As you probably know, early this month, a judge ordered Google, which owns YouTube, to turn over to Viacom records of which users watched which videos on YouTube. (Google Told to Turn Over User Data of YouTube by Miguel Helft, New York Times, July 4, 2008.) As the Times noted, "The amount of data covered by the order is staggering, as it includes every video watched on YouTube since its founding in 2005. In April alone, 82 million people in the United States watched 4.1 billion clips there.... Some experts say virtually every Internet user has visited YouTube."

What relevance does this have for documents librarians and government-information-using-citizens? Simply, this: whenever an information provider collects and retains records of information use it puts the privacy of information users at risk regardless of its own intentions. As an editorial in the Los Angeles Times said yesterday:

...the lawsuit illustrates how YouTube threatens its users' privacy simply by collecting and retaining so much data. Just because Viacom isn't interested in users' identities doesn't mean that other copyright holders, law enforcement agencies or aggrieved parties won't be.

Stanton's order is a reminder that websites shouldn't retain personally identifiable data any longer than the law or their services require. Google argues that the data enable it to improve its services, combat fraud and personalize offerings. Its approach, though, reflects an engineer's habit of hoarding information for the sake of as-yet-unimagined features, not the cautious practices of a privacy-conscious company.
-- Why is YouTube hoarding data?, Los Angeles Times, July 10, 2008.

See also

Will GPO guarantee user privacy? Can it?

Nevada Library Assn presentation: Privacy

Privacy: "I have nothing to hide"

Privacy and the "Terrorist Surveillance Act"

A new, in-depth story by Naomi Klein examines "Golden Shield," China's prototype for a high-tech police state. She says that China is building its systems with the help of U.S. defense contractors, that the global homeland-security business is bigger than Hollywood and the music industry combined, and that the U.S. Government is mining China's experiences for ideas for its own surveillance programs.

• China's All-Seeing Eye, by Naomi Klein, Rollingstone, May 29, 2008. "Like everything else assembled in China with American parts, Police State 2.0 is ready for export to a neighborhood near you."

Klein says that the United States is providing China's rulers with something even more valuable than surveillance technology: "...the ability to claim that they are just like us. Liu Zhengrong, a senior official dealing with China's Internet policy, has defended Golden Shield and other repressive measures by invoking the Patriot Act and the FBI's massive e-mail-mining operations." And, the Chinese rationalize surveillance of their own citizens the same way many do in the United States: "If you are a law-abiding citizen, you shouldn't be afraid... The criminals are the only ones who should be afraid." (See also: Privacy: "I have nothing to hide" and Privacy and the "Terrorist Surveillance Act.")

Klein notes that human-rights activists say that although the surveillance tools used by China and the U.S. are the same, the political contexts are radically different. "China has a government that uses its high-tech web to imprison and torture peaceful protesters, Tibetan monks and independent-minded journalists." But she also notes that Guantánamo Bay, the erosion of the Fourth Amendment prohibition against illegal searches and seizures, and the fact that the U.S. currently has more people behind bars than China despite a population less than a quarter of its size all mean that "the lines are getting awfully blurry."

What relevance does this have for government information specialists? As we at FGI have pointed out before, when the only "authentic" copy of government information is available from government-controlled computers rather than from privacy-protecting libraries, the freedom to read is eroded and the infrastructure for government spying on what you are reading is enabled. (See also: Will GPO guarantee user privacy? Can it?.)

See also: China's Golden Shield: Corporations and the Development of Surveillance Technology in the People's Republic of China, by Greg Walton, October 2001, Rights & Democracy.

Senators Ask FBI to Explain Flawed 'National Security Letter' to Internet Archive, By Ryan Singel, Wired Blog, May 15, 2008.

A bipartisan group of U.S. senators is asking FBI head Robert Mueller to explain why the feds sought records from the Internet Archive, a digital library, using a controversial administrative subpoena known as a National Security Letter, which is intended for a communications service providers....

Specifically, they asked Mueller if the FBI actually believed that the Internet Archive was an communications service provider. If it were, FBI agents could get subscriber records using an NSL under the auspices of the Electronic Communications Protection Act. But if the Internet Archive is a library, that subpoena would be inapplicable and possibly illegal. That would mean that the NSL should be reported to the Intelligence Oversight Board as a possible violation of law.

The senators are asking Mueller if the Internet Archive subpoena actually was reported to the board.

The U.S. Federal Bureau of Investigation (FBI) has withdrawn a secret demand, issued as a national security letter (NSL), that the Internet Archive (IA) provide the agency with a user's personal information after Brewster Kahle, the Electronic Frontier Foundation (EFF), and the American Civil Liberties Union (ACLU) challenged the records request in court.

• FBI Withdraws Unconstitutional NSL Served on Internet Archive, ACLU. (Includes links to documents)

Since the Patriot Act was authorized in 2001, relaxing restrictions on the FBI's use of the power, the number of NSLs issued has seen an astronomical increase. Reports from the Justice Department's Inspector General reveal that the FBI has issued nearly 200,000 NSL between 2003 and 2006. Multiple investigations have found serious FBI abuses of regulations and numerous potential violations of the law.

• Internet Archive Challenges F.B.I.’s Secret Records Demand, by Grant Gross, IDG News Service, New York Times, May 7, 2008 (or Internet Archive challenges FBI's secret records demand, by Grant Gross, in InfoWorld).

In each of the three court challenges to the NSL program, the FBI has withdrawn the information demands, ACLU's Goodman said. "I think that calls into question how much the FBI needed the information in the first place and, frankly, whether the FBI needs this kind of sweeping and unchecked surveillance power," she said.

Centers Tap Into Personal Databases, By Robert O'Harrow Jr., Washington Post, April 2, 2008; page A01.

Intelligence centers run by states across the country have access to personal information about millions of Americans, including unlisted cellphone numbers, insurance claims, driver's license photographs and credit reports, according to a document obtained by The Washington Post.

See other Fusion Center stories at FGI.

Over the last six years the government has established more than 40 state, local, and regional "fusion centers" to integrate information and intelligence from the federal government, state, local, and tribal governments, and the private sector to identify risks to people, economic infrastructure, and communities, to prevent terrorist attacks, and to respond to natural disasters and manmade threats. The report notes that fusion centers "represent a fundamental change in the philosophy toward homeland defense and law enforcement" and "a shift towards a more proactive approach to law enforcement."

Fusion centers are created by the states and are largely financed and staffed by the states. Curiously, for centers that produce and control so much potentially sensitive and private information and that work in cooperation with the private sector, there is no one model for how a center should be structured.

Of note, the DHS Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement (ADVISE) program, which is being developed to "analyze large amounts of data, such as the relationships among people, organizations, and events" when fully functioning may have the ability to receive and provide information to the nation's fusion centers to assist with analytic strategic indications and warnings. Should ADVISE or other data collection and analysis programs become fully functional and accessible by fusion centers, some might see this as a devolution of national intelligence capabilities from the federal government to state governments resulting in the encroachment on individual civil liberties. Some are concerned that as fusion centers and the IC agencies codify relationships, there is increased potential for misuse of private sector data. It could be argued that such a relationship will allow state entities to act as agents of the federal government in performing federal intelligence community activities that violate federal privacy laws.

This CRS report includes over 30 options for congressional consideration to clarify and potentially enhance the federal government's relationship with fusion centers including drafting of a formal national fusion center strategy. The report examines, among many other things, civil liberties concerns and violations, and private sector purposes and roles in fusion centers.

• Fusion Centers: Issues and Options for Congress, updated January 18, 2008. by John Rollins, Congressional Research Service, Order Code RL34070.

Our thanks to Steven Aftergood for identifying and housing this report. See more of today's goodies here: Comprehensive Nuclear Test Ban Treaty, and More from CRS, by Steven Aftergood, Secrecy News (March 3, 2008). Also see earlier FGI posts: What is wrong with Fusion Centers and Groups seek definition of terrorism at government and private sector information-sharing centers.

Congress worries that .gov monitoring will spy on Americans. News.com
February 28, 2008

A new Bush administration plan to capture and analyze traffic on all federal government networks in real time is generating privacy worries from congressional Democrats and Republicans alike.

At a hearing convened here Thursday by the U.S. House of Representatives Homeland Security Committee, politicians directed pointed questions to Department of Homeland Security officials about their plans to expand an existing "intrusion detection" system known as Einstein. Among other things, the system will monitor visits from Americans--and foreigners--visiting .gov Web sites.

And, a related article:

House Lawmakers Question Privacy in Cyber-Security Plan. By Brian Krebs, Washington Post, February 29, 2008.

House lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to secure federal computer networks from hackers and foreign adversaries, as new details emerged about the largely classified program.

The unclassified portions of the project, known as the "cyber initiative," focus on drastically reducing the number of connections between federal agency networks and the Internet, and more closely monitoring those networks for malicious activity. Slightly more than half of all agencies have deployed the Department of Homeland Security's program.
 

This is a very useful and thoughtful piece that starts with musings on Facebook and privacy issues and addresses much larger issues that affect libraries and library users and academic publishing. This is a must read.

• Face Value, By Barbara Fister, Inside Higher Ed (Feb. 18, 2008).

Sample:

Libraries have always taken privacy seriously - not because it's valuable in itself, but because it's a necessary condition for the freedom to read whatever you want without risk of penalty. When the PATRIOT Act was passed, librarians checked to make sure their databases erased the connection between a book and its borrower as soon as the book was returned. That erasure, however, makes it harder to offer the kind of personalization, such as recommendations based on previous book choices, that the public increasingly expects from online systems. After all, it's what they get from Amazon.

...[W]e've barely begun to examine the unintended consequences of the Faustian bargain we strike when we share content through privately-owned digital domains of the public sphere.

Joe Esposito pointed to this article in a posting to the liblicense-l mailing list and he says:

As I was reading this, I reflected on an ongoing conversation with a friend of mine, a former Congressional staffer, about the growing political need for Google to be declared a regulated public utiility, like the AT&T of yesteryear. Too much power in the hands of too few: it's morally wrong, and socially dangerous.

I would just add to this that, when we rely on the government to be the only official repository of all government information, we are putting too much power in the hands of too few.  We are allowing the government to be the only entity that controls access to that information and the privacy or lack of privacy of all readers of that information. The solution to that is to build  collections of digital government information is libraries.  We have barely begun to understand the Faustian bargain we strike when we share content through a single government-controlled digital repository.

Fister is a librarian at Gustavus Adolphus College. Her blog is barbara fister's place.

Siva Vaidhyanathan has an exceptionally good article about privacy in the current The Chronicle of Higher Education.

• Naked in the 'Nonopticon', Surveillance and marketing combine to strip away our privacy By Siva Vaidhyanathan, The Chronicle of Higher Education, "The Chronicle Review" Volume 54, Issue 23, Page B7, (February 15, 2008). [no subscription requred]

"The Nonopticon" is a state of being watched without knowing that you are being watched or at least not knowing the extent to which you are being watched. Reviewing the book Privacy in Peril by sociologist James B. Rule, he says:

Every incentive in a market economy pushes companies to collect more and better data on us. Every incentive in a state bureaucracy encourages extensive surveillance. Only widespread political action can put a stop to it. Small changes, like better privacy policies by companies like Google and Amazon.com, are not going to make much difference in the long run, Rule argues. The challenge is too large and the risks too great.

Abracadabra! Bush Makes Privacy Board Vanish, By Ryan Singel, WIRED, Feb 4, 2008

The Bush administration has failed to nominate any candidates to a newly empowered privacy and civil-liberties commission [the Privacy and Civil Liberty Oversight Board]. This leaves the board without any members, even as Congress prepares to give the Bush administration extraordinary powers to wiretap without warrants inside the United States... Terms for the board's original members expired on Jan. 30.

 

A new ACLU report says that government "fusion centers" have not been planned in a public, open manner and that some are engaging in improper intelligence activities and endanger the privacy of citizens.

• What’s Wrong With Fusion Centers?, by Michael German and Jay Stanley, American Civil Liberties Union, December 2007.

This report is intended to serve as a primer that explains what fusion centers are, and how and why they were created. It details potential problems fusion centers present to the privacy and civil liberties of ordinary Americans, including: Ambiguous Lines of Authority... Private Sector Participation... Military Participation... Data Mining... and Excessive Secrecy.

See also: Groups seek definition of terrorism at government and private sector information-sharing centers.

The White House released a "National Strategy for Information Sharing" at the end of October. It sets up "fusion centers" to share information.   No, not share government information with citizens, but "terrorism data" with all levels of government and the private sector.  It's mission: to "facilitate the production of Federally-coordinated terrorism information products intended for dissemination to State, local, tribal, and private sector partners." But the strategy evidently does not define "terrorism" and thus endangers civil liberties:

• Strategy refines fusion centers' role, by Ben Bain, Federal Computer Week, November 5, 2007. "An expanded scope for the centers alarms privacy groups who fear misuse of data"

A recent CRS report notes that "less than 15% of the fusion centers interviewed for this report described their mission as solely counterterrorism" and also says:

There are several risks to the fusion center concept -- including potential privacy and civil liberties violations, and the possible inability of fusion centers to demonstrate utility in the absence of future terrorist attacks, particularly during periods of relative state fiscal austerity. Fusion centers are state-created entities largely financed and staffed by the states, and there is no one "model" for how a center should be structured. State and local law enforcement and criminal intelligence seem to be at the core of many of the centers. Although many of the centers initially had purely counterterrorism goals, for numerous reasons, they have increasingly gravitated toward an all-crimes and even broader all-hazards approach. While many of the centers have prevention of attacks as a high priority, little "true fusion," or analysis of disparate data sources, identification of intelligence gaps, and pro-active collection of intelligence against those gaps which could contribute to prevention is occurring.

To me, this seems like more of what we have seen lately: a proclivity by government to want to cast a net over everyone hoping to find terrorists while labeling these surveillance activities as "terrorist surveillance" or, in this case, the sharing of "terrorism-related information." The fact is that, even if the term "terrorism" was well defined, the design of this program is to share all kinds of information -- not just "terrorism-related" information -- on all kinds of people -- not just "terrorists." This is further complicated by the government getting information that it is not permitted to collect by getting it from the private sector and possibly sharing information that the private sector would normally have no legal method of obtaining with the private sector.

In a related story, the government is continuing to fight for the right to get personal telephone, e-mail and financial records without a judge's approval (Feds fight ruling on information requests, by Larry Neumeister, Associated Press / USA TODAY,November 5, 2007).

Background On Fusion Centers

• Fact Sheet: National Strategy for Information Sharing, White House, Office of the Press Secretary, October 31, 2007. "New Strategy Builds On Progress To Establish Integrated National Capability For Terrorism-Related Information Sharing Among Federal, State, Local, And Tribal Officials, Private Sector, And Foreign Partners"
• NATIONAL STRATEGY FOR INFORMATION SHARING: Successes and Challenges In Improving Terrorism-Related Information Sharing (PDF) National Security Council October 2007
• Fusion Centers: Issues and Options for Congress, by Todd Masse, Siobhan O'Neil, and John Rollins, Congressional Research Service, Order Code RL34070, July 06, 2007
• A Summary of Fusion Centers: Core Issues and Options for Congress, by Todd Masse and John Rollins, Congressional Research Service, Order Code RL34177, September 19, 2007. "Summarizes the main points of CRS Report RL34070, Fusion Centers: Issues and Options for Congress."

Google. Who's looking at you?, by John Arlidge, The Sunday Times, October 21, 2007. "It wants to know everything about you. It wants to be your best friend -- or your Big Brother. Are your secrets safe with Google?"

Google's overall goal is to have a record of every e-mail we have ever written, every contact whose details we have recorded, every file we have created, every picture we have taken and saved, every appointment we have made, every website we have visited, every search query we have typed into its home page, every ad we have clicked on, and everything we have bought online. It wants to know and record where we have been and, thanks to our search history of airlines, car-hire firms and MapQuest, where we are going in the future and when.

This would not just make Google the largest, most powerful super-computer ever; it would make it the most powerful institution in history. Small wonder that the London-based human-rights group Privacy International has condemned its plans as "hostile to privacy", and EU ministers called Google's vision "Orwellian". Even John Battelle, one of the net's leading evangelists, who co-founded the technology bible Wired magazine, and wrote The Search, the definitive study of Google's rise, now says: "I've found myself more and more wary of Google, out of some primal, lizard-brain fear of giving too much control of my data to one source."

(see also: Google: "We don't know enough about you"... yet.)

The "right to read" is essential in a democracy and is abridged when citizens can get "authentic" government information only from government-controlled
computers. 

Stories such as the following two make us even more concerned about privacy and the right to read because they show the lengths to which the government will go when it has any access to information about the reading habits of citizens.

It is particularly revealing that these articles show that the government defends its right to do this by saying that some materials are acceptable and some are not. A DHS spokesman says, "We are completely uninterested in the latest Tom Clancy novel that the traveler may be reading" but the book "Drugs and Your Rights" fell into the category of an item that "leads the inspection officer to conclude there could be a possible violation of the law." 

This is precisely the problem.  Under these conditions, citizens may fear reading things that they think a low level bureaucrat might find suspicious -- and thus the right to read is abridged.

• U.S. Airport Screeners Are Watching What You Read, by Ryan Singel, WIRED (09.20.07)

• Collecting of Details on Travelers Documented; U.S. Effort More Extensive Than Previously Known by Ellen Nakashima Washington Post (September 22, 2007)

See also: Rovere on Privacy and Privacy: "I have nothing to hide" and Privacy and the "Terrorist Surveillance Act"

David Weinberger, author of Everything Is Miscellaneous, has written a typically thoughtful and thought-provoking piece about privacy in the digital age:

• The Privacy Non-Principle by David Weinberger, Journal of the Hyperlinked Organization (August 31 , 2007)

Back before the information age, privacy had a fairly well-defined set of applications. It covered what authorities could ask about you, and acts you wouldn't feel comfortable performing in the middle of a skating rink. But now it applies to wherever there's information. And nowadays, everything is information.

Although a lot of David's examples deal with online merchants, I believe much of this applies to government information as well. One way it does is summed up in David's quote of Brad Templeton's law : "If you make something easy to do, it will be done more often."

And more:

The easier it is to give somebody ID information, the more often it will be done. And the easier it is to give ID information, the more palatable it is to ask for, or demand it.

If we agree to systems that only allow us to get "authentic" government information from government-controlled web servers, it will be easy for government to ask for and even demand personal information -- and easier for users to give that information. And once the government has that information, the same principle applies to government's use of our personal information. That situation is one that we do not want to encourage or facilitate, regardless of current policies and principles of existing government agencies.