Ash Crill alerts us to the news that the United Arab Emirates has announced plans to ban the use of Blackberries, and that Saudi Arabia has announced its intention to do the same. The issue is one we've seen before. The way the Blackberry works is all the data is encrypted and sent through RIM's servers. This pisses off governments who want to spy on the data. RIM, in the past, has noted that it has no way of spying on the email, even if some governments claim to have figured it out anyway (a claim that seems somewhat dubious as that same government later demanded RIM break the encrytpion again). It appears that a lot of folks in the UAE are quite upset about this -- especially as parts of the UAE (Dubai in particular) have spent the last decade plus trying to present themselves as an ideal place for foreign business activity.

The whole "cyberterorrism" fear mongering is being taken to even more extreme levels. At the Strategic Command Cyber Symposium, William Lynn III, the deputy defense secretary apparently told the audience that companies who operate critical infrastructure need to let the US install monitoring equipment or it puts everyone at risk. The NSA has apparently developed a monitoring system called Einstein (I wonder if they paid the license fee), and want to let companies "opt-in" to installing the gov't's system on their own systems, or face the "wild west" and put everyone at risk. This sounds like blatant fear mongering to let the government tap into all sorts of private infrastructure systems. After all, the government has shown, time and time again, that once it gets access to information, it doesn't take those whole "oversight" or "privacy rights" issues particularly seriously.

Over in the UK, police are apparently going around to various cybercafes and telling the owners and operators to be observant about what customers are doing, even to the point of examining the hard drives of the public computers after people have used them. Amusingly, the police then say, "It's not about asking owners to spy on their customers..." -- except that it is. The recommendations specifically included "encouraging people to check on hard drives." But that's not spying?

There are a bunch of different "child filtering/monitoring" software on the market these days, and many parents use it to help them keep track of what their kids do online. I have no problem with this -- so long as such filters aren't mandated by the government. But it appears that just selling the tools isn't enough for some companies. JJ sends in the news that one of the top providers in the space doesn't just monitor what kids do for parents, but collects all the data -- including the text of chat room discussions -- and resells it to marketers. You have to imagine that this isn't exactly what the FTC (or parents) expects of such tools.

The company defends the practice, claiming that the data is anonymized and no identifiable data is included -- but we've heard that before. Every single time someone insists their data is anonymized, news breaks showing that it is not. I don't think there's anything wrong, necessarily, with doing targeted marketing programs, but using unsuspecting parents and getting them to install filters and monitoring software, without realizing the data will be handed over to marketing firms, seems pretty sleazy.

Harvard Law Professor, and former Bush White House lawyer, Jack Goldsmith has an opinion piece today in the NYT about cyber-security. In it, he makes a number of obvious (though admittedly often overlooked) points about the need for better education and information sharing, but then asserts that those, untried, methods will not be enough. Instead, he argues, "The government must be given wider latitude than in the past to monitor private networks and respond to the most serious computer threats." For a lawyer who saw first-hand (and even wrote a book about) the excesses of the Bush administration, this is a reckless claim. The repeatedly documented violations of civil liberties by the NSA and other government agencies (not to mention their private sector compatriots) through widespread network surveillance did not serve to protect and defend US critical infrastructure. In fact, by adding legitimacy to network monitoring, scholars like Goldsmith and respected countries like the USA make it easier for less savorable regimes to justify their digital surveillance and crackdowns. While China's "Green Dam" censorship software was justified on child-safety grounds, the next iteration of liberty limiting code could very well be to stop "cyber-terrorism" or some other amorphous, ill-defined concept.

A far more level-headed approach to cyber-security is taken by Evgeny Morozov in his recent essay in the Boston Review, which points out that "[m]uch of the data are gathered by ultra-secretive government agencies—which need to justify their own existence—and cyber-security companies—which derive commercial benefits from popular anxiety. Journalists do not help. Gloomy scenarios and speculations about cyber-Armaggedon draw attention, even if they are relatively short on facts." While Goldsmith is certainly not promoting increased government intervention out of self-interest, it is not good enough to pay lip-service to privacy and network openness. Decision-makers need to recognize that certain policies and rhetoric will inevitably have dangerous, unproductive unintended consequences.

For several years, authorities in Oregon have been pursuing a plan to put GPS units in every car in the state to track and tax drivers' mileage. Now, Massachusetts wants to get in on the act, and replace its gas tax with a mileage-based tax (via Boing Boing) generated by GPS units in cars. The state wants to ditch its gas tax because rising fuel efficiency is leading to decreasing tax revenue, so the new plan would instead charge drivers a quarter of a cent for each mile they drive. The state's governor is talking not just about boosting tax revenue, but says he likes ideas that are "faster, cheaper, simpler." It's not clear how replacing the current gas tax by forcing drivers to install GPS trackers in their cars and building an infrastructure to gather data from them, then assess and collect a mileage tax will be fast, cheap or simple. This doesn't even mention the myriad privacy concerns of giving state employees access to records of Massachusetts drivers' activity. This idea continually pops up, whether as a tax idea or a new way to charge for auto insurance -- but it never seems to hold any more value beyond a soundbite.

There's quite a story making the rounds, suggesting that Nokia is putting significant pressure on the Finnish government, demanding that it pass a law allowing it to spy on its employees, or the company will leave Finland. Nokia is quickly denying the claim, which does seem pretty extreme. However, that doesn't mean that Nokia hasn't put political pressure on the government to pass this law. Apparently, the company has been caught multiple times illegally spying on employees, and has worked hard to get this law passed, which would legalize its actions. Despite legal experts all insisting that the law is unconstitutional, apparently the Finnish Parliament's Constitutional Law Committee has decided to move forward with it anyway -- which is what resulted in the speculation about the threat to leave Finland.

Over the past few days there's been a lot of attention paid to the news that the RIAA has ended its relationship with MediaSentry, the highly controversial firm that the RIAA used to try to find those involved in file sharing. There have been various lawsuits questioning MediaSentry's techniques -- and the sheer number of falsely identified people certainly suggested pretty strongly that the company wasn't doing a particularly good job. Of course, with the RIAA's "new strategy" of abandoning lawsuits in favor of having ISPs be their enforcers, the record labels still need a company to come up with whatever flimsy evidence it can find. So, don't think the ending of the relationship means that the RIAA has stopped monitoring file sharing. Instead, it's simply switched to a new company: DtecNet out of Copenhagen.

USA Today is reporting that Homeland Security is looking to start scanning blogs, forums and message boards to try to track terrorists and terrorist activity. My first reaction to this, honestly, was shock. Shouldn't they have been doing this already? As in, for many, many years? To be fair, the article suggests that the real difference here is that in the past Homeland Security has done static searches that they check on every so often -- and now they're hoping for a more real-time solution. Even so, it strikes me as odd that Homeland Security didn't already have something that was at least close to real-time in alerting them to certain things online. For all the talk of sophisticated monitoring on internet activities, could it be that we're really that far behind in internet terrorist monitoring?

We recently noted that some articles were appearing in the UK about a plan by the government to track all phone calls, emails and internet surfing histories in that country in a giant database. The whole thing sounded so extreme we even doubted it was true. However, it appears to be based in fact, as the government is outlining the details of the plan, while at the same time agreeing to delay introducing it for at least year, in order to hear from the public (or, perhaps, to hope that public dislike of this proposal dies down enough that it can be introduced quietly). The backers of the plan stress that all they want is the data about the communications, rather than the communications themselves. So, that would mean they're interested in who called whom, not what was said, and who emailed whom, not what was written. That may be small comfort to some, but it still seems like a huge privacy violation, and the database is almost certainly to be abused and misused by those who have access to it.