The other day I did a webcast with Mary Minow on the intersection of privacy issues and technology. We spoke about holds, RSS feeds, Library Elf and public computing.

Have a listen to this 55 minute event via podcast (MP3) or watch the webcast.

The Center for Democracy and Technology‘s Executive Director, Leslie Harris, appears today before the Senate Committee on the Judiciary. Her statement is entitled “Balancing Privacy and Security: The Privacy Implications of Government Data Mining Programs.” She does an excellent job of explaining how our privacy protection policies no longer function as intended because of how information is acquired and used by the government in today’s technological and political environment.

She states:

In the past, the government by and large collected data on one person at a time (i.e., with particularity), either in the course of administering a government program or where there was some suspicion that a person was engaged in criminal conduct, terrorism or intelligence activity. The government was authorized to keep this data for long periods of time, and to retrieve, share and analyze it for compatible purposes without serious controls. However, before it could take action based on that data, the government was bound by procedural due process principles of notice and an opportunity to respond. In the traditional data environment, the greater the consequences for the individual, the greater the due process requirements. For example, the criminal due process standards in the Bill of Rights place the burden of proof on the government and force it to disclose all of its evidence to the accused, for challenge.

Now, in contrast, Section 215 of the PATRIOT Act, the expanded National Security Letter authorities, the growing implications of the Supreme Court’s “business records” decisions (which place most commercial data outside the protections of the Fourth Amendment), the President’s claims of inherent power, and the nature of technology itself can result in the wholesale collection of data and databases by the government without particularized suspicion. Yet the traditional rules on storage and use remain in place, permitting the government to keep that data forever and to go back to it for further analysis (e.g., data mining) with little legal constraint.

The statement goes on to make very reasonable recommendations that would lead to better oversight of the government’s data collection and data mining initiatives which would in turn ensure that money is spent on proven-effective programs and fair information practices are used.

Fair information practices, Harris argues, should be the basis for analyzing
the issues associated with data mining. Fair information practices evaluate the data collection/data mining practices against these questions:

1. What information is being collected?
2. How long will it be kept?
3. How accurate and reliable is the information?
4. How will an individual be able to correct erroneous information?
5. What are the redress and enforcement mechanisms?

Reading Harris’ statement made me realize that privacy is disappearing but maybe that isn’t so bad. Many of us freely release private information about ourselves in favor of the convenience that disclosing information affords us. We give up privacy for cost-savings (loyalty cards) and to save time (personalized websites that we personalize to suit our needs at the expense of allowing lots of information to be collected about us – ever read Google’s privacy statements?). And, of course if you are under 30, you could have your entire life history online at MySpace.

Privacy isn’t necessarily what is important. But Fair Information Practices are critical.

As Harris says in her statement: “Information privacy is not merely about keeping personal information confidential. In the context of a function like data mining, privacy is equally about due process: how to make fair decisions about people.”

It seems to me that due process is what its all about. It’s almost too late to seriously try to keep information confidential. But that due process thing …now, that’s very important.

According to the Electronic Privacy Information Center (EPIC), even the Department of Homeland Security’s (DHS) Office of the Inspector General is concerned about the use of RFID tags.

According to EPIC, the DHS Inspector General recently (July 27, 2006) issued a report that found a “lack of systematic inventories of RFID technology and consistent policies, and identified security concerns
regarding user access permissions, password management, and auditing in
the Department’s RFID databases.” The report says that in the absence of “adequate security measures”, data on the tag “can be read by a variety of authorized and
unauthorized readers”.

The report entitled Additional Guidance and Security Controls Are Needed Over Systems Using RFID at DHS (Redacted) found that “security controls were not always present in developing systems, creating the risk that many systems under development would not be adequately tested prior to their application in the real world.”

Although the report is talking about RFID tags in immigration documents and passwords, I submit that library RFID systems would qualify as “under development” too. ‘Nuf said.

For more on RFID from EPIC, see http://www.epic.org/privacy/rfid/.

“Everyone has the responsibility to make sure the government plays by the rules.”
George Christian, Executive Director of Library Connection

Last sumer The Library Connection (a consortium of 26 Connecticut libraries) received the infamous “National Security Letter” asking for everything they had on one public access computer (based on the IP address) on one day for a period of 45 minutes (see the The Letter here).

With help from the American Civil Liberties Union, the Library Connection managed to fight the request. First they focused on fighting the gag provision (you can’t tell a soul you got one of the NSL letters). Ultimately, the government gave up the fight and dropped the request altogether.

Per Ann Beeson, Associate Legal Director of the ACLU. “While the government’s real motives in this case have been questionable from the beginning, their decision to back down is a victory not just for librarians but for all Americans who value their privacy.”

More here.

Have you noticed that you’re getting pop-up ads that are somehow more targeted to your interests than they used to be? Is your computer running more and more slowly?

Could be you are experiencing an invasion of spyware! Huh?

For an easy-to-read backgrounder, check out The Christian Science Monitor’s Is your computer spying on you?”. The article defines the different forms of spyware including browser hijackers, keyloggers, malware and spybots. It explains that spyware is different from cookies and explains why spyware can be dangerous.

The article recommends some useful tools for keeping a handle on these sneaky, annoying programs. Here are the free ones they mention:

• Ad-ware 6.0
• Spybot – Search & Destroy 1.2

I’m planning to give Spybot a run because in addition to rooting out the “uninvited Web-borne flotsam” it also has some other utilities I’m interested in including a file shredder, the ability to block adware servers and a tool for controlling what apps load when I start my computer. I’ll let you know how it goes……