Open Educational Resources (OER) are freely accessible, openly licensed documents and media that are useful for teaching, learning, educational, assessment and research purposes. The development and promotion of open educational resources is often motivated by a desire to curb the commodification of knowledge[1] and provide an alternate or enhanced educational paradigm.

Utilizing Creative Commons licensing, an OER can be created on oercommons.org, where it will be maintained by a single authority, yet anyone in the world will be able to adapt and create their own work from ours. Oercommons.org provides a long-term support platform for maintaining these resources.

I started publicly asking for help in June of 2013–and I received a very warm welcome. You don’t have to look far to see why.

2013-06-24

August 2013:

2013-08-23 2013-08-23-2

October 2013: KEYNOTE: Journalism in the Age of Surveillance, Threat Modeling: Determining Digital Security for You, [For Journalism] Keeping Under the Security Radar, Improving Your Digital Hygiene

December 2013: United We Stand — and Encrypt by Josh Sterns2013-12-21

December 2013: Arab journalists need training for civil unrest and wars — referencing the CPJ’s Journalist Security Guide

January 2014: A Modest Proposal for Encrypting the Work of Activists by Kate Krauss

2014-01-20

It is clear that a diversity of educational resources are needed. While my original proposal was going to be supported by the United States Open Knowledge Foundation, OKFNUS has since back peddled due to lack of support from central-OKF. I am hoping that the many people behind Crypto.is are interested in spearheading the development of this OER. If they are not, and no other organization is, I will shortly be registering my own domain name to create a project launch page.

The initial launch of the OER can be created using Micah Lee‘s work, of the Freedom of the Press Foundation, Encryption Works: How to Protect Your Privacy (And Your Sources) in the Age of NSA Surveillance. Micah and the Freedom of the Press Foundation graciously licensed this work as CC-BY, allowing us, and even Wikipedia to reuse the work with attribution. I am hoping that Micah, himself, will want to be included in this project.

The target audience, initially, will be journalists, whistle blowers, activists, and dissidents. While these groups are the extreme, their example proves useful for the rest of society.

Please comment on this post, or tweet me, or email me your feedback.

A local initiative for the people’s right to privacy

“Gentlemen do not read each other’s mail.”

This was said by Henry L. Stimson in 1929 in support of the US State Department’s defunding of the Black Chamber program that was used to decipher foreign ambassador communications. At that time, Stinson was the Secretary of State under President William Howard Taft. Stinson’s opinion, however, is said to have changed while he served as the Secretary of War under President Herbert Hoover and President Franklin D. Roosevelt, in which the United States government relied heavily on the enemy’s decrypted communications during wartime.

Mass surveillance is a crime against people, not just the American people. The people did not ask for it, not even the special interests behind the development of the Patriot Act. Secret mass surveillance and secret laws are instituted and accepted by people in power, to gain and maintain power, which are acts that are illegitimate of a developing democracy. They are illegitimate acts of a country that developed the Internet.

Civilly speaking, cryptographically encrypting information before transmission is the same as licking and sealing a letter before mailing it. It is the same as closing a clear glass door on a telephone booth before having a private conversation. It is the same as putting on clothes to protect things expected to remain private.

I expect that only entities that privately sign digital certificates that create the foundation for private chats, private socializing, and secure transactions on the internet can decrypt my information. It should be illegal for entities beyond the original signer of public key infrastructure certificates to have a copy of the private key in such a way that allows said entity to view or record the decrypted content that is expected to remain private between two specific parties. It should also be illegal for any entity to attempt to break or subvert encryption mechanisms on common-carrier infrastructure as long as that data is being transmitted or being stored on American soil, no matter the nationality of the person transmitting their encrypted internet content. It is time for the United States to learn from its mistakes and emerge as a civil liberties leader.

What I would like to do is identify other leaders throughout the United States that want to pass a shared city law that makes illegal the above acts. We should all vote for and approve these laws in tandem to reduce the risk of federal or state legal threats. Cities need to come together to protect local internet infrastructure.

Governance representatives are failing to protect the nature of our constitutional protections in law and debate.  They are failing to understand the importance of the Internet. Federal representatives are literally working backwards at times, with the Patriot Act, CISPA, PIPA, and the TPP as perfect examples. It is time to work from the ground up and enact local laws that affect local internet infrastructure.

We cannot let special interest groups, that bribe our representatives, write our laws for us. The interest of the people needs to be voiced through local law. Let us tell state and federal government that it is not okay to subvert public law with secret law, and that mass surveillance cannot be tolerated, period. Law enforcement has worked, successfully, for hundreds of years without mass surveillance. The city laws that I am proposing do not inhibit the normal procedure of law enforcement to acquire a warrant, through justified evidence, to obtain private information about specific individuals to prevent or punish crime.

In addition to hosting DNS root servers and the Seattle Internet Exchange, the Westin datacenter connects us to billions of un-Americans on the other side of the Pacific Ocean. Many other cities throughout the United States host similar infrastructure. These communication points are ideal for the placement of unethical surveillance equipment, and we must make this act illegal in our cities. Let us put pressure on our state by protecting local resources, the technology that ensures the security of our online communications, and the integrity of our local businesses.

From https://www.aclu.org/sites/default/files/assets/lavabit_brief_of_us.pdf, it is clear that sometimes our founding legal frameworks are not explicit.

THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT

Let us build our own laws for our expectations of privacy. For example, as described in the book, Toward an Information Bill of Rights & Responsibilities (http://yawnbox.com/?p=283):

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • Technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • Proliferation of powerful computing capacity to the desktop;
  • Creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • Increasing use of target marketing, modeling, and profiling;
  • New technological abilities that permit individuals to access personal data maintained by others;
  • Decreasing cost of computing technology used to manipulate data;
  • New social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

Together we must begin drafting a law that can be shared by the people, city governance, and our local businesses. Together we must approve these measures and begin putting a stop to mass surveillance on any and all people, not just Americans, while also demonstrating our right to privacy.

Information strings and their use in understanding digital journalism

Oxford Internet Institute MSc in Social Science of the Internet research proposal by Christopher Sheats

Introduction. In his book, Information: A Very Short Introduction, Dr. Luciano Floridi defines the differences between five types of semantic information (5-TSI)—primary, secondary, meta, operational, and derivative. Floridi then tells a story and describes specific pieces as being “primary” in nature, or “operational” in nature, etcetera. I have adapted Floridi’s 5-TSI to create a framework that goes beyond focusing on independent pieces of information. My research links these independent pieces together to more effectively trace the focus of how the main topic or topics of a news article are being described to the reader. I propose that this linking of information-types becomes an information string.

Identifying information strings allows one to analyze semantic information by qualifying and categorizing information to determine what is and is not present in any given article. My area of interest concerns the quality of information of politically motivated online news articles. A diverse and relevant range of information strings makes up a news article’s informativeness, which is a metric that can describe how high or low the quality of information is. My objective is to determine the quality of any given set of information, which may or may not indicate aspects of informativeness, misinformation, and disinformation.

Hypothesis. In order for my hypothesis to work, I had to invent an information-string system. The notion of “primary” information is the smallest, least complicated “tier” of information which I call a “first-tier” information string. Operational information concerning a news article topic is “primary-operational” information, or, a second-tier information string, because it is operationally describing the primary information. Each sub-tier is always a complication of its respective higher-tier information string, be it secondary, meta, operational, or derivative. I propose that every information string in a stand-alone news article should start as primary-“something”, because information in any news article should focus on or support a main topic.

I hypothesize that information strings can be logically and visually mapped in such a way that will enhance news aggregation websites.

With any given news article topic or topics (the primary information), there should be a substantial amount of related information already available online. With the release of new information by journalists, politicians, whistle-blower release sites, encyclopedia developments, and social media participants, the nature of how that primary information will evolve. Over time, primary information strings change depending on a multitude of factors that affect primary’s sub-tier information. Through analyzing the nature of the information string change, trends should emerge to help identify those factors.

What I expect my research to support is the premise that information string evolution will dramatically shift based on specific sources, including individual journalists, individual political speakers, entire news agencies, or entire political organizations. Tracking information that has a high probability of being deceptive via the application of information strings should allow me to visually represent the change of information over time to better understand the consequences of using low-quality information.

Methodology. With the help of my research mentor, Dr. Floridi, I will select a topic in news media to analyze. For example, in a public blog post, I looked at an NBC News article alleging that US officials claimed that the Iranian government was responsible for cyber attacks against the US government. Through the application of information strings, I was able to provide evidence that its low-quality information was later being referenced in follow up articles by the same and other news agencies, leading to systemic low-quality information and probable deception. Information strings can become dependent on false information that allow the generation of all kinds of information strings in other, stand-alone, online news articles.

Surveys will need to be developed and administered to a wide range of participants to gauge the informativeness of the use of specific information string diversity and order. Survey questions will depend on the development and application of my information strings framework. The following questions were developed to better shape survey questions:

 

  1. Is it feasible to track the behavior of information in semantic media using the 5-TSI?
  2. How persuasive is one information type, of the 5-TSI, over another?
  3. What type of the 5-TSI affect the trend of semantic media the most? The least?
  4. Is objective information composed more of one of the 5-TSI over any of the others?
  5. In semantic media, can the 5-TSI be broken down into percentages and graphed?
  6. How does subjective information and objective information affect the 5-TSI? Vice-versa?
  7. Is it possible to identify the gaps between data and information in semantic media, depending on the type of information, either biological information or the 5-TSI?
  8. Is it possible to automate the detection of the 5-TSI present in a piece of semantic media?
  9. To what degree does biological information affect the 5-TSI?
  10. What types of the 5-TSI persuades a user of that information to ask more questions rather than make more assumptions? Vice-versa?
  11. Is it possible to use one or many types of information to strategically develop information warfare operations?
  12. Do the 5-TSI change in perception by a biological entity that is limited to biological information?
  13. Does understanding the information type affect one’s ability to understand information in a more objective sense?
  14. How do we extract wanted information from all perceived information, of the 5-TSI?
  15. How do we extract primary information from secondary information? Or vice-versa?
  16. What percentage of the 5-TSI create more perceived information entropy, information, and/or contradictory information? Can the 5-TSI be broken down into these categories?
  17. Do various types of the 5-TSI create any more or less information entropy?
  18. Does the diversity or order of the 5-TSI affect information entropy?
  19. Does information entropy shift as one learns more?
  20. How does information entropy change and how is it affected by biological information and the 5-TSI?
  21. Does semantic information have strong relationships with biological information? Can it be understood using complex adaptive systems analysis?
  22. Is there a dualism to Floridi’s 5-TSI?
  23. Is it feasible to minimize or maximize the use of meta information, except when in support of primary information, to better produce disinformation? Or any of the other 5-TSI?
  24. Is it possible to systematically or systemically organize meta information as primary information, or secondary information as primary information, etc?

 

Conclusion. Depending on the probability of informativeness and the ever present risk of deception in political news articles, a news aggregator such as Google News could eventually achieve two things. One, it could make targeted suggestions to information consumers that present the least amount of content to consume while achieving the greatest amount of informativeness based on open sources. Two, because there will eventually be a database of historical trends based on information string change, a news aggregator could strategically suggest information that will best support probable information changes.

This research will allow for the development of automated systems to best support the actions of an information consumer based on high-quality information, rather than wallow in a bunch of unstructured, seemingly random news with no qualified risks of misinformation or disinformation. If my research is successful, I have every intention to push this research in the OII’s DPhil in Information, Communication and the Social Sciences program.

Henry Markram of the Blue Brain project, founded in 2005 to attempt to create a synthetic brain, was quoted in an interview from 2008 as saying, “So much of what we do in science isn’t actually science. I say let robots do the mindless work so that we can spend more time thinking about our questions.” The internet has extraordinary capacity to meaningfully inform its users. We need better information management systems to help us ask the right questions when it comes to consuming information online.