Al Gidari, Jr. of Perkins Cole is giving a Berkman talk on privacy called “They Know Where You Are: Location Privacy in a Mobile World.” [Note: I’m live blogging, getting things wrong, paraphrasing badly, missing stuff, not spell-checking, and generally just taking notes. ]

Early on, cellphone fraud was rampant. It was relatively easy to clone a phone. Al worked on tracking down offenders. The three-letter government agencies took note. E.g., the hacker Kevin Mittnick was tracked down by the FBI and the provider by using “trigger fish” tech that judges location based on cellular signals. But the carriers refused to put in the tech the feds wanted because it was too expensive. In 1994, Congress required carriers to install “surveillance-ready” technology; you could wiretap with just a flip of a switch.

“In those debates one of the serious privacy issues was whether or not the gov’t sought to have tracking capabilities for wireless phones included,” Al says. Louis Freeh said that the gov’t didn’t want such a capability, that it was a red herring, etc. CALEA separated the basic info from location info. For the basic info, you just need a subpoena. For location info, you need to go to a judge and show that it’s relevant to an ongoing investigation.

Cellphone carriers know and record a cellphone’s availability on a particular cell tower, whether or not you’re making a call. If you make a call, the tower is recorded. (This was required back when roaming agreements mattered a lot.) Google knows this also for use in Google Maps. So, location info is available from various sources. There’s also realtime inf about where you are. Then there’s prospective: mapping your movements over time.

CALEA only dealt with the historical aspect of this, not real time or prospective. Industry spent 4 years developing a standard for delivering info to law enforcement. There was a major debate over location info. In 2000, the courts decided the way the industry handled location info was proper. In a compromise, the carriers agreed that location would be given at the beginning and end of a call and the info would be included as part of the “pen register” info (the number you dialed, etc.) provided under the law. That’s “signaling info” that’s covered by CALEA.

The carriers immediately started receiving orders from the feds for the pen register info including the location info. The feds looked in the Stored Communication Act to find statutory justification for getting the prospective location info. But it’s about stored records that already exist, not records to be created in the future and stored in real time. The carriers weren’t ready to fight this. A couple of years ago, a judge said that the prospective info — where someone is going — isn’t permitted and that it violates the Fourth Amendment. Most of the following cases have gone against the feds. [Al talks about the applicability of various laws. I lost track.] “One magistrate’s decision doesn’t bind another, and we have inconsistent implementation…” Plus states get to make up their own minds about this, given the “floor.”

“The debate continues to age. We don’t know what the outcome will be.” But we need certainty, so a decision is being brewed. Feds want access, but at least are ok with bringing it before a judge. The carriers want probable cause.

The privacy implications are huge, Al says. For example, they get requests for all people on a cellphone on a site for a ten minute period, e.g., when looking for witnesses to a drug transaction. What about third parties who aren’t subject to this, e.g., Google Maps? Are the standards for requesting info lower for them? Google only responds to search warrants about location info. And if you’re a parent tracking your kid’s location, you’re developing a history that may or may not be subject to the law.

We need transparency, Al says. The carriers get 100 requests a week for location info, often for multiple people. That volume is high. And how long will they be required to track them. Because you can disclose location in emergencies without prior permission, law enforcement has gamed the system. No carrier withholds info if it’s a matter of life and death. But there’s no recording of any of these requests. There’s no oversight. Al tells about a state law enforcement official who insisted that a phone be manually pinged ever 15 mins, even when the phone was off, fort 24 hours. It turned out the guy was pinging his daughter who had not returned from a date. “How subject to abuse is that?” Al asks. Finally, if law enforcement wants to now about a particular target, should the location info of the people s/he calls also subject to disclosure?

“If the service provider is offering these location based services, can civil parties track someone who’s using the service?” he asks. Recently in a state court, a lawyer asked about info based on phone found on a container ship carrying counterfeit condoms. They wanted to know everywhere the phone had been and who it had called. The carriers refused. “The risk is enormous that location information will be abused and misused both in civil and criminal cases and it’s far from clear what Congress will do when this hot potato lands in its lap. But we do know it is coming.”

Q: What are the privacy considerations about providing aggregated, anonymized info? Can anyone other than gov’t request that?
A: Carriers want customer consent to disclose location info. But many customers buy phones for the family. Can the husband watch where the wife is going? But the customer must agree to it. It requires CPNI oy!, i.e., the customer’s consent. Non-carriers are not covered by law covering standards for aggregated or individual information. They all have policies about this and require permission.

[me] What about CPNI? Should it be opt-in
A: The kerfuffle was an example of bad journalism. The article expressed it badly. The info you are opted in to giving can be used only within the family of companies for marketing purposes. For sharing outside, it requires explicit opt-in. And CPNI has a higher standard for location info, which does not get shared. An “affiliate” is an entity you own or control. Verizon is incorporated in separate states, so they’re trying to share the info among that family of corporations.

[ez] When I meet with human rights groups, they disassemble their phones. Is anyone discussing the way in which the backdoors we put into phones will be used by repressive governments?
A: The standards are developed by manufacturers distributed to local markets. The standard reflect the local laws. The local gov’ts own the access points, so they don’t need much of a backdoor…
Q: That’s not true of China.

A: Providers do support the criminal law of their host countries. You end up with compromises made by providers. The quality of service capabilities built in, not there for surveillance, enable monitoring by protocol, etc.

Q: What are the standards for getting info on the people who attended an event? Vodaphone did that in Egypt
A: We get requests. The standard is: Your guess is as good as mine. Suppose we get a request for info about everyone who viewed a particular video at YouTube? What’s the standard? Wisconsin asked Amazon to list everyone who bought a particular book, and a court sided with Amazon’s refusal. We rely on service providers to make those objections. It’s not even clear that you would have standing to make those requests. The carriers object on the grounds that it’s burdensome. “If not for the service providers, that information would go. Most service providers are very concerned because their business rests on your comfort level with the privacy they support.” But it’s not uniform.

[I missed the last few questions. I believe Ethan Zuckerman, the greatest live blogger alive has been taking assiduous notes.] [Tags: calea privacy cellphones mobiles location ]

5 Comments »

A small legalistic pamphlet from Verizon arrived today telling me that I have 45 days to opt out of “agreeing” to let Verizon share Customer Proprietary Network Information, i.e., “information created by virtue of your relationship with Verizon Wireless,” including “services purchased (including specific calls you make and receive,” billing info, technical info and location info. They promise to only share this with “affiliates, agents and parent companies.” It will definitely not be shared with “unrelated third parties” … unless, perhaps that third party pays Verizon to become an affiliate, whatever the heck “affiliate ” means.

To opt out you can call 1-800-333-9956. Or you can follow the instructions in the mailing to go to verizonwireless.com and log into My Verizon where you will find no mention, no button, no link and no help. Ah, but you forgot to check your Messages. There you will indeed find a link to CPNI. The link is marked “Not available.” Dead end.

You could then call Verizon’s excellent telephone support. (Nope, I’m not being sarcastic.) They won’t be able to find the opt out button either. But during the 8 minutes the rep puts you on hold, you’ll be amused to hear one of their continuous bits of self-promotion tell you that Verizon never shares your personal information. Oh, what a wry sense of humor Verizon has!

When you escalate the call, you will finally be told to click on the My Profile tab in My Verizon, then click on Phone Controls, and there you will conveniently find the link. It’s just that simple!

The whole thing sucks :( [Tags: verizon marketing privacy fcc ]

[March 10:] Verizon responds in its blog. GigaOm responds more broadly to that response. And I still say that the if you’re going to make the mistake of opting us in to sharing private info, then you have an ethical obligation to make it damn clear to us that you’re doing so, and making it a damn site easier for us to opt out.

[March 11:] Al Gidari, Jr. of Perkins Cole is giving a talk at the Berkman Center about the privacy of mobile-based info. I asked him about CPNI. Here are my notes on what he said:

The kerfuffle was an example of bad journalism. The article expressed it badly. The info you are opted in to giving can be used only within the family of companies for marketing purposes. For sharing outside, it requires explicit opt-in. And CPNI has a higher standard for location info, which does not get shared. An “affiliate” is an entity you own or control. Verizon is incorporated in separate states, so they’re trying to share the info among that family of corporations.

214 Comments »

Hal Roberts, at the Berkman Center, blogs that he’s found that three suppliers of tools that allow those in China to circumvent the government’s restrictions on the Internet — DynaWeb FreeGate, GPass, and FirePhoenix — are selling information about the behavior of their users.

The sites freely publish anonymized data for people doing research on Net trends, but they will also sell you identifiable information … if you pass their smell test. Hal points to one company’s faq:

Q: I am interested in more detailed and in-depth visit data. Are they available?

A: Yes, we can generate custom reports that cover different levels of details for your purposes, based on a fee. But data that can be used to identify a specific user are considered confidential and not shared with third parties unless you pass our strict screening test. Please contact us if you have such a need.

From hands considered safe to the hands of totalitarians with a grudge is a distressingly short distance.

Hal concludes:

This sort of thing demonstrates that there is no way to eliminate points of control from a network. You can only move them around so that you trust different people. In this case, Chinese users are replacing some of the trust in their local Chinese ISPs with trust in the circumvention projects through which they are proxying their traffic. But those tools are acting as virtual ISPs themselves and so have all the potential for control (and abuse) that the local ISPs have. They can snoop on user activity; they can filter and otherwise tamper with connections; they can block P2P traffic.

So, yes, the Net routes around restrictions. But those routes themselves are subject to all the weaknesses to which we are heir. [Tags: berkman china censorship hal_roberts tor ]

[January 15: Rebecca MacKinnon spoke with some of the principles and blogs their explanations.]

1 Comment »

If you log into your Google account when searching (you can tell if you’re logged in by seeing if it puts your login name at the top of the page), Google has enhanced its results page with new features. The features are slightly useful (and largely mirror Wikia Search), but they also commit two rookie mistakes. Surprising, coming from Google.

The enhancements let you move a particular result to the top of the rankings, so that next time you search for that term, you’ll get that result first; doing so does not affect the results for anyone else (although Google isn’t ruling out that possibility). You can also demote, add or remove a result from the list the next time you do that search, or write a public comment. These are features some of us may find sometimes useful.

So, what’s my beef? (What are my beeeves?)

First, opting us in is obnoxious enough, but not giving us a way to opt out is unsupportable. Where’s the big “No thanks” button? (If you put your “I heart hackers” t-shirt on, you can use GreaseMonkey to turn SearchWiki off.)

Second, the results page shows you the nicknames of other users who have voted the page up. So, now the whole world will see that “dweinberger” not only searched for “Angelina Jolie” but thumbs-upped the page of closeups of her tattoos? Guess who just changed his nickname to something less identifiable! This is a feature without value — the list of names isn’t clickable or complete or tell you how many people voted it up — unless you recognize someone’s nickname, in which case it has negative value.

So, here’s a new question for Jeff Jarvis: Not “What would Google do?” but “What was Google thinking?” [Tags: google privacy searchwiki wikia_search ]

14 Comments »

From a post by Firuzeh Shokooh Valle and Christopher Soghoian at the Open Net Initiative site:

Since 2006, Internet users in Argentina have been blocked from searching for information about some of country’s most notable individuals. Over 100 people have successfully secured temporary restraining orders that direct Google and Yahoo! Argentina to scrub the results of search queries. The list of censorship-seeking celebrities includes judges, public officials, models and actors, as well as the world-cup soccer star and national team head coach Diego Maradona.

Wow. Argentinian celebrities either have a different view of celebrity or of the Web, or both.

The post (which contains much more detail) notes that Yahoo was not notifying searchers that their search results were being blocked, a violation of the Global Net Initiative ethical guidelines that Yahoo, Google, and others recently promulgated. But, Chris Soghoian in an email notes that yesterday Yahoo fixed the transparency problem.

[Tags: berkman oni open_net_initiative argentina celebrities censorship filtering google yahoo global_net_initiative gni ]

1 Comment »

I’m going to be on the radio news show Here and Now tomorrow to talk about Google.org’s ability to track outbreaks of flu by charting search terms (“flu symptoms”), time, and presumed IP location. I plan on talking about it as an example of the power of having enormous amounts of data, and of putting to use information generated for some other purpose.

Any ideas about how else this sort of technique could be used or is being used? (Amazon’s personalization is a different sort of example.) Any concerns (other than the how-not-to-do-it example from AOL)? [Tags: google flu crowd_sourcing wisdom_of_the_crowd privacy ]

11 Comments »

The NY Times breaks the news that a bunch of large companies and rights organizations are proposing a global code of conduct to help protect online free speech and privacy. (The Berkman has been involved in this.)

[Tags: free_speech privacy berkman ]

Rebeca MacKinnon has an excellent post on this.

Be the first to comment »

A stray and obvious thought?

If you look at the issue of privacy at social networking sites in terms of information, as outside observers such as parents and governments frequently do, you come up with proposals to enable users to control their information.

But sites like Facebook aren’t about information. They’re about self, others, and the connections among them. Likewise Flickr isn’t about info; it’s about sharing photos.

If the issue gets phrased in terms of info, then the field tilts towards assuming privacy as the good and publicness as the threat, with control over info as the bulwark. But, within the participant’s frame, publicness is taken as the good and privacy as fear-based or selfish.

This is a case where an information-based view misses the phenomenon and can lead to bad policy decisions.

Also, our kids will think we’re dorks.

[Tags: privacy social_networking sns facebook infohist ]

1 Comment »

Harry Lewis puts just right the way Homeland Security goes off the rails with its decision to give itself permission to confiscate laptops at the border:

I love Michael Chertoff’s explanation of why border guards won’t bother with the niceties of probable cause provided for in the Fourth Amendment: “As a practical matter, travelers only go to secondary [for a more thorough examination] when there is some level of suspicion. Yet legislation locking in a particular standard for searches would have a dangerous, chilling effect as officers’ often split-second assessments are second-guessed.”

He’s right, of course. The Bill of Rights has a chilling effect on the government. That’s what it’s there for!

[Tags: harry_lewis homeland_security laptops privacy creeping_totalitarianism ]

2 Comments »

“Your call may be recorded for quality assurance purposes.”

I’ve always assumed — based on nothing — that when the recorded voice says that, it’s basically lying. How many recorded calls do they need for their extensive training purposes? Or do they have some ulterior purpose in capturing every fascinating syllable of every fabulous service call?

[Tags: marketing privacy ]

9 Comments »