Privacy, information access, and security

1
Privacy, information access, and security the
perils of online searching in a panopticon society
donna Bair-Mundy
2
Intercepting topics
Security
Libraries
Surveillance
Privacy
3
Topics
What is privacy? Why do we need it?
Why do we need surveillance?
Creating a Surveillance Society Building the
Panopticon
What does this have to do with online searching?
Privacy in Libraries
4
Discussion questions
What is privacy? Why do we need it?
5
Informational privacy - Westin's definition -
part 1
Privacy is the claim of individuals, groups, or
institutions to determine for themselves when,
how, and to what extent information about them
is communicated to others.
Control
Westin, Alan F. 1970. Privacy and freedom.
London Bodley Head.
6
Informational privacy - Westin's definition -
part 2
Viewed in terms of the relation of the individual
to social participation, privacy is the
voluntary and temporary withdrawal of a person
from the general society through physical or
psychological means, either in a state of
solitude or, when among larger groups, in a
condition of anonymity or reserve.
Choice
Temporal
Varied means
7
(No Transcript)
8
Informational privacy - Westin's definition -
part 3
The individual's desire for privacy is never
absolute, since participation in society is an
equally powerful desire.
Ongoing dialectic
9
Informational privacy - Westin's definition -
part 4
Thus each individual is continually engaged in a
personal adjustment process in which he balances
the desire for privacy with the desire for
disclosure and communication of himself to
others, in light of the environmental conditions
and social norms set by the society in which he
lives.
Social norms
10
(No Transcript)
11
Informational privacy - Westin's definition -
part 5
The individual balances the desire for privacy
with the desire for disclosure and communication
of himself to others in the face of pressures
from the curiosity of others and from the
processes of surveillance that every society
sets in order to enforce its social norms.
Privacy v. Surveillance
12
Westin's privacy theory 4 functions of privacy
Release from tensions of life in society requires
release from pressure of playing social roles
Power to define the boundaries of the core self
Personal autonomy
Emotional release
Self-evaluation
Limited protected communication
Need to integrate experiences into meaningful
pattern essential for creativity
Share confidences and intimacies only with those
one trusts
Westin, Alan F. 1970. Privacy and freedom.
London Bodley Head.
13
Individual privacy versus individual secrecy
Privacy Allowed and in some cases required for
socially-sanctioned acts. Stress reducing.
Secrecy Involves socially proscribed
acts. Stress inducing.
Margulis, Stephen T. 1977. Conceptions of
privacy current status and next steps. Journal
of social issues 33(3)5-21, p. 10. Margulis,
Stephen T. 2003. Privacy as a social issue and
behavioral concept. Journal of social issues
59(2)243-261.
14
Election day
Us
Them
15
On the network news
Ayman al-Zawahiri
16
So you do a search . . .
17
A few days later . . .
How do you feel?
18
Discussion question
Why do we need surveillance?
19
Need for surveillance (1)
20
Need for surveillance (2)
21
Need for surveillance (2)
22
Need for surveillance (2)
Train Depart Arrive
1 230 p.m. 630 p.m.
2 330 p.m. 800 p.m.
Beniger, James R. 1986. The control revolution
technological and economic origins of the
Information Society. Cambridge, Mass. Harvard
University Press.
23
Surveillance in a transforming society
Zuboff, Shoshana. 1988. In the age of the smart
machine the future of work and power. New York
Basic Books.
24
Roles of Surveillance (1)
Used to catch the criminals
Used as means to control workers
Necessitated by technology
Facilitated by technology
25
Roles of surveillance (2)
Provision of services (Social Security)
Allows participation (Voter registration)
Protection against threat

• Means of social control
• Discover and rout out deviance
• Threat of surveillance used to promote compliance
  with the law

26
Routing out deviants
Round-up of Pennsylvania Quakers (1777)
Sedition Act of 1798
Espionage Act of 1917 1918 amend.
Internment of persons of Japanese ancestryWW II
Used against Hungarians, Czechs, Slovaks, Croats,
Poles, Jews, Russians, Lithuanians, Finns, Irish,
Catholics, Amish, Mennonites, Jehovahs Witnesses
(then called Russelites), Roma (then called
gypsies), African Americans.
27
Dealing with dissidents
President Franklin Roosevelt had FBI spy on New
Deal opponents
President Johnson had FBI spy on opponents of his
Vietnam War policy
President Nixon had FBI, CIA, NSA, IRS, and Army
Intelligence spy on and harass his perceived
enemies
United States. Congress. Senate. The Select
Committee to Study Governmental Operations with
Respect to Intelligence Activities. 1976. Final
report.
28
COINTELPRO New Left
FBI program to expose, disrupt, and otherwise
neutralize activities groups and individuals
affiliated with the New Left
Extensive and mostly illegal surveillance
United States. Congress. Senate. The Select
Committee to Study Governmental Operations with
Respect to Intelligence Activities. 1976. Final
report.
29
COINTELPRO New Left
Had members arrested on marijuana charges
Sent anonymous letters about a students
activities to parents, neighbors, and the
parents employers
Sent anonymous letters about New Left faculty
members (signed A Concerned Alumni or A
Concerned Taxpayer) to university officials,
legislators, Board of Regents, and the press
United States. Congress. Senate. The Select
Committee to Study Governmental Operations with
Respect to Intelligence Activities. 1976. Final
report.
30
Creating a Surveillance Society Building the
Panopticon
31
Surveillance - Plague model
Highly visible
Isolation and observation
Social control
Foucault, Michel. 1995. Discipline and punish
the birth of the prison. New York Vintage Books.
32
SurveillancePanopticon model
Jeremy Bentham

• Legal theorist
• Rationalism
• Utilitarianism
• Eccentric

33
Jeremy Benthams Panopticon
cells
entry
inspectors lodge
walkway
34
Panopticon society
35
Stealth surveillance communication
interception
1870s Telephone invented
1830s Telegraph invented
1960s Packet switching
1880s First reports of wiretaps in press
Packet sniffers
1860s Wiretapping during Civil War
36
What does this have to do with online searching?
37
Online searching Google
jacso as we may search
One of Googles servers
38
Sending your search request (1)
search
search
search
2
1
3
39
Sending your search request (2)
search
1
To 123.157.78.99
40
Packet-switched network
switch
switch
switch
switch
switch
switch
41
Online searching
Server where the database resides
42
Packet-switched network
switch
switch
switch
switch
UH router
switch
ATT
switch
43
Mark Kleinformer ATT technician
Secret room
611 Folsom Street, San Francisco, California
44
Mark Kleinformer ATT technician
Narus STA 6400
STA Semantic Traffic Analyzer
45
William Binneyformer intelligence official with
the NSA
Saw that the NSA was spying on domestic
communications Quit the NSA in 2001 Became a
whistle-blower
Estimated that he NSA had intercepted trillions
of communications "transactions" of Americans
such as phone calls, emails, and other forms of
data (but not including financial data)
46
Edward Snowden,former NSA contractor
Provided, and continues to provide, documents
that corroborate what many people had suspected
https//www.eff.org/document/2013-06-06-wapo-prism
47
Edward Snowden
MUSCULAR NSA and GCHQ secretly raided data from
Google and Yahoo
48
Edward Snowden
MUSCULAR
49
Edward Snowden
MUSCULAR NSA used a variety of methods to grab
data flowing between Googles data centers.
http//washingtonpost.com http//www.washingtonpo
st.com/world/national-security/nsa-infiltrates-lin
ks-to-yahoo-google-data-centers-worldwide-snowden-
documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d
89d714ca4dd_story.html
50
Spy programs that we know of
PRISM accessing Internet data of 9 major Internet
companies in the U.S.
MUSCULAR Secretly broke into main communication
links that connect Yahoo and Google data centers
around the world
UPSTREAM cable-tapping of fiber cables and
infrastructure, giving direct access to
fiber-optic cables that carry Internet and
telephone traffic via ATT, Verizon, Sprint
51
Spy programs that we know of
SHELLTRUMPET metadata program targeting
international communications
BULLRUN program to defeat encryption used in
specific network communication technologies
52
Google fighting back
https//www.google.com/
53
Privacy in Libraries
54
ALA on Confidentiality

• The First Amendments guarantee of freedom of
  speech and of the press requires that the
  corresponding rights to hear what is spoken and
  read what is written be preserved, free from fear
  of government intrusion, intimidation, or
  reprisal.
• In seeking access or in the pursuit of
  information, confidentiality is the primary means
  of providing the privacy that will free the
  individual from fear or intimidation or
  retaliation.

55
Browser history
56
Internet station sign-up sheet
When records are no longer needed, destroy them!
57
Minimizing browser history (1)
58
Minimizing browser history (2)
59
Web Server Log
60
Web Server Statistics
Who Countries ... Full list ... Regions
... Cities Hosts ... Full list ... Last
visit Authenticated users ... Full list ...
Last visit
Navigation Visits duration Viewed Operating
Systems Browsers Referrers Origin ...
Referring search engines ... Referring
sites Search ... Search Keyphrases ... Search
Keywords
61
OPAC reportsearches
OPAC Logging Report
DATE TYPE SEARCH STRING LIMIT LIMIT_STRING INDEX H
ITS 9/28/01 Keyword harry potter N K 4068 9/28/01
Author tolkein N LOCAMain Library
B 1 9/28/01 Keyword birds N K 2863 9/28/01 Keywo
rd alligators N LOCAMain Library K 30 9/28/01 Com
plex (NKEY alligators) AND N K 0 (TKEY
"crocodiles") 9/28/01 Complex (TKEY rats)
AND N K 103 (TKEY "mice") 9/28/01 Keyword osama
bin laden N K 37
62
UH Library
63
Log in screen
64
What can we do? (ALA tips)

• Conduct privacy audits
• Identify the type and nature of all records and
  files that contain library patron and user
  personally identifiable information
• Establish a schedule for the retention of records
  and files containing library patron and user
  personally identifiable information
• Detail the specific steps staff should follow in
  responding to investigatory requests for patron
  and user personally identifiable information from
  governmental agencies

65
What can we do? (2)

• Be aware of privacy policies
• FBI http//www.fbi.gov/privacy.htm
• Google http//www.google.com/intl/en/privacypolic
  y.html
• Anti-spyware software
• Scrub your data

66
Questions ?
67
Mahalo
68
USA PATRIOT Act Libraries (1)

• June 8, 2004 FBI demands list from Deming
  branch of Whatcom Country Library System of
  everyone who had borrowed a biography of Osama
  bin Laden since November 2001.
• Library refused.
• 15 days later, FBI withdrew its request.

69
USA PATRIOT Act Libraries (1)

• 2005 FBI presents National Security letter and
  demands any and all subscriber information,
  billing information, and access logs of any
  person or entity associated with a specified IP
  address during a specified period
• Librarians fought gag order in court
• Librarians speak out

70
Library Awareness Program

• Begun during Cold War
• Desire to restrict access to unclassified
  scientific information by foreign nationals
• Desire to recruit librarians to report on
  foreigners
• Agent told librarians to report name and reading
  habits of anyone with a foreign sounding name or
  foreign sounding accent
• Librarians who criticized program were
  investigated

Curt Gentry gives onset year as 1962 Gentry,
Curt. 1991. J. Edgar Hoover the man and the
secrets. New York Norton., pp. 759-760.
71
Online searching in the library
72
Do we have legal protections?
Privacy and the Law
73
Do we have legal protections?
Privacy and the Law
74
Types of privacy in law
Informational privacy
Decisional privacy
Control of access to information about a person
or group of persons
Freedom to make personal decisions without
interference from government
Privacy Act of 1974
Roe v. Wade 1973
Gormley, Ken. 1992. One hundred years of
privacy. Wisconsin law review Sept/Oct
19921335-1441.
75
American Constitution

• Heavily influenced by natural rights philosophy
  (John Locke)
• After extensive argument decided to include a
  Bill of Rights

76
Bill of Rights debate Mason, Jefferson, et al.
When assigning powers to the government must also
limit those powers
General warrants and writs of assistance
77
Objections to Bill of Rights
Bill of Rights is stipulation a king gives to his
subjects, granting a few exceptions to rights of
the monarch
Bill of Rights dangerousimplies government has
powers not
Could later be misconstrued as all-inclusive not
granted
(Alexander Hamilton, Federalist paper no. 84,
etc.)
78
The compromise
Amendment IX The enumeration in the Constitution
of certain rights shall not be construed to deny
or disparage others retained by the people.
79
Fourth Amendment
The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be
violated, and no Warrants shall issue, but upon
probable cause, supported by Oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be seized.
80
Privacy an old concern
Halakhah (Jewish law) Proscriptions on
Physical intrusion Visual surveillance Aura
l surveillance Talmud Walls between houses to
be a certain height Creditor may not enter
persons house Ancient Roman law (Justinians
Pandects) Prohibition against going into a home
and dragging out the person Hippocratic oath No
disclosure of what in practice seen or heard that
ought never be published abroad
81
General warrants (1)

• No specific individual
• No specific crime
• No specific place to be searched
• No specific items to be sought

• Illegal according to Sir Edward Cokes Institutes
  of the Lawes of England (first published 1642 and
  1644)
• Illegality confirmed by Sir Matthew Hale
• Illegality confirmed by Sir William Blackstone

82
General warrants (2)

• Suspicion of crime related to government revenue
• Used against anyone who dared to challenge or
  limit the authority of Parliament or the crown

• John Wilkes (member of Parliament)
• Anonymously wrote critical essay published in
  North Briton
• General warrant leads to massive arrests, Wilkes
  ? Tower of London

83
Writs of assistance

• Any customs official could enter any House,
  shop, Cellar, Warehouse or Room or other
  Place...
• Seize unaccustomed goods
• Lasted for the life of the sovereign under which
  it was issued plus six months

• According to John Adams, major factor in seeking
  American Independence

84
Fifth Amendment
No person shall be held to answer for a capital,
or otherwise infamous crime, unless on a
presentment or indictment of a Grand Jury... nor
shall any person be subject for the same offence
to be twice put in jeopardy of life or limb nor
shall be compelled in any criminal case to be a
witness against himself, nor be deprived of life,
liberty, or property, without due process of
law...
85
First Amendment
Congress shall make no law respecting an
establishment of religion, or prohibiting the
free exercise thereof or abridging the freedom
of speech, or of the press or the right of the
people peaceably to assemble, and to petition the
Government for a redress of grievances.
Freedom of 1st Amendment gives right to associate
without surveillance (Lieber 1859)
86
Ex parte Jackson
The constitutional guaranty of the right of the
people to be secure in their papers against
unreasonable searches and seizures extends to
their papers, thus closed against inspection,
wherever they may be. Whilst in the mail, they
can only be opened and examined under like
warrant, issued upon similar oath or affirmation,
particularly describing the thing to be
seized... Justice Field 96 U.S. 727, 732
87
Penumbras of the Amendments
1965 Griswold v. Connecticut 381 U.S. 479
"Zone of privacy" created by 1st, 3rd, 4th, 5th,
and 9th amendments
88
Re-thinking constitutional privacy
1964- U.S. Senate Long Subcommittee
Hearings on surveillance activities by federal
agencies first looked at IRS
89
No warrantless wiretapping in criminal cases
1967 Katz v. United States 389 U.S. 347
90
Congress Acts
1968 The Omnibus Crime Control and Safe Streets
Act of 1968 (Federal Wiretapping Act), 18 USC
Section 2510 et seq.
Wiretapping illegal but when crime has been or is
being committed law enforcement can, with a
warrant, engage in wiretapping for limited
periods. Provides judicial oversight for law
enforcement wiretapping.
91
National security wiretapping
1972 U.S. v. U.S. District Court for the Eastern
District of Michigan Keith
the customary Fourth Amendment requirement of
judicial approval before initiation of a search
applies in domestic security cases
92
FISA
1978 Foreign Intelligence Surveillance Act
U.S. Code 50 USC Sections 1801-1863
93
Electronic mail
1993 ECPA Electronic Communications Privacy Act
Addressed the need to protect e-mail.
94
Post-9/11
Viet Dinh Asst. Attorney General
H.R. 2975 10/12/2001
S. 1510 10/11/2001
H.R. 3004 Financial Anti-Terrorism Act
USA PATRIOT Act H.R. 3162 Public Law No.
107-56 Signed Oct. 26, 2001 by Pres. George W.
Bush
95
The USA PATRIOT Act
H.R. 3162
The Acronym
Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and
Obstruct Terrorism
96
The USA PATRIOT Act
H.R. 3162
The Purpose
To deter and punish terrorist acts in the United
States and around the world, to enhance law
enforcement investigatory tools, and for other
purposes.
97
The USA PATRIOT Act
The Language
SEC. 218. FOREIGN INTELLIGENCE INFORMATION. Sectio
ns 104(a)(7)(B) and section 303(a)(7)(B) (50
U.S.C. 1804(a)(7)(B) and 1823(a)(7)(B)) of the
Foreign Intelligence Surveillance Act of 1978 are
each amended by striking the purpose' and
inserting a significant purpose'.
98
The U.S. Code
Sections 104(a)(7)(B) and section 303(a)(7)(B)
(50 U.S.C. 1804(a)(7)(B) and 1823(a)(7)(B)) of
the Foreign Intelligence Surveillance Act of 1978
are each amended by striking the purpose' and
inserting a significant purpose'.
TITLE 50 gt CHAPTER 36 gt SUBCHAPTER I gt  1804.
Applications for court orders
(7) a certification (B) that the purpose of
the surveillance is to obtain foreign
intelligence information
(7) a certification (B) that a significant
purpose of the surveillance is to obtain foreign
intelligence information
99
Federal Wiretapping Act
1968 The Omnibus Crime Control and Safe Streets
Act of 1968 (Federal Wiretapping Act)
U.S. Code 18 USC Section 2510 et seq.
Federal Rules of Criminal Procedure Rule 41
Search and Seizure
100
FISA
1978 Foreign Intelligence Surveillance Act
U.S. Code 50 USC Sections 1801-1863
101
Investigative powers in US Code
1968 Federal Wiretapping Act
1978 Foreign Intelligence Surveillance Act
102
The USA PATRIOT Act
The Complaints Records vulnerable
Section 215Amending FISA 501(a) The Director of
the FBI or a designee of the Director ... may
make an application for an order requiring the
production of any tangible things (including
books, records, papers, documents, and other
items) for an investigation to protect against
international terrorism or clandestine
intelligence activities, provided that such
investigation of a United States person is not
conducted solely upon the basis of activities
protected by the first amendment to the
Constitution.
103
The USA PATRIOT Act
The ComplaintsFreedom of Speech
Section 215Amending FISA 501(d) No person shall
disclose to any other person (other than those
persons necessary to produce the tangible things
under this section) that the Federal Bureau of
Investigation has sought or obtained tangible
things under this section.
104
Banks and Bowman theoretical model
Associate General Counsel for FBI
Crisis
National security
Privacy
Rights of the individual
Survival of the group
Banks, William C., and M.E. Bowman. 2000.
Executive authority for national security
surveillance. American University law review
50(1).
105
Identifying the Problem the Communication
interception timeline
Conviction upheld
1942 Goldstein
1942 Goldman
1928 Olmstead
1952 On Lee
W
D
W
R
1937/1938 Nardone
W
1967 Katz
1961 Silverman
S
E
Wiretapping evidence disallowed
106
Communication interception timeline
Conviction upheld
1942 Goldstein
1942 Goldman
1928 Olmstead
1952 On Lee
D
R
W
W
1937/1938 Nardone
W
1967 Katz
1961 Silverman
S
E
Wiretapping evidence disallowed
1934 Radio Comm. Act
107
Federal Communications Act
1934
Section 605
No person not being authorized by the sender
shall intercept any radio communication and
divulge or publish the existence, contents,
substance, purport, effect, or meaning of such
intercepted communication to any person.
108
Nardone
the plain words of 605 forbid anyone, unless
authorized by the sender, to intercept a
telephone message, and direct in equally clear
language that no person shall divulge or
publish the message or its substance to any
person. To recite the contents of the message
in testimony before a court is to divulge the
message. The conclusion that the act forbids
such testimony seems to us unshaken by the
governments arguments. Justice Roberts
109
Communication interception timeline
Conviction upheld
1942 Goldstein
1942 Goldman
1928 Olmstead
1952 On Lee
D
R
W
W
1937/1938 Nardone
W
1967 Katz
1961 Silverman
S
E
Wiretapping evidence disallowed
1934 Radio Comm. Act
110
Olmstead v. United States (1928)
The evidence in the records discloses a
conspiracy of amazing magnitude . It involved
the employment of not less than fifty persons, of
two seagoing vessels for the transportation of
liquor to British Columbia, of smaller vessels
for coastwise transportation to the State of
Washington. In a bad month sales amounted to
176,000 the aggregate for a year must have
exceeded two millions of dollars. Mr. Chief
Justice Taft
111
Magna Carta 1215 cap. 39

• Nullus liber homo capiatur vel imprisonetur, aut
  disseisiatur, aut utlagetur, aut exuletur, aut
  aliquo modo destruatur, nec super eum ibimus, nec
  super eum mittemus, nisi per legale judicium
  parium suorum vel per legem terrae.

Magna Carta
112
Magna Carta 1215 cap. 39

• No free man shall be seized or imprisoned, or
  stripped of his rights or possessions, or
  outlawed or exiled, or deprived of his standing
  in any other way, nor will we proceed with force
  against him, or send others to do so, except by
  the lawful judgment of his equals or by the law
  of the land.

Magna Carta
113
Reinterpreting the Magna Carta
Magna Carta 1215

• No free man . . .

25 Edward III, c. 4 1351/1352
None . . .
28 Edward III 1354
No man of what estate or condicion that he be
114
Reinterpreting the Magna Carta
Sir Edward Coke 1642

• for Justices of Peace to make warrants upon
  surmises, for breaking the houses of any subjects
  to search for felons, or stoln sic goods, is
  against Magna Carta.

Coke, Edward. 1642. The fourth part of the
institutes of the laws of England. London M.
Flesher.
115
Reinterpreting the Magna Carta
William Pitt 1763
The poorest man may, in his cottage, bid
defiance to all the forces of the Crown. It may
be frail its roof may shake the wind may blow
through it the storm may enter the rain may
enter but the King of England may not enter all
his force dares not cross the threshold of the
ruined tenement.
116
ECPA
 2511. Interception and disclosure of wire,
oral, or electronic communications prohibited
2701. Unlawful access to stored communications
117
ECPA
 2701. Unlawful access to stored
communications (a) Offense. Except as provided
in subsection (c) of this section whoever (1)
intentionally accesses without authorization a
facility through which an electronic
communication service is provided or (2)
intentionally exceeds an authorization to access
that facility and thereby obtains, alters, or
prevents authorized access to a wire or
electronic communication while it is in
electronic storage in such system shall be
punished as provided in subsection (b) of this
section.
118
ECPA
(c) Exceptions. Subsection (a) of this section
does not apply with respect to conduct
authorized (1) by the person or entity providing
a wire or electronic communications service (2)
by a user of that service with respect to a
communication of or intended for that user or
(3) in section 2703, 2704 or 2518 of this title.