Reality Check | Ephraim Schwartz » TAG: Privacy

November 28, 2007 | Comments: (0)

Google agrees to disclose IP address of Israeli blogger

TAGS: Privacy

We’ve had this discussion before but it is probably worth having again since it does not appear that the problem will go away anytime soon.

As reported in The Register, Google has agreed to handover the IP address of an anonymous blogger to a Tel Aviv, Israel district court.

The case involves three Israel local politicians who are suing the blogger for slander.

At first Google refused saying, "disclosing the blogger’s identity violated rulings on the balance between freedom of expression and a person’s right to his reputation."

However, once the presiding judge ruled that the anonymous "blogger may be guilty of criminal conduct" in that what he was accusing the politicians of was an outright lie, Google consented.

The question is, criminal or not, should an online identity be sacrosanct? Say as sacrosanct as client lawyer privilege or what is said in a confessional to a priest?

Both, as far as I know, protects the lawyer or priest from criminal charges even if their client confesses to a crime.

Clearly there are times when the Web site or ISP should not disclose the identity as in the case of the Shi Tao and Yahoo which resulted in the jailing of a dissident in China.

In the case now working its way through the Israeli courts, the litigants and Google have agreed to give the anonymous blogger 72 hours to come forward or Google will disclose his IP address.

Much to consider here. I’l like to hear some comments.

Posted by Ephraim Schwartz on November 28, 2007 11:44 AM

September 04, 2007 | Comments: (0)

GPS in taxis: Big Brother or boon?

TAGS: Privacy

New York City cabbies don't like the idea of being tracked by satellite. But what alternative do any of us really have?

I feel badly for New York City cab drivers, but I'm inclined to be philosophical about their plight. What they are going through is a precursor to what all of us face as technology gets deeper and deeper under our skin.

I touched on this topic a bit last week: Where exactly do we draw the line between technology and expediency? Or more specifically: Where do we draw the line between our rights as individuals versus the ability of technology to strip away almost all of our freedom to behave like humans?

To the story at hand, it seems the New York City Taxi and Limousine Commission (TLC) in its infinite wisdom is mandating that every cab in the Big Apple be equipped with GPS. In response, the New York Taxi Worker's Alliance (NYTWA) is threatening to pull its 10,000 drivers off the street for 48 hours.

The NYTWA says it amounts to spying on drivers. The GPS will monitor where the cab was, at what time, how many fares were picked up, when the cab went off duty, and how much money the driver made.

TLC says this will help automate paperwork, help customers locate packages left behind in a cab, and even create a safer environment for the driver by allowing a dispatcher to notice any unusual or unexpected stops by a taxi cab.

Of course, GPS will also be able to tell if a driver is taking a snooze on the job. This is not a major issue for owner-operated cabs -- but the price of installing the system, estimated to be more than $5,000 plus yearly maintenance, is certainly a big deal.

The problem is that the NYTWA will have a hard time defending its drivers because to do so the group would have to admit its membership is only human. Machines don't get tired. Machines don't goof off. Machines are cold sons-of-you-know-what that are relentless in reporting the so-called truth.

In high tech, we always like to say we want "one version of the truth." But the truth is more manifold than we give it credit for. One version of the truth may be useful when reporting financial numbers -- and it could be critical for managing the supply chain and knowing where your goods are. But people aren't goods.

When a cab driver pulls over and turns off the light that says he's available, that may be the only way he can catch 40 winks because he's been driving for 15 hours in order to pay for the gas, pay for the use of the cab, and bring some money home to the family.

Of course, cab companies believe they can dispatch cabs far more efficiently by knowing which cab is the closest to a customer. And by looking at street traffic, dispatchers can redirect drivers to alternate routes. The TLC also sees the technology as protection for the cab-riding public because there will be a display in the backseat to make sure that the driver isn't taking them for a ride. Which, I admit, probably happens, but not as often as we think.

Here we have technology supposedly creating the perfect system to increase profits, improve safety for drivers, and deliver better service for the customers. What could be wrong with this picture?

The TLC is trying to foist machine-like standards onto human behavior. GPS is great at tracking people, but what they can't do is cut a person some slack. That never figures into the algorithm.

As I write this, the drivers were meeting with the taxi commission. But even if they dodge the GPS bullet this time, it's inevitable that technology will win out. The allure is too strong. You see, people may eventually tire of fighting the relentless intrusion of technology into their lives. But machines don't know how to say "no mas."

P.S. If you don't want to be tracked, simply place a coffee cup full of shredded tinfoil over the GPS antenna. That should do the trick.

Posted by Ephraim Schwartz on September 4, 2007 03:00 AM

August 28, 2007 | Comments: (0)

Technology and the Bill of Rights

TAGS: Privacy

Do 18th century concepts of personal freedom still work in the 21st century?

For some reason, I don't expect the chairman of AT&T to stand up and say, "Give me liberty or give me death." It is just not going to happen. Therefore I'm not surprised that AT&T and other telecom companies complied when the government asked these companies to assist in wiretapping their customers.

But our legislators are a different story. We should expect more from them. As far as the Democrats and Republicans are concerned, I say a plague on both their houses.

Of course, in time of war it is not like there isn't precedent for companies complying with government directives. My father used to tell me stories of how lipstick manufacturers were ordered, not asked, to make bullets during World War II. Harley-Davidson produced only military motorcycles at that time, and the auto manufacturers made tanks.

But back then no one complained, because we all felt America was threatened and everyone had to do their part.

Is the same true today?

Will wiretapping save us from the enemy?

All I know is that Sept. 11, 2001, didn't happen for lack of a wiretap. Rather it was a lack of something far more low-tech, a willingness on the part of the various government agencies to share information. Even the CIA and FBI have now admitted that.

Nevertheless, that is not the real problem.

The problem is that the government thinks analog. It thinks it can solve today's security issues by using the same old-fashioned concepts that were used 50 years ago.

But we, the people, know we are in a digital age, and we understand that technology makes the idea of government snooping a very complex issue.

Communications are now so varied that a single law to permit the government to tap your POTS line can be used to tap into your VoIP calls, your collaborative Wiki conversations, IMs, e-mails, and all the social networking programs you will ever sign up for.

Will MySpace and FaceBook be asked to put in filters that look for key words the government thinks are suspect? We already know that Uncle Sam asked Google to reveal what their customers were searching for in order to track down pedophiles.

What will the government do with the millions of bytes of information it can now gather?

By monitoring the history of your searches and running it against a predictive analytics engine, the government will be able to determine that there is a better than 90 percent likelihood you will commit some kind of crime or sabotage. Maybe, as in the movie Minority Report, it will arrest people pre-emptively. The scary thing is the government could be right sometimes, but does that mean we should go ahead with the program?

In a sense, it is already happening. Not in terms of actual arrests, but certainly still pre-emptive action against assumed future behaviors: In addition to the telecom companies and the search engine companies, the Feds are also asking for the cooperation of the airline industry so that if the government suspects you might do something, you're put on a "no fly" list.

When the Feds finally go high-tech, an alert might be sent out that pops up on every computer screen in the nation with a picture and last known address of a perpetrator of some past or future crime.

Perhaps the real issue here is that we have yet to truly reconcile 21st century technology and its capabilities with our 18th century credo, the Bill of Rights. We need to gain a better understanding of how to make the new conform to the old. At least that would be preferred to the other way around.

Posted by Ephraim Schwartz on August 28, 2007 03:00 AM

May 08, 2007 | Comments: (0)

Telcos to tap Web surfing

TAGS: Privacy

E.U. anti-terrorist directive adds Web browsing to the data retention list

The European Union Directive 2006/24/EC will take data retention for telecommunications a step beyond where governments have ever gone before.

I learned of this directive by way of a press release from Hewlett-Packard announcing that its Dragon solution "leverages 30 years of experience in telecom networks and 10 years of experience in the retention of call detail records" to make it all happen.

The point of the E.U. directive is to prevent and detect major criminal activity, as defined by each member of the E.U. individually.

I suppose there is no immediate worry that this data might be misused or that mistakes might be made. Consider that one of the first countries to implement a version of the program using Dragon is that bastion of democracy, Turkey.

Essentially the directive will require E.U. members to retain CDRs (customer data records) for six months to a two years, again up to the individual country.

A CDR in the old days included data on when a call was placed, from what number to what number. Also recorded -- all for billing purposes -- was the duration of the call. As technology progresses it now includes unanswered calls, such as messages left on voice mail or even calls that triggered call-waiting but were not picked up. For mobile telecommunications, the E.U. directive will require location information as well.

Similarly, under the Community Assistance to Law Enforcement Act and the Patriot Act, the U.S. also requires its carriers to retain CDRs for all of the above as well as VoIP calls.

The goal, according to John Pescatore, senior vice president at Gartner and a former member of the FBI and NSA, is to monitor communications. However, a net cannot be thrown over all the data allowing law enforcement agencies to fish for suspicious patterns. Agencies must have a specific caller/criminal in mind and then use the retained data on that person to look for patterns in his or her communications activities.

Of course, the net can get pretty wide, Pescatore says. If you have someone in mind and you monitor that person's incoming and outgoing calls, say from 25 callers, then you can take it to the next level and see who those 25 callers also called. I don't know how far the net can be cast before the courts -- if the courts are asked -- say you can't go there.

Where the E.U. directive takes an additional step is in monitoring all IP traffic. That includes SMS (short message service) and MMS (multimedia message service) messaging and Web browsing. European telcos will be required to retain the IP address, as well as when a user logged on and logged off every site. All the information apart from the content will be retained.

My first question is, Is Web browsing really a form of communication? It is now.

Another question one might ask is, Do universities fall under the law for data retention as if they were a telco, assuming they provide students with VoIP services on campus? That could get quite expensive for the university.

Certainly, HP has got a good business going on here. Nigel Upton, the Dragon general manager, told me in a trial HP helped a telco in Italy retain more than 450 million CDRs per day. If stored for 12 months that comes to 35TB of data. The Dragon system runs from $1 million to $5 million, depending on the size of the market.

"It is a $1 billion market in Europe just for the telephony piece," Upton said.

Can the system be misused? Pescatore says his biggest worry is that some politically motivated but authorized entity will decide to use this against its enemies.

"How to prevent it being used for political purposes is the problem," Pescatore told me.

Is the next step data retention of the actual content of calls? Barring another major terrorist attack, Pescatore doubts it. Well, that's a load off my mind.

Notice that the question of content is irrelevant when it comes to Web browsing because to have the URL is to know the content.

For me, a person who enjoys and admires technology, all of this lacks one key component. Yes, technology is extremely powerful and can do almost anything you want it to do. However, it is without a conscience. It is up to users of technology to add that one missing ingredient.

Posted by Ephraim Schwartz on May 8, 2007 03:00 AM