Online Privacy

Who’s a Radical Now?

By Michael German, Senior Policy Counsel, ACLU Washington Legislative Office at 11:10am

The Bipartisan Policy Center published a report last week called, “Countering Online Radicalization in America,” which strongly endorsed First Amendment principles in rejecting censorship as an appropriate tactic for addressing violent extremist content on the Internet.  The report evaluated the many methods governments around the world use to censor the Internet – including filtering or blacklisting online content, taking down websites (either through legal means, cyber attacks or appealing to private sector providers), and prosecuting Internet content producers – and rejected them all as both ineffective in stopping the spread of undesirable ideas, and an affront to American values: “For the United States, the cost-benefit analysis would be even clearer:  with its long and cherished tradition of free speech, the creation of a nationwide system of censorship is virtually inconceivable.”  But the BPC’s positive recommendations are potentially undermined by its continuing embrace of a radicalization theory that draws too close a causal connection between “radical” ideas and violent action.

Why Won’t the IRS Deploy Basic Web Security?

By Katie Haas, ACLU Human Rights Program & Chris Soghoian, Principal Technologist and Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 10:45am

This tax season, when you visit the IRS’s website seeking tax information, can you be certain that no one else is monitoring which pages you browse?

Unfortunately, right now the answer to that question is “no.” Unlike Facebook, Twitter, Google Mail (Gmail), and virtually every bank and credit card company, the IRS, like most government agencies, does not use HTTPS for encryption and authentication on its website. If you try typing “mail.google.com” into your browser right now, you will see that the URL you end up at is actually “https://mail.google.com.” That “s” after the “http” may seem insignificant, but it means a lot. It signifies that Google is using Secure Sockets Layer encryption, or SSL, to both encrypt and authenticate its communications. When you visit google.com and you see “https” at the beginning of the address, it lets you know that your connection is secure, and that third parties – such as your internet service provider, employer, or university cannot monitor what you’re doing through the use of network interception technology.

Your Boss Shouldn’t Read Your Email

By Catherine Crump, Staff Attorney, ACLU Speech, Privacy and Technology Project at 5:02pm

Senator Charles Grassley got it right: officials at the Food and Drug Administration “have absolutely no business reading the private e-mails of their employees.”

On Sunday, the New York Times ran a lengthy story detailing how the FDA monitored the communications of its own scientists, including communications with members of Congress, lawyers and journalists. Those scientists had blown the whistle on what they believed were flawed internal procedures that led to the approval of unsafe medical imaging devices. The FDA engaged in a massive email monitoring campaign to read their communications—including their private, personal emails. The emails that the FDA collected included those of a former member of Senator Grassley’s staff, presumably because he had exchanged messages with one or more of the targeted FDA officials.

The President Reads His Daily Brief on an iPad (and Other Lessons From the NSA)

By Jay Stanley, Senior Policy Analyst, ACLU Speech, Privacy and Technology Project at 11:10am

(Updated below)

I was invited to give a talk on surveillance at the Information Security Systems Association (ISSA) Baltimore Chapter yesterday, and the keynote speaker was Dr. John Levine of the NSA. He works on the “information assurance” side of the agency (charged with securing communications rather than breaking them) and had some interesting things to say on the NSA’s work trying to make mobile devices more secure for the military and other government users who need to exchange classified information.

The Time is Now for Do Not Track Legislation

By Sandra Fulton, ACLU Washington Legislative Office at 4:53pm

While our electronic privacy laws have remained stagnant, online advertising has grown into a multi-billion dollar industry. The browsing and communications habits of online users are routinely and secretly tracked as they surf the internet. Yesterday, Senator Rockefeller (D-WV), chairman of the powerful Senate Commerce Committee, introduced a bill to establish a Do Not Track mechanism –similar to a Do Not Call Registry– that would allow users to restrict what companies collect about them and regain control of their privacy and online identity.

Twitter Appeals Ruling in Battle Over Occupy Wall Street Protester’s Information

By Aden Fine, Senior Staff Attorney, ACLU Speech, Privacy and Technology Project at 12:44pm

Twitter just filed its brief appealing a June decision by a New York criminal court judge requiring the company to give the Manhattan District Attorney detailed information on the communications of Twitter user Malcolm Harris, an Occupy Wall Street protester charged with disorderly conduct in connection with a march on the Brooklyn Bridge.

Does the Government Think It Can Read Our Mail Without a Warrant Just Because It’s Electronic?

By Sarah Roberts, Speech, Privacy and Technology Project at 4:39pm

Today the ACLU filed a lawsuit under the Freedom of Information Act to force the government to disclose information about the circumstances in which it accesses the contents of Americans’ private electronic communications without obtaining a warrant based upon probable cause. Such communications can include email, text messaging, and private conversations on social networks. While there is reason to believe this practice is widespread, there is much we don’t know about this government eavesdropping: when it happens, how often it’s done, who they’re watching, how long they monitor these communications, and what policies they have established regarding this monitoring. Through the lawsuit filed today, we hope to find out much more.

ACLU Guide to New Facebook Privacy Controls

By Chris Conley, Technology and Civil Liberties Fellow, ACLU of Northern California at 11:30am

Today Facebook is rolling out a series of changes to its privacy controls. We reviewed the changes in detail on Tuesday; now here’s how you can take advantage of these changes:

Turn On “Profile Review”
One of the biggest changes to Facebook’s privacy controls is the option to review any content you’re tagged in (including photos, Places, and more) before that content is fed into your news feed. You can also review any tags that are added to photos or other content that you post yourself.

With CISPA, "It's all just a little bit of history repeating..."

By Robyn Greene, ACLU Washington Legislative Office at 4:48pm

The Propellerheads may have been talking about fashion trends when they sang that "to me it seems quite clear that it's all just a little bit of history repeating." But that sentiment rings loud and true today when talking about the privacy-busting cybersecurity bill CISPA.

Leaders of the House Intel Committee reintroduced CISPA with the same privacy flaws as last year. While they suggested at its unveiling that they worked with the privacy community and addressed our concerns, they didn't. This is the same bill, with the same problems.

CISPA Claws Back to Life

By Michelle Richardson, Legislative Counsel, ACLU Washington Legislative Office at 1:54pm

It's baa-aaack.

The House cybersecurity bill that allows the National Security Agency (NSA) and the military to collect your private internet records is scheduled for an encore appearance on Wednesday. House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA), which news reports say will be the same bill that passed the House of Representatives last year.

Statistics image