Tuesday, 24 April 2012

For Sale: Your Mobile Privacy

Uncle Sam pays to spy on youYou know how I've been kicking off about an assortment of bills the Americans are considering, the latest of which is CISPA? Well, you're going to love this: I've discovered why the comms providers are so happy to go along with it this time around: it's a lucrative deal for them. Fourth Amendment and privacy be damned.

The latest legislative nightmare, CISPA, is a domestic catch-all spy bill that overrides every privacy safeguard going in a vaguely-worded mess that gives blanked permission for our data to be shared with an assortment of spy and law enforcement agencies allegedly to prevent cybercrime. There's no come-back and no way to even find out if your name is on any watch list. Don't worry your pretty little head about it; cyber spies are everywhere but Uncle Sam's all over it.

FUD for thought

CISPA is a power grab and everybody knows it. Anyone who doesn't knows nothing at all about tech. The idea that national power systems and other sensitive areas can easily be hacked begs the question, why not isolate it if it is that vulnerable? The fear, uncertainty, and doubt being peddled at CNN by Tom Kellerman, former commissioner of President Obama's cyber security council seems convincing enough at first, but dig a little deeper and the flaws in his argument soon become apparent. This is probably why he's the former commissioner.

"We are incredibly vulnerable. If we don't make our policy makers think about this seriously, we'll be dealing with something like 9/11," warns Mike McConnell, formerly President Bush's national intelligence director. Other nations and organized crime organizations have more and better intelligence on U.S. citizens and businesses than the U.S. government itself does, in McConnell's view.

Only 9/11 wouldn't have been stopped by spying on US citizens, but on certain Arabs. They're the ones responsible for the atrocity, after all. Besides, what with the raft of surveillance bills they've already got through, they know enough already. Don't forget, the early draft that got us up in arms the first time we heard about it had a lot of references to "intellectual property." This was a power grab for the IP industries, the idea being that it would be easier to catch those pesky pirates without resorting to such things as due process. Mention the magic words "Cybersecurity" and get a free pass to anyone's private online life. Add some loaded language guaranteed to get a visceral reaction from the public and it's win/win, right? Pearl Harbour, famous for the sneaky way the Japanese entered the Second World War, dragging America into what was basically a European problem. 9/11, the most deadly attack on American soil, the wounds of which are still raw. But we're not falling for it. That's the beauty of the internet — it's such a mine of information that even a relative noob like myself can spot this hogwash for what it is and call it such.

Private data sale now on

It has come to my attention tonight that although wiretapping without a warrant is illegal and violates the Fourth Amendment, the mobile service providers in the USA are doing a brisk business in their customers' private data by selling them out to the law enforcement agencies, who often use them without any legal documentation. This isn't the worst of it. Certain politicians are looking for ways to deal with this encroachment and have tabled a bill in California that would

prohibit a government entity from obtaining the location information of an electronic device without a warrant issued by a duly authorized magistrate unless certain exceptions apply, including in an emergency or when requested by the owner of the device.

The mobile service providers are having none of it.

It is important to note from the outset that wireless providers currently comply with numerous state and federal laws when disclosing customer information. Instead of assisting with such compliance, definitions within SB 1434 are so overly broadly that they could create confusion for wireless providers attempting to respond to legitimate law enforcement requests... It could place providers in the position of requiring warrants for all law enforcement requests. - CTIA-The Wireless Association

Requiring warrants for all law enforcement requests shouldn't be that big a deal, but when there's money involved via the trade in wiretapping services, it is. The mobile operators wouldn't want that revenue stream to dry up, would they? They've actually tried to defend this cozy arrangement thus:

Fees are charged to law enforcement in other circumstances such as court ordered requests and it’s important to note that any fee charged is for recovery of cost required to support these law enforcement requests 24/7. - Spokesperson for Sprint to Forbes.

If that's true, getting a warrant for each request shouldn't be that big a deal. Except that it's more of a case of supply and demand, the customer is always right, etc. In fact, tech blog CNET pours scorn on the idea that it is in any way inconvenient to report on the activities involved in passing private data to the law enforcement agencies by pointing out the following:

 AT&T, one of CTIA's largest member companies, is also part of the Digital Due Process coalition, which has taken the opposite position. It's lobbying for laws saying that location data should be disclosed only with a search warrant.

Wireless providers already compile many of the records required to be disclosed by S.B. 1434. It's for billing purposes: because they're paid for assisting surveillance requests, they keep the records so they can send accurate invoices to law enforcement. - CNET

If AT&T have no problem with asking for a warrant first, how come the others do? AT&T don't appear to consider it burdensome to have to deal with the resulting paperwork. This looks very dodgy to me.

What about the internet?

It seems that Facebook and some of the biggest tech companies are on side with the government over CISPA because they stand to get a similar deal to the mobile companies. It's worth mentioning that many of these companies offer both internet and mobile services. When there's that much money involved you know there's going to be trouble for the rest of us. This is why any anti-CISPA action needs also to be focused on the companies that support it.

In the UK, there's no such cozy deal. The Digital Millennium Act requires the ISPs to pay their own costs for surveillance. That's why they took it to court earlier this year.

It seems to me that until IP law has been reformed and the fear-mongering voices have been silenced, we won't be seeing any sensible legislation coming in any time soon. There are a few bills circulating but they haven't been widely adopted because they don't give any of the big companies any particular advantage. What they're forgetting is that we the public are their most valuable commodity and they need to put our needs above their profit margins if they want to keep our custom.

No comments:

Post a Comment