Privacy

Before the interwebs slow to a crawl with all the folks out celebrating living in the land of the free and home of the brave…we can indulge in a bit of paranoia from this story at Threat Level:

Google will have to turn over every record of every video watched by YouTube users, including users’ names and IP addresses, to Viacom, which is suing Google for allowing clips of its copyright videos to appear on YouTube, a judge ruled Wednesday.

Viacom wants the data to prove that infringing material is more popular than user-created videos, which could be used to increase Google’s liability if it is found guilty of contributory infringement.

One wonders why users’ names and addresses are required for such a mining exercise.  Surely Viacom could conduct its exercise using anonymized data, just like most of us who work with consumer data do.

I wrote earlier about the need to get the public involved in meaningful discussions on the direction of energy policy.  Well, it seems that Reuters carried a story a few days ago on British fears of where the U.K.’s and Europe’s policies seem to be headed:

First there were the thought police, then the surveillance society, now Britons fear the carbon cops are coming to ensure compliance with climate change legislation, a survey showed on Wednesday.

And with warnings of global catastrophe ringing in their ears some people fear that failure to cut personal carbon emissions will eventually result in enforced carbon behaviour re-education, the Energy Saving Trust said.

It said 41 percent of Britons think the country will need its own Carbon Police Force by mid-century and one quarter believe repeat offenders will have to go into carbon rehab and take carbon addiction classes.

You’d think that in a country that has 1 police surveillance camera per 14 inhabitants, the citizens would display a sheep-like trust in the protection of the State.   Maybe that’s not actually the case in Britain.

In a prior job, I had the dubious honor of being, in some folks’ minds, the embodiment of evil – working with consumer credit data in insurance pricing, poking around in summaries of consumers’ financial transactions to see what could be learned about their behavior.  (Yes, most of my work was anonymized and done in such a way as to not impact consumers’ live files…but I’m sure that some consumer advocates would actively disbelieve the truth there.)

That experience, along with my own quasi-libertarian, pro-privacy paranoia of accumulations of data in the wrong hands, has caused me to advocate certain protections be implemented in collections of personal information – in particular, the maintenance of records where an individual can see who accessed what information for what reason.  It’s standard operating procedure in some databases, but it’s not universal.

So, I was very pleased to see a comment on the subject in this Business Insurance article discussing an agreement on standards of developing electronic accumulations of personal health data:

U.S. consumer groups, insurers and privacy advocates, together with Google Inc. and Microsoft Corp., on Wednesday said they have agreed to standards intended to speed adoption of personal electronic health records.

The electronic medical record field remains in its infancy. While U.S. privacy laws govern actions by medical providers like doctors, there is little in the way of other established privacy, security and data usage standards despite decades of industry effort.[…]

Principles for personal health records include an audit trail to track use of the data, a dispute resolution process for consumers who believe their personal information has been misused and a ban on using data to discriminate in employment.

Also signing on to the principles are WebMD; Consumers Union, which publishes Consumer Reports; AARP, the seniors’ lobbying group; and America’s Health Insurance Plans, which represents major insurers such as Aetna Inc

I am still leery of the development of massive databases of such personal information, but at least it looks like the folks pushing it are on the right path on certain security aspects.

However, I do still wonder about the efficacy of such databases, given that there seems to be many different players building their own “solutions”.  Won’t there be a problem with the balkanization of the universe of personal health data?   Perhaps the next high-level agreement needs to be some collaboration on import/export standards….

Seen in the New York Times:

The battle over voting rights will expand this week as lawmakers in Missouri are expected to support a proposed constitutional amendment to enable election officials to require proof of citizenship from anyone registering to vote.[...]

The Missouri secretary of state, Robin Carnahan, a Democrat who opposes the measure, estimated that it could disenfranchise up to 240,000 registered voters who would be unable to prove their citizenship.

Now, I’ve been uncomfortable with the notion of requiring Voter ID.  I can understand the concerns by proponents of the concept, but the fact of the matter is that even in this day and age, some people lack photo ID.  Despite the difficulty in participating in society without identification, it’s not a requirement.

I realize that the Supreme Court supported Voter ID laws in part due to plaintiffs’ failure to produce anyone who really was impacted by the law.   However, I can’t help but think that the folks most likely to be impacted are also the folks least likely to complain about being impacted.

The expansion of such a measure only seems to aggravate the problem to me.   A little over a year ago, my wife and I had the experience of trying to secure new “proof of citizenship” for her, in advance of a cruise, since she had forgotten where her passport and birth certificate were.  The hoops we had to go through to get her a new copy of her birth certificate weren’t insurmountable…but that was only because we had net access at home, the means to easily copy some of the supporting documentation required, and spare cash to pay for the processing fees.

I can easily imagine how nearly-impossible the process might seem to a disadvantaged individual.

I’m reminded of something in the Constitution, the 24th Amendment:

The right of citizens of the United States to vote in any primary or other election for President or Vice President, for electors for President or Vice President, or for Senator or Representative in Congress, shall not be denied or abridged by the United States or any State by reason of failure to pay any poll tax or other tax.

I know “ID” and “proof of citizenship” don’t translate to “poll tax or any other tax”… but for folks who don’t have the requisite documentation, it would seem that they will be required to shell out a few bucks to obtain that documentation…and that sounds like “other tax” to me.

This only fuels my suspicion that it’s time to move on from the increasingly-illusory belief that an ID is not mandatory in American society.   If you’re going to require identification to exercise one of the fundamental rights of citizenship, you might as well mandate that everyone possess identification documents, and help those without such papers to obtain them.

If we are going to slide down that slope, however, could we at least get some privacy protections to cushion our assimilation?

Seen in the Wall Street Journal (subscriber link):

After more than a decade of deliberation, the Senate cleared the bill 95-0 Thursday. The same bill is expected to sail through the House early next week — just as a similar measure did a year ago — and on to President Bush, who is expected to sign it.

The legislation would bar insurance companies from denying health coverage or charging higher premiums based on a person’s genetic information. It would also bar employers from using genetic information to make hiring, firing and other job-placement decisions. It applies to people who have genes that carry the risk of disease, but not to those who already have the disease.

I will admit that my initial reaction was one of fears of adverse selection.  However, that was quickly reined in.  Given that everybody who can get health insurance should have some coverage, there aren’t too many folks who would opt out of the system altogether.   And, it’s not inconceivable to imagine how the potential for better diagnosis and more targeted monitoring and early detection of potential health issues could lead to a net savings for the system overall.

Seen at Threat Level:

Citizens of all 50 states are now free to board airplanes using their driver’s licenses—at least until 2010, after the final renegade anti-Real ID state—Maine—won a time extension Wednesday from deadlines attached to new federal identification rules.[...]

On Wednesday, Maine’s governor agreed to seek legislation to tighten licensing restrictions, including restricting licenses to residents and those who can prove their legal status in the United States. He did not, however, have to promise the changes would happen.

And thus we see that the SEP (Somebody Else’s Problem) field is fully functional at DHS, in these waning days of the Bush Administration.

It looks like the days of some folks being required to show a passport for domestic travel have been postponed. Wired’s Threat Level blog comments on DHS caving on South Carolina’s rebellion:

Despite blasting a defiant last day letter to the Homeland Security Department over pending federal rules Monday, South Carolina Republican governor Mark Sandford secured South Carolinians the right to use their driver’s licenses to board planes without being patted down, at least until 2010.[...]

It’s clear the rebel states won, according to Bill Scannell, a spokesman for the Identity Project which has been fighting against Real ID.

“Montana’s letter smirked,” Scannell said. “New Hampshire’s was down right disrespectful and you could see the scotch tape from where they cut-and-pasted pages from their DMV handbook.”

“But Sanford’s five-page letter was Fort Sumter-quality,” Scannell said, referring to the South Carolina military installation where the Civil War started.

That leaves Maine as the only rogue left rogue, though the state is likely to get its own extension late Monday.

A little while after this Threat Level post was made, the AP noted that Maine had been granted an extension to Wednesday to permit them to finish drafting a response, with approval expected later this week.

So, no internal passports required until at least 2010. A new administration will be in power, so from DHS’s POV, the matter is now for all practical purposes Someone Else’s Problem.

Seen in the New York Times, in a story discussing how Mainers and South Carolinians may have to get passports soon if the feds don’t blink on Real ID:

“There is no wiggle room in South Carolina law in terms of asking for an extension,” Joel Sawyer, the spokesman, said. “If Washington wants a more secure form of ID, then Washington ought to be able to pay for it.”

So do any Republicans at the federal level still remember the Contract With America? You know, that pledge that was signed back in 1994 by Congressional Republicans which included a provision of “no unfunded mandates”?

An odd anecdote I came across in the Seattle Times:

It turns out the feds have been monitoring Interstate 5 for nuclear “dirty bombs.” They do it with radiation detectors so sensitive it led to the following incident.

“Vehicle goes by at 70 miles per hour,” Giuliano told the crowd. “Agent is in the median, a good 80 feet away from the traffic. Signal went off and identified an isotope [in the passing car].”

The agent raced after the car, pulling it over not far from the monitoring spot (near the Bow-Edison exit, 18 miles south of Bellingham). The agent questioned the driver, then did a cursory search of the car, Giuliano said.

Did he find a nuke?

“Turned out to be a cat with cancer that had undergone a radiological treatment three days earlier,” Giuliano said.

This anecdote was shared at a community meeting that Seattle Times columnist Danny Westneat attended. The meeting was held to address concerns by San Juan County, Washington residents over being harassed by border agents to prove immigration status. (San Juan County is made up of a group of islands between Vancouver Island, British Columbia, and the mainland of Washington State.)

I suppose that it’s a good thing that the feds are monitoring for the sorts of contraband that are legitimately concerning. However, I also have to admit that I share Mr. Westneat’s concerns about the pervasiveness of government monitoring.

However, I do take comfort from another comment in the story. Deputy Chief Giuliano, the number 2 guy for that stretch of the U.S.-Canadian frontier, has his own reservations about the authority he seemingly could wield:

Yet even he, a federal agent for 35 years, is queasy about the snooping’s reach. He said he opposes parts of the Patriot Act, namely the section that expands warrantless searches.

“I think we can do this without tossing out our checks and balances,” he said.

By now, you’ve probably heard that some grunts at the State Department have been fired or reprimanded for poking around in Barack Obama’s passport file. If you haven’t, The Caucus has a synopsis:

On three separate occasions in January, February and March, three employees looked through Mr. Obama’s file in the department’s consular affairs section, violating the department’s privacy rules, the State Department spokesman, Sean D. McCormack, said. Mr. McCormack said the department’s internal controls flagged the breach, which he attributed to “imprudent curiosity.”

State Department officials said that they had no idea why the employees broke into Mr. Obama’s files. The department is continuing to investigate, Mr. McCormack said.

Now, in theory, I don’t mind the government or businesses accumulating and mining data on ordinary, average people. However, my not-minding assumes that access to the data will be restricted to specific purposes, that inaccuracies in the data can be identified and corrected, and that breaches of those two points will be swiftly and harshly punished.

The slow response at the State Department, and the relatively weak reaction, seem to me to be indicative of a disturbingly lax attitude toward privacy and data security in this age of information.

If we are a society that allegedly seeks to swiftly and harshly punish certain crimes, shouldn’t breaches in privacy also be on the “swift and harsh” list?