Interesting Stuff

It looks like dhalps beat me to it, and linked to an excellent article. Judge Victor Marrero has ruled that the part of the PATRIOT Act discussing National Security Letters is unconstitutional, saying it violates the first and fourth amendments. Ars Technica has a good explanation of what happened. The basic idea is that these are letters which force people (read: ISPs, librarians, bankers, etc) to give information to the FBI, ostensibly so they can fight terrorism. Moreover, they come with “gag” restrictions which make it illegal to tell anyone else that you received such a letter. and there’s no judicial oversight, so it’s basically a way for the FBI to get any information they want while making it illegal to fight back (to bring this to court in the first place, the plaintiff had to remain anonymous and file as a John Doe with the ACLU). The government is likely to appeal; this same thing happened in 2004 with Judge Marrero, the government appealed, and the Secound Circuit sent it back to him after Congress revised the law in question. Nonetheless, this is definitely a (small) step in the right direction.

You know you’re onto something when Bruce Schneier picks it up and calls it “a big deal.” He found a much more eloquent article on the topic, however.

I previously wrote about how JPL employees are being forced to let the government intrusively investigate their private lives or lose their jobs. Well, now there are a couple dozen senior employees who are suing JPL and NASA to fight back. The “press release” has a lot of unnecessary Bush-bashing (Bush’s original Directive seems fairly reasonable; the problem is how NASA has been executing it, since they’re trying to do all sorts of things it doesn’t require), but it has some really nice links at the bottom to more official documents. Moreover, this is starting to be picked up in the mainstream press. It’s nice to see that some JPL employees are fighting this, and even nicer to see that people are taking notice.

Yesterday, I was asked by an organization I trust for my phone number, home address, and a couple other pieces of information they have no business knowing. When I want their services, I go to them and I don’t need to make an appointment, so I really can’t think of a valid reason they would need my contact information. When I asked the man why he requested it, he replied that he needed to put it into their computer system to make sure my records were up to date. To the best of my knowledge, he doesn’t know why they want this information, either; he elided the question because it’s just something he’s supposed to collect from customers.

I have experienced this on several different occasions. One of the more memorable ones was when I opened my bank account: the bank wanted my social security number, approximate yearly income, and a bunch of other information I really can’t justify their having. Have you experienced a similar problem? What did you do about it? My response has been to hem and haw for a while and then just give them the information to make everything go smoothly, but it’s never sat well with me, and I’d like to find a better way of dealing with this.

As tech/legal blog Ars Technica reports, it seems that the Bush administration is trying to retroactively pardon the telecoms for violating the privacy and Fourth Amendment rights of their customers. Remember back in 2005 when it was revealed that the NSA uses warrantless wiretaps of most phone lines? Well, the Electronic Frontier Foundation, bastion of freedom that they are, continue to battle AT&T and the government over it. They have fought past the State Secrets issues, and have continued to advocate for the privacy of US citizens.

Well, now it seems that there is an appropriations request sent to the Senate Select Committee on Intelligence that would retroactively pardon the telecoms of all wrongdoing concerning the warrantless wiretaps. If passed, it will kill the EFF’s case dead in its tracks. I strongly suspect that if Congress read this legislation it would not pass, but it’s been pretty well established at this point that very few lawmakers actually read the legislation they vote on. As always, you can write to your Congresspeople about the issue (though the default text in that link is only about the warrantless wiretaps in general, not this latest development). We’ll see what happens…

Why do private companies treat your social security number like a personal ID number? The government doesn’t do this: the only federal paper that will have your SSN on it is your Social Security Card. It does not appear on your passport, your drivers license, or your birth certificate. and yet, the last 4 digits of your SSN is the default PIN for many ATM accounts. It was my keycode to clock in and out at a summer job I once had. I just got a copy of a background check Google did on me before hiring me (if your employer does a similar check, the Fair Credit Reporting Act gives you the right to get a copy), and the password I used to access it was those same 4 digits. Moreover, these last 4 numbers are written in two different places on this report. Insurance companies ask for these numbers when you sign up with them. So do apartment rental companies. They have no business checking on how much money I have paid/received to/from Social Security, and the number should not have any other purpose.

When Social Security was created, the intention was never to make these numbers identify you throughout your life! If some less-than-upstanding person gets these 4 digits, I don’t want them to suddenly have access to my bank account, credit report, insurance policy, etc. This is exactly how identity theft gets started! Is my family the only one concerned about this? Would anyone be willing to step up and present the other side of this?

One reason I’m worked up about this now is that I have just avoided having my identity stolen: I received a piece of mail on Bank of America letterhead saying that there was a problem with my credit card, and I should call the number provided to straighten it out. I needed to have my credit card number ready so they could verify some questionable actions taken on the account. The only problem? I don’t have a BoA credit card. At least, I didn’t. The next day, as if to rectify this problem, my new BoA credit card arrived in the mail. The phone number given in the letter is nowhere to be found on the BoA website, or indeed any website indexed by Google. I’m heading to the bank tomorrow to try to clear this up, and possibly to the post office afterwards: this can likely be considered mail fraud as well as attempted identity theft and attempted credit card fraud. I have no proof that this is related to misuse of my social security number, but the SSNs are a tangential topic about which I have much more knowledge.

The bottom line is this: protect your SSN, don’t use it for other passwords, and try to keep your passwords as unique as possible. Thanks for letting me rant.

(special thanks to rubixsqube for alerting me to this) If you’re on Facebook and don’t like their creepy new “news feed” (which basically gives you a list of all changes in all your friends’ profiles, group memberships, relationships, &c), consider joining this group in protest. When I found it (about 15 minutes ago), it had just over 76,000 members. It has already broken 80,000 members. I hope this sends a pretty strong message to the Facebook Powers That Be.

For those of you who are not familiar with it, the Electronic Frontier Foundation is a small group of lawyers and techies who are sort of like the ACLU, but only for technology-type stuff. Because the EFF is so small, they don’t have the resources to take on every case that comes along the way the ACLU does. Consquently, they wait for the perfect case, and then kick ass. The EFF was behind the class action lawsuit over Sony BMG’s rootkits (I don’t think I ever posted the resolution of that, but the EFF won and if you bought one of these CDs, you can get some money and a way to remove them from your machine and stuff). The EFF was behind the landmark case about the broadcast flag that finally gave you the right to record what you want on your TiVo or VCR (again). They were the ones who got the electronic voting company Diebold kicked out of North Carolina for their unethical business practices and intentional security problems. The EFF are all-around awesome people!

Anyways, they’re now battling AT&T over the warrantless wiretapping thing (the ACLU is also suing AT&T, but the two cases are, at least for now, separate). At DEFCON, I got to see a panel of 5 EFF people discuss this case with the audience. AT&T has been completely assy about every point, arguing ludicrous things, such as the claim that the address of their main datacenter is a trade secret (despite the fact that it’s registered with the city of San Francisco and is in the phone book). Time after time, the judge has come down on the EFF’s side. The EFF has even managed to work around the State Secrets issues that right-wing pundits expected would bring the entire trial to a standstill (the EFF’s arguments here were amazingly clever. Post a comment if you’re interested in hearing more). Earlier this week, the judge in the ACLU’s suit ruled that AT&T must stop their practices, though they plan to appeal this to the 9th circuit court of appeals (though knowing the 9th circuit, the decision should stand). The EFF’s judge has already made a similar ruling, and by now should have decided whether AT&T can continue the wiretapping while they appeal (though I don’t know the outcome of that edit: they can continue re-edit: that was for the ACLU case. I still don’t know what happened to the motion to stay in the EFF case). As usual, Fox “News” is using intimidation and straw-man arguments to say that the ruling is the work of a foolish, activist, outsider judge. The Washington Post is taking a more reasonable, moderate stance.

In the meantime, there’s a scary bill looming on the horizon. This bill, if passed into law, would specifically legalize warrantless wiretapping, thereby stripping away all congressional oversight. Personally, I feel this is ridiculous, because FISA (the secret court that is supposed to oversee wiretaps) has never once in its entire 30-year history turned down a wiretap application. Moreover, the Arlen-Cheney bill would move the ACLU’s and EFF’s legal battles from the normal courts over to FISA, where no one would ever be able to find out what occurred or why. If you want to keep your Fourth Amendment rights and not have a chilling effect set over all of America, please, please call or write to your Congresspeople (note that that link is secure and any data you put in that form will be encrypted; yet another good thing the EFF does).

A couple minor points about the EFF: EFF’s stance on net neutrality →