We recently noted that, over in France, under the HADOPI three strikes regime, they had their first 10 people get their third strike, and each was being reviewed to see if they should lose their connection. Well, it looks like the first guy has lost his connection... and it's a 54-year old school teacher who insists he has no idea how to download unauthorized content. The story is a little unclear, but it sounds like he had open WiFi, and he didn't understand what the "first strike," was really about. When he got the "second strike" notice, he tried to figure out how to secure his WiFi, but it either took too long or he was unable to figure it out... and so along came the third strike. The guy is pretty upset about this, for a damn good reason. It's going to be ridiculously expensive to fight and it may get appealed up to European courts outside of France, which would entail significant travel expenses as well. This is why it's supposed to be innocent until proven guilty, right?

The FBI has quite a history of abusing its powers in spying on people. Over the past few years, revelations of massive abuses of the National Security Letter (NSL) process to get info on people without proper oversight, has showed how agents will quite frequently go beyond what is legal to obtain info on people. So it seems quite troubling to find out that the FBI is adapting its manual for agents, known as "The Domestic Investigations and Operations Guide," to let agents do electronic lookups on people without first justifying the reasons.

Under current rules, agents must open such an inquiry before they can search for information about a person in a commercial or law enforcement database. Under the new rules, agents will be allowed to search such databases without making a record about their decision.

We've seen over and over and over again, when people have access to giant databases of info (especially in the government) without clear tracking or oversight, that data gets abused. Allowing FBI agents to search willy nilly is a recipe for widespread abuse.

We had mentioned, briefly, the amendment that Senators Ron Wyden and Mark Udall had tried to push for with relation to the renewal of controversial provisions of the PATRIOT Act, however didn't spend much time discussing it. The details are important -- even if we can't know what most of them are. Basically, what becomes clear is that both Senators -- who are on the Senate Intelligence Committee -- are aware of the fact that the feds have interpreted the PATRIOT Act provisions much more broadly than the wording suggests, but they've kept this interpretation secret. In other words, though the law says one thing, the federal government has announced internally that it's "interpreting it" an entirely different way, but it's kept that interpretation secret. The speculation is that these provisions are being massively abused for widespread warrantless wiretapping.

In an interview with Wired, Wyden makes the point clear:

“We’re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says."

He notes that he has no problem with keeping the techniques the feds use secret, but the interpretation should be public, and that's what their amendment is about.

And it's not just the public that's having the wool pulled over their eyes. Wyden and Udall are pointing out that the very members of Congress, who are voting to extend these provisions, do not know how the feds are interpreting them:

As members of the Senate Intelligence Committee we have been provided with the executive branch's classified interpretation of those provisions and can tell you that we believe there is a significant discrepancy between what most people - including many Members of Congress - think the Patriot Act allows the government to do and what government officials secretly believe the Patriot Act allows them to do.

Legal scholars, law professors, advocacy groups, and the Congressional Research Service have all written interpretations of the Patriot Act and Americans can read any of these interpretations and decide whether they support or agree with them. But by far the most important interpretation of what the law means is the official interpretation used by the U.S. government and this interpretation is - stunningly -classified.

What does this mean? It means that Congress and the public are prevented from having an informed, open debate on the Patriot Act because the official meaning of the law itself is secret. Most members of Congress have not even seen the secret legal interpretations that the executive branch is currently relying on and do not have any staff who are cleared to read them. Even if these members come down to the Intelligence Committee and read these interpretations themselves, they cannot openly debate them on the floor without violating classification rules.

In the understatement of the year, Wyden and Udall state "this is not acceptable." I think it goes beyond unacceptable. It's downright scary. That Congress is about to rubberstamp the extension of the law when they think it says one thing, while the feds pretend it says something entirely different, is a travesty.

As we've discussed, there were some very questionable provisions in the Patriot Act which were set to expire last year, but got extended, officially to allow time for debate. There was none, and when the extension was set to expire, Congress extended the clauses again for 90 days, supposedly to debate them. There were some superficial discussions, but the end result is what many people knew would happen anyway: the provisions are going to be extended for four years, with no concessions or greater oversight. Not only that, but the leadership from both major parties, who have agreed to this "deal," want to pass it with little or no debate:

The deal between Senate Majority Leader Harry Reid and House Speaker John Boehner calls for a vote before May 27, when parts of the current act expire, according to officials in both parties who spoke on condition of anonymity. The idea is to pass the extension with as little debate as possible to avoid a protracted and familiar argument over the expanded power the law gives to the government.

So, let's see. The government grants itself the power to abuse the 4th Amendment and spy on people with little oversight, and it would prefer that there not be any debate over this, because pesky people might raise the fact that this is wide open for abuse, and the senators don't want to have to talk about that.

We all knew last week, when the House failed to renew three controversial clauses in the Patriot Act that allow the government to spy on people with little oversight, that it was a temporary reprieve. Indeed, just a week later, with a slight procedural change, the same provision has been approved, and now it moves to the Senate, where there are three separate bills for extending these clauses (and none about getting rid of them, as was supposed to have happened by now). Only one of the three bills, put forth by Senator Patrick Leahy, includes additional oversight. The two others -- from Senator Chuck Grassley and Senator Dianne Feinstein -- do not include any oversight.

But, really, we should be asking why these provisions are being extended at all. The reason for allowing them in the original Patriot Act was that they were "needed" in the immediate aftermath of terrorist attacks. But they were put forth with clear sunset provisions, recognizing that those three provisions should not be the norm. Over the years, there has been tremendous evidence of abuse of the Patriot Act, well beyond its intended purposes, so at the very least, there should be much greater oversight. But, even worse, when these provisions were extended last year, the excuse for extending them was that there wasn't enough time to debate the provisions. So the one year extension was supposed to be for the purpose of debate. Yet no debate happened. Hell, no discussion happened. Instead, everyone waited, and when the deadline came, they just agreed to push the deadline out further (and Grassley's plan is to push it out forever).

Shouldn't we be asking why there's been no public discussion or debate on the need for these provisions? To date, the extent of the "discussion" has been to have various thinktanks make statements in support of these provisions that are either misleading or flat-out false. Don't the American people deserve better?

In the meantime, if you'd like to see if your elected representative voted in favor of the extension, you can see the roll call tally of all the votes. I'm happy to see my Rep. voted against it (after abstaining last round).

Every few months it seems that yet another report comes out saying that the various intelligence agencies have abused their powers to spy on people with little (or no) oversight. The latest such report, released thanks to a court battle by the ACLU explains (in heavily redacted terms) that there are still widespread abuses of the process of wiretapping people under the FISA law (though, it may not be quite as bad as in the past). Of course, the specific details are all redacted.

Separately, a Freedom of Information request by Chris Soghoian has turned up how the feds now regularly are tracking real-time info such as credit card transactions (as you make them) without first getting a court order. Apparently, the Justice Department is allowing agents to write their own subpoenas, and the only role a judge plays is in ordering that the surveillance not be disclosed. Once that happens, credit card companies, mobile operators, rental car companies and even retail stores with loyalty cards end up giving the government a direct, real-time feed. So, yes, the government may know about that giant bag of nacho chips you bought at Costco before you even make it home. Obviously, there may be good reasons for the government to want real-time info on certain people that they're watching but doesn't it seem a bit strange to avoid having to go to a judge and proving probable cause before being allowed to get that kind of info?

As the French "three strikes" Hadopi process begins, with tens of thousands of notices being sent out to accused file sharers (their "first strike"), things may be even more ridiculous than previously assumed. Guillaume Champeau fills us in on the details of a leaked report from the French privacy commissioner (Google translation from the original French). Basically, the privacy commissioner CNIL admits that, due to the number of notices being sent, Hadopi will simply not be able to review the accusations for accuracy, and will need to accept the claims from TMG, the company hired by the entertainment industry to accuse people. Here's Champeau's summary:

"Rights holders have been authorized in June to collect IP addresses on P2P networks, by recruiting the services of the French company TMG. It will monitor P2P networks, store the IP addresses it believes illegally shares copyrighted works, and their rights holder customers will forward the ones they want to the French HADOPI.

Early this week, an internal report by the CNIL was leaked. The CNIL is the Privacy Commissioner in France. It is the Commission which has allowed rights holders to use the TMG services and collect IP addresses.

The report says that "due to the high number of expected cases (25 000 a day at first, then 150 000 a day), it is impossible for the [right holders' agents] to check the [infringement] reports one by one. Nonetheless, the system does not have particular control procedures, for instance by sampling, which would allow an agent to detect anomalies in a collection session".

It says that "the actions of the Hadopi will be limited to accepting or denying the transmitted findings, without the ability to check them. The first steps of the "three strikes" process will therefore lay only upon the collection operated by the TMG system".

Despite these concerns, the CNIL did authorize the right holders to collect the IP addresses, and did not oppose the 3 strikes process by the Hadopi.

Read that bold part carefully. What this is saying is that despite the fact that you can be kicked off the internet based solely on accusations, not convictions, and despite all of the problems with false accusations and the fact that an IP address alone does not accurately identify an individual, and despite the fact that the massive number of notices being sent out mean that there will surely be false positives, the only people reviewing these notices to make sure they're accurate will be employed by the agent hired by the copyright holders themselves. Due process? It's dead.

We're still at a loss to explain why there's been so little outrage over the fact that the FBI got a total free pass for its massive abuse in getting phone records. As you may recall, reports came out about how the FBI regularly abused the official process for obtaining phone records, avoiding any of the required oversight, but right before that info came out the White House issued a ruling saying that it was okay for the FBI to break the law. That's not how things are supposed to work.

And, it appears that since there was no outrage over all of this, the White House keeps pushing further. Three new articles highlight what a travesty this has become. First, the White House wants to quietly make it easier for the FBI to demand internet log file information without a judge's approval." Just as I finished reading that, I saw Julian Sanchez's new writeup about how the White House blocked and killed a proposal to give the GAO power to review US intelligence agencies. The GAO is the one government operation that seems to actually focus on doing what's right, rather than what's politically expedient. Sanchez notes that, beyond the sterling reputation of the GAO, it's also ready, willing and able to handle this kind of oversight:

The GAO has the capacity Congress lacks: as of last year, the office had 199 staffers cleared at the top-secret level, with 96 holding still more rarefied "sensitive compartmented information" clearances. And those cleared staff have a proven record of working to oversee highly classified Defense Department programs without generating leaks. Gen. Clapper, the prospective DNI, has testified that the GAO "held our feet to the fire" at the Pentagon with thorough analysis and constructive criticism.

Unlike the inspectors general at the various agencies--which also do vital oversight work--the GAO is directly answerable to Congress, not to the executive branch. And while it's in a position to take a broad, pangovernmental view, the GAO also hosts analysts with highly specialized economic and management expertise the IG offices lack. Unleashing GAO would be the first step in discovering what the Post couldn't: whether the billions we're pouring into building a surveillance and national security state are really making us safer.

Oh, and just to make this all more comically depressing, just as I finished reading both of these stories, I saw a story about a new investigation into reports that FBI agents were caught cheating on an exam, which was designed to get them to stop abusing surveillance tools. Yes, you read that right. After all the reports of abuse of surveillance tools, the FBI set up a series of tests to train FBI agents how to properly go about surveillance without breaking the law... and a bunch of FBI agents allegedly cheated on the test that's supposed to stop them from "cheating" on the law. And, not just a few. From the quotes, it sounds like this cheating was "widespread." But, of course, it might not matter, since the requirements for surveillance are being lowered, oversight is being blocked, and apparently the White House is willing to retroactively "legalize" any illegal surveillance anyway.

Lots of folks are submitting the big interactive investigative report put out by the Washington Post, detailing the massive bureaucratic mess that has become the US's anti-terrorism operations. Basically, since September 11, 2001, when the government (reasonably) agreed to devote more resources to the counter-terrorism, it's been an opportunity for both government employees and the private sector to build up giant, well-funded bureaucratic entities that have little to no oversight, and quite frequently seem to overlap with what others are doing:

In all, at least 263 organizations have been created or reorganized as a response to 9/11. Each has required more people, and those people have required more administrative and logistic support: phone operators, secretaries, librarians, architects, carpenters, construction workers, air-conditioning mechanics and, because of where they work, even janitors with top-secret clearances.

With so many more employees, units and organizations, the lines of responsibility began to blur. To remedy this, at the recommendation of the bipartisan 9/11 Commission, the George W. Bush administration and Congress decided to create an agency in 2004 with overarching responsibilities called the Office of the Director of National Intelligence (ODNI) to bring the colossal effort under control.

While that was the idea, Washington has its own ways.

The first problem was that the law passed by Congress did not give the director clear legal or budgetary authority over intelligence matters, which meant he wouldn't have power over the individual agencies he was supposed to control.

The second problem: Even before the first director, Ambassador John D. Negroponte, was on the job, the turf battles began. The Defense Department shifted billions of dollars out of one budget and into another so that the ODNI could not touch it, according to two senior officials who watched the process. The CIA reclassified some of its most sensitive information at a higher level so the National Counterterrorism Center staff, part of the ODNI, would not be allowed to see it, said former intelligence officers involved.

The article then notes that, despite the fact that ODNI is supposed to be coordinating everything "today, many officials who work in the intelligence agencies say they remain unclear about what the ODNI is in charge of."

So, there are turf battles with little oversight and lots of focus on status symbols, rather than actually getting stuff done:

It's not only the number of buildings that suggests the size and cost of this expansion, it's also what is inside: banks of television monitors. "Escort-required" badges. X-ray machines and lockers to store cellphones and pagers. Keypad door locks that open special rooms encased in metal or permanent dry wall, impenetrable to eavesdropping tools and protected by alarms and a security force capable of responding within 15 minutes. Every one of these buildings has at least one of these rooms, known as a SCIF, for sensitive compartmented information facility. Some are as small as a closet; others are four times the size of a football field.

SCIF size has become a measure of status in Top Secret America, or at least in the Washington region of it. "In D.C., everyone talks SCIF, SCIF, SCIF," said Bruce Paquin, who moved to Florida from the Washington region several years ago to start a SCIF construction business. "They've got the penis envy thing going. You can't be a big boy unless you're a three-letter agency and you have a big SCIF."

SCIFs are not the only must-have items people pay attention to. Command centers, internal television networks, video walls, armored SUVs and personal security guards have also become the bling of national security.

"You can't find a four-star general without a security detail," said one three-star general now posted in Washington after years abroad. "Fear has caused everyone to have stuff. Then comes, 'If he has one, then I have to have one.' It's become a status symbol."

But is this working? Well, it doesn't sound like it. Rather than finding the ever important terrorist needles in the haystack, it sounds like they're just creating more and more haystacks:

In Yemen, the commandos set up a joint operations center packed with hard drives, forensic kits and communications gear. They exchanged thousands of intercepts, agent reports, photographic evidence and real-time video surveillance with dozens of top-secret organizations in the United States.

That was the system as it was intended. But when the information reached the National Counterterrorism Center in Washington for analysis, it arrived buried within the 5,000 pieces of general terrorist-related data that are reviewed each day. Analysts had to switch from database to database, from hard drive to hard drive, from screen to screen, just to locate what might be interesting to study further.

As military operations in Yemen intensified and the chatter about a possible terrorist strike increased, the intelligence agencies ramped up their effort. The flood of information into the NCTC became a torrent.

As we noted earlier this year, this is why the government missed the guy who tried to blow up a plane on Christmas day. They had all the data. But there was such a backlog, they couldn't actually piece it all together.

Oh, and beyond the fact that that this "Secret America" has hired hundreds of thousands of people doing overlapping work that just makes everything more confusing, the focus on status symbols and things like SCIFs might make you wonder who's doing the actual work. You probably don't want to know:

Among the most important people inside the SCIFs are the low-paid employees carrying their lunches to work to save money. They are the analysts, the 20- and 30-year-olds making $41,000 to $65,000 a year, whose job is at the core of everything Top Secret America tries to do....

When hired, a typical analyst knows very little about the priority countries - Iraq, Iran, Afghanistan and Pakistan - and is not fluent in their languages. Still, the number of intelligence reports they produce on these key countries is overwhelming, say current and former intelligence officials who try to cull them every day. The ODNI doesn't know exactly how many reports are issued each year, but in the process of trying to find out, the chief of analysis discovered 60 classified analytic Web sites still in operation that were supposed to have been closed down for lack of usefulness. "Like a zombie, it keeps on living" is how one official describes the sites.

So you have four star generals fighting over who has a bigger security detail, while a bunch of recent college grads with little experience produce the "analysis." Fantastic.

And given our recent stories about cyberwar hype, this story provides a bit more background. Cyberwar is, of course, the hot thing, so all of these different groups are all shoving each other aside to pitch themselves as cyberwar experts to get more money to garner more status symbols.

In the meantime, it's not at all clear that this deluge of information is actually making anyone safer. We've already discussed how adding more haystacks doesn't make it any easier to find the terrorist needle, but it doesn't even appear that all this "top secret" security is all that secure. In a separate story, Jim Harper points out the news of a security researcher who created a fictitious, but cute, information security woman, who used social engineering and social networking tricks to build up all sorts of connections within the security world, including top security experts, military personnel and staff at intelligence agencies and defense contractors.

Ms. Sage's connections invited her to speak at a private-sector security conference in Miami, and to review an important technical paper by a NASA researcher. Several invited her to dinner. And there were many invitations to apply for jobs.

"If I can ever be of assistance with job opportunities here at Lockheed Martin, don't hesitate to contact me, as I'm at your service," one executive at the company told her.

One soldier uploaded a picture of himself taken on patrol in Afghanistan containing embedded data revealing his exact location. A contractor with the NRO who connected with her had misconfigured his profile so that it revealed the answers to the security questions on his personal e-mail account.

"This person had a critical role in the intelligence community," Mr. Ryan said. "He was connected to key people in other agencies."

So for all this massive new security infrastructure, totally hidden from public view, it's easy to infiltrate parts of it with some cute photos of a non-existent woman. Fantastic.

We've tried debunking the ridiculous concept of "search neutrality" a few times now. It's an invention by a few telcos who were upset that Google was supporting net neutrality rules (something I don't support). So they came up with this concept of "search neutrality" to get back at Google. But, of course, the situations are entirely different. The reason why people believe in net neutrality is because your ISP controls what you can do online. You don't have a choice. When it comes to search, not only do you have the ability to make an instant choice, but the whole point of a search engine is to "rank" results based on what it thinks is best. You can't be "neutral" because a "neutral" search is just a unranked list of links that may or may not have anything to do with what you're searching for.

But, it appears the editorial folks over at the NY Times have gotten confused by all of this, and are saying that the government should step in and ensure that Google's algorithm is "fair":

Still, the potential impact of Google's algorithm on the Internet economy is such that it is worth exploring ways to ensure that the editorial policy guiding Google's tweaks is solely intended to improve the quality of the results and not to help Google's other businesses.

Some early suggestions for how to accomplish this include having Google explain with some specified level of detail the editorial policy that guides its tweaks. Another would be to give some government commission the power to look at those tweaks.

It's difficult to think of anything more ridiculous than a news publication calling for the government to step in and review the editorial guidelines of another company. So, just as the the telcos did with Google, why not flip this around, and make the same point about the NY Times. Here's my attempt:

The potential impact of the NY Times' coverage on the world/economy/war/etc. is such that it is worth exploring ways to ensure that the editorial policy guiding the NY Times' coverage choices is solely intended to improve the quality of the world, and not to help the NY Times' or other businesses.

Some early suggestions for how to accomplish this include having the NY Times explain with some specified level of detail the editorial policy that guides its front page choices. Another would be to give some government commission the power to look at those guidelines.

How would the NY Times (or pretty much any journalist) react to that? My guess is not too kindly.

Danny Sullivan, it appears, had a similar idea and rewrote the entire NY Times article as if it were talking about the NY Times (rather than just the two paragraphs I did here). He then goes into detail on why the whole thing is bunk.

Search engines are very similar to newspapers. They have unpaid "organic" listings, where usually (though not always), a computer algorithm decides which pages should rank tops. The exact method isn't important. What's important is that those unpaid listed are the search engines' editorial content, content it has solely decided should appear based on its editorial judgment.

Search engine also have paid listings, advertisements, which aren't supposed to influence what happens on the editorial side of the house. We even have FTC guidelines ensuring proper labeling of ads and intended to protect against "advertorials" in search results.

It's a church-and-state divide with good search engines, just as it is with good newspapers.

What the New York Times has suggested is that the government should oversee the editorial judgment of a search engine. Suffice to say, the editorial staff of the New York Times would scream bloody murder if anyone suggested government oversight of its own editorial process. First it would yell that it has no bias, so oversight is unnecessary. Next it would yell even more loudly that the First Amendment of the US Constitution protects it from such US government interference.

He also points out why Google is significantly more transparent than the NY Times about its own editorial policy:

Still, shouldn't Google share more about how it creates its algorithm? Compared to the New York Times, Google's a model of transparency. Consider:

• Google will list EVERY site that applies for "coverage" unlike the New York Times, which regularly ignores potential stories
• If Google blocks a site for violating its guidelines, it alerts many of them. The New York Times alerts no one
• Google provides an entire Google Webmaster Central area with tools and tips to encourage people to show up better in Google; the New York Times offers nothing even remotely similar
• Google constantly speaks at search marketing and other events to answer questions about how they list sites and how to improve coverage; I'm pretty sure the New York Times devotes far less effort in this area
• Google is constantly giving interviews about its algorithm, such as this one in February, along with providing regular videos about its process (here's one from April) or blogging about important changes, such as when site speed was introduced as a factor earlier this year.

There's a lot more in Sullivan's piece that basically debunks pretty much every myth that people (beyond just the NY Times) are making out to be an issue about Google's "neutrality" in search. Hopefully this silly concept goes away, but I fear there are too many lobbying dollars invested in it, that folks like Sullivan are going to have plenty of opportunities to re-debunk this concept in the future.