Thursday, July 29, 2010

Obama's Hope & Change: Privacy Edition

How's that 'HOPE and CHANGE' working for you?
Obama's Hope & Change
Here is some more of the Team Obama's Hope and Change that was so often touted as being the end-all, be-all for the last Presidential Election Cycle. Apparently, the White House wishes to amend the way that National Security Letters (NSL) work.

But rather than amending these things to make them harder to use, the White House wants to expand the FBI's power by adding the phrase "electronic communication transactional records" to the list of items able to be taken according to NSL laws.

Now for those of you who don't know, the NSL is basically a search and seizure warrant which does not require a judge's approval, and is issued by any branch office of the FBI. In theory it's designed to allow the FBI limited access to data such as your phone number and address. The Electronic Communications Privacy Act is what forces ISPs specifically to provide data to the government due to NSLs, but the act limits that data that can be requested to the following data types: name, address, length of service and toll billing records. Additionally, in November 2008 the Office of Legal Counsel (which is legally binding to the Executive branch of the government) drafted an opinion which called those 4 data types "exhaustive" and thus the only elements that the government can legally go after with a NSL.

Of course the White House wants everyone to think that by using the phrase "electronic communication transactional records" that they're only talking about the addresses that you're emailing or your browsing history.

The problem with this though, is the fact that the phrase "electronic communication transactional history" is not defined in the legislation, therefore, the White House would be able to describe basically anything related to electronic communication and transactions to be "electronic communication transactional history."  Frankly, I don't trust the government enough to not abuse this in this way.

After all, a 2007 Inspector's General report detailed a number of violations of the Electronic Communications Privacy Act in regards to NSLs. These violations included the FBI creating NSLs when there was not an actual investigation regarding the subject of the NSLs.  Additionally, there were at least two cases when the FBI requested information which was patently illegal for them to request via NSL.

Basically, the FBI is already abusing the NSL system--only a fool would think giving them greater requisition powers in this situation would be a good thing.

But even if they do limit it to what would be considered "electronic communication transactional history" in the IT field, that's still more than just who your email is going to. 

Believe me, I know.

I play with the building blocks of electronic communication transactional history every day, and it basically works like this:

Every time you type a URL into your web browser, you generate a communication transaction. That request and response has a host of information tied into it:
  • The page being requested
  • A set of cookie objects related to the page being requested
  • The type of request (GET/POST/HEAD)
  • If it is a POST request -- the values of ANY form elements on the page
  • If it is a GET request -- the values after the "?" in the URL
There's a LOT of information in those things, and it's all electronic communication transactional history.  Every website you visit. Every online form you fill out. Every instant message or text message you receive. Additionally, this is not just on your PC, but also on your cell phone or smart phone or iPad.   All of those things are "electronic communication transactional history."

And the government wants it all, because they are more concerned about getting information as quickly and efficiently as possible than they are about little things like Civil Liberties.

Labels: , , , ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home