privacy, information access, and security – the perils of online searching in a panopticon society...
TRANSCRIPT
Privacy, information Privacy, information access, and security – the access, and security – the perils of online searching perils of online searching in a panopticon societyin a panopticon society
donna Bair-Mundy
Intercepting topicsIntercepting topics
Surveillance
Security
Privacy
LibrariesLibraries
Topics
What is privacy? Why do we need it?
Why do we need surveillance?
Creating a Surveillance Society:Building the Panopticon
What does this have to do with online searching?
Privacy in Libraries
Discussion questions:
What is privacy?Why do we need it?
Informational privacy - Westin's definition - part 1
Privacy is the claim of individuals, groups, or institutions to determine for themselveswhen, how, and to what extentinformation about them is communicated to others.
Westin, Alan F. 1970. Privacy and freedom. London: Bodley Head.
Control
Informational privacy - Westin's definition - part 2
Viewed in terms of the relation ofthe individual to social participation, privacy is the voluntary and temporarywithdrawal of a person from the general society through physical or psychological means, either in a state of solitude or, when amonglarger groups, in a condition of anonymity or reserve.
Temporal
Choice
Varied means
Informational privacy - Westin's definition - part 3
The individual's desire for privacy is never absolute, since participation in society is an equally powerful desire.
Ongoing dialectic
Informational privacy - Westin's definition - part 4
Thus each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication of himself to others, in light of the environmental conditions and social norms set by the society in which he lives.
Social norms
Informational privacy - Westin's definition - part 5
The individual balances the desire for privacy with the desire for disclosure and communication of himself to others] in the face of pressures from the curiosityof others and from the processes of surveillance that every society sets in order to enforce its social norms.
Privacy v. Surveillance
Westin, Alan F. 1970. Privacy and freedom. London: Bodley Head.
Westin's privacy theory: 4 functions of privacy
Personal autonomy
Emotionalrelease
Self-evaluationLimited & protected
communication
Power to define the boundaries of
the “core self”
Release from tensionsof life in society
requires release from pressure of playing
social roles
Need to integrate experiences into
meaningful pattern; essential for creativity
Share confidences and intimacies only with those
one trusts
Individual privacy versus individual secrecy
PrivacyAllowed and in somecases required for
socially-sanctioned acts.Stress reducing.
SecrecyInvolves
socially proscribed acts.Stress inducing.
Margulis, Stephen T. 1977. Conceptions of privacy: current status and next steps. Journal of social issues 33(3):5-21, p. 10. Margulis, Stephen T. 2003. Privacy as a social issue and behavioral concept. Journal of social issues 59(2):243-261.
Us UsUsUs
Election day
UsThem
On the network news:
Ayman al-Zawahiri
So you do a search . . .
A few days later . . .
How do you feel?
Discussion question:
Why do we need surveillance?
Need for surveillance (1)
Need for surveillance (2)
Need for surveillance (2)
Need for surveillance (2)Train Depart Arrive
1 2:30 p.m. 6:30 p.m.
2 3:30 p.m. 8:00 p.m.
Beniger, James R. 1986. The control revolution: technological and economic origins of the Information Society. Cambridge, Mass.: Harvard University Press.
Surveillance in a transforming Surveillance in a transforming societysociety
Zuboff, Shoshana. 1988. In the age of the smart machine: the future of work and power. New York: Basic Books.
Roles of Surveillance (1)Roles of Surveillance (1)
Used to catch the criminals
Used as means to control workers
Necessitated by technology
Facilitated by technology
Roles of surveillance (2)Roles of surveillance (2)
Provision of services (Social Security)
Allows participation (Voter registration)
Protection against threat
Means of social control• Discover and rout out deviance• Threat of surveillance used to
promote compliance with the law
Routing out “deviants”Routing out “deviants”
Round-up of Pennsylvania Quakers (1777)
Sedition Act of 1798
Espionage Act of 1917 – 1918 amend.
Internment of persons of Japanese ancestry—WW II
Used against Hungarians, Czechs, Slovaks, Croats, Poles, Jews, Russians, Lithuanians, Finns, Irish, Catholics, Amish, Mennonites, Jehovah’s Witnesses (then called Russelites), Roma (then called gypsies), African Americans.
Dealing with dissidentsDealing with dissidents
President Franklin Roosevelt had FBI spy on New Deal opponents
President Johnson had FBI spy on opponents of his Vietnam War policy
President Nixon had FBI, CIA, NSA, IRS, and Army Intelligence spy on and harass his perceived enemies
United States. Congress. Senate. The Select Committee to Study Governmental Operations with Respect to Intelligence Activities. 1976. Final report.
““COINTELPRO New Left”COINTELPRO New Left”
FBI program to “expose, disrupt, and otherwise neutralize” activities groups and individuals affiliated with the “New Left”
Extensive and mostly illegal surveillance
United States. Congress. Senate. The Select Committee to Study Governmental Operations with Respect to Intelligence Activities. 1976. Final report.
““COINTELPRO New Left”COINTELPRO New Left”Had members arrested on marijuana charges
United States. Congress. Senate. The Select Committee to Study Governmental Operations with Respect to Intelligence Activities. 1976. Final report.
Sent anonymous letters about a student’s activities to parents, neighbors, and the parents’ employers
Sent anonymous letters about New Left faculty members (signed “A Concerned Alumni” or “A Concerned Taxpayer”) to university officials, legislators, Board of Regents, and the press
Creating a Surveillance Society:
Building the Panopticon
Surveillance - Plague modelSurveillance - Plague model
Isolation and observation
Social control
Highly visible
Foucault, Michel. 1995. Discipline and punish: the birth of the prison. New York: Vintage Books.
Surveillance—Panopticon model
• Legal theorist
• Rationalism
• Utilitarianism
• Eccentric
Jeremy Bentham
cells
inspector’s lodge
entry
walkway
Jeremy Bentham’s Panopticon
Panopticon societyPanopticon society
Stealth surveillance – communication interception
1880sFirst reports
of wiretaps in press
1870sTelephoneinvented
1860sWiretapping
duringCivil War
1830sTelegraphinvented
Packet sniffers
1960sPacket
switching
What does this have to do with
online searching?
Online searching – Google Online searching – Google
One of Google’s servers
jacso “as we may search”
Sending your search request (1)
search search search
1 2 3
Sending your search request (2)
search 1 To: 123.157.78.99
Packet-switched network
switch
switch
switch
switchswitch
switch
Online searchingOnline searching
Server where the database resides
Packet-switched network
switch
switch
switch
switchswitch
switchUH router
AT&T
Mark KleinMark Kleinformer AT&T former AT&T techniciantechnician
611 Folsom Street, San Francisco, California
Secret room
Mark KleinMark Kleinformer AT&T technicianformer AT&T technician
Narus STA 6400
STA = Semantic Traffic Analyzer
William BinneyWilliam Binneyformer intelligence former intelligence official with the NSAofficial with the NSA
Estimated that he NSA had intercepted trillions of communications "transactions" of Americans such as phone calls, emails, and other forms of data (but not including financial data)
Saw that the NSA was spying on domestic communications
Quit the NSA in 2001
Became a whistle-blower
Edward Snowden,Edward Snowden,former NSA former NSA contractorcontractor
Provided, and continues to provide, documents that corroborate what many people had suspected
https://www.eff.org/document/2013-06-06-wapo-prism
Edward SnowdenEdward Snowden
MUSCULAR – NSA and GCHQ secretly raided data from Google and Yahoo
Edward SnowdenEdward SnowdenMUSCULAR
Edward SnowdenEdward Snowden
MUSCULAR
NSA used a variety of methods to grab data flowing between Google’s data centers.
http://washingtonpost.com http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
Spy programs that we know ofSpy programs that we know of
PRISM
accessing Internet data of 9 major Internet companies in the U.S.
UPSTREAM
cable-tapping of fiber cables and infrastructure, giving direct access to fiber-optic cables that carry Internet and telephone traffic via AT&T, Verizon, Sprint
MUSCULAR
Secretly broke into main communication links that connect Yahoo and Google data centers around the world
Spy programs that we know ofSpy programs that we know of
SHELLTRUMPET
metadata program targeting international communications
BULLRUN
program “to defeat encryption used in specific network communication technologies”
Google fighting backGoogle fighting back
https://www.google.com/
Privacy in Libraries
ALA on ConfidentialityALA on Confidentiality
• The First Amendment’s guarantee of freedom of speech and of the press requires that the corresponding rights to hear what is spoken and read what is written be preserved, free from fear of government intrusion, intimidation, or reprisal.
• In seeking access or in the pursuit of information, confidentiality is the primary means of providing the privacy that will free the individual from fear or intimidation or retaliation.
Browser history
Internet station sign-up sheet
When records are no longer needed, destroy them!
Minimizing browser history (1)
Minimizing browser history (2)
Web Server Log
Web Server StatisticsWho:Countries ... Full list ... Regions ... CitiesHosts ... Full list ... Last visitAuthenticated users ... Full list ... Last visit
Navigation:Visits durationViewedOperating SystemsBrowsersReferrers:Origin ... Referring search engines ... Referring sitesSearch ... Search Keyphrases ... Search Keywords
OPAC report—searches
OPAC Logging Report
DATE TYPE SEARCH STRING LIMIT LIMIT_STRING INDEX HITS9/28/01 Keyword harry potter N K 4068
9/28/01 Author tolkein N LOCA=Main Library B 1
9/28/01 Keyword birds N K 2863
9/28/01 Keyword alligators N LOCA=Main Library K 30
9/28/01 Complex (NKEY alligators) AND N K 0
(TKEY "crocodiles")
9/28/01 Complex (TKEY rats) AND N K 103
(TKEY "mice")
9/28/01 Keyword osama bin laden N K 37
UH Library
Log in screen
What can we do? (ALA tips)
•Conduct privacy audits •Identify the type and nature of all records and files that contain library patron and user personally identifiable information•Establish a schedule for the retention of records and files containing library patron and user personally identifiable informationDetail the specific steps staff should follow in responding to investigatory requests for patron and user personally identifiable information from governmental agencies
What can we do? (2)
•Be aware of privacy policies•FBI: http://www.fbi.gov/privacy.htm•Google: http://www.google.com/intl/en/privacypolicy.html
•Anti-spyware software
•Scrub your data
Questions ?
Mahalo
USA PATRIOT Act & Libraries (1)USA PATRIOT Act & Libraries (1)
• June 8, 2004 – FBI demands list from Deming branch of Whatcom Country Library System of everyone who had borrowed a biography of Osama bin Laden since November 2001.
• Library refused.
• 15 days later, FBI withdrew its request.
USA PATRIOT Act & Libraries (1)USA PATRIOT Act & Libraries (1)
• 2005– FBI presents National Security letter and demands “any and all subscriber information, billing information, and access logs of any person or entity” associated with a specified IP address during a specified period
• Librarians fought gag order in court
• Librarians speak out
Library Awareness ProgramLibrary Awareness Program• Begun during Cold War*• Desire to restrict access to unclassified
scientific information by foreign nationals• Desire to recruit librarians to report on
“foreigners”• Agent told librarians to report name and
reading habits of anyone with a foreign sounding name or foreign sounding accent
• Librarians who criticized program were investigated
*Curt Gentry gives onset year as 1962: Gentry, Curt. 1991. J. Edgar Hoover: the man and the secrets. New York: Norton., pp. 759-760.
Online searching in the libraryOnline searching in the library
Do we have legal protections?
Privacy and the Law
Do we have legal protections?
Privacy and the Law
Types of privacy in lawTypes of privacy in law
Informationalprivacy
Decisionalprivacy
Control of access to information about a person or group of persons
Freedom to make personal decisions without interference from government
Privacy Act of 1974 Roe v. Wade 1973
Gormley, Ken. 1992. One hundred years of privacy. Wisconsin law review Sept/Oct 1992:1335-1441.
American Constitution
• Heavily influenced by natural rights philosophy (John Locke)
• After extensive argument decided to include a Bill of Rights
Bill of Rights debate: Mason, Jefferson, et al.
When assigning powers to the government must also limit those powers
General warrants and writs of assistance
Objections to Bill of Rights
Bill of Rights is stipulation a king gives to his subjects, granting a few exceptions to rights of the monarch
Bill of Rights dangerous—implies government has powers not
Could later be misconstrued as all-inclusive not granted
(Alexander Hamilton, Federalist paper no. 84, etc.)
The compromise
Amendment IX
The enumeration in the Constitution of certain rights shall not be construed to deny or disparage others retained by the people.
Fourth Amendment
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Privacy an old concern
Halakhah (Jewish law)Proscriptions on:
Physical intrusionVisual surveillanceAural surveillance
TalmudWalls between houses to be a certain heightCreditor may not enter person’s house
Ancient Roman law (Justinian’s Pandects)Prohibition against going into a home and dragging out the person
Hippocratic oathNo disclosure of what in practice seen or heard that “ought never be published abroad”
General warrants (1)• No specific individual
• No specific crime
• No specific place to be searched
• No specific items to be sought
• Illegal according to Sir Edward Coke’s Institutes of the Lawes of England (first published 1642 and 1644)
• Illegality confirmed by Sir Matthew Hale
• Illegality confirmed by Sir William Blackstone
General warrants (2)• Suspicion of crime related to
government revenue
• Used against anyone who dared to challenge or limit the authority of Parliament or the crown
• John Wilkes (member of Parliament)
• Anonymously wrote critical essay published in North Briton
• General warrant leads to massive arrests, Wilkes ► Tower of London
Writs of assistance• Any customs official could enter “any
House, shop, Cellar, Warehouse or Room or other Place...”
• Seize unaccustomed goods
• Lasted for the life of the sovereign under which it was issued plus six months
• According to John Adams, major factor in seeking American Independence
Fifth Amendment
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury...; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law...
First Amendment
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
Freedom of 1st Amendment gives right to associate without surveillance (Lieber 1859)
Ex parte Jackson
“The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their papers, thus closed against inspection, wherever they may be. Whilst in the mail, they can only be opened and examined under like warrant, issued upon similar oath or affirmation, particularly describing the thing to be seized...” Justice Field 96 U.S. 727, 732
Penumbras of the Amendments
1965Griswold v. Connecticut
381 U.S. 479
"Zone of privacy" created by 1st, 3rd, 4th, 5th, and 9th amendments
Re-thinking constitutional privacy
1964-U.S. Senate
Long Subcommittee
Hearings on surveillance activities by federal agencies; first looked at IRS
No warrantless wiretapping in No warrantless wiretapping in criminal casescriminal cases
1967Katz v. United States
389 U.S. 347
Congress Acts
1968The Omnibus Crime Control
and Safe Streets Act of 1968 (“Federal Wiretapping Act“), 18 USC Section 2510 et seq.
Wiretapping illegal but when crime has been or is being committed law enforcement can, with a warrant, engage in wiretapping for limited periods. Provides judicial oversight for law enforcement wiretapping.
National security wiretappingNational security wiretapping
1972U.S. v. U.S. District Court
for the Eastern District of Michigan“Keith”
“the customary Fourth Amendment requirement of judicial approval before initiation of a search applies in domestic security cases”
FISA
1978Foreign Intelligence
Surveillance Act
U.S. Code50 USC Sections 1801-1863
Electronic mail
1993ECPA
Electronic Communications
Privacy Act
Addressed the need to protect e-mail.
Post-9/11Post-9/11
USA PATRIOT ActH.R. 3162
Public Law No. 107-56Signed Oct. 26, 2001 by Pres. George W. Bush
H.R. 297510/12/2001
S. 151010/11/2001
H.R. 3004Financial Anti-Terrorism Act
Viet DinhAsst. Attorney General
The USA PATRIOT ActThe USA PATRIOT Act
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
H.R. 3162
The Acronym
The USA PATRIOT ActThe USA PATRIOT Act
To deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes.
H.R. 3162
The Purpose
The USA PATRIOT ActThe USA PATRIOT Act
SEC. 218. FOREIGN INTELLIGENCE INFORMATION.
Sections 104(a)(7)(B) and section 303(a)(7)(B) (50 U.S.C. 1804(a)(7)(B) and 1823(a)(7)(B)) of the Foreign Intelligence Surveillance Act of 1978 are each amended by striking `the purpose' and inserting `a significant purpose'.
The Language
The U.S. CodeThe U.S. CodeSections 104(a)(7)(B) and section 303(a)(7)(B) (50 U.S.C. 1804(a)(7)(B) and 1823(a)(7)(B)) of the Foreign Intelligence Surveillance Act of 1978 are each amended by striking `the purpose' and inserting `a significant purpose'.
TITLE 50 > CHAPTER 36 > SUBCHAPTER I > § 1804. Applications for court orders
(7) a certification … (B) that the purpose of the surveillance is to obtain foreign intelligence information;
(7) a certification … (B) that a significant purpose of the surveillance is to obtain foreign intelligence information;
Federal Wiretapping ActFederal Wiretapping Act
1968The Omnibus Crime Control
and Safe Streets Act of 1968 (“Federal Wiretapping Act”)
U.S. Code18 USC Section 2510 et seq.
Federal Rules of Criminal ProcedureRule 41 Search and Seizure
FISA
1978Foreign Intelligence
Surveillance Act
U.S. Code50 USC Sections 1801-1863
Investigative powers in US Investigative powers in US CodeCode
1968
Federal Wiretapping
Act
1978
Foreign Intelligence
Surveillance Act
The USA PATRIOT ActThe USA PATRIOT Act
Section 215—Amending FISA 501(a)The Director of the [FBI] or a designee of the Director ... may make an application for an order requiring the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities, provided that such investigation of a United States person is not conducted solely upon the basis of activities protected by the first amendment to the Constitution.
The Complaints— Records vulnerable
The USA PATRIOT ActThe USA PATRIOT Act
Section 215—Amending FISA 501(d)
No person shall disclose to any other person (other than those persons necessary to produce the tangible things under this section) that the Federal Bureau of Investigation has sought or obtained tangible things under this section.
The Complaints—Freedom of Speech
Banks and Bowman theoretical Banks and Bowman theoretical modelmodel
Nationalsecurity
Privacy
Crisis
Rights of the individual
Survival of the group
Associate General Counsel for FBI
Banks, William C., and M.E. Bowman. 2000. Executive authority for national security surveillance. American University law review 50(1).
Identifying the Problem: the Identifying the Problem: the Communication interception timelineCommunication interception timeline
1967Katz
1942Goldstein
1942Goldman
1937/1938Nardone
Conviction upheld
Wiretapping evidence disallowed
1928Olmstead
1952On Lee
1961Silverman
W
W
W D R
S E
Communication interception Communication interception timelinetimeline
1967Katz
1942Goldstein
1942Goldman
1937/1938Nardone
Conviction upheld
Wiretapping evidence disallowed
1928Olmstead
1934Radio Comm.
Act
1952On Lee
1961Silverman
W
W
D R
S E
W
Federal Communications Act
1934
Section 605
No person not being authorized by the sender shall intercept any radio communication and divulge or publish the existence, contents, substance, purport, effect, or meaning of such intercepted communication to any person.
NardoneNardone
“…the plain words of § 605 forbid anyone, unless authorized by the sender, to intercept a telephone message, and direct in equally clear language that “no person” shall divulge or publish the message or its substance to “any person.” To recite the contents of the message in testimony before a court is to divulge the message. The conclusion that the act forbids such testimony seems to us unshaken by the government’s arguments.” Justice Roberts
Communication interception Communication interception timelinetimeline
1967Katz
1942Goldstein
1942Goldman
1937/1938Nardone
Conviction upheld
Wiretapping evidence disallowed
1928Olmstead
1934Radio Comm.
Act
1952On Lee
1961Silverman
W
W
D R
S E
W
Olmstead v. United States (1928)
The evidence in the records discloses a conspiracy of amazing magnitude… . It involved the employment of not less than fifty persons, of two seagoing vessels for the transportation of liquor to British Columbia, of smaller vessels for coastwise transportation to the State of Washington. … In a bad month sales amounted to $176,000; the aggregate for a year must have exceeded two millions of dollars.
Mr. Chief Justice Taft
Magna Carta 1215 cap. 39
Nullus liber homo capiatur vel
imprisonetur, aut disseisiatur,
aut utlagetur, aut exuletur, aut
aliquo modo destruatur, nec
super eum ibimus, nec super
eum mittemus, nisi per legale
judicium parium suorum vel
per legem terrae.
Magna
Carta
Magna Carta 1215 cap. 39
No free man shall be seized or imprisoned, or stripped of his rights or possessions, or outlawed or exiled, or deprived of his standing in any other way, nor will we proceed with force against him, or send others to do so, except by the lawful judgment of his equals or by the law of the land.
Magna Carta
Reinterpreting the Magna Carta
Magna Carta1215
25 Edward III, c. 41351/1352
28 Edward III1354
No free man . . .
None . . .
No man of what estate or condicion that he be …
Reinterpreting the Magna Carta
Sir Edward Coke1642
“…for Justices of Peace to make warrants upon surmises, for breaking the houses of any subjects to search for felons, or stoln [sic] goods, is against Magna Carta.”
Coke, Edward. 1642. The fourth part of the institutes of the laws of England. London: M. Flesher.
Reinterpreting the Magna Carta
William Pitt1763
“The poorest man may, in his cottage, bid defiance to all the forces of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storm may enter; the rain may enter; but the King of England may not enter; all his force dares not cross the threshold of the ruined tenement.”
ECPA§ 2511. Interception and disclosure of wire, oral, or electronic communications prohibited
§ 2701. Unlawful access to stored communications
ECPA§ 2701. Unlawful access to stored communications
(a) Offense.— Except as provided in subsection (c) of this section whoever— (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.
ECPA
(c) Exceptions.— Subsection (a) of this section does not apply with respect to conduct authorized— (1) by the person or entity providing a wire or electronic communications service; (2) by a user of that service with respect to a communication of or intended for that user; or (3) in section 2703, 2704 or 2518 of this title.