Some semi-good news to report here. EPIC (Electronic Privacy Information Center) has received a settlement from the NSA in its long-running lawsuit (dating back to late 2012) against the agency for its withholding of documents related Presidential Directive 54, a national security directive on cybersecurity.
EPIC received some of the documents as a result of the lawsuit, "substantially prevailing" under the FOIA, and prompting the NSA to make a settlement offer to EPIC. As a consequence, EPIC will receive attorneys fees from the NSA. EPIC is simultaneously appealing the lower court's determination that NSPD-54 is not an "agency record" subject to the FOIA. It was the first time a federal court has ruled that a Presidential Directive is not subject to the Freedom of Information Act.
The problem with "first times" is that they almost inevitably lead to more incidents. If this decision is upheld, the government will now have one more way to dodge FOIA requests on secret directives.
On the plus side, EPIC will be receiving $3,500 in attorneys' fees from the NSA, but as it notes, the agency is still withholding documents thanks to the favorable lower court ruling. The documents EPIC has received so far are embedded below, and as the agency seems to prefer, they are unsearchable images, rather than scans. This allows the government to appear transparent while still hampering attempts to cross reference existing documents or other versions of the same document. (The government has been known to redact something on one FOIA response while leaving it unredacted on others -- hence its hesitance to release documents to "serial" requesters.)
The reimbursement of legal fees is helpful, considering EPIC's court battle is far from over (and that's just for the lawsuit involving this particular secret Presidential Directive). It's great we have a Freedom of Information law, but far too often, it takes an actual court decision to actually free the requested information.
from the whatever-happened-to-'if-you-have-nothing-to-hide...?' dept
We've written several times before about domestic spying being performed by the government agencies, most of which is performed under the protective guise of "national security" as part of the "War on Terror." The end result tends to be diminished rights rather than something more positive, like "terrorists caught."
Beginning in 2011, a series of investigative articles by the Associated Press ("AP") revealed that the New York Police Department ("NYPD") conducted extensive surveillance of Muslims and persons of Arab descent in New York, New Jersey, and elsewhere. The NYPD’s activities included photographing members of the Muslim community as they entered mosques, infiltrating Muslim student groups, and monitoring Muslim stores and businesses. According to the AP, the “police subjected entire neighborhoods to surveillance and scrutiny, often because of the ethnicity of the residents, not because of any accusations of crimes.” The AP also reported, “many of these operations were built with help from the CIA [Central Intelligence Agency], which is prohibited from spying on Americans but was instrumental in transforming the NYPD's intelligence unit after 9/11.”
This looks like the CIA is at the very least heavily involved with domestic surveillance, if not actually doing the surveillance itself. The "investigations" themselves are questionable enough even without the possibility of a departmental "misstep" by the CIA, generally consisting of paid informants infiltrating the Muslim community and amassing as much information as possible when not attempting to bait community members into saying something inflammatory.
This new "elite" NYPD agency has been given leeway to assemble a massive database on the Muslim community and its activities and, to date, has produced nothing in the way of useful leads. Despite this fact, the operations continue undeterred and everyone from the NYC police commissioner to various CIA spokespersons have acknowledged the CIA's ongoing "collaborative relationship" with the NYPD domestic spying program.
According to the CIA, the agency isn't performing the surveillance itself and is, therefore, staying within its legal boundaries.
In December 2011 the Associated Press described an investigation by the CIA Inspector General regarding the agency’s collaboration with NYPD. CIA spokesman Preston Golson acknowledged the existence of this investigation and stated that the agency's Inspector General concluded that no laws were broken and there was “no evidence that any part of the agency's support to the NYPD constituted 'domestic spying.”
In essence, the CIA aids with the spying, but doesn't actually perform the spying. Golson's statement in reference to the internal investigation is obviously meant to be the final word on the matter, but relies heavily on the public's credulity in regards to secretive agencies conducting in-house investigations whose results remain hidden from view. In that respect, Golson's statement failed miserably.
According to USA Today, “The revelations troubled some members of Congress and even prompted the director of national intelligence, James Clapper, to remark that it did not look good for the CIA to be involved in any city police department. Thirty-four lawmakers have asked for the Justice Department to investigate but so far that request has gone nowhere.” At a March 2012 hearing, Attorney General Holder told Congress “he's disturbed by what he's read about the New York Police Department conducting surveillance of mosques and Islamic student organizations in New Jersey.”
You know something has gone wrong when Eric Holder thinks you've gone too far. Golson's "everything's cool" statement notwithstanding, EPIC decided to look into the CIA's involvement with the NYPD's surveillance programs.
On March 28, 2012, EPIC submitted a FOIA request to CIA asking for:
All documents related to the CIA Inspector General’s investigation regarding the agency’s collaboration with NYPD;
All legal analyses conducted by the CIA Inspector General’s office regarding the CIA’s collaboration with the NYPD;
All final reports issued as a result of the CIA Inspector General’s investigation;
Any communications between the CIA Inspector General’s office and the NYPD regarding the agency’s collaboration with the NYPD.
Unsurprisingly, the CIA has been rather reluctant to hand over any of the requested information. So reluctant, in fact, that it now finds itself on the receiving end of a lawsuit filed by EPIC after "failing to disclose a single record." EPIC's complaint quotes the CIA as stating it was too busy to fulfill the requests because of a "substantial backlog." While that could very well be true, this is also information that the CIA would very likely prefer to not make public. It's also an excuse many other government agencies have used -- a built-in stalling tactic greatly aided by these agencies' preference towards only giving up information when forced to do so.
Obviously, it will be a long time before any information shakes loose from this internal investigation. EPIC still has to win the lawsuit before any "compelled" release of documents begins. There's also bound to be an appeal or two, along with the usual bureaucratic delays built into the process. And there's also the "state secret" wildcard, one that permanently removes documents from the public eye. Still, it's a worthwhile effort EPIC is making, one that will shed light on a very shady collaboration between the CIA and the NYPD, whether or not the results of this internal investigation are ever made public.
I think privacy is a very important issue that often is given short-shrift... but I've never been able to understand some of the positions staked out by the Electronic Privacy Information Center (EPIC), who seems to have decided long ago that, even if people are making a conscious choice, anything that puts their privacy at risk is downright evil and must be stopped. When Google first launched Gmail back in 2004, EPIC went ballistic saying that it needed to be shut down as a privacy violation. Most people responded by getting Gmail accounts as quickly as they could.
Apparently, EPIC isn't giving up this fight, even though five years have gone by and Gmail has become a popular email service for many, many people online. EPIC has now asked the FTC to shut down all Google online applications, from Google Docs to Gmail, claiming that they're unable to "adequately safeguard the confidential info" of users -- and comparing those apps to a faulty car seat for kids (hyperbole, much?).
This all seems designed to get EPIC attention rather than to actually help consumers. The likelihood of the FTC agreeing with EPIC seems slim (which even EPIC seems to admit). People are pretty aware of what risks they're taking on by putting stuff on Google's servers, and Google has a pretty clear track record of doing its best to keep that info private. But most people feel that the risk is slight and the trade-off and value from the services is obviously worth it. Thus, it's not actually a privacy issue at all -- because most people are comfortable with the situation. So, why is EPIC trying to take away such useful services from millions of people who have come to rely on them?
Last year plenty of attention was paid to the release of Wikiscanner, a tool from Virgil
Griffith that connected the IP addresses of Wikipedia edits with the companies from which
they came. This resulted in a few PR flare ups as people noticed some questionable
editing by biased parties. Griffith has now upgraded Wikiscanner to do even more (and renamed it to
Wikiwatcher). While the revelations probably won't be as surprising, it will allow some
way of connecting those who may have edited at home to their employers.
However, perhaps an even more interesting discussion is somewhat buried at the end of the
Forbes article linked above: the question over whether or not anonymity is a good or bad
thing for Wikipedia. The article quotes Marc Rotenberg, the director of the Electronic
Privacy Information Center, complaining that Wikipedia needs to do a better job protecting
individuals' privacy. Griffith responds that removing anonymity should improve the
quality of Wikipedia:
"I would say that if people are anonymous, the quality of their contribution is probably
much lower. Wouldn't you want Wikipedia users to be held accountable for what
This brings up a few interesting questions. Rotenberg's complaint seems misplaced. The
fact that your IP address is revealed with each edit is a known fact. Anyone editing
Wikipedia should take that into account. That's hardly Wikipedia's problem. But
anonymity can also be an important factor in getting content out. And so far, it appears
that all of the "scandals" associated with Wikiscanner were related to biased parties changing info
in their favor -- which certainly suggests Giffith has a point: catching those who are
changing Wikipedia with ulterior motives does seem to improve the reliability of the site.
A few months back we covered Ask.com's AskEraser feature, which was touted as a way of enhancing user privacy by allowing them to opt out of personalization features that involve collecting personal information about users. We praised Ask for focusing on privacy, but questioned whether the feature was more marketing gimmick than serious privacy enhancement. Still, we apparently weren't nearly as incensed as the Electronic Privacy Information Center, which went so far as to file a complaint with the FTC alleging that the service failed to adequately protect user privacy, because it set a cookie that included a down-to-the-second timestamp that could conceivably be used as a unique identifier. The only problem is that Ask fixed the problem weeks ago, replacing the timestamp-based cookie with a simple "yes" or "no" setting indicating whether the feature was activated. EPIC apparently didn't notice this, and plowed ahead with its complaint to the FTC. Ask.com even says that it "tried to engage in a constructive dialogue with the group last week, and was rebuffed." I found the response of EPIC Executive Director Marc Rotenberg particularly striking. He says the snafu is Ask's fault for not responding promptly to EPIC's threatening letters. And he says that AskEraser is "a nutty approach that does not scale." Rotenberg, in other words, seems to feel entitled to second-guess the details of how companies implement their products. Rotenberg certainly knows more about privacy law than I do, but I highly doubt that "nutty" or non-scalable privacy features are against the law. And I certainly don't think we want to get the FTC involved in second-guessing every detail of how websites are implemented.