I know that already and I have same thoughts like you freedom and respecting privacy, actually Saudi has a big terrorist problem and they are misusing these services for spreading terrorism and contacting and spreading their cause that’s why I took this and I seek your help. If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.

Forgetting the question of legality, I hope that we can collectively look at this changing dynamic and perhaps re-evaluate what we culturally reward. I’d much rather think about the question of exploit sales in terms of who we welcome to our conferences, who we choose to associate with, and who we choose to exclude, than in terms of legal regulations. I think the contextual shift we’ve seen over the past few years requires that we think critically about what’s still cool and what’s not.

Maybe this is an unpopular opinion and the bulk of the community is totally fine with how things have gone (after all, it is profitable). There are even explicitly patriotic hackers who suggest that their exploit sales are necessary for the good of the nation, seeing themselves as protagonists in a global struggle for the defense of freedom, but having nothing to do with these ugly situations in Saudi Arabia. Once exploits are sold to US defense contractors, however, it’s very possible they could end up delivered directly to the Saudis (eg, eg, eg), where it would take some even more substantial handwaving to think that they’ll serve in some liberatory way.

Despite the seizure of the phone records, a Justice Department spokesman said the agency valued freedom of the press and was “always careful and deliberative in seeking to strike the right balance between the public interest in the free flow of information and the public interest in the fair and effective administration of our criminal laws.”

On November 5, [redacted], the case agent sent an e-mail asking another Special Agent in the [redacted] Field Office to inquire, in the other agent's capacity as his squad's liaison to the CAU, whether the on-site communications service providers could obtain telephone toll records of U.S. persons making [redacted] calls [redacted]. The case agent's November 5 e-mail listed 12 [redacted] telephone numbers, 8 of which were identified in the e-mail as belonging to Washington Post reporters [redacted] and Washington Post researcher [redacted] and New York Times reporters [redacted] The email identified a 7-month period -- a few months before and a few months after the published articles -- as the time period of interest for the leak investigation.

[....] However, in absence of any request from the case agent or anyone in the FBI, the CAU SSA issued an exigent letter dated December 17, [redacted], to Company A for telephone records of the reporters and others listed in the case agent's November 5, [redacted], e-mail. We determined that the SSA did this without further discussion with the case agent or the Special Agent who had asked only whether such records could be obtained through on-site providers, not that the records should be obtained.

The CAU SSA's exigent letter sought records on nine telephone numbers, seven of which were identified in the e-mail exchanges described above as belonging to Washington Post and New York Times reporters or their news organizations' bureaus in [redacted].....

The exigent letter did not specify the 7-month interval noted in the case agent's November 5 e-mail, or contain any date restrictions. The exigent letter also stated that the request was made "due to exigent circumstances" and that "subpoenas requesting this information have been submitted to the U.S. Attorney's office who will process and serve them formally on [Company A] as expeditiously as possible." However, this statement was not accurate. A subpoena request had not been sent to the U.S. Attorney's Office at the time the exigent letter was served, or at any time thereafter.

It's not unusual for government officials -- the very people we disagree with regarding civil liberties issues -- to agree with us on consumer privacy issues.

But don't forget that this person advocated for full-body scanners at airports while on the payroll of a scanner company.

Imagine a world in which every major company in America flew hundreds of thousands of drones overhead, 24 hours a day, seven days a week, 365 days a year, collecting data on what Americans were doing down below. It's a chilling thought that would engender howls of outrage.

Now imagine that millions of Americans walk around each day wearing the equivalent of a drone on their head: a device capable of capturing video and audio recordings of everything that happens around them. And imagine that these devices upload the data to large-scale commercial enterprises that are able to collect the recordings from each and every American and integrate them together to form a minute-by-minute tracking of the activities of millions.

So, who owns and what happens to the user's data? Can the entire database be mined and analyzed for commercial purposes? What rules will apply when law enforcement seeks access to the data for a criminal or national security investigation? For how long will the data be retained?

Ubiquitous street video streaming will capture images of many people who haven't volunteered to have their images collected, collated and analyzed. Even those who might be willing to forgo some degree of privacy to enhance national security should be concerned about a corporate America that will have an unrestricted continuous video record of millions.

We need to consider what rights consumers have, and what rights nonparticipant third parties should have.

Maybe the market can take care of this problem. But the likely pervasiveness of this type of technology convinces me that government must play a regulatory role.

The new data collection platforms right in front of us are much more likely to affect our lives than is the prospect of drones overhead surveilling American citizens.

Until recently, all Bloomberg employees could access information about when and how terminals were used by any customer. But after complaints by Goldman Sachs and JP Morgan, Bloomberg says its 2,000 or so journalists no longer have access to that information, though other staff still do. Bloomberg has more than 15,000 employees.

The banks were concerned that Bloomberg News was keeping tabs on terminal usage in order to aid its reporting. JP Morgan specifically cited coverage of the bank’s disastrous derivatives trading, known as the “London Whale,” which Bloomberg was the first to reveal.

Several former Bloomberg employees say colleagues would look up chat transcripts of famous customers, like Alan Greenspan, for amusement on slow workdays. The transcripts were typically mundane and hardly incriminating, but who wouldn’t enjoy watching a former US Treasury secretary struggle to use a computer? And, in theory, the substance of someone’s query to customer service could reveal specific information that he’s interested in, tipping off a reporter to a story.

When pervasive advertisements from a local merchant feature prices that seem to be just too good to be true, they may, in fact, not be the price that the average consumer will pay. Dozens of consumers who have used pseudonyms to post about their experiences with appellee Hadeed Carpet Cleaning, Inc. (“Hadeed”) on the popular website www.yelp.com, maintained by appellant Yelp Inc. (“Yelp”), report that Hadeed routinely fails to honor the advertised discount prices. Hadeed’s responses to several consumers on Yelp suggest that it recognizes the problem; yet its complaint for defamation singles out the authors of seven reviews posted on Yelp that say the same thing as the other online detractors of Hadeed and its sister business, Hadeed Oriental Rug Cleaning. Based on that allegation, Hadeed invoked the court’s subpoena power to strip its pseudonymous critics of their First Amendment right to speak anonymously.

The main question on this appeal—an issue of first impression at the appellate level in Virginia—is whether the trial court applied the proper legal standard in overriding the anonymous speakers’ First Amendment rights. Courts elsewhere have recognized that, given the valuable role played by the First Amendment right to speak anonymously in encouraging ordinary people to express themselves fully, it is necessary to balance that right against a plaintiff’s right to seek redress for wrongful speech by adopting a standard requiring a plaintiff to do more than articulate a good faith belief that the speech “maybe tortious.” Before stripping the defendant of a First Amendment right, these courts take an early look at the merits of the plaintiff’s claim to determine whether a valid claim has been alleged and whether there is a prima facie evidentiary basis for that claim. In this appeal, Yelp urges Virginia to adopt the same approach, and to remand this case to give Hadeed an opportunity to pursue its subpoena by meeting the proper standard.

The city’s Public Advocate Bill de Blasio, who is running for mayor, recently released a report asserting that a third of all Freedom of Information records requests to the police department were ignored. The numbers are no surprise to journalists who cover the department, such as Leonard Levitt, a veteran cops reporter who now writes at NYPD Confidential.

“All I can tell you is that the NYPD does whatever it wants to regarding FOI requests,” Levitt said. “Which means they never turn anything over, at least not to me. The only time they did respond was after I got the NY Civil Liberties Union involved.”

Back in October 2012, this reporter submitted a public records request for the discharge reports filed by NYPD officers over the previous year.

I filed the public records request on Oct. 1. And then waited. On Jan. 11, I received this response:

In regard to your request, for all weapons discharge reports filled [sic] by officers between January 1, 2012 and September 26, 2012, I must deny access to these records on the basis of Public Officers Law section 87 (2)(g) and 87 (2)(e) as such records/information, if disclosed would reveal criminal investigative techniques or procedures, and or are intra-agency materials. Furthermore, these records are also exempt from disclosure as these records on the basis of Public Officers Law section 87 (2)(e) and Public Officers Law 87 (2)(a) in that such records consist of personell records of a Police Officer and are therefore exempt from disclosure under the provisions of Civil Rights Law section 50-a.

Now, stop and consider this for a second. The NYPD said the public interest of how, when and why its officers use deadly force against the citizens it’s sworn to protect is outweighed by the need to protect the privacy of those same officers. Not only that, the public interest was outweighed by the need to protect its investigative techniques.

A New York judge ruled two years ago — in response to a NYCLU lawsuit, naturally — that discharge reports are subject to disclosure, do not violate officers’ privacy and do not compromise the department’s investigative techniques.

When the emails were finally released last week, after a two-year legal battle, they revealed a desperate public relations campaign in which city officials tried to rally support from prominent women — including Oprah Winfrey, Gloria Steinem, Caroline Kennedy, and Bette Midler — to champion Black's appointment. (I'll admit: never in a million years did I expect my work to result in stories containing the sentence, "Ms. Winfrey couldn't be reached for comment.") In the end, the emails were amusing, slightly enlightening, but largely innocuous.

“I’ve been here since 1974,” Freeman said. “The track record of the police department, particularly in the last decade, indicates in so many instances a failure to give effect to the spirit and letter of the freedom of information law."

“I look back at various mayoral administrations, and my feeling is that there was more of an intent to comply with the law in the era of Mayor [Ed] Koch than there has been since,” Freeman continued. “My sense has been that the downward slope began in Giuliani’s administration.”

Follow me @glynmoody on Twitter or identi.ca, and on Google+

In enacting the ECPA, Congress concluded that customers may not retain a “reasonable expectation of privacy” in information sent to network providers. . . [I]f the contents of an unopened message are kept beyond six months or stored on behalf of the customer after the e-mail has been received or opened, it should be treated the same as a business record in the hands of a third party, such as an accountant or attorney. In that case, the government may subpoena the records from the third party without running afoul of either the Fourth or Fifth Amendment.

If nothing else, these records show that federal policy around access to the contents of our electronic communications is in a state of chaos. The FBI, the Executive Office for U.S. Attorneys, and DOJ Criminal Division should clarify whether they believe warrants are required across the board when accessing people’s email. It has been clear since 1877 that the government needs a warrant to read letters sent via postal mail. The government should formally amend its policies to require law enforcement agents to obtain warrants when seeking the contents of all emails too.

More importantly, Congress also needs to reform ECPA to make clear that a warrant is required for access to all electronic communications. Reform legislation is making its way through the Senate now, and the documents released by the U.S. Attorney in Illinois illustrate that the law can be fixed without harming law enforcement goals. If you agree that your email and other electronic communications should be private, you can urge Congress to take action here.

Let’s say a seller of naughty toys were audited by the tax authority in another state. To prove that it has remitted all the taxes due in that state, it woud have to turn over, at the least, data reflecting the amount of its sales by geographical location. There are something like 30,000 state and local jurisdictions with authority to impose sales and use taxes, more than 7,500 of which have already adopted this kind of tax. If not ZIP+4, then the actual address of recipients would have to be turned over. Could they turn over non-identifying summaries? The point of an audit is to check the honesty and accuracy of summary filings, so the answer is no.

So state tax authorities would get troves of data about online purchases delivered into their state. The standard misuses apply. It might be transferred to other organs of government, legally or not, for investigation and examination. Curious state bureaucrats might look up the purchasing habits of ex-spouses, famous names, and political figures. The list goes on and on

1. The FISA Amendments Act, which was passed in association with the Patriot Act, supposedly to give the NSA more powers to scoop up communications of folks involved in terrorist activity. Now, the NSA is -- by mandate -- not allowed to spy on Americans. And yet, multiple whistleblowers and hints from folks who know in Congress have made it quite clear that the NSA has interpreted the FISA Amendments Act to allow exactly that -- even as many in Congress clearly don't understand how the bill is being used.
   
   While it's still not official, enough information has been revealed to show that the NSA interprets the requirement that its surveillance target foreign persons to mean that as long as it's looking for foreign terrorist activity, it can spy on everyone. Get that? It's a sneaky trick that many have not realized. The NSA argues -- likely with agreement from a secret court ruling -- that so long as it can claim that it is investigating a foreign threat somewhere, somehow, the prohibition on spying on Americans does not apply. There is increasing evidence that this now means that the NSA is scooping up pretty much all data it can get its hands on. While it may not be going through it in real time, it appears to believe that as long as it can make the argument that it's searching for a foreign threat, that it can delve into that treasure chest of, well, everything.
   
   
2. Next: the "national security letters" (NSL) issue. While a court recently ruled these unconstitutional, this process has been widely abused by the FBI for years to get private information on people without a warrant and with a gag order on recipients. Every time it's been investigated, it's been shown that the FBI has widely abused its NSL powers. However, since there's almost no oversight, the FBI still feels free to make widespread use of the tool, which was only supposed to be used in extreme circumstances.
   
   Along those lines, the FBI has gotten so comfortable with asking companies for data without a warrant or any formal oversight process, that it was revealed a few years ago that, rather than going through the drudge of actually processing paperwork to get private info from AT&T, some agents simply used Post-It Notes to make their requests, which AT&T readily coughed up without question.

Polis: Why wouldn't it work to leave it up, getting back to the contract part, and I think again there may be a series of amendments to do this, if a company feels, if it's voluntary for companies, why not allow them the discretion to enter into agreements with their customers that would allow them to share the information? ...

Rogers: I think those companies should make those choices on their own. They develop their own contracts. I think they should develop their own contracts. They should enforce their own contracts in the way they do now in civil law. I don't know why we want to get in that business.

Both government and private companies need cyber threat information to allow them to identify, prevent, and respond to malicious activity that can disrupt networks and could potentially damage critical infrastructure. The Administration believes that carefully updating laws to facilitate cybersecurity information sharing is one of several legislative changes essential to protect individuals' privacy and improve the Nation's cybersecurity. While there is bipartisan consensus on the need for such legislation, it should adhere to the following priorities: (1) carefully safeguard privacy and civil liberties; (2) preserve the long-standing, respective roles and missions of civilian and intelligence agencies; and (3) provide for appropriate sharing with targeted liability protections.

The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 in an effort to incorporate the Administration's important substantive concerns. However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill. The Administration seeks to build upon the continuing dialogue with the HPSCI and stands ready to work with members of Congress to incorporate our core priorities to produce cybersecurity information sharing legislation that addresses these critical issues.

Nearly 200 senior IBM executives are flying into Washington to press for the passage of a controversial cybersecurity bill that will come up for a vote in the House this week.

The IBM executives will pound the pavement on Capitol Hill Monday and Tuesday, holding nearly 300 meetings with lawmakers and staff. Over the course of those two days, their mission is to convince lawmakers to back a bill that’s intended to make it easier for industry and government to share information about cyber threats with each other in real time.

[IBM VP of government affairs Chris] Padilla, however, says companies need to be able to share threat data directly with the NSA “because that’s where the expertise is.”

“It really is a simple matter. The expertise in the U.S. government on cybersecurity largely rests in one place, and that's the National Security Agency,” he said. “They tend to know the most, the soonest about cyber threats and I think, frankly, there is a certain amount of feeling in the business community that you should be able to work directly and share information directly with the agency that has the most expertise.”

Hoang signed up for a subscription service with the website called IMDb Pro... She said she initially listed a false birth year - 1978, instead of 1971 - because she usually plays characters younger than she is.

But eventually, she moved from her hometown of Houston, Texas, to the more competitive entertainment market of Los Angeles, and as what would have been her fake 30th birthday approached, she decided she didn't want any age listed on her profile.

IMDb refused to remove the age listed unless she could provide evidence that it was incorrect. She asked the company to check its records to see if it had any information that would substantiate that age.

The company did so - using her account information to find her real name, and then using her real name to conduct a public records search and discover her true age. IMDb posted her real age on her profile, over her objections.

“Hoang did not present any testimony, documents, or other evidence supporting her damages allegations of lost income and profits. Neither Hoang nor her agent Joe Kolkowitz—her only two witnesses on damages—offered any testimony about future damages, and neither offered competent testimony on which a reasonable jury could base an award of damages for acting jobs allegedly lost to date.”

The documents the ACLU obtained make clear that, before Warshak, it was the policy of the IRS to read people’s email without getting a warrant. Not only that, but the IRS believed that the Fourth Amendment did not apply to email at all. A 2009 “Search Warrant Handbook” from the IRS Criminal Tax Division’s Office of Chief Counsel baldly asserts that “the Fourth Amendment does not protect communications held in electronic storage, such as email messages stored on a server, because internet users do not have a reasonable expectation of privacy in such communications.” Again in 2010, a presentation by the IRS Office of Chief Counsel asserts that the “4^th Amendment Does Not Protect Emails Stored on Server” and there is “No Privacy Expectation” in those emails.

Other older documents corroborate that the IRS did not get warrants across the board. For example, the 2009 edition of the Internal Revenue Manual (the official compilation of IRS policies and procedures) explains that “the government may obtain the contents of electronic communication that has been in storage for more than 180 days” without a warrant.

Then came Warshak, decided on December 14, 2010. The key question our FOIA request seeks to answer is whether the IRS’s policy changed after Warshak, which should have put the agency on notice that the Fourth Amendment does in fact protect the contents of emails. The first indication of the IRS’s position, from an email exchange in mid-January 2011, does not bode well. In an email titled “US v. Warshak,” an employee of the IRS Criminal Investigation unit asks two lawyers in the IRS Criminal Tax Division whether Warshak will have any effect on the IRS’s work. A Special Counsel in the Criminal Tax Division replies: “I have not heard anything related to this opinion. We have always taken the position that a warrant is necessary when retrieving e-mails that are less than 180 days old.” But that’s just the ECPA standard. The real question is whether the IRS is obtaining warrants for emails more than 180 days old. Shortly after Warshak, apparently it still was not

The IRS had an opportunity to officially reconsider its position when it issued edits to the Internal Revenue Manual in March 2011. But its policy stayed the same: the Manual explained that under ECPA, “Investigators can obtain everything in an account except for unopened e-mail or voice mail stored with a provider for 180 days or less using a [relevant-and-material-standard] court order” instead of a warrant. Again, no suggestion that the Fourth Amendment might require more.

(7) PROTECTION OF INDIVIDUAL INFORMATION—The Federal Government may, consistent with the need to protect Federal systems and critical information infrastructure from cybersecurity threats and to mitigate such threats, undertake reasonable efforts to limit the impact on privacy and civil liberties of the sharing of cyber threat information with the Federal Government pursuant to this subsection.

So, um, the feds may worry about privacy, if they want to and as long as it doesn't hinder their cybersecurity efforts. It's disconcerting that this even needed to be spelled out, and it certainly doesn't count as a safeguard. The response to criticism from the bill's authors has been the same since last year: they deny that this bill has anything to do with spying on people, and insist it's just about sharing technical threat data. Just this week, Rep. Rogers flatly stated this is not a surveillance bill. Still, in an attempt to placate the opposition, they backed an amendment (pdf and embedded below) from Rep. Hines replacing that paragraph, which passed in the markup phase. Here's the new text:

PRIVACY AND CIVIL LIBERTIES.—

(A) POLICIES AND PROCEDURES.—The Director of National Intelligence, in consultation with the Secretary of Homeland Security and the Attorney General, shall establish and periodically review policies and procedures governing the receipt, retention, use, and disclosure of non-publicly available cyber threat information shared with the Federal Government in accordance with paragraph (1). Such policies and procedures shall, consistent with the need to protect systems and networks from cyber threats and mitigate cyber threats in a timely manner—

(i) minimize the impact on privacy and civil liberties;
(ii) reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is not necessary to protect systems or networks from cyber threats or mitigate cyber threats in a timely manner;
(iii) include requirements to safeguard non-publicly available cyber threat information that may be used to identify specific persons from unauthorized access or acquisition;
(iv) protect the confidentiality of cyber threat information associated with specific persons to the greatest extent practicable; and
(v) not delay or impede the flow of cyber threat information necessary to defend against or mitigate a cyber threat.

It seems to me they are hoping that by making the section longer and more complicated, people will miss the fact that very little has changed. But what's truly astonishing is that this new text reads like a confession that CISPA does involve all the stuff that they've been insisting it has nothing to do with.

The big thing, of course, is that this oversight now involves civilian agencies, which is really the only meaningful change — and its impact has been rather minimized. Rather than putting the DHS or another agency in between the public and military agencies like the NSA, they've simply given them some input — and it's hard to say how meaningful that input will be. The provisions are bookended by escape clauses: first we're told that they only count when "consistent with the need to protect systems and networks from cyber threats", and then at the end we're reminded that they must "not delay or impede the flow of cyber threat information". That alone renders the rest of the text virtually moot, and it also seems to be acknowledging that the type of information sharing they want to do does threaten privacy.

If that weren't clear enough, there's a third out hiding in clause (ii), where we're reminded that personal information will only be limited if it's "not necessary to protect systems or networks from cyber threats". If this bill is really just about getting technical threat data, why would personal information ever be necessary? Once again, it serves as both an escape clause and a tacit admission that they do plan on doing the things that they have denied so vocally, or at least that they want to keep the option open.

But you can bet that the next time Rep. Rogers or Ruppersberger is questioned about it, they'll insist that CISPA has nothing to do with personal information and couldn't possibly threaten anyone's privacy. They'll insist that they addressed any concerns with this amendment, when in fact all they did was confirm just how warranted those concerns are. Nothing has changed: CISPA is still a dangerous bill, perhaps more explicitly so now than ever.

Here's the full bit from Rogers: "I don't know where they get that. It doesn't say that in the bill. NSA is not authorized to monitor; this is not a surveillance bill. If you read the bill — I encourage those privacy groups to actually read the bill — you won't find that in the bill. ... We're agnostic on how the government would form [an info-sharing regime]; some want DHS, some want others. We thought, let's be agnostic on that portion so you get the right regime. But if you don't have the capability of the NSA, taking that information from the Iranians and the North Koreans and others, and allowing that to get back into the system, it's worthless. And if you want the gold-standard protection from cyberattacks, the NSA has to be at least somewhere. They don't have to get it, they don't have to be the lead in it, but they're the ones that have the capability for overseas collection."

UK Parking Control (UKPC) is accused of revealing photographs of Brits' cars parked with number plates clearly to be read and in some cases the location revealed. In some images it's alleged that other details such as identification cards, shopping or belongings are clearly visible. Campaigners against private parking firms believe these images - allegedly made easily accessible to anyone on the UKPC website - exposed drivers' personal information.

[O[ne ticket recipient claimed to have found that by tweaking values in this web address, he could access thousands of other digital photographs of other people's vehicles... Some shots show personal items on view inside the vehicles, such as an ID card placed next to a disabled-driver badge.