Hubert Chathi

The ACLU has won this round against the NSA. A federal judge has ruled that the NSA’s massive warrantless wiretapping program is unconstitutional and must be stopped immediately. (CBC, /.) This may also open up some legal problems for the phone companies who cooperated with the NSA. (/.)

For those worried that this will prevent law enforcement agents from catching the terrorists, note that the suspects in the recent airplane bombing plot were caught using wiretapping — and it was done with a warrant. I’ve said this before, but I’m not against wiretapping. I’m only against wiretapping without judicial oversight. And while getting a warrant may slightly delay investigation, it makes conviction much easier when your evidence doesn’t get thrown out for being collected illegally.

First up, Schneier has an excellent article on the value of privacy.

Next, Felten has a series of articles on how technology is increasing wiretapping and about what kind of policy should be used to control the information that can be stored. (Part 1, Part 2, Part 3, Part 4, so far)

And finally, here’s an article on why the NSA’s spying is bad for national security. (Schneier)

I should note that I am not some kind of paranoid nutcase, thinking that everyone is out to get me. I have a lot of personal information on this website, for anyone who cares. And if you do a Google search on my name, you’ll find that most of the top results are me (although more Hubert Chans are starting to pop up now), and can probably put together a decent profile on me (or at least part of me — some parts of what I do won’t show up in Google). But I do not want to have my every action constantly monitored, checking to see if I’m doing anything wrong. If the authorities have reason to suspect me of committing any crime, they can go ahead and get a warrant and search for evidence. I don’t care; I have nothing to hide. But if they don’t have any reason to suspect me of being a criminal, then they should not be treating me like a suspected criminal.

Last month, the mobile phones of 100 Greek politicians and offices were tapped. As it turns out, the “malicious code” that was used to tap the phones was actually a backdoor installed for the police. The attackers bypassed the authorization system and used the backdoor to intercept and record phone calls.

Authorities often want backdoors in order to make their own jobs easier. The problem is that backdoors can usually be used by criminals as well. The more ways that there are into a system, the easier it is for anyone else to get in.

In other news, the British government wants a backdoor into Windows filesystem encryption. (/.)

UPDATE: (2006-03-04) Microsoft denies the rumors that Vista will have a backdoor. (/.) For those who don’t trust Microsoft’s encryption anyways, there are alternatives, some of them free.

Recently, the FCC gave the FBI a backdoor to the network. Now, it looks like the Canadian government is trying to catch up to our neighbours to the south, and are planning on introducing a bill this fall to give police more surveillance powers. (Globe and Mail, CanWest, /.) The bill, or at least a version that was circulated for review earlier this year, requires ISPs to retain traffic logs for a significant amount of time, and provide police with information 24/7 within 30 minutes of receiving a phone call without a court order. I’m not so much concerned about the types of data that police may be able to get under the new legislation. I’m much more concerned about the lack of due process — police should not be able to access information without a search warrant.

Justice Minister Cotler says that the bill will “protect the civil libertarian concerns that are involved such as privacy and information surveillance.” I hope that it’s true, and we’ll see when the bill is introduced next month.

A Minnesota court has allowed the presence of PGP on a defendant’s computer to be admitted as evidence. (/.) (PGP is an encryption program.) The question of whether law enforcement officials actually found encrypted files, or determined that the defendant had used PGP for illegal purposes, seemed to be irrelevant. The mere presence of PGP was allowed as evidence of criminal intent.

So for all the judges in Minnesota: I use encryption. I have GnuPG (which is very similar to PGP) on my computer. All my data is encrypted. Most of the network traffic coming out of my computer is encrypted. I guess that means I’m guilty of conspiring to <insert your favourite crime here>.

Now don’t get me wrong; I’m not defending the guy’s actions. If he is guilty of distributing child pornography, he should be locked up for a long time. But he does have the right to a fair trial, and admitting bogus evidence like that doesn’t do much in the way of getting a fair trial. This is just an example of what happens when technology grows faster than society’s ability to understand it: fear, uncertainty, and doubt.

July 4, 2002, Independence Day in the United States, when Americans celebrate their freedom. Yet on that day, John Gilmore, the millionaire founder of the Electronic Freedom Foundation and employee 5 at Sun Microsystems, got a demonstration of how Americans are losing their freedoms. (/.) As he tried to board a plane, ticket in hand, the gate agent asked for ID. When he asked why, the agent said that it was the law. He asked to see the law, but nobody was able to produced it. And three years later, nobody has produced it yet. In fact, the law is apparently "Sensitive Security Information".

To clarify, this isn’t about having to show ID before boarding a plane (although that was the issue in the beginning). I’ve complained many times here on my blog about airport security being useless, how it’s still easy to get a bomb or cutting instrument into the gate area, how the rules don’t actually help anything, and so on. And I’ll rant about that again in the future, I promise.

The big issue here is that Americans are subject to a law (or, as it seems, several laws) that they are not allowed to read. The government is imposing rules on the people while refusing to tell the people what the rules are. How then is one supposed to know if he or she is following the rules? How is one able to ensure that the rules are constitutional? It seems like the United States is losing its checks and balances, and getting closer to a totalitarian regime.

By the way, the best line from the article: “ When techies burn out, they tend not to do strange things. They are, by nature, already a few degrees off plumb. So they revert to the ordinary.”