Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
April 2006 Archives « March 2006 | Main
April 27, 2006 | Change of Address

Kevin Poulsen, my rocking editor at Wired News, made me an offer I couldn't refuse -- co-blogging with him over on the Wired News site.

So now I'm moving my prose stylings over to a Wired News blog called 27B Stroke 6. I for one welcome my Lycos overlords.

Kevin describes the new site like this: "Investigative reporter Ryan Singel and senior editor Kevin Poulsen scare peace-loving people with phantoms of lost liberty, in a daily briefing on security, freedom and privacy in the wired world."

I love this little blog and will post here irregularly, but the new blog is gonna be even better more greater.

Sorry to mess with your bookmarks, but remember, we are all in this together.

For those who want to update their RSS readers, here's the XML file for 27B Stroke 6.

Technorati Tags: , , ,

Posted by Ryan Singel at 05:10 PM | Comments (1) | TrackBack

April 21, 2006 | Privatized Registered Traveler On Track

Passengers willing to undergo perpetual government background checks in exchange for the promise of shorter screening lines at the airport will be able to register as soon as late summer in a corporate-run Registered Traveler program set to debut in ten to twenty airports.

The Transportation Security Administration announced the latest timetable and specifications Thursday. While each airport could be run by a different company, which will have to pay for its own security lanes, screeners and registration process, a traveler registered with one company will be able to use the lanes at other airports.

But the press release is vague on what the benefits for travelers will be:

In order to enter the RT program, applicants must provide biographic information, which will be verified and authenticated to safeguard against the use of a false or stolen identity. All applicants must undergo a TSA Security Threat Assessment that includes perpetual vetting. When traveling, an RT participant must confirm his or her identity at an RT station using biometrics (fingerprints or iris). RT participants will still be required to pass through the metal detector, have their carry-on and checked luggage screened, and will be subject to secondary screening by TSA if they trigger an alarm. Consistent with TSA policies, an element of randomness will also be integrated into Registered Traveler to ensure unpredictability and disrupt potential efforts by terrorists to thwart the system.

The release also alludes to benefits: "While the combination of benefits and security measures available at each participating airport may vary, all RT travelers should receive an expedited and more convenient checkpoint experience." However if participants still have to have their luggage checked and could get secondary screening randomly, I don't see what the benefits are? Shorter lines? Snappier dressed security personnel? Free Starbucks while waiting in line? The feeling that while we are all in this together, some of us are more all in this than others?

Posted by Ryan Singel at 11:19 AM | TrackBack

April 21, 2006 | Software Bug Shuts Down Nation's Busiest Airport

A software bug in the system designed to keep carry-on bag screeners alert shut down Atlanta's Hartsfield-Jackson International airport, the nation's busiest airport, on Wednesday, according to CNN.

In order to break up the tedium of scanning bags full of books and cosmestics, the TSA uses software that randomly inserts images of bags with explosives and weapons. A few seconds later, hopefully after the screener identifies the bag as a threat, the software is supposed to flash a message that the image is fake.

Only this time it didn't.

While screening carry-on luggage, a TSA employee identified the image of a suspicious device but did not realize it was part of routine testing for security screeners because the software failed to indicate such a test was under way, [Transportation Security Administration Director Kip] Hawley said.

Authorities evacuated the security area for two hours while searching for the suspicious device, causing flight delays and forcing travelers who could not get through to the terminals to wait outside the airport.

Link.

Two thoughts. One, I'm surprised this hasn't happened more often. And two, systems, especially one as sprawling as the air transportation system, are fragile. For over three years now, the TSA has been working to take the job of checking passengers' names against a terrorist watchlist out of the hands of individual airlines and centralize the checks in D.C. What happens to airline travel if the government's planned computer system goes down? Is that an acceptable risk?

Posted by Ryan Singel at 08:58 AM | TrackBack

April 20, 2006 | HostGator Rocks

My blog got smacked hard today with automated comment spam.

I found the host of the responsible site and reported the abuse.

I also dropped a note to the spammer, who lives in Mexico. He wrote me back saying his spam wasn't illegal and that my IP ban wouldn't work and that his ISP wouldn't disconnect him.

HostGator took his site down minutes later.

No hosting company wants to lose a customer, so I'm super impressed with these folks.

For those who don't run blogs, this may seem not to be a big deal, but blog spam is really tedious and really tough to shut down. I highly appreciate any help I can get keeping these folks off my site.

Posted by Ryan Singel at 04:47 PM | Comments (1)

April 17, 2006 | But some butter is more butter than other butter

the animal farmThis is Animal Farm situated in Orwell, Vermont.

Their butter is better than normal capitalist butter:

It also has a butter-fat content of 87 percent, significantly higher than other butters made in the United States and the equivalent of the finest French butters. This makes Animal Farm butter superb for pastry-making - as well as for every other use.

(brazenly borrowed from A. Shostack)

Posted by Ryan Singel at 08:06 PM | TrackBack

April 17, 2006 | TSA Picks Privacy Player

The Transportation Security Administration picked Peter Pietra as their top choice in this year's National Privacy League draft. Pietra will be playing QB (a position TSA bureaucrats call "Director of Privacy Policy and Compliance") for the beleaguered TSA, which has struggled in the National Privacy League after repeated fumbles caused by poorly configured watch lists and unsanctioned use of personal information on American citizens.

The TSA has also been unable to score any touchdowns with a computerized passenger-screening system known as CAPPS II or Secure Flight. Congress and its investigative arm, the Government Accountability Office, have repeatedly forced the TSA to punt.

TSA hopes Pietra, who will be working with halfback/Privacy Officer Lisa Dean, will help the TSA overtake the FBI and NSA in the NPL's Federal Agency Conference, according to today's announcement.

"The devotion of increased resources and expertise to TSA privacy programs is expected to make the agency a leader in privacy efforts within DHS and the Federal government as a whole. With the anticipated launch of several programs, including TWIC, Registered Traveler and Secure Flight, it's critical the agency is poised to meet the workload and improve communication with stakeholders and the traveling public."

Pietra says he's just happy to get a shot at the bigs.

"We gotta play privacy impact assessments one day at a time. I'm just happy to be here. Hope I can help the agency," Pietra said. "I just want to give it my best shot, and the good Lord willing, things will work out."

Posted by Ryan Singel at 02:41 PM | TrackBack

April 14, 2006 | AT&T Loses A Customer Over NSA Lawsuit

AT&T has lost at least one customer due to the class action lawsuit filed by the Electronic Frontier Foundation accusing the telecom giant of wiretapping the Internet on behalf of the National Security Agency (NSA).

That customer? Judge Vaughn Walker, the San Francisco District Chief Judge who is assigned to the case.

In an order Walker released today, the judge told the parties that he was an AT&T phone customer when the case was assigned to him, so he switched telecom providers to avoid a conflict of interest. Walker did not say what company he switched to, or if he got a better long distance rate.

Being a former AT&T customer also makes him a potential member of the class suing AT&T, so he foreswore any money he might be entitled to.

Walker is not recusing himself, however, and cited a number of cases supporting his position. He also mentions that if he had to do so, so too would almost every judge in the district since it's highly likely that some member of every judge's family was an AT&T subscriber. Walker is giving both AT&T and the EFF a week to file briefs agreeing or disagreeing (or in AT&T's case, to offer him free conference calling if he comes back into the fold). After that, Walker says he will stat to rule on the flurry of motions filed this week.

Full recusal order here. (.pdf)

Posted by Ryan Singel at 03:55 PM | TrackBack

April 13, 2006 | Jetsons Video Phone? Deaf Say Yes!

Jane Jetson and a Video PhoneMore than 40 years after the Jetsons promised us we would all have videophones, we've arrived at a future where that's a reality -- whether through free internet chat applications, pricey standalone home units, or high-tech corporate video-conferencing rooms.

Now that we have them, it's far from clear that the average phoner wants video for routine calls like ordering a pizza or checking in with mom and dad. But one community is certain of the videophone's benefits: the deaf.

An FCC program for the deaf sounds like the modern equivalent of ringing Mabel the operator down at the phone exchange so she can patch through your call. Assuming, of course, that Mabel has signing skills.

The system, called video relay services, or VRS, is proving a godsend to the deaf and hearing-impaired, allowing them to communicate using American Sign Language through a translator to a third party.

Increasing numbers of the hearing-impaired are now using various sorts of video phones with VRS to place calls to each other and to the hearing world.

VRS providers are paid approximately $6 a minute by the FCC from a tax levied on every U.S. phone bill. That makes VRS an expensive replacement for conventional TDD-based services, in which an operator relays between a deaf person typing on a computer terminal and a hearing person on the phone. Those calls cost the FCC about $1 a minute.

But the technology is a quantum leap for deaf people, according to Pat Nola, CEO of Sorenson Communications, the nation's largest VRS provider.

For the deaf, switching to the new service is like a hearing person going from Morse code to a telephone, says Nola.

Full story here.

Josh, a reader, writes in to chide me for not including Captioned Telephone as part of the story:

From what I understand, the majority of the deaf and hard of hearing community can still speak. This technology allows a normal telephone conversation to take place with the operator uses voice recognition to provide real-time captions of the phone call. I know several people that use this and it seems much less cumbersome than a video conference system.

That does sound interesting and I didn't include it in the story because I hadn't run it across it in my reporting. Score another point for my readers being smarter than I am.

Posted by Ryan Singel at 09:47 AM | TrackBack

April 12, 2006 | AT&T *69s EFF

AT&T has responded to the Electronic Frontier Foundation's move to have a judge stop the company from allegedly helping the NSA eavesdrop on its customers, and the telecom giant says it wants its secret documents back pronto.

In papers filed late Monday, AT&T argued that confidential technical documents provided by an ex-AT&T technician to the Electronic Frontier Foundation shouldn't be used as evidence in the case and should be returned.

The documents, which the EFF filed under a temporary seal last Wednesday, purportedly detail how AT&T diverts internet traffic to the National Security Agency via a secret room in San Francisco and allege that such rooms exist in other AT&T switching centers.

The EFF filed the class-action lawsuit in U.S. District Court in Northern California in January, seeking damages from AT&T on behalf of AT&T customers for alleged violation of state and federal laws.

Mark Klein, a former technician who worked for AT&T for 22 years, provided three technical documents, totaling 140 pages, to the EFF and to The New York Times, which first reported last December that the Bush administration was eavesdropping on citizens' phone calls without obtaining warrants.

Klein issued a detailed public statement last week, saying he came forward because he believes the government's extrajudicial spying extended beyond wiretapping of phone calls between Americans and a party with suspected ties to terrorists, and included wholesale monitoring of the nation's internet communications.

The rest of today's story is here. Earlier stories on the lawsuit (1 , 2,3)

Technorati Tags: , , , ,

Posted by Ryan Singel at 04:28 PM | TrackBack

April 12, 2006 | Narus Not in the Know

Elise Ackerman at the San Jose Mercury News has some great follow-up reporting today on ex-AT&T employee-cum-whistleblower Mark Klein's public statement last week, which included allegations that a secret NSA spying room wired into to AT&T's internet switching station in San Francisco was home to a piece of data-mining equipment known as a Narus STA 6400.

The engineers at Narus weren't intending to create Big Brother's dream machine when they began writing software a decade ago to help phone companies send out more detailed bills.

But as the Mountain View company's code became more and more sophisticated, customers began to discover new uses for software that was originally designed to monitor and analyze network traffic.

Now Narus finds itself at the center of a legal fight over domestic spying.

[...]

Narus executives confirm AT&T is a customer but say they do not know how the telecommunications giant uses its software. ``Once our customers buy our product, it's relatively opaque to us,'' said Steve Bannerman, vice president of marketing.

Narus CEO Greg Oslan said the company's software is designed to allow carriers to monitor all Internet traffic, including Web searches, e-mail content and attachments, and Internet phone calls.

Full story here.

Posted by Ryan Singel at 12:39 PM | TrackBack

April 11, 2006 | Barbie Says Privacy Is Hard

Daniel Solove has a post today about New York Attorney General Eliot Spitzer settling with Datran Media for $1.1 million for allegedly renting the Freepay/Gratis Internet/Freeipods.com email list while KNOWING that the email list was protected by a privacy policy. The settlement is causing some waves in the direct marketing community, which is now worried it will have to perform "due diligence" before renting lists.

Kirk Nahra's essay essay for Privacy in Focus is a prime example of that hand-wringing. Nahra, a partner at the law firm of Wiley Rein & Fielding, described the settlement holding Datran responsible for checking the privacy policy of the database it wanted to deluge with emails as an "Alice-in-Wonderland result."

The settlement appears to impose a new "due diligence" obligation on the vendor to understand and review the privacy policy of its principals and sub-vendors to make sure that the data supplier isn't doing something wrong in providing data.

How far will this go? Does the vendor have to review underlying consents? Does the vendor have to engage in an audit of the list supplier's privacy practices? How does this new vendor-to-vendor due diligence obligation affect the already growing client-to-vendor oversight obligations?

Obviously, it is too soon to know the full implications of this case-including whether there are any real implications beyond this specific set of facts and companies. It is clear, however, that the Datran settlement adds a new and difficult dimension to vendor contracting, making it even more time consuming and burdensome to retain vendors for any activity that involves personal information. Is that really a result that protects people's privacy?

Weirdly, Nahra mentions the follow-up lawsuit against Gratis Internet, but it seems Nahra couldn't be bothered to read the filings, which might have answered some of his questions.

For instance, according to Spitzer's allegations, which rely heavily on documents and emails obtained during the investigation, Datran employee Susan Weiner asked Gratis Internet to change its privacy policy retroactively, after Datran entered into a contract with Gratis. If true, and Datran's settlement indicates it was, is there any wonder Spitzer considered Datran negligent?

And really, so what if Spitzer sets a precedent that list buyers have to check the privacy policies of the databases they want to buy or rent? Really, how hard is it to check a privacy policy before you buy millions of pieces of intimate information on American citizens? It's at most a couple of clicks. I do that before buying batteries online.

Posted by Ryan Singel at 11:57 AM | TrackBack

April 10, 2006 | Spy Machine Capabilities?

A blogger named bewert over at Daily Kos follows up on allegations made by ex-AT&T employee Mark Klein that AT&T installed equipment at an AT&T Internet switching facility that feeds the NSA a copy of every Internet packet that flowing from or to AT&T customers or across AT&T's expansive Internet backbone network. I covered Klein's public statement for Wired News on Friday and his full statement can also be found here.

bewert looked into the machine alleging Narus STA 6400, did a little math and parsing of some public statements to find that the machine was capable of monitoring 39,000 DSL lines at any one time.

Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term "revenue leakage". Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes. They even brought in former Deputy Director of the NSA William P. Crowell as an addition to their Board of Directors. [...]

Remember that semantics is not just the data, but rather the meaning of the data. It looks at the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time.[...]

These capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. When Narus partners' powerful analytic tools are combined with the surgical targeting and real-time collection capabilities of Directed Analysis and Lawful Intercept modules, analysts or law enforcement agents are provided capabilities that have been unavailable thus far.[...]

Posted by Ryan Singel at 10:17 AM | TrackBack

April 07, 2006 | Ex-AT&T Employee on NSA Wiretap Room

An ex-At&T employee has made public a summary of his statement he provided in support of a lawsuit against AT&T, alleging that the telecom giant has built out secret wiretap rooms that funnel internet and phone call data to the National Security Agency.

AT&T provided NSA eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data mining equipment installed in a secret room in its San Francisco switching center, according a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.

Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF's lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.

On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.

According to a statement released by Klein's attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T's #4ESS switching equipment, which is responsible for routing long distance and international calls.

"I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room," Klein wrote. "The regular technician workforce was not allowed in the room."

Klein's job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

"While doing my job, I learned that fiber optic cables from the secret room were tapping into the WorldNet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein said wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T's was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.

The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

Full story here. Justin Scheck of The Recorder had the story first, and has some great info on the story and Klein's lawyer, Miles Ehrlich, a former U.S. attorney, over at the CalLaw's blog, Legal Pad.

Posted by Ryan Singel at 11:52 AM | TrackBack

April 05, 2006 | Spitzer Fighting Spam With 1980's Technology

New York Attorney General Eliot Spitzer has been on a crusade against spammers and spyware companies, but it's a wonder anyone actually knows about it. I called yesterday asking to get on the press list and Spitzer's office told me they only send out news releases via fax.

Fax? I mean that's not even retro enough to be cool. If they said, Citizen's Band radio or shortwave radio, or even better, telegrams, that would be cool. But faxes? That's 1980's uncool, like Alex P. Keaton uncool. Since I don't feel like wasting toner and paper on routine press releases, I did some quick research on e-faxes and found one place that might not cost more than $30 a year for a phone number somewhere in Chicago that will forward PDFs to my inbox.

But that's just absurd -- I ain't wasting cash on an e-version of an outmoded technology. BUT, Spitzer's office does have a web page with press releases (although I don't know if the faxes come before or after the news is posted online).

So to help you intrepid reporters and bloggers out there who also think a faxed press release is just stinking stupid, I used FeedTier to create an RSS feed of the press releases, and then used RSSFWD: to create a press list from the RSS feed (subscribe here). Don't tell Spitzer though, he'd probably find some statute to sue me with.

Posted by Ryan Singel at 11:40 AM | TrackBack

April 05, 2006 | More On Justice and Privacy

The Justice Department's new chief privacy officer, Jane Horvath, has perhaps the most interesting job in D.C. Whether she will get to do it is another question altogether.

I'm fairly certain that Horvath has no power to subpoena documents (Homeland Security's chief privacy officer doesn't) so any investigation she starts will rely on voluntary cooperation and whatever institutional leverage she has. If AG Gonzales isn't on her side, then she won't get anywhere in investigations.

Of course, there's a great irony of being a privacy cop without subpoena power when your job is to oversee cops with the power and the inclination to write their own subpoenas (say a National Security Letter demanding an airline turn over its passenger database) and use that data however they wish, including using it to build out a massive data-ming operation.

Horvath might get a feel for the job and not alienate too many people internally by starting with a close look at the DOJ's use of private data aggregators (think privatized intelligence gathering operation) such as Axciom, Choicepoint and LexisNexis. The GAO just released a study (.pdf) which found that these information gatherers don't really follow Fair Information Practices and that federal agencies, including the DOJ, don't always follow them either.

For example, the principles that the collection and use of personal information should be limited and its intended use specified are largely at odds with the nature of the information reseller business, which presupposes that personal information can be made available to multiple customers and for multiple purposes.[...]

Resellers generally limit the extent to which individuals can gain access to personal information held about themselves, as well as the extent to which inaccurate information contained in their databases can be corrected or deleted.

For more see, Robert O'Harrow, Jr.'s Washington Post story and the GAO's testimony (.pdf). to Congress yesterday.


Posted by Ryan Singel at 10:09 AM | TrackBack

April 04, 2006 | The Chronicle

The San Francisco Chronicle has been beaten up in the journalistic world for decades, perhaps because of the infamous line in "All the President's Men" when Washington Post editor Ben Bradlee dismissed a pitch for a feature that would recap yesterday's weather for people who were too drunk the day before to remember if it rained or not. He said he'd sell that story to the Chronicle.

I thought back to that story the other day, since to read the Chronicle, one should really pay attention to the bylines. I'll never skip a story written by Anna Badkhen, whose work in Iraq deserved way more professional praise than it got. The Sunday magazine is mostly fatuous lifestyle pr0n for suburbanites, except for Sam Whiting's insanely good reporting on little Bay Area neighborhoods (note to Chron management: the mag might be better if editor Alison Biggar bothered to respond to pitches).

Reyhan Harmanci is the Chron's latest treasure, filling the new 96Hours Thursday section and filing great pieces on everything from online social networking to this great piece taking on fake trend stories run by the New York Times. You should also be on the lookout for the rare, but prized, byline of Seth Rosenfeld, the Chron's best investigative reporter.

But what started me on this was a story my friend Chris Ulbrich sent me which was penned by the Chron's wittiest and most versatile writer, Steve Rubenstein. As Chris puts it, Rubenstein got assigned to write a color piece on Daylight Savings Time. Here's the fine piece he turned in, a story every journalist in San Francisco should be wishing they were good enough to write. (I'd excerpt it, but you should start at the start.)

Posted by Ryan Singel at 04:13 PM | Comments (1) | TrackBack

April 04, 2006 | Justice Meet Privacy

The Justice Department has a new a chief privacy officer, Jane Horvath, who pledges to start an internal privacy advisory board and oversee the Justice Department's use of commercial data in its investigations, according to Daniel Pulliam at GovExec.com.

Lisa Sotto, a partner at Hunton and Williams, a New York City law firm, said Horvath's biggest challenge is that she is the first person to hold her position. She could "take some life lessons" from Homeland Security's first chief information officer, Nuala O'Connor Kelly, who resigned in September 2005, Sotto said.

"They're not thinking about privacy unless someone hits them on the head with a two-by-four," Sotto said. "Her first challenge is to educate people at the Justice Department in order to get things flagged when they require her input."

Horvath said she considers Kelly a friend and has received good advice from her, particularly on the importance of building relationships with the privacy community.

The role of chief privacy officer is complicated and ranges from negotiator to educator to consultant, said Jim Dempsey, policy director of the Center for Democracy and Technology, a Washington-based privacy advocacy organization.

"She's not just the ombudsman who takes complaints," Dempsey said. "And she's not just the policy adviser or the writer of the rules and regulations."

It is indeed an odd job, half policy advisor, half internal affairs investigator (and she should have lots of company in the gov since every agency is now supposed to have a chief privacy officer). Horvath will have her hands full, especially given the FBI's continued reliance on private data collecting and spilling firms such as ChoicePoint, which just landed another contract with the feds to provide them with access to their database.

Full story.

Technorati Tags: ,

Posted by Ryan Singel at 02:13 PM | TrackBack

Powered by
Movable Type 3.2