Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
AT&T *69s EFF
Narus Not in the Know
Barbie Says Privacy Is Hard
Spy Machine Capabilities?
Ex-AT&T Employee on NSA Wiretap Room
More On Justice and Privacy
Justice Meet Privacy
More DOJ Subpoenas
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
Privacy Archives Main
April 17, 2006 | TSA Picks Privacy Player

The Transportation Security Administration picked Peter Pietra as their top choice in this year's National Privacy League draft. Pietra will be playing QB (a position TSA bureaucrats call "Director of Privacy Policy and Compliance") for the beleaguered TSA, which has struggled in the National Privacy League after repeated fumbles caused by poorly configured watch lists and unsanctioned use of personal information on American citizens.

The TSA has also been unable to score any touchdowns with a computerized passenger-screening system known as CAPPS II or Secure Flight. Congress and its investigative arm, the Government Accountability Office, have repeatedly forced the TSA to punt.

TSA hopes Pietra, who will be working with halfback/Privacy Officer Lisa Dean, will help the TSA overtake the FBI and NSA in the NPL's Federal Agency Conference, according to today's announcement.

"The devotion of increased resources and expertise to TSA privacy programs is expected to make the agency a leader in privacy efforts within DHS and the Federal government as a whole. With the anticipated launch of several programs, including TWIC, Registered Traveler and Secure Flight, it's critical the agency is poised to meet the workload and improve communication with stakeholders and the traveling public."

Pietra says he's just happy to get a shot at the bigs.

"We gotta play privacy impact assessments one day at a time. I'm just happy to be here. Hope I can help the agency," Pietra said. "I just want to give it my best shot, and the good Lord willing, things will work out."

Posted by Ryan Singel at 02:41 PM | TrackBack

April 14, 2006 | AT&T Loses A Customer Over NSA Lawsuit

AT&T has lost at least one customer due to the class action lawsuit filed by the Electronic Frontier Foundation accusing the telecom giant of wiretapping the Internet on behalf of the National Security Agency (NSA).

That customer? Judge Vaughn Walker, the San Francisco District Chief Judge who is assigned to the case.

In an order Walker released today, the judge told the parties that he was an AT&T phone customer when the case was assigned to him, so he switched telecom providers to avoid a conflict of interest. Walker did not say what company he switched to, or if he got a better long distance rate.

Being a former AT&T customer also makes him a potential member of the class suing AT&T, so he foreswore any money he might be entitled to.

Walker is not recusing himself, however, and cited a number of cases supporting his position. He also mentions that if he had to do so, so too would almost every judge in the district since it's highly likely that some member of every judge's family was an AT&T subscriber. Walker is giving both AT&T and the EFF a week to file briefs agreeing or disagreeing (or in AT&T's case, to offer him free conference calling if he comes back into the fold). After that, Walker says he will stat to rule on the flurry of motions filed this week.

Full recusal order here. (.pdf)

Posted by Ryan Singel at 03:55 PM | TrackBack

April 12, 2006 | AT&T *69s EFF

AT&T has responded to the Electronic Frontier Foundation's move to have a judge stop the company from allegedly helping the NSA eavesdrop on its customers, and the telecom giant says it wants its secret documents back pronto.

In papers filed late Monday, AT&T argued that confidential technical documents provided by an ex-AT&T technician to the Electronic Frontier Foundation shouldn't be used as evidence in the case and should be returned.

The documents, which the EFF filed under a temporary seal last Wednesday, purportedly detail how AT&T diverts internet traffic to the National Security Agency via a secret room in San Francisco and allege that such rooms exist in other AT&T switching centers.

The EFF filed the class-action lawsuit in U.S. District Court in Northern California in January, seeking damages from AT&T on behalf of AT&T customers for alleged violation of state and federal laws.

Mark Klein, a former technician who worked for AT&T for 22 years, provided three technical documents, totaling 140 pages, to the EFF and to The New York Times, which first reported last December that the Bush administration was eavesdropping on citizens' phone calls without obtaining warrants.

Klein issued a detailed public statement last week, saying he came forward because he believes the government's extrajudicial spying extended beyond wiretapping of phone calls between Americans and a party with suspected ties to terrorists, and included wholesale monitoring of the nation's internet communications.

The rest of today's story is here. Earlier stories on the lawsuit (1 , 2,3)

Technorati Tags: , , , ,

Posted by Ryan Singel at 04:28 PM | TrackBack

April 12, 2006 | Narus Not in the Know

Elise Ackerman at the San Jose Mercury News has some great follow-up reporting today on ex-AT&T employee-cum-whistleblower Mark Klein's public statement last week, which included allegations that a secret NSA spying room wired into to AT&T's internet switching station in San Francisco was home to a piece of data-mining equipment known as a Narus STA 6400.

The engineers at Narus weren't intending to create Big Brother's dream machine when they began writing software a decade ago to help phone companies send out more detailed bills.

But as the Mountain View company's code became more and more sophisticated, customers began to discover new uses for software that was originally designed to monitor and analyze network traffic.

Now Narus finds itself at the center of a legal fight over domestic spying.

[...]

Narus executives confirm AT&T is a customer but say they do not know how the telecommunications giant uses its software. ``Once our customers buy our product, it's relatively opaque to us,'' said Steve Bannerman, vice president of marketing.

Narus CEO Greg Oslan said the company's software is designed to allow carriers to monitor all Internet traffic, including Web searches, e-mail content and attachments, and Internet phone calls.

Full story here.

Posted by Ryan Singel at 12:39 PM | TrackBack

April 11, 2006 | Barbie Says Privacy Is Hard

Daniel Solove has a post today about New York Attorney General Eliot Spitzer settling with Datran Media for $1.1 million for allegedly renting the Freepay/Gratis Internet/Freeipods.com email list while KNOWING that the email list was protected by a privacy policy. The settlement is causing some waves in the direct marketing community, which is now worried it will have to perform "due diligence" before renting lists.

Kirk Nahra's essay essay for Privacy in Focus is a prime example of that hand-wringing. Nahra, a partner at the law firm of Wiley Rein & Fielding, described the settlement holding Datran responsible for checking the privacy policy of the database it wanted to deluge with emails as an "Alice-in-Wonderland result."

The settlement appears to impose a new "due diligence" obligation on the vendor to understand and review the privacy policy of its principals and sub-vendors to make sure that the data supplier isn't doing something wrong in providing data.

How far will this go? Does the vendor have to review underlying consents? Does the vendor have to engage in an audit of the list supplier's privacy practices? How does this new vendor-to-vendor due diligence obligation affect the already growing client-to-vendor oversight obligations?

Obviously, it is too soon to know the full implications of this case-including whether there are any real implications beyond this specific set of facts and companies. It is clear, however, that the Datran settlement adds a new and difficult dimension to vendor contracting, making it even more time consuming and burdensome to retain vendors for any activity that involves personal information. Is that really a result that protects people's privacy?

Weirdly, Nahra mentions the follow-up lawsuit against Gratis Internet, but it seems Nahra couldn't be bothered to read the filings, which might have answered some of his questions.

For instance, according to Spitzer's allegations, which rely heavily on documents and emails obtained during the investigation, Datran employee Susan Weiner asked Gratis Internet to change its privacy policy retroactively, after Datran entered into a contract with Gratis. If true, and Datran's settlement indicates it was, is there any wonder Spitzer considered Datran negligent?

And really, so what if Spitzer sets a precedent that list buyers have to check the privacy policies of the databases they want to buy or rent? Really, how hard is it to check a privacy policy before you buy millions of pieces of intimate information on American citizens? It's at most a couple of clicks. I do that before buying batteries online.

Posted by Ryan Singel at 11:57 AM | TrackBack

April 10, 2006 | Spy Machine Capabilities?

A blogger named bewert over at Daily Kos follows up on allegations made by ex-AT&T employee Mark Klein that AT&T installed equipment at an AT&T Internet switching facility that feeds the NSA a copy of every Internet packet that flowing from or to AT&T customers or across AT&T's expansive Internet backbone network. I covered Klein's public statement for Wired News on Friday and his full statement can also be found here.

bewert looked into the machine alleging Narus STA 6400, did a little math and parsing of some public statements to find that the machine was capable of monitoring 39,000 DSL lines at any one time.

Prior to 9/11 Narus worked on building carrier-grade tools to analyze IP network traffic for billing purposes, to prevent what they term "revenue leakage". Post-9/11 they have continued down that path while adding more semantic monitoring abilities for surveillance purposes. They even brought in former Deputy Director of the NSA William P. Crowell as an addition to their Board of Directors. [...]

Remember that semantics is not just the data, but rather the meaning of the data. It looks at the data in a more comprehensive way than looking for keywords. Each NarusInsight machine does this at 2500 million bits per second, in real-time.[...]

These capabilities include playback of streaming media (i.e. VoIP), rendering of web pages, examination of e-mail and the ability to analyze the payload/attachments of e-mail or file transfer protocols. Narus partner products offer the ability to quickly analyze information collected by the Directed Analysis or Lawful Intercept modules. When Narus partners' powerful analytic tools are combined with the surgical targeting and real-time collection capabilities of Directed Analysis and Lawful Intercept modules, analysts or law enforcement agents are provided capabilities that have been unavailable thus far.[...]

Posted by Ryan Singel at 10:17 AM | TrackBack

April 07, 2006 | Ex-AT&T Employee on NSA Wiretap Room

An ex-At&T employee has made public a summary of his statement he provided in support of a lawsuit against AT&T, alleging that the telecom giant has built out secret wiretap rooms that funnel internet and phone call data to the National Security Agency.

AT&T provided NSA eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data mining equipment installed in a secret room in its San Francisco switching center, according a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.

Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF's lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.

On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.

According to a statement released by Klein's attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T's #4ESS switching equipment, which is responsible for routing long distance and international calls.

"I learned that the person whom the NSA interviewed for the secret job was the person working to install equipment in this room," Klein wrote. "The regular technician workforce was not allowed in the room."

Klein's job eventually included connecting internet circuits to a splitting cabinet that led to the secret room. During the course of that work, he learned from a co-worker that similar cabinets were being installed in other cities, including Seattle, San Jose, Los Angeles and San Diego.

"While doing my job, I learned that fiber optic cables from the secret room were tapping into the WorldNet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein said wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T's was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.

The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

Full story here. Justin Scheck of The Recorder had the story first, and has some great info on the story and Klein's lawyer, Miles Ehrlich, a former U.S. attorney, over at the CalLaw's blog, Legal Pad.

Posted by Ryan Singel at 11:52 AM | TrackBack

April 05, 2006 | More On Justice and Privacy

The Justice Department's new chief privacy officer, Jane Horvath, has perhaps the most interesting job in D.C. Whether she will get to do it is another question altogether.

I'm fairly certain that Horvath has no power to subpoena documents (Homeland Security's chief privacy officer doesn't) so any investigation she starts will rely on voluntary cooperation and whatever institutional leverage she has. If AG Gonzales isn't on her side, then she won't get anywhere in investigations.

Of course, there's a great irony of being a privacy cop without subpoena power when your job is to oversee cops with the power and the inclination to write their own subpoenas (say a National Security Letter demanding an airline turn over its passenger database) and use that data however they wish, including using it to build out a massive data-ming operation.

Horvath might get a feel for the job and not alienate too many people internally by starting with a close look at the DOJ's use of private data aggregators (think privatized intelligence gathering operation) such as Axciom, Choicepoint and LexisNexis. The GAO just released a study (.pdf) which found that these information gatherers don't really follow Fair Information Practices and that federal agencies, including the DOJ, don't always follow them either.

For example, the principles that the collection and use of personal information should be limited and its intended use specified are largely at odds with the nature of the information reseller business, which presupposes that personal information can be made available to multiple customers and for multiple purposes.[...]

Resellers generally limit the extent to which individuals can gain access to personal information held about themselves, as well as the extent to which inaccurate information contained in their databases can be corrected or deleted.

For more see, Robert O'Harrow, Jr.'s Washington Post story and the GAO's testimony (.pdf). to Congress yesterday.


Posted by Ryan Singel at 10:09 AM | TrackBack

April 04, 2006 | Justice Meet Privacy

The Justice Department has a new a chief privacy officer, Jane Horvath, who pledges to start an internal privacy advisory board and oversee the Justice Department's use of commercial data in its investigations, according to Daniel Pulliam at GovExec.com.

Lisa Sotto, a partner at Hunton and Williams, a New York City law firm, said Horvath's biggest challenge is that she is the first person to hold her position. She could "take some life lessons" from Homeland Security's first chief information officer, Nuala O'Connor Kelly, who resigned in September 2005, Sotto said.

"They're not thinking about privacy unless someone hits them on the head with a two-by-four," Sotto said. "Her first challenge is to educate people at the Justice Department in order to get things flagged when they require her input."

Horvath said she considers Kelly a friend and has received good advice from her, particularly on the importance of building relationships with the privacy community.

The role of chief privacy officer is complicated and ranges from negotiator to educator to consultant, said Jim Dempsey, policy director of the Center for Democracy and Technology, a Washington-based privacy advocacy organization.

"She's not just the ombudsman who takes complaints," Dempsey said. "And she's not just the policy adviser or the writer of the rules and regulations."

It is indeed an odd job, half policy advisor, half internal affairs investigator (and she should have lots of company in the gov since every agency is now supposed to have a chief privacy officer). Horvath will have her hands full, especially given the FBI's continued reliance on private data collecting and spilling firms such as ChoicePoint, which just landed another contract with the feds to provide them with access to their database.

Full story.

Technorati Tags: ,

Posted by Ryan Singel at 02:13 PM | TrackBack

March 30, 2006 | More DOJ Subpoenas

The Justice Department made a bit of a splash in January, when Google's opposition to a Justice Department subpoena for its entire index and months of user search queries became public. Now, according to documents unearthed via FOIA by InformationWeek, the feds issued subpoenas to at least 34 companies, ranging from Verizon to Symantec.

Google won its battle eventually, when a judge forced the company to turn over just a wee bit of information.

The Justice Department issued that subpoena, and AOL, Yahoo and MSN soon copped to having been served themselves -- though none fought the subpoena in court. The subpoenas are part of a long running battle by the DOJ to have the Child Online Privacy Act okayed by judges. (The 1998 bill, which was immediately deemed unconstitutional by the courts, mandates that commercial providers of material deemed harmful to minors have to find some method, such as credit card verification, to keep minors off their sites)

Specifically, the DOJ is trying to prove that filters don't work well to protect kids and it turns out that it didn't just want info from search engines. According to InformationWeek's Thomas Claburn:

[T]he Department of Justice disclosed that it has issued to subpoenas to a broad range of companies that includes AT&T, Comcast Cable, Cox Communications, EarthLink, LookSmart, SBC Communications (then separate from AT&T), Symantec, and Verizon.

Asked which companies objected to, or sought to limit, these subpoenas, Department of Justice spokesperson Charles Miller declined to comment because the litigation is ongoing. He also declined to comment on the utility of the information gathered by the government.

The documents presented to InformationWeek reveal that some companies did object to the government's demands. In an E-mail sent to the Department of Justice last July, Fernando Laguarda, an attorney representing Cablevision Systems Corp., characterized some of what the government was asking for as "overly broad, vague, ambitious, and unduly burdensome. [...]

The bulk of the subpoenas were directed at Internet service providers and makers of content filtering software. The effectiveness of filtering technology is a critical issue in the COPA case. If the Department of Justice can prove that filters fail to shield minors from explicit material online, COPA may well be reinstated.

Full Story.

Highlights of the subpoenas, as well as a .zip file of all 54 documents can be found here. (Hat Tip to Richard M. Smith for the last bit of info.)

Posted by Ryan Singel at 12:07 PM | TrackBack

March 28, 2006 | TRUSTe Trusty? A quick case study

As some of you may know, New York Attorney General Eliot Spitzer is suing Gratis Internet, the company behind the freeipods.com and Freepay sites, for violating their privacy policy and renting/selling their 7.2 million customer database to three companies, which used the list to send upwards of 200 million spam messages.

I've been following this pathetic little story for a while and was particularly interested in how TRUSTe, a non-profit organization that certifies privacy policies, would react to seeing one of their former seal holders being sued. The idea behind TRUSTe is that internet users can see the sign and know that a company's privacy policy actually means something.

If the allegations in Spitzer's lawsuit are true (and given that the lawsuit is detailed and includes email quotations, I'd be putting money on his side in this case), then I think netizens should not trust TRUSTe's little logo at all.

Here's a quick little timetable that includes the allegations in Spitzer's suit along with information from my own attempt to get TRUSTe to investigate Gratis.


  • June 2004 -- TRUSTe-certified Gratis rents out database including the names, home addresses, IP addresses and email addresses of 7.2 million customers to Datran Media, despite Gratis's promises never to sell or share this info. Datran Media employee notices the privacy policy and asks Gratis to change it. (Spitzer lawsuit allegation)

  • August 5, 2004 -- Gratis employee Rani Nagpal told TRUSTe employee Heidi Berger: "I think there was some miscommunication about our email list: we just started renting it out to one company." One assumes from this quote that TRUSTe was already getting complaints about spam originating from Gratis. (Spitzer lawsuit allegation)

  • September 15, 2004 -- Filed complaint with TRUSTe about spam arriving from third parties to address given to Gratis.

  • September 24, 2004 Gratis Co-founders Robert Jewell and Peter Martin tell my Wired News colleague Leander Kahney they have never "sold" their email lists but would stop sending email marketing messages.

  • October 5, 2004 -- TRUSTe responds by forwarding me an email from Gratis founder Rob Jewell who says I'm full of it and that "At www.FreeiPods.com and Gratis Internet, we respect the privacy concerns you have addressed in this matter. Please know that we do not share your personal information and in the future will not share this information." Having the proof in my inbox, I ask TRUSTe to actually look at it themselves.

  • October 7, 2004 -- TRUSTe responds saying they actually did do an investigation: "The results of our investigation indicate that Gratis Internet did not violate their privacy policy. [...] Unfortunately, you will have to contact the individual companies that are sending you spam in order to be removed from their lists."

    I make fun of TRUSTe here on the blog, WITHOUT even knowing that, as Spitzer alleges, that TRUSTe already knew that Gratis had violated their privacy policy.

  • December 10, 2005 -- Gratis co-founder Peter Martin writes me in an email: "Privacy is of the utmost importance to us as well. We have never sold any email address to any third party and never will."

  • December 24, 2004 -- Gratis sells JDR Media "access to the email addresses and other personal information on approximately 7,572,425 consumers." (Spitzer allegation)

  • February 9, 2005 -- TRUSTe revokes Gratis's privacy seal for not complying with some required changes. It's not clear what these changes are, but news accounts at the time suggest Gratis employees didn't take a required privacy class. No press accounts suggested that Gratis would have been required to notify all 7 million customers that the contract with them had been broken or that Gratis would be forced to make a public statement attesting to their actions.

  • February 11, 2005 -- TRUSTe and Gratis announce they have come to an agreement on how Gratis can get the seal back. TRUSTe still won't tell public what happened.

  • March 22, 2005 -- Gratis "sold email marketer Jumpstart Technologies access to approximately 1,880,382 names, Hotmail and MSN email addresses and IP addresses it had collected." (Spitzer lawsuit allegation)

  • Week of March 21, 2006 -- Attorney General Eliot Spitzer sues Gratis Internet, seeking damages that could easily put the company out of business. For its part, TRUSTe says almost nothing, except to avoid phone calls, cite "confidentiality agreements" and issue a press release re-iterating that it pulled Gratis's privacy seal.

That, in a time line, is how TRUSTe works for you.

So the next time you go to a website certified by TRUSTe, rest assured that TRUSTe will totally investigate any breaches of a privacy policy and find no evidence, even if they might have been informed months before that the breach happened, and that if it gets really bad, they will pull the seal but offer to reinstate if the company says sorry (in private, to TRUSTe).

Yup, TRUSTe seal or not, the old rules still apply. Don't give out real addresses to companies online, don't trust that market-based compliance programs mean anything, and don't click on the unsubscribe button.

Oh yeah, and there's STILL no such thing as a free lunch, a free iPod or a free privacy compliance program that works in your interest instead of the company that is paying for it.


Technorati Tags: , , , , , , , ,

Posted by Ryan Singel at 01:10 PM | TrackBack

March 24, 2006 | Schadenfreude Pt. II

For those of you playing along with the Freeipods.com lawsuit, here's some extra fun.

Jumpstart Technologies was one of the three companies Freeipods.com (aka Freepay and Gratis Internet) sold their email lists to.

Turns out that on the same day Spitzer filed suit vs. Gratis, the Federal Trade Commission leveled a $900,000 civil penalty for violating the CAN-SPAM Act against the spammers at Jumpstart Technologies. That's the biggest FTC penalty ever for a spam operation.

A big hat tip to Michael over at Spamroll for making the connection.

Posted by Ryan Singel at 04:18 PM | TrackBack

March 24, 2006 | Ticket? Check. I.D.? Nope, but Not a Problem

It's now official.

You don't need identification to travel on an airplane.

Now, the signs in the airport still tell you that you must have identification.

The TSA's website itself states, "Each adult traveler needs to keep available his/her airline boarding pass and government-issued photo ID until exiting the security checkpoint."

Neither those signs nor the TSA's website are true.

Who says?

The TSA.

"Passengers are allowed to enter screening area without identification," TSA spokeswoman Amy Kudwa told this humble reporter today.

I got an off-the-record reason for the untruthful statements in the nation's airports and on the website created with your tax dollars.

The on-the-record answer: "Customers should present government-issued I.D."

As far as I know, this is the first public acknowledgment that the government's official policy is to let people on planes without identification, that is attributed to a TSA employee (the fantastic Sarah Lai Stirland had an unattributed version here.)

The TSA has told the Ninth Circuit in two separate cases (John Gilmore & Daniel Kuualoha Aukai) that airport policy was to let people enter security areas without identification.

Gilmore's Identity Project has been asking for volunteers to see if that was true in ye olde meatspace.

Results, currently mixed. Dog-ate-my homework excuse with contrition gets you less hassle than a flat-out refusal seems to be the pattern, according to folks at the I.D. Project.

So, if you want to fly without identification without telling any white lies, I recommend taking a hearty amount of fortitude and a copy of at least one of the rulings from the Ninth Circuit.

You are likely in for a battle when the security personnel point to the sign and you try to tell them that your government is not actually telling the truth. And that it knows it isn't telling the truth. Good luck with that.


Technorati Tags: , , , , , , ,

Posted by Ryan Singel at 03:42 PM | TrackBack

March 23, 2006 | Lovely Day

Today, March 23, New York's Attorney General Eliot Spitzer filed suit against Gratis Internet , the 'brains' behind the Freepay Freeipods.com pyramid marketing schemes, alleging the company massively violated its privacy policy by selling its customer database to three marketing companies in 2004 and 2005.

All told those 3 companies, namely Datran Media, JDR Media (a spammer whose website registration info is incorrect and whose contact info is broken) and Jumpstart Technologies (best known for spamming the world with fake e-crush emails iin 2002) bombarded Gratis's 7 million customers with close to 350 million spam messages.

Spitzer is seeking enough money that its clear he's trying to put these lying bozos out of business permanently.

Specifically he wants, at minimum, $500 for each New York state resident the company sold out, which would conservatively work out to something around $10 million.

The move against Graits was widely expected since Spitzer announced just last week that it had settled with Datran for $1.1 million for buying and spamming the list despite knowing that the list was protected by a privacy policy.

Last week, Datran's paid shill portrayed Datran as a patsy caught in the crossfire to a number of media outlets, including Red Herring and myself, but today's lawsuit makes clear that Datran bought the emails, noticed the privacy policy and then ASKED Gratis to change it retroactively. (Lovely, lovely work by Datran employee Susan Weiner.)

For those of you unfamiliar with Gratis, the company, which started in 2000, made a splash in 2004 promising and sometimes delivering free ipods to rubes willing to sign up for promotional offers from the likes of CitiBank and Blockbuster and then convince 5 of their friends that they too could get a free ipod if they signed up and got five of their friends to sign up. (More detailed explanation here and here and here)

The result -- a bunch of overly credulous reporters deemed the site legitimate and the internet soon became inundated with pleas from free-lunch believing rubes looking for other free-lunch-believing rubes.

Gratis Internet co-founders Peter Martin and Rob Jewell and their paid PR flack/apologist (from the ostensibly top tier firm Flieshman-Hillard) repeatedly swore up and down to me, Leander at Wired News and anyone else that would listen that Gratis wasn't in the business of spamming people.

According to the AG's lawsuit (.pdf), Martin and Jewell are just a pair of greedy liars.

After explicityly promising consumers that it would never "give out," "provide" or "sell, rent or loan" their information to anyone - including to its "business partners" -- Gratis did just that, for a quick payday.

Notably, Gratis's website's were "certified" by TRUSTe, a "non-profit" third party that certifies privacy policies. The lawsuit raises some VERY interesting questions about this group, (something I'll reserve for another post), but, suffice it to say here, that the new info adds more credence to my conculsion that TRUSTe's logo isn't worth the pixels it is printed with.

Martin and Jewell each made between $1.5 and $3 million in 2004, but only a small percentage, some $430,000, of Gratis's revenue came from the spam contracts, according to Spitzer's lawsuit (second .pdf).

That's really funny, because Spitzer now wants all of it. Not half, Eddie. All of it.

According to the lawsuit, all of the money that "ethical" companies like CitiCorp and Blockbuster paid for customer leads (~$20 to $70 per lead) is tainted by the scam, since Gratis customers would not have signed up if they knew they were going to have their information, including home addresses and IP addresses, sold to spammers like Datran.

Gratis unjustly earned several million dollars in commissions from third parites, by providing those parties with consumers for promotions even though the consumers were deceptively promised that Graits would not share their infromation.

So it looks like Mr. Peter Martin and Robert Jewell's desire to make a few more bucks by selling their customer database to spammers may mean they have to give up all of their earnings to New York's crusading AG, not just the money they made from selling out netizens to spammers.

Could not have happened to a better bunch of greedy scammers.

Oh, and adding to the schadenfreude, some emails I recieved today which included the phrase "class action" indicate that Spitzer isn't the only lawyer interested in suing Mr. Jewell and Mr. Martin for all of their money.

Technorati Tags: , , , , , , , , , , , ,

Posted by Ryan Singel at 11:17 PM | Comments (3) | TrackBack

March 16, 2006 | A Slimy Little World

The world of email marketing, whether that be black hat spammers or the so-called legitimate email marketers, is a slimy little world, one I've had to immerse myself in for the last couple of days.

Datran Media, a leading email marketer, just settled with New York Attorney General Eliot Spitzer for $1.1 million dollars for knowingly buying marketing databases from companies that promised their customers they would never sell or share their info with any third party.

Not surprisingly for any longtime reader of this blog, the biggest list Datran bought was from Gratis Internet, the good guys behind the FreeIpods (now known as Freepay) marketing scheme. (For more on why the scheme won't work out for most people, despite its legality, see one of these prior posts (1, 2)). Gratis remains under investigation by Spitzer, and smart money says they will soon be settling themselves, for a good deal more than $1.1 million.

When Datran bought the list in July 2004, Gratis's privacy policy was certified by Truste, who, after being asked in 2004 to investigate why third parties were spamming Gratis's customers, couldn't find any privacy violation. Nor could Truste be bothered this week to reply to repeated requests to explain their role or why people should continue to trust its seal of approval. For its part, Datran likes to portray itself as being the fall guy -- but Gratis didn't change its privacy policy until sometime in September or October of 2004, way after they got involved with Gratis.

It's all just one slice of a sleazy, sleazy world, and I can only say I'm glad my job doesn't involve barraging people's inboxes with unwanted though ostensibly "legitimate" emails, trying to get people to believe in a free lunch or providing PR cover fire for these slime balls. Leander has more on his run-ins with these fine folks over at the Cult of Mac blog.

Full Wired News story here.

Technorati Tags: , , , , , , , , ,

Posted by Ryan Singel at 01:15 PM | Comments (1) | TrackBack

December 19, 2005 | Something's Happening Here

And the technology they are using isn't quite clear.

I'm becoming more and more convinced (like Noah) by little notes being hit by President Bush, Attorney General Alberto Gonzales and the Deputy Director for National Intelligence General Michael Hayden that the extra-legal NSA wiretaps ordered by the president are using some new technology.

Or more likely, extending some NSA technological method that is clearly legal outside the United States to bear on certain international calls originating in the United States.

At today's press conference with Gonzales, Hayden hinted that the end-run around the FISA court was done for reasons beyond just avoiding annoying paperwork:

FISA involves the process -- FISA involves marshaling arguments; FISA involves looping paperwork around, even in the case of emergency authorizations from the Attorney General. And beyond that, it's a little -- it's difficult for me to get into further discussions as to why this is more optimized under this process without, frankly, revealing too much about what it is we do and why and how we do it.

When asked why the president didn't ask for Congressional authority for this wiretapping, Gonzales said:

We've had discussions with members of Congress, certain members of Congress, about whether or not we could get an amendment to FISA, and we were advised that was not likely to be -- that was not something we could likely get, certainly not without jeopardizing the existence of the program, and therefore, killing the program.

Terrorists and dictators already know their communications can and will be tapped. But what technology don't they know about that the NSA is using here?

Hayden also hinted today that the wiretaps involved suspicions below the level of probable cause.

And here the key is not so much persistence as it is agility. It's a quicker trigger. It's a subtly softer trigger. And the intrusion into privacy -- the intrusion into privacy is significantly less. It's only international calls. The period of time in which we do this is, in most cases, far less than that which would be gained by getting a court order.

And is the period of time shorter in most cases, because the net starts very wide and then is narrowed as the eavesdropping continues?

And what does that "softer trigger" mean? That the program relies on some standard much lower than probable cause as applied to an individual? Maybe something like probable cause to believe someone from the state of Virginia is calling a terrorist?

So does the executive order turn the NSA's ears, data-mining supercomputers and real time transcription powers on ALL calls leaving the U.S. that are bound for Pakistan, Afghanistan, Iran, Somalia and Iraq?

If that's the case, then that's the equivalent of the Catholic Church revealing that for the past three hundred years, the Vatican hasn't believed in the Pope's infallibility.

Rule number one at the NSA is don't spy on Americans.
Rule number two at the NSA is don't talk about the NSA.

This story broke because some at the NSA broke rule number two because they think that rule number one was broken.

The other possibility, suggested to me by someone with experience with wiretapping, is that the NSA may have compromised a hardware manufacturer -- say Motorola or a satellite phone manufacturer, a telecom carrier or a satellite(s).

In any of those scenarios, the NSA would not have to intercept any signals since they would be diverted at the hardware level to the agency. Such power might also give the agency the ability to conduct man-in-the-middle attacks on encrypted communications.

This is a huge story, so little is known at this point and so all we are left with is speculation.

Update: I'm even more convinced that some new technology is being used here, besides traditional wiretaps, based on a just-released July, 2003 letter from Senator Rockefeller to Vice President Cheney outlining his concerns about the eavesdropping.

Rockefeller says he isn't a lawyer or a "technician" and that he can't make a judgement on the program because he can't consult with his staff.

Wiretaps aren't that complicated to understand.

Also, Rockefeller said his briefing reminded him of the Total Information Awareness project (defunded for purposes of data-mining citizens' records, but being developed using black-budget funds for overseas data-mining).

That makes me think the project involved some large scale mostly-suspicionless scanning of outgoing communications. Then, the NSA would focus in on targets, and discard other numbers and email addresses, after some technological sifting.

Josh Marshall has posted two-page hand-written letter.

Technorati Tags: , ,

Posted by Ryan Singel at 09:57 AM | Comments (1) | TrackBack

December 18, 2005 | Bush Wiretaps Supremely Illegal

Who says Bush's end run around surveillance laws are illegal?

The Supreme Court.

Back in 1972, the Supreme Court took on a case (where President Nixon ordered wiretaps on individuals suspected of plotting to bomb a CIA building) and ruled that the President's power under the Constitution to defend the country from attacks does not give the executive the power to unilaterally order wiretaps. (US v. US District Court, 407 U.S. 29)

Official surveillance, whether its purpose be criminal investigation or ongoing intelligence gathering, risks infringement of constitutionally protected privacy of speech. Security surveillances are especially sensitive because of the inherent vagueness of the domestic security concept, the necessarily broad and continuing nature of intelligence gathering, and the temptation to utilize such surveillances to oversee political dissent.

We recognize, as we have before, the constitutional basis of the President's domestic security role, but we think it must be exercised in a manner compatible with the Fourth Amendment. In this case we hold that this requires an appropriate prior warrant procedure.


As I wrote yesterday, this is not a story about the necessity or propriety of the wiretaps, it's about the method used to order the wiretap, a method that shows complete disdain for the principle of checks and balances.
What did the Supreme Court say in 1972 about this very question?
It may well be that, in the instant case, the Government's surveillance of Plamondon's conversations was a reasonable one which readily would have gained prior judicial approval. But this Court "has never sustained a search upon the sole ground that officers reasonably expected to find evidence of a particular crime and voluntarily confined their activities to the least intrusive means consistent with that end." Katz, supra, at 356-357.

The Fourth Amendment contemplates a prior judicial judgment, not the risk that executive discretion may be reasonably exercised. This judicial role accords with our basic constitutional doctrine that individual freedoms will best be preserved through a separation of powers and division of functions among the different branches and levels of Government.


And what does such unchecked surveillance power mean for those who dissent from the Government?
History abundantly documents the tendency of Government - however benevolent and benign its motives - to view with suspicion those who most fervently dispute its policies. Fourth Amendment protections become the more necessary when the targets of official surveillance may be those suspected of unorthodoxy in their political beliefs.

The danger to political dissent is acute where the Government attempts to act under so vague a concept as the power to protect "domestic security." Given the difficulty of defining the domestic security interest, the danger of abuse in acting to protect that interest becomes apparent. […]

The price of lawful public dissent must not be a dread of subjection to an unchecked surveillance power. Nor must the fear of unauthorized official eavesdropping deter vigorous citizen dissent and discussion of Government action in private conversation. For private dissent, no less than open public discourse, is essential to our free society.
The historical judgment, which the Fourth Amendment accepts, is that unreviewed executive discretion may yield too readily to pressures to obtain incriminating evidence and overlook potential invasions of privacy and protected speech.


But what about President Bush's argument that the secret and warrantless searches were reviewed by top administration officials and a secret court judge?
The independent check upon executive discretion is not satisfied, as the Government argues, by "extremely limited" post-surveillance judicial review. Indeed, post-surveillance review would never reach the surveillances which failed to result in prosecutions.

Prior review by a neutral and detached magistrate is the time-tested means of effectuating Fourth Amendment rights.

Supreme Court decisions remain the highest law in this country.

Despite whatever advice President Bush received from his lawyers, it is clear that the NSA wiretaps he ordered were illegal and set a dangerous precedent.

Related posts and stories worth your time:

Technorati Tags: , , , ,

Posted by Ryan Singel at 01:32 PM | Comments (1) | TrackBack

December 16, 2005 | Feinstein: Simply Unacceptable

California Senator Dianne Feinstein (D) on the Senate floor today:

I rise today as a 12-year member of the Senate Judiciary Committee and a 5-year member of the Senate Intelligence Committee. I do so indeed with a very heavy heart. I have had, until now, great confidence in America's intelligence activities. I have assured people time and time again that what happens at home has always been conducted in accordance with the law.

I played a role in the PATRIOT Act. I moved one of the critical amendments having to do with the wall and the FISA court. Today's allegations as written in the New York Times really question whether this is in fact true. I read it with a heavy heart, yet without knowing the full story.

[...]

Section 105 (f) of FISA allows for emergency applications where time is of the essence. But even in these cases, a judge makes the final decision as to whether someone inside the United States of America, a citizen or a non-citizen, is going to have their communications wiretapped or intercepted. The New York Times reports that in 2004, over 1,700 warrants for this kind of wiretapping activity were approved by the FISA Court. The fact of the matter is, FISA can grant emergency approval for wiretaps within hours and even minutes, if necessary.

[...]

I would argue the resolution authorizing use of force [vs. those involved in 9/11 attacks] was not a declaration of war. I read it this morning carefully. It does not authorize the President of the United States to do anything other than use force. It doesn't say he can wiretap people in the United States of America. And apparently, perhaps with some change, but apparently this activity has been going on unbeknownst to most of us in this body and in the other body now since 2002.

The newspaper, the New York Times, states that the President unilaterally decided to ignore this law and ordered subordinates to monitor communications outside of this legal authority.

In the absence of authority under FISA, Americans up till this point have been confident -- and we have assured them -- that such surveillance was prohibited.

This is made explicit in chapter 119 of title 18 of the criminal code which makes it a crime for any person without authorization to intentionally intercept any wire, oral, or electronic communication.

As a member of the Senate Judiciary and Intelligence Committees, I have been repeatedly assured by this administration that their efforts to combat terrorism were being conducted within the law, specifically within the parameters of the Foreign Intelligence Surveillance Act which, as I have just read, makes no exception other than 15 days following a declaration of war.

We have changed aspects of that law at the request of the administration in the USA PATRIOT Act to allow for a more aggressive but still lawful defense against terror. So there have been amendments. But if this article is accurate, it calls into question the integrity and credibility of our Nation's commitment to the rule of law.

I refreshed myself this morning on the fourth amendment to the Bill of Rights of the Constitution of the United States.

Here is what it says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable search and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Clearly an intercept, a wiretap, is a search. It is a common interpretation. A wiretap is a search. You are looking for something. It is a search. It falls under the fourth amendment.

[...]

There is a procedure, and it is timely.

As a matter of fact, we got into this rather seriously in the Judiciary Committee. At the time we wrote the PATRIOT Act, I offered an amendment to change what is called "the wall" between domestic intelligence-gathering agencies and foreign intelligence-gathering agencies from a “primary purpose” for the collection of foreign intelligence to a “significant purpose.” We had a major discussion in the committee, as is the American way. We were making public policy. We discussed what primary purpose meant. We discussed in legal terms what significant purpose meant.

So this was a conscious loosening of a standard in the FISA law to permit the communication of one element of Government with the other and transfer foreign intelligence information from one element of the Government to the other.

That is the way this is done, by law. We are a government of law. The Congress was never asked to give the President the kind of unilateral authority that appears to have been exercised.

I was heartened when Senator Specter also said that he believed that if the New York Times report is true -- and the fact that they have withheld the story for a year leads me to believe it is true, and I have heard no denunciation of it by the administration -- then it is inappropriate, it is a violation of the law.

How can I go out, how can any Member of this body go out, and say that under the PATRIOT Act we protect the rights of American citizens if, in fact, the President is not going to be bound by the law, which is the FISA court?

And there are no exceptions to the FISA court.

So Senator Specter, this morning, as the chairman of the Judiciary Committee, announced that he would hold hearings on this matter the first thing next year. I truly believe this is the most significant thing I have heard in my 12 years. I am so proud of this Government because we are governed by the rule of law, and so few countries can really claim that. I am so proud that nobody can be picked up in the middle of the night and thrown into jail without due process, and that they have due process. That is what makes us different. That is why our Government is so special, and that is why this Constitution is so special.

That is why the fourth amendment was added to the Bill of Rights -- to state clearly that searches and seizures must be carried out under the parameter of law, not on the direction of a President unilaterally.

So I believe the door has been opened to a very major investigation and set of circumstances. I think people who know me in this body know I am not led toward hyperbole, but I cannot stress what happened when I read this story. And everything I hold dear about this country, everything I pledge my allegiance to in that flag, is this kind of protection as provided by the Constitution of the United States and the laws we labor to discuss, argue, debate, enact, then pressure the other body to pass, and then urge the President to sign. That is our process.

If the President wanted this authority, he should have come to the Intelligence Committee for an amendment to FISA, and he did not.

The fact that this has been going on since 2002 -- it is now the end of 2005. Maybe 8 people in these 2 bodies in some way, shape, or form may have known something about it, but the rest of us on the Intelligence Committees did not.

That is simply unacceptable.


Posted by Ryan Singel at 02:39 PM | TrackBack

December 16, 2005 | Spying on American Soil

The National Security Agency has long prided itself on restricting the use of its awesome snooping powers to foreign agents and foreign countries. Now, according to reports in the New York Times and the Washington Post, the NSA has turned its ears to listening in on American soil, without having gotten judicial approval first.

Instead, according to NSA expert James Risen and the Washington Post's Dan Eggen, President Bush signed a secret order in 2002 allowing the NSA to track communications originating in the United States on up to 500 people at a time.

Under a presidential order signed in 2002, the intelligence agency has monitored the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States without warrants over the past three years in an effort to track possible "dirty numbers" linked to Al Qaeda, the officials said. The agency, they said, still seeks warrants to monitor entirely domestic communications.

The previously undisclosed decision to permit some eavesdropping inside the country without court approval was a major shift in American intelligence-gathering practices, particularly for the National Security Agency, whose mission is to spy on communications abroad. As a result, some officials familiar with the continuing operation have questioned whether the surveillance has stretched, if not crossed, constitutional limits on legal searches.

Full story in New York Times by Risen.

This is the second time in a week that the government has been shown to be conducting surveillance on American soil without judicial oversight.

Earlier this week, NBC revealed that a Pentagon spying unit was keeping a secret database that included information on, among other groups, an anti-war Quaker group.

The government has long had the authority to wiretap and track foreign agents and spies, through the ultra-secret Foreign Intelligence Surveillance court, which almost never rejects applications and the Patriot Act specifically made these orders easier to get. In 2004 alone, the court authorized 1,754 wiretap orders.

It's also hard to understand how the order was necessary since in a time of war, the FISA court routinely authorizes emergency orders.

Senator Dianne Feinstein, a hawkish Democrat, had this to say today:

In the absence of authority under FISA, Americans have, until now, been confident that such surveillance was prohibited. This is made explicit in Chapter 119 of Title 18 of the Criminal Code, which makes it a crime for any person, without authorization, to intentionally intercept any wire, oral or electronic communication.

As a member of the Intelligence and Judiciary Committees, I have been repeatedly assured by this Administration that their efforts to combat terrorism were being conducted within the law - specifically, within the parameters of the Foreign Intelligence Surveillance Act.

In fact, we have changed that law, at the request of the Administration in the USA-Patriot Act, to allow for a more aggressive, but still lawful, defense against terrorism.

I have never been more disturbed than I am by this story. If true, it calls into question the integrity and credibility of our nation’s commitment to the rule of law.

We have always been a nation governed by laws, and these allegations, if true, fly in the face of this bedrock constitutional principle.

I turn your attention to my first real blog post, which argued, ala the 9/11 Commission, that a powerful civil liberties board was necessary to keep tabs on anti-terrorism projects because Congress has failed to do so.

Such a board somewhat exists in name, but it is underfunded, toothless and staffed by non-experts and at least one member with a conflict-of-interest.

Here's what I wrote then and I stand by those words even more today:

Regardless of one's position on the Patriot Act and the necessity of increased anti-terrorism powers, it is impossible to ignore that many people fear that the government is abusing its newfound powers.

That perception is only strengthened by the Bush Administration's unwillingness to share information.

How often and for what reasons has the FBI used the National Security Letters provisions of the Patriot Act? That provision gives the FBI wide authority to issue itself administrative subpoenas in order to compel businesses (including ISPs) to provide evidence and business documents to investigators.

How many times has the FBI used that provision? (editor note: The Washington Post reports in 2005 that the FBI has used NSLs some 30,000 times.) We don't know, since the FBI has decided that even aggregate statistics about the use of NSLs are classified. The ACLU, which is suing the FBI over the use of NSLs, has heavily redacted FBI documents that indicate the NSLs are widely used. Now just because they are widely used, that does not mean the FBI is abusing that power.

But how are we to know, given the Attorney General has decided to share as little information as possible? We know how often the government uses regular wiretaps, but that is only because a 25 year old law forces the FBI to report to Congress about how it is using that power every year.

Yet, Congress has been unwilling to require similar public reports about other powers and programs. Their oversight of anti-terrorism programs and powers has been abysmal and the executive branch has continually stonewalled and resisted their meager efforts.

This is exactly why an independent, powerful and balanced civil liberties board is necessary.

There is no real debate that the government should be fighting militant Islamic extremism (which is how I think the government defines the war on terrorism, explicitly excluding domestic right-wing anti-abortion, anti-federal government militants).

If that movement is left unchecked and allowed to grow, millions around the world could lose their lives and liberty to religious extremists who hate modernity.

Our civil liberties, not our economic system, are what should define us as a nation -- the right to petition for the redress of grievances, the right to travel without undue restriction, the right to worship any or no god, the right to be safe in our homes and papers from unjustified government searches, our right to walk the streets without the fear of a cop demanding identification and our right to speak freely in opposition to government.

So to the extent the government needs expanded powers to fight terrorists, so too do we need expanded powers to protect our civil liberties.

For more on this story from a smart lawyer (and a spirited debate in the comments), check Orin Kerr's post.

Posted by Ryan Singel at 11:19 AM | TrackBack

December 11, 2005 | Hacks And Bloggers's Epics on Gilmore Epic

Kevin Drum at the Washington Monthly picked up on the Gilmore Epic, and has prompted me to post this post-mortem media round-up on Gilmore's hearing on Thursday.

My take, published on Thursday in Wired News:

A three-judge panel of the 9th U.S. Circuit Court of Appeals heard arguments Thursday on tech entrepreneur and internet freedom fighter John Gilmore's challenge to a secret government order forcing airline passengers to show identification or submit to a pat-down search.

The hearing pitted a matter-of-fact government attorney against Gilmore's impassioned, podium-banging lawyer, James Harrison, in a closely watched legal battle over government secrecy and antiterrorism measures that has federal officials defending a rule whose existence they will not admit in open court.

Gilmore contends that the policy violates his right to travel and that the additional search of those who don't show ID is a form of punishment.

"When a cop asks you for your ID on the street, you are free to walk away. There is no penalty," Gilmore said outside the courthouse. "If you refuse to show ID at an airport, you can't fly."

In court, Justice Department attorney Joshua Waldman countered that the identification requirement, if it existed, was a minimal intrusion and enhanced airline security.

"The requirement promotes the right to travel by protecting everyone's safety," Waldman said.

The arguments Thursday focused on three issues: whether the identification or search requirement violates the Fourth Amendment, whether the government has to show the public and the courts the text of rules that affect the public, and which court has jurisdiction over constitutional challenges to such rules.

[...]

Appellate Judge Steven Trott repeatedly questioned Harrison about whether asking for identification really implicated the Fourth Amendment's ban on unreasonable searches and seizures, calling it Harrison's "weakest argument."

But Trott also questioned the government's case, asking Waldman why the United States was "playing cat and mouse" with the courts by alternatively referring to the identification-or-search requirement as a policy, a rule and a law-enforcement technique.

The presiding judge, Richard A. Paez, probed Waldman about the government's defense of a rule it refuses, in Waldman's words, "to confirm or deny the existence of."

"Doesn’t that strike you as a bit odd?" Paez asked.

Judge Thomas G. Nelson also questioned the government's secrecy.

"How do we know this is an order?" Nelson asked.

Full story.

Paul Elias, an Associated Press reporter who forgot his driver's license at home and talked his way into the courthouse with a business card and an ATM card with his picture on it, led with this:

A wealthy Libertarian who is fighting a requirement that airline passengers show identification before traveling asked a federal appeals court Thursday to broaden the scope of his battle to cover other forms of commercial transportation.

and noted:

Gilmore arrived in court Thursday wearing Birkenstock sandals and a small pin on his lapel that read "Suspected Terrorist."

That same pin prompted a British Airways pilot to kick Gilmore off a London-bound flight in 2003.

Full story.

Oakland Tribune's premier hack (that's not pejorative) Sean Holstege filed this:

Millionaire John Gilmore didn't show photo identification to walk into a federal courthouse Thursday, where his attorney tried to persuade a panel of appellate judges that nobody should need ID to board an airplane.

Sacramento attorney James Harrison made special arrangements to get his client past the checkpoint, where every other member of the public was asked to show ID. But no such arrangements were possible when Gilmore tried to board a Southwest Airlines flight at Oakland International Airport on July 4, 2002.

Full story

News.com's Declan McCullagh piped in with his usual fine prose style.

A federal appeals court wrestled Thursday with what seems to be a straightforward question: Can Americans be required to show ID on a commercial airline flight?

John Gilmore, an early employee of Sun Microsystems and co-founder of the Electronic Frontier Foundation, says the answer should be "no." The libertarian millionaire sued the Bush administration, which claims that the ID requirement is necessary for security but has refused to identify any actual regulation requiring it

Full story.

My friend Justin Scheck of The Recorder, a West Coast law paper, filed this feature, with some fine coloring:

Bespectacled, bearded and Birkenstocked (with Dr. Seuss socks), John Gilmore cut an appropriately iconoclastic profile Thursday as the centerpiece of a notebook-wielding gaggle in front of the 9th U.S. Circuit Court of Appeals.

Gilmore, a tech-boom multimillionaire who can't fly on airplanes due to his refusal to show identification at airports, is a star -- and major funder -- of the electronic privacy movement.

He's been at the center of an increasingly strange piece of litigation for the past three years since he sued the government, claiming that the requirement to show ID before boarding a plane is unconstitutional.

Complicating matters -- and nourishing conspiracy theories -- is the government's ongoing refusal to disclose what, if any, such requirement is on the books.

(Note to Harrison, telling a legal reporter that the judges you just tried to persuade were "a terrible panel" might not be a great idea.)

Full story.

Tim Cavanaugh of Reason filed this factually-challenged bit for Reason's blog.

Most of today's arguments turned on various points tangential to the central argument. In particular, there's a jurisdictional question about whether the Ninth Circuit should be hearing the case. Both sides argued that the case should be remanded to a "lower court" (presumably the Northern District of California, which dismissed the case last year), though Department of Justice lawyer Joshua Waldman held out the option of the Ninth Circuit's deciding the case on the merits. The interesting part is that the jurisdiction brouhaha arises from the question of who is actually ordering the ID check. The Transportation Security Administration claims it gave an order to demand IDs to the airlines on the authority of Congress, but Congress has not actually issued any law requiring ID checks. Gilmore's lawyer, James P. Harrison, argues that requirement hasn't been made public and is effectively a secret law. Waldman counters that there are many cases where we accept a "legal fiction" that something is in the U.S. Code, that ID requirements are prominently posted at airports, on the TSA website, etc., and that everybody in the courtroom (except Gilmore, who was signed in