In September I wrote about how policymakers often act on privacy issues only when they themselves feel their privacy personally threatened—for example when Robert Bork’s video rental records were obtained by a reporter. Now Peter Maass, writing in the New Yorker and ProPublica, is raising a key question about the Petraeus scandal: will lawmakers sit up and take notice of how easily the CIA Director’s private emails were discovered? Will they “start worrying a bit more about becoming the next Petraeus or Bork”? It may well be true that the discovery of an affair by an FBI agent would not have led to anything had the subject been an ordinary person, but because Petraeus was in such an important role, the finding kept getting passed around because nobody dared to take the responsibility of doing nothing about it. And inevitably, it eventually leaked. As Maass astutely observes, “the Petraeus case shows that among the people who have the most to lose from unchecked surveillance are the people who thought they would benefit from it—government elites.”
One development that got lost in Superstorm Sandy was an announcement by Yahoo late last month that it would not honor the Do Not Track signal in Microsoft’s Internet Explorer browser, because it
degrades the experience for the majority of users and makes it hard to deliver on our value proposition to them. It basically means that the DNT signal from IE10 doesn’t express user intent…. Ultimately, we believe that DNT must map to user intent—not to the intent of one browser creator, plug-in writer, or third-party software service.
Can Yahoo please explain why, exactly, a Do Not Track flag represents “user intent” when it defaults to off, but does not represent such intent when it defaults to on? If we take the example of a hypothetical internet user who is not aware of Do Not Track, and makes no move to adjust their settings, how can Yahoo claim that that person “intends” to submit to tracking? Given the strong polling evidence that users do not want to be tracked, we should if anything assume the opposite. If companies are not going to honor Do Not Track, all the more reason we need strong privacy protections in the law. And another reminder of the need for such protections is the shamelessness with which the ad industry papers over their raw self-interest in commercial spying using such intellectually thin arguments. More properly known as hogwash.
We reported earlier this year that Seattle had become the first city to consider safeguards on domestic drone deployment. Our staff at the ACLU of Washington informs us that the issue continues to be a prominent one there. The Seattle Police Department has drafted guidelines for how and when it will use drones; we don’t think they are strong enough, and of course want the technology governed by an ordinance passed into law rather than mere police guidelines. A Seattle City Council member has said he plans to hold hearings on drone use policies, with the intention of having the council adopt an ordinance restricting their use.
The Customs and Border Protection agency this week published a notice in the Federal Register that it was making available the final “programmatic environmental assessment and finding of ‘No Significant Impact’” for the deployment of x-ray inspection systems. The notice covers not only environmental impact of the technology, but also its “radiological health and safety.” The technology at issue is called LEXRIS and involves large, vehicle-sized x-ray scanners for use at U.S. CBP “operational areas” (and recall that the government considers the “border” to extend 100 miles inland from all US land and coastal borders, an area that contains nearly two-thirds of the entire US population). The system would involve two types of scanners; in one the driver and any passengers exit the vehicle before it is scanned, and in the other they can stay in their vehicle, though are supposed to be allowed to “exit the vehicle and have the CBP personnel drive it through the portal.” The CBP document finds that “the results of various tests conducted by CBP’s Radiation Safety Officer” found that radiation doses given by the device fall within acceptable annual limits. Use of radiation on the public always raises questions. Before I let my children go through these “low energy” X-ray machines, I would want several things: health and technology tests that have been conducted by independent scientists, and ironclad assurance that the machines are at all times properly calibrated, unlike the medical CT machines, operated by trained personnel, which accidentally delivered serious radiation overdoses to hundreds of patients around the country.