Tip:
Highlight text to annotate it
X
Hello, and welcome to "The Week in Privacy," a quick, informal review of the news and events
that impact your right to privacy, brought to you by PrivacyCast.com
It was a busy week for privacy with an unusual number of three letter acronyms... we'll be
digging into privacy stories about the TSA, DOJ, GPS, as well as a key Supreme Court Ruling,
and some proposed legislation to force smartphone manufacturers and wireless providers from
tracking you without your knowledge and consent.
On January 23rd, Senator Rand Paul (son of presidential candidate Ron Paul) was temporarily
detained by the Transportation Security Agency when he declined an "enhanged pat-down" after
setting off an alarm when going through the naked body scanners. Senator Paul was released
and caught a later flight after going through security without incident later in the day.
Paul, a long-time critic of the TSA's heavy-handed treatment of passenger privacy rights, indicated
that the abnormality on the scanner was on his leg, which he offered to show the screeners
in lieu of a patdown. Interesting that he was allowed to leave the screening area without
submitting to a pat-down, since passengers who are not senators are fined ten thousand
dollars for doing exactly the same thing.
The same day, the U.S. Supreme Court unanimously ruled that attaching a GPS device to a car
for tracking purposes without first securing a warrant violated a suspect's fourth amendment
rights against unreasonable search and siezure. Sounds like great news, but many critics (including
PrivacyCast) are saying the ruling doesn't go nearly far enough. The ruling was scoped
in an extremely narrow manner, and Justices Sotyamayor and Alito agreed, and said so in
their consenting opinions.
Sotamayor went so far as to suggest that the court reconsider the third party doctrine,
which says that a user gives up their 4th amendment rights when they deliver private
information to a third party. Given that we routinely provide information-- including
personal corespndence and more-- to ISPs and email providers, PrivacyCast thinks this is
common sense.
The CATO institute provides some great insight into the nuances of the case...
[b-roll]
"...the fundamental link between the fourth amendment and the right to property is still
valid, and so even without having to decide the thorny questions about what resaonable
expectation of privacy Jones may have had in the publicity of his movements, the installation
of the device-- the invasion of his physical property was, in itself, a fourth amendment
violation."
"Now that's a return, in their minds, to the original meaning of the Fourth Amendment,
which was essentially based on property. That's important and different because the 1967 Katz
decision which has been the lone star decision based on reasonable expectations of privacy.
The other four Justices would have insisted on using that case. Property rights are important
here because that's the real original meaning of the fourth amentment. It's very difficult
to apply property rights to present circumstances, but this is a step in the right direction."
Still, though, this is a partial yet crucial victory for privacy, hopefully there will
be more rulings to come that clarify some of the ambiguity.
It wasn't the supreme court, but a Colorado Federal Judge ruled that forcing a suspect
to provide the decryption key or to decrypt information does not constitute self-incrimination
under the fifth amendment. This could mean that if you encrypt your hard drive using
technologies like FileVault on the Mac, or BitLocker on the PC, or encrypt files or thumb
drives using tools like TrueCrypt, courts may be able to force you to produce the decryption
keys.
The Open Source TrueCrypt software has functionality they call "Plausible Deniability" which allows
you to have two passwords– one decrypts the actual data, the other reveals fake data.
Of course, consult with an attorney– it’s possible that you could be forced to reveal
both passwords, since failing to disclose the existence of the second volume could constitute
perjury.
We know more than we used to about the information that social media sites, including Facebook,
provide in response to requests by law enforcement, thanks to a Freedom of Information Act lawsuit
by the Electronic Frontier Foundation.
Documents delivered in response to the suit outline some of the information that were
provided by Facebook and MySpace, including full profile information, actions and interactions,
friends and people who have rejected or unfriended you, your privacy settings, applications you
use, and all photos that you have uploaded or are tagged in regardless of their privacy
settings. They also delivered lists of IP numbers that the profile had been accessed
from.
Google made sweeping changes to their privacy policy this week. The changes allow Google
to track you across all their properties, and there's no way to opt out of the tracking
except for not having an account with any google property, including GMail, GooglePlus,
Google Maps, and other popular services. In response, PrivacyCast did a poll of our users,
who responded more than two-to-one that we should stop using Google Analytics and AdSense
in response to the policy changes. We listened, and have removed both services from our site.
Finally, Representative Edward Markey proposed legislation, called the Mobile Device Privacy
Act, which would require that wireless companies get informed consent from users prior to installing
or activating any monitoring software on smartphones and other mobile devices. This should keep
things like the Carrier IQ débâcle from happening again, at least without users knowing
about it first.
The bill was just released in draft form, and has a long way to go before it can become
a law, so PrivacyCast recommends you contact your congress-critters and let them know you
support the Mobile Device Privacy Act.
That's it for this week. For more information on these stories and more, check out PrivacyCast.com