By Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 5:36pm
On July 30, the Privacy Commissioner of British Columbia announced a review of license plate scanning programs by law enforcement in the province. If the United States had an analogous institution embodying /enforcing our privacy values, maybe we’d see something like that here instead of untrammeled expansion and retention of license data. We’re still waiting for the “missing in action” Privacy and Civil Liberties Oversight Board (PCLOB) to turn into something real. From 2007 until late 2011, neither President Bush nor President Obama even nominated anyone to fill the independent oversight board; we finally now have four members—but still no chair.
By Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 3:58pm
Lost in all the news about the NSA program this week was the release of a devastating report by the DHS Inspector General on the TSA’s SPOT program (first reported by the New York Times on Sunday). The new report underscores what a waste of money that program has been. After hiring 2,800 full-time staff and spending an estimated $878 million since FY 2007, the program remains deeply misguided not only in its very concept, but also in how it has been implemented.
SPOT (which stands for Screening of Passengers by Observation Techniques) is the program that places “Behavior Detection Officers” (BDOs) near airport security lines, where by intrusively chatting with fliers, they will supposedly be able to detect “something amiss” that might suggest a passenger is planning a terrorist attack.
The program has always been ludicrous. In testimony at a 2011 congressional hearing on SPOT, psychologist Dr. Maria Hartwig summarized the decades of empirical research on the detection of deception, which is basically
By Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 5:38pm
A few links that have caught our eye this past week:
Paul Rosenzweig has posted a nice piece on Lawfare on the reasons to be skeptical of the need for cybersecurity regulation. He breaks cybersecurity down into its constituent parts (as we have urged) of cybercrime, cyber espionage, and truly catastrophic “digital Pearl Harbor” attacks. He suggests that the first two do not justify regulation, and (like us) is skeptical about the degree of risk of the third. In explaining that skepticism, he provides an elegant analysis of the electric grid, the taking down of which is a frequent cyber-attack scenario, and makes the point that the pro-regulation viewpoint “mistakes vulnerability for risk”—in other words, there can be a vulnerability in a system, but still a low risk that anyone will actually be able to or try to exploit it.
