Susan Crawford blog :: The privacy angle

This Month

Month Archive

August 2006
July 2006
June 2006
May 2006
April 2006

Year Archive

2007
2006
2005
2004
2003

Search Google

Previous:	Net neutrality today -- playing the "safety" card
Next:	Naked aggression

The privacy angle

by Susan on Fri 16 Jun 2006 11:02 PM EDT | Permanent Link

Someone called me today to ask me what I thought about the connection (if any) between privacy and the recent CALEA ruling.

There are at least three possible responses I came up with -- only two of which I gave on the phone (things are always clearer after you hang up, aren't they?). One is that CALEA is just about how things are designed, not whether law enforcement is entitled to ask service providers for data. CALEA says "assuming a lawful warrant is being implemented, we want to make it easier for law enforcement to get access to data." On this reading, extending CALEA to more services and more connections shouldn't make a difference to individual privacy vis-a-vis governmental requests for data -- government has to go to a judicial officer to get authority to ask for the data in the first place.

A second response, though, is that we have no idea how the FCC's adventurous extension of CALEA will change the privacy landscape. The ongoing NSA scandal reveals that we don't know what this Administration is willing to do without a warrant. We don't know how closely service providers are already cooperating with law enforcement/national security requests without needing the entire apparatus of warrants and judges. We are in the dark. In the dark, you can't see the change between one privacy regime and another -- it all looks the same.

A third response is that it's likely that extending CALEA's scope diminishes our privacy. If it's easier for government to get access to data, because things have been designed in advance so as to be easily tappable, they'll get more data and will know more about us. At the least, extending CALEA clearly doesn't heighten privacy protection in this country.

What do you think?

Posted to:

Main Page

Comments

Post a comment

Re: The privacy angle

by Veni Markovski on Sat 17 Jun 2006 05:43 PM EDT | Profile | Permanent Link

Susan,
the Americans seem to be not interested in privacy at all. What you and people like you may need to do, is start an educational campaign. Talk to students and pupils, explain them (they will understand it easier) why privacy is important.
Tell them that to give their phone in the GAP shop is not only stupid, but also dangerous.
Parallel, can't you talk to law-makers? Accept if not all, at least some of the European Directives.
Wiretapping of the kind happening in the US, should have driven resignations in Europe. In the US even the public opinion doesn't care...

Re: The privacy angle

by nedu on Sun 18 Jun 2006 02:20 PM EDT | Profile | Permanent Link

In Bellovin, et al, Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP (13 Jun 2006), the authors note on p.13:

There is a danger that intercept design features adopted for the beneﬁt of legitimate law enforcement agencies could be used by others, rendering the entire Internet’s application space more vulnerable than it already is. This is very dangerous (and has more than privacy implications).

This isn't a new observation, but it's good to see it getting attention in a recent report by well-known and respected authors.

Re: The privacy angle

by Paul Kouroupas on Tue 20 Jun 2006 04:50 PM EDT | Profile | Permanent Link

On the topic of privacy, note that Ron Suskind's new book The One Percent Solution asserts that the Administration worked closely with First Data Corporation and its parent Western Union to track, sometimes in real time, financial transactions. When combined with the collection of call records, the NSA has an incredible insight into the daily lives of ordinary Americans. While this capability may be directed today at terrorists, it can easily be directed at something else tomorrow and who would know? As for the extention of CALEA, if you believe voice is going to be a ubiquitous application embedded in any number of devices and services, then you better believe that your privacy is being eroded.

Re: The privacy angle

by Tony on Mon 26 Jun 2006 06:14 PM EDT | Profile | Permanent Link

Hi Susan,

At the least, extending CALEA clearly doesn't
heighten privacy protection in this country.

Actually, it does. I highly recommend actually reading the statute and the Commission's implementing rules - particularly the security provisions now incorporated in 47 CFR 1.20003 and 1.20004. The technical "tappling" portion is relatively easily accomplished. What CALEA does is simply assure it's uniformly available through a common protected technical interface....and that there is an effective security office capability and policies that protect privacy and legal process.