Entrance Papers

December 1, 2006

via Tristero comes the following AP story:

Without their knowledge, millions of Americans and foreigners crossing U.S. borders in the past four years have been assigned scores generated by U.S. government computers rating the risk that the travelers are terrorists or criminals.

The travelers are not allowed to see or directly challenge these risk assessments, which the government intends to keep on file for 40 years.

Virtually every person entering and leaving the United States by air, sea or land is scored by the Homeland Security Department’s Automated Targeting System, or ATS. The scores are based on ATS’ analysis of their travel records and other data, including items such as where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meal they ordered.

…to David Sobel, a lawyer at the Electronic Frontier Foundation, a group devoted to civil liberties in cyberspace: ”It’s probably the most invasive system the government has yet deployed in terms of the number of people affected.”

Government officials could not say whether ATS has apprehended any terrorists. …

The government notice says some or all of the ATS data about an individual may be shared with state, local and foreign governments for use in hiring decisions and in granting licenses, security clearances, contracts or other benefits. In some cases, the data may be shared with courts, Congress and even private contractors.

”Everybody else can see it, but you can’t,” Stephen Yale-Loehr, an immigration lawyer who teaches at Cornell Law school, said in an interview.

…A post-9/11 law vastly expanded the program, he said. It required airline and cruise companies to begin in 2002 sending the government electronic data in advance on all passengers and crew bound into or out of the country. All these names are put through ATS analysis, Ahern said. In addition, at land border crossings, agents enter license plates and the names of vehicle drivers and passengers, and Amtrak voluntarily supplies passenger data on its trains to and from Canada, he said.In the Federal Register, the department exempted ATS from many provisions of the Privacy Act designed to protect people from secret, possibly inaccurate government dossiers. As a result, it said travelers cannot learn whether the system has assessed them. Nor can they see the records ”for the purpose of contesting the content.”

The Homeland Security privacy impact statement added that ”an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she” because that might compromise the ATS’ methods.

Nevertheless, Ahern said any traveler who objected to additional searches or interviews could ask to speak to a supervisor to complain. Homeland Security’s privacy impact statement said that if asked, border agents would hand complaining passengers a one-page document that describes some, but not all, of the records that agents check and refers complaints to Custom and Border Protection’s Customer Satisfaction Unit.

Homeland Security’s statement said travelers can use this office to obtain corrections to the underlying data sources that the risk assessment is based on, but not to the risk assessment itself. The risk assessment changes automatically if the source data changes, the statement explained.

”I don’t buy that at all,” said Jim Malmberg, executive director of American Consumer Credit Education Support Services, a private credit education group. Malmberg said it has been hard for citizens, including members of Congress and even infants, to stop being misidentified as terrorists because their names match those on anti-terrorism watch lists. He noted that while the government plans to keep the risk assessments for 40 years, it doesn’t intend to keep all the underlying data they are based on for that long. [emphases added]

There’s something funny here. Not ha-ha funny, though. This is a very clear vision of DRM America: all travellers first are presumed to be criminals, and scored via a secret, proprietary method. In this vision the state, not the citizen, holds all of the rights: rights in terms of liberty, and in terms of access to information. The state gathers this information in order to decide when you – a citizen – can travel, and where; they then control access to the information – the “score” – and to the processes leading to the formulation of the score, and disseminate the information to those entities – other governmental agencies, private industry, but not you, citizen – which it deems ought to have the information.

There are many avenues for challenging these procedures – possible violations of the Fourth and Sixth Amendments, for starters, and the numerous statutes governing the duration that government agencies can retain information gathered on citizens which is not immediately relevant to criminal investigations – but the most troubling aspect of this program is its very existence. Somebody – many somebodies – thought this was a good idea. It’s possible that these were actions taken without sufficient thought given for their implications, but I feel the more likely explanation is that these actions and this program are perfectly consistent with the vision of the world and this country held by those who imagined and implemented them.

Just to be clear – that’s bad. It’s dangerous for its own sake – why create a police state unless you have intention of using it? – but also for the general attitude that it seeks to promote: that rights are not vested in the individual but in the state, which then grants its citizens “rights” on a contingent basis, to be revoked or renegotiated (by and for, the state) at any time which the state wishes.


On Anonymity

November 28, 2006

At the end of an excellent interview/bio-piece in Rolling Stone (excerpts only), Sacha Baron Cohen (aka Ali G, aka Borat) makes the following remark:

“I think that essentially I’m a private person, and to reconcile that with being famous is a hard thing. So I’ve been trying to have my cake and eat it, too – to have my characters be famous yet still live a normal life where I’m not trapped by fame and recognizability.”

This is a good jumping-off point for something I’ve been thinking a lot about recently. Two points are converging:

  1. Fame has long been a good way to destroy one’s privacy
  2. The last several years have seen the shrinking of the private sphere for everyone

On point 2., it actually tends at the margins to increase 1. – see Michael Richards’ racist rant of the other week, numerous celebrities’ sex tapes, etc. But there’s also the untold hours of CCTV footage, to say nothing of the information on our online lives that Google et al. are constantly gathering.

Borat is a way out – a highly visible, totally outrageous self that aspires to a lack of privacy, and takes (often unwilling, as the hotel clerk who unwittingly appeared in the film) others along for the ride. It’s a way of hiding in plain sight – and for someone who’s famous, that’s often the only way to do it.

But what about the rest of us? How can we hide in plain sight?

On the Internet, if you’re clever and diligent enough, you can surf more or less totally anonymously – but really, most of us aren’t doing that. Out in public, though, it’s becoming harder and harder: ATM records are linked to security footage; cell phone GPS data (i.e., your physical location) is tracked and recorded, as is your car’s location if you’ve got OnStar or its bretheren. It’s not practical for most of us to detatch from the system entirely, and playing a character constantly isn’t really an option, either – for one thing, we don’t all have a Hollywood studio and PAs to pay for everything.

We all leave traces, everywhere, and there are a lot of people (and not-people) watching. I don’t have an answer to the problem of privacy, exactly, but I do have a solution: stop viewing it as a problem. Accept that, at least for right now, there are massive amounts of information about you that are out there, and that lots of people can, if they want, find out lots of things about you. In exceedingly rare cases, they might even try to defraud you (though most of the time, you can get your money back).

But ya know what? This has always been true. People could go to the public records office, or follow you around, look in your windows with binoculars, ask your friends about you, or even mug you. In fact, all of these things happen still. They’re not great, but mostly people do not live in existential fear of unknown others finding out about their home purchases – nor should they do the same about their clickstream data.

What we should do, however, is begin to form sensibilities about just what people ought to do. Peeping-Tom-ism is generally accepted as Not Cool and is, in some cases, potentially illegal. But we got there without mandating that all windows be one-way or that binoculars have a sensor that blurs human forms to counteract potential acts of perversion. We got there through common sense

Similarly, rather than accepting our fate as constantly-trackable name-numbers in a surveillance society, we ought to apply common sense measures for those things that people, non-people (computers), corporations and governments ought to watch us doing. Is my life and liberty threatened by Amazon.com tracking everything I click on in their site and giving me recommendations? No, not really. Do I care particularly about the fact that, when I’m in a city, I’m on camera? Not particularly, no; if I were so paranoid to believe that They were out to get me, I’d hope that I’d also be smart enough to realize that They would probably be able to find me easily even without CCTV. But should corporations be able to buy and collate massive amounts of personal information from governments, and sell the information you give them in, say, warranty registrations, for profit? I’d say probably not.

Not everyone will agree on all these counts, and that’s fine – it’s to be expected. We all make different judgments about a wide range of issues about public and private conduct of people, corporations and government. What we ought to realize is that while there’s no realistic way to hit the “off” switch entirely as concerns availability of personal information, the total-surveillance society is also not a foregone conclusion. We can have opinions and make decisions about these things, and ought to do so.

UPDATE: Apparently there’s something in the miasma around SILS today, because Fred just checked in with remarkably similar thoughts, pertaining specifically to Google’s role in all of this.

More on the Identity of Authority; UCLA; Tasers

November 17, 2006
  • Digby has an important commentary on the incident and the history of taser over-use, here and links to a disturbing “In These Times” report, here.
  • The “wall posts” at the Facebook group, “UCLA’s UCPD Brutality” follow the same pattern as the earlier YouTube thread, if slightly less vile.
  • BoingBoing has more on the incident and response by UCLA’s Chancellor, “essentially blaming the student for going to the library without his student card in his pocket.”
  • The messageboard at TuckerMax.com has just about the kind of thread you’d expect where the proprietor describes police tasering a student as “really funny”

It’s worth noting that this moment contains the possibility for genuine political debate in this country. Most political conversations are extraordinarily contrived affairs, responding not to actual events but to the months-planned PR strategies of interested parties, but every once in a while there are events that are genuinely interesting or shocking enough that people respond to them with their genuine thoughts and feelings. As we see in this case, that’s not always the most pleasant thing. But it is honest – and that’s a start.

Our Age of Paranoia – High, Low, Middle and the Way Forward

September 6, 2006

Three stories in the last two days deserve further examination:

  • Facebook’s deployment of a new “feeds” feature that tracks every change to every user’s profile, and broadcasts those changes to the user’s entire network of friends
  • Hewlett-Packard’s admission that their CEO spied on members of the Board in an effort to determine who was leaking information to the press
  • S. S. 2543, a bill drafted by Sen. Arlen Specter (R-PA) and Vice President Dick Cheney (R-Mordor), which would instill in the President the right to order surveillance without oversight

These three items throw into sharp relief the current state of privacy in the United States. Working backwards, I’ll try to piece out how we’ve arrived where we are.

Kos, in commenting on S. S. 2543, cites Sen. Frank Church’s (D-ID) warnings of 1975 on the danger posed by the National Security Agency:

“That capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide.”

He added that if a dictator ever took over, the N.S.A. “could enable it to impose total tyranny, and there would be no way to fight back.”

This is a profound and recurring fear in American politics: a combination of the expansion of executive authority and imposition of a national security state. And it’s no wonder – the United States as originally comprised was largely a response to George III’s absolute authority and impositions of his will on the lives of Americans. It’s where the Bill of Rights comes from, and why such seeming anachronisms as the Third Amendment – “No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law” – were deemed important enough to make the Top Ten.

George Washington knew enough of the dangers of concentrated authority to pointedly refuse a crown, and opted to establish a precedent of executives serving only two terms. Critics even within the Democratic Party were unnerved by Franklin Delano Roosevelt’s concentration of authority to warn against American dictatorship, and it was Roosevelt’s attempted court-packing that ultimately doomed further expansion of the New Deal. And of course, Church’s fears as cited above came on the heels of Nixon’s broad expansion of authority (outside the law, as it turned out), authority which junior Nixon aide Cheney now seeks to enshrine in law.

Throughout our nation’s history, Americans have rightly feared and guarded against concentration of executive authority for many reasons, but chief among them was always the threat to personal privacy posed by establishing in a single man rights and powers above all other men. That remains the case today.

But there are other erosions of personal privacy of perhaps a far larger scale than a set of centrally-controlled surveillance programs – the development of corporate surveillance systems and scores of overlapping entrepreneurial panopticons.

Corporate surveillance is easy enough to define – your company is watching you. Your company is reading your e-mail. Your company is recording where you go on the Internet. Most office workers are well aware of these realities, and so as creepy as HP’s actions are – they involved “monitoring of board members’ calls from home phones and cellphones in January, an effort authorized by Patricia C. Dunn, the chairwoman” – they are best seen as an incremental shift rather than a sea change, even if they turn out to be illegal. Corporations have long been notoriously secretive in the protection of industry secrets and records.

But what’s an entrepreneurial panopticon?

It’s a service that offers the user a clear benefit – say, online shopping or free digital photo storage – and asks only that the user let it know every little thing they’re doing, which they will in turn broadcast to everyone else willing to pay the same price (*one identity*). Well, it doesn’t ask that in so many words – it’s hidden in the fine print of the User Agreement – but that’s the price a user pays for what in many cases are “free” services. Some examples:

  • Web2.0 enterprises. They rely on users who “provid[e] content AND personal information to for-profit companies for free” and who, in return, receive everything from social networking to photo storage to calendars to anything else
  • Amazon.com and other e-tailers, who track not only their users’ every purchase but every product page visited in order to better “recommend” other products
  • Google and other search engines, who are now advertising total storage of each user’s search history as a feature, not a bug. For the time being, Google is assuring that this information will remain private

In the above contexts, identity is currency, and people are pricing their identities very cheaply. But what’s really interesting is what happens to identity once it’s in the hands of these companies. They keep it, compile it and, because once they have that information it’s infinitely replicable, they sell it.

That’s what’s going on with Web2.0 – these companies are providing a service for a fee (your identity), then turning around and selling their service to other users with the added value of your identity thrown in for the low, low price of – that user’s identity. Sort of like a pyramid scheme where in the end people don’t lose their life’s savings, just their privacy and potentially their identity (which, in turn, could mean…their life’s savings).

But they wouldn’t do that!

Oh, wouldn’t they?

This is what’s going on:

The third generation [of social networking] will expose the history of this visibility. The full history of what you’ve done in the network. A record of how you’ve behaved in the past will be available in the future. This will (and should) affect your behavior and your friend lists and your decision about which pictures to post.

And this is a good thing – as it mirrors the real world. You shouldn’t lie to your friends. As I’ve said before, the real world is a quaint place where actions matter and people remember. It’s also a place where this virtual overlay we’re playing in today will be taken for granted in only a few very short years. The decisions you make online today will, and should, matter tomorrow.

What technology is enabling in this case is the re-emergence of the small-village social dynamic. Until very recently and through most of the history of human civilization, most people in most places could expect to have most of their actions observed by people they knew – people who would in turn quite often disseminate that information (i.e., “gossip”) across the rest of the community, especially if it didn’t conform to community standards. This was an incredibly oppressive way to live for people who didn’t fit into narrow-minded ideas of acceptable identities or behaviors (e.g., women, non-whites, homosexuals, Star Trek fans) but it was an excellent method of social control.

A community panopticon is only oppressive to the extent that community standards are oppressive.

In our more enlightened (er, mostly) times, and with the rise of voluntary communities of shared interest and identity (see: San Francisco), the knowledge that your actions are being recorded and judged according to community standards can be a good thing – it can mitigate against poor decisions and, further, can accrue credit to those who behave in exemplary manners. The latter is the great appeal of many Web2.0 applications and networks – frequent visits and laudatory comments on a blog; becoming a Friendster/MySpace/Facebook “hub”; postive user feedback on Digg; etc.

There’s been a lot of talk about how technology is making the world smaller, and that’s right – and now it’s more right than ever before. Many of us are now living in small villages of our own creation, and more people are moving into nearby neighborhoods every day.

So what to make of it all? I would argue for three kinds of response to these three kinds of intrusion on privacy.

  1. Resist impulses for centralized authority in the hands of a national executive. Very little good and quite a lot of bad has come from these impulses, and no politics has yet produced (to my satisfaction) leaders enlightened enough to be trusted with particularly great authority over their fellow-citizens.
  2. Remain skeptical of corporate security measures but always remember – it’s not about you, it’s just about the money.
  3. Embrace the re-emergence of small-village social organization. For starters, and not that it’s a great reason, but – it’s not like you have any choice. The use of technology to re-establish this elemental means of human organization is an inevitable reaction to the societal upheavals of the last generation, which were key in dashing away many of the vestiges of the old (read: non-voluntary) small-village organization model. More happily, this model of organization has much to offer in nearly every category of human need: friendship and companionship; intellectual stimulation; emotional support; artistic creation; solidarity.

As is often the case when I look to the future, I feel a mix of dread, trepidation and excitement. Some things are too big for us to touch or even see as events carry us forward but I believe that, if we pay attention, we can observe and shape the world as it is re-created around us.