Sunday, January 30, 2011

Another day where my head slowly spins...

In order to keep everyone as informed (and depressed) as possible, I am going to post quite a bit more for a while.  Pointless I assure you.

So todays irritant involves the collective activities of google (you know them?) as well as the Connecticut AG in a change of attitude about some activities involving privacy and data collection.

A moment about google - I acknowledge (and even embrace) the irony of using a "free" public blog hosted under google services while I call them names.  I know (as do you) that if you are not purchasing a product from a company that in fact you are the product.  And yes, Soylant Green is made of people.

A moment about what google did.  Short version - in order to have a better idea about who is exactly where when they use the google location services.  As part of the street view program (where they drive around and take pictures of streets, houses and whatnot) they hoovered up wireless data from unsecured wireless installations instead of just the id of the transmitter.  After denying that they did this (a profoundly dicky thing), they acknowledged the act and threw the programmers under the bus since that it what management does.

So who really gives a shit?

Former Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks had the following to say:
 “Verifying Google’s data snare is crucial to assessing a penalty and assuring no repeat. Consumers and businesses expect and deserve a full explanation, as well as measures shielding them from future spying. We will scrupulously safeguard the confidentiality of information we review.
“We will fight to compel Google to come clean–granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.”
I like this for many reasons including the simple fact that it is the right thing to do.

Enter new Attorney General George Jepsen, who is now saying:
Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. Under the terms of the deal between the two, Connecticut will drop the civil investigative demand it was using to force Google to produce the data at issue here, and Google will stipulate to collecting and storing it. It will also stipulate that the data collected included confidential and private information like “partial or complete e-mail communications.”
Note that google does not have to get rid of the data that it has.

So why, good readers am I so pissed off?  We are living after all in a Business Friendly universe now.  There is a second press release which says in part:
For Immediate Release FRIDAY JAN. 28, 2011 
HARTFORD – In recognition of Data Privacy Day, Attorney General George Jepsen Friday advised Connecticut residents to protect their personal and communications data by encrypting their own wireless Internet networks. 
The recommendation stemmed from Connecticut’s investigation into Google Inc.’s collection of payload data being transmitted over unsecured business and consumer networks. That investigation led to a stipulation with Google that will avoid the need to go to court as settlement negotiations continue. 
“Google’s collection of payload data demonstrates that others may be watching your Internet activity without your knowledge,” Jepsen said. “Consumers should know that the wireless routers they purchase from the store are not automatically encrypted, and they need to activate the encryption feature to ensure better protection,” Jepsen said.

So it is the users fault. So think of it like this.  Google goes around the neighborhood and tries all the doors.  If it is unlocked they write down your address, take a picture of your house and walk in and copy any sort of mail or paperwork that happens to be sitting around by the door.  Then they leave.  They are asked about it, and deny it.  A month later they say that they were actually doing this and sorry, we were only planning on trying the doors and writing down the addresses!  The AG asks to see what sort of personal correspondence was copied and is told to go fuck himself.  Later a new AG says that the correspondence is more or less irrelevant and that people need to have done a better job of locking their doors and keeping their bills in order.

This is why I am slowly going mad.

Another day where my head slowly spins...

In order to keep everyone as informed (and depressed) as possible, I am going to post quite a bit more for a while.  Pointless I assure you.

So todays irritant involves the collective activities of google (you know them?) as well as the Connecticut AG in a change of attitude about the activities.

A moment about google - I acknowledge (and even embrace) the irony of using a "free" public blog hosted under google services while I call them names.  I know (as do you) that if you are not purchasing a product from a company that in fact you are the product.  And yes, Soylant Green is made of people.

A moment about the offense (since there seems to be no real suggestion that they did not in fact do this I remove the usual 'alleged' qualifier).  Short version - in order to have a better idea about who is exactly where when they use the google location services.  As part of the street view program (where they drive around and take pictures of streets, houses and whatnot) they hoovered up wireless data from unsecured wireless installations instead of just the id of the transmitter.  After denying that they did this (a profoundly dicky thing), they acknowledged the act and threw the programmers under the bus since that it what management does.

So who really gives a shit?

Former Attorney General Richard Blumenthal last December in response to Google's 'accidental' collection of payload data from WiFi networks had the following to say:
 “Verifying Google’s data snare is crucial to assessing a penalty and assuring no repeat. Consumers and businesses expect and deserve a full explanation, as well as measures shielding them from future spying. We will scrupulously safeguard the confidentiality of information we review.
“We will fight to compel Google to come clean–granting my office access to improperly collected materials and protecting confidentiality, as the company has done in Canada and elsewhere.”
I like this for many reasons including the simple fact that it is the right thing to do.

Enter new Attorney General George Jepsen, who is now saying:
Jepsen said Friday that his office will enter into settlement negotiations with the company without reviewing the pilfered data, which Google has steadfastly refused to share with it. Under the terms of the deal between the two, Connecticut will drop the civil investigative demand it was using to force Google to produce the data at issue here, and Google will stipulate to collecting and storing it. It will also stipulate that the data collected included confidential and private information like “partial or complete e-mail communications.”
Note that google does not have to get rid of the data that it has.

So why, good readers am I so pissed off?  We are living after all in a Business Friendly universe now.  There is a second press release which says in part:
For Immediate Release FRIDAY JAN. 28, 2011 
HARTFORD – In recognition of Data Privacy Day, Attorney General George Jepsen Friday advised Connecticut residents to protect their personal and communications data by encrypting their own wireless Internet networks. 
The recommendation stemmed from Connecticut’s investigation into Google Inc.’s collection of payload data being transmitted over unsecured business and consumer networks. That investigation led to a stipulation with Google that will avoid the need to go to court as settlement negotiations continue. 
“Google’s collection of payload data demonstrates that others may be watching your Internet activity without your knowledge,” Jepsen said. “Consumers should know that the wireless routers they purchase from the store are not automatically encrypted, and they need to activate the encryption feature to ensure better protection,” Jepsen said.

So it is the users fault. So think of it like this.  Google goes around the neighborhood and tries all the doors.  If it is unlocked they write down your address, take a picture of your house and walk in and copy any sort of mail or paperwork that happens to be sitting around by the door.  Then they leave.  They are asked about it, and deny it.  A month later they say that they were actually doing this and sorry, we were only planning on trying the doors and writing down the addresses!  The AG asks to see what sort of personal correspondence was copied and is told to go fuck himself.  Later a new AG says that the correspondence is more or less irrelevant and that people need to have done a better job of locking their doors and keeping their bills in order.

This is why I am slowly going mad.

Friday, January 28, 2011

The Grey

It has been approximately a year since I felt like there was time to sit and write out my frustrations to the world.  Well, there is even less time than before, but I am tired and need to get a few things off my chest.

I am sitting in my office overlooking a city composed from this perspective completely of muted grey, browns and white.  A single red pipe sticking up from the new construction across the way composes the only primary color in view.  The two things, the Grey and the Tired, are probably not unrelated and in part seem to be kept in check by the miracle of Modern Pharmaceuticals for which I am happy.

In reading the interwebs the other day I run across this little gem -

DOJ seeks mandatory data retention requirement for ISPs ; Joins police chief organization in calling for law to bolster enforcement efforts to fight child porn, other online crime


John Douglas, chief of police in Overland Park, Kansas and a representative of the International Association of Chiefs of Police, echoed similar concerns (PDF).  "Clearly, preserving digital evidence is crucial in any modern-day criminal investigation," Douglas said in his prepared testimony for the House subcommittee. On occasion, law enforcement has been able to use existing legal processes to get ISPs to preserve data in connection with specific investigations, he said.
However, because of widely varying data retention policies, sometimes law enforcement requests for protecting data are made too late. "There are cases where we are not able to work quickly enough -- mostly because a 'lead' is discovered after the logs have expired or we are unaware of the specific service provider's protocols concerning data retention time periods," Douglas said.
What is being asked for is that ISP's retain data about online activity for a period of two years.  The form of the data that is being asked for has not been fully described but any form of this retention represents a significant erosion of the notion of privacy.  In the more full bodied version, providers would be required to keep full session information (think of this in terms of all your "web traffic").  Two years is a long time.

Now this strikes me as a little stinky.  There is almost no discussion of privacy concerns except perhaps:
A discussion about data retention is also not about whether the government should have the ability to obtain retained data. Retained data is held by the provider, not the government. Federal law controls when providers can disclose information related to communications, and it requires investigators to obtain legal process, such as a subpoena or court order and in some cases with a search warrant, in order to compel providers to disclose it.
Any way, the same DOJ jokers who currently break the law and abuse the system will just get another tiny speed bump put in place to see whatever you have been doing on line for the past couple of years.

This is by no means a suggestion that it will be used by unethical folks for illegal actions, but really people give me a fucking break.

In a larger perspective we can look back on the NSA coercing telecommunication companies into allowing them to engage in warentless surveillance.    I have gone on and one about this in the past so, this will be short and to the point.  From one of my favorite sites:

Senator Barack Obama, desperate for some traction against Hillary Clinton in the fight for the Democratic nomination for president announced (via) he would support a filibuster if it contained retroactive immunity, but in the end he supported it. The phone companies were off the hook (har) and no one had to find out anything.
Why dredge up this ancient history? Because it sent the message to the business community that if the government comes calling it is best to go along. There is no downside to cooperating, apart perhaps from some anxiety while the pretty theater in the capitol plays out. There is a definite downside to pushing back, though.
This scenario appears to be repeating, this time with Internet companies. Twitter just received a subpoena for user data along with a gag order preventing it from telling the targets. To its enormous credit, it fought back, challenging and quashing the gag order. WikiLeaks - the target of the investigation - raised the entirely reasonable question of whether, say, Facebook and Google have received similar orders. What assurance can anyone have that their data is being protected from US government surveillance?
Honestly compared to this, the NSA buildout in various telcos is totally kids stuff.

Just another day in The Grey.