Legal Devices for Spying
Executive Order 12333
Signed by President Reagan, it allows the US to collect information from abroad. The Internet has made the term “abroad” essentially meaningless thanks to web site servers being hosted abroad but run by American businesses (or vice versa). The trump card here is that the government can collect this data without a warrant.
FISA (Foreign Intelligence Surveillance Act) Amendments
Signed by President Bush (the second one), it allows for wiretapping of phone conversations with people outside the US. Again, it can be done without a warrant
Launched by the NSA in 2007, companies like Google, Apple, Microsoft, and Facebook hand over data they collect on their users to the government. Another interesting activity is something called “Upstreaming” where the big underwater cables that carry the data from the internet overseas are tapped and the NSA collects all the information that goes through.
USA PATRIOT Act
(a.k.a. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.)
Signed by President Bush (again, Dubya) and it allows for the collection of metadata. It was originally known as the Library Records Provision. The government was after the metadata about patrons and which books they checked out. It morphed into massive collection of location information on cellphones. Ostensibly, this was to track terrorists living in the country.
A Couple of Sites
- http://immersion.media.mit.edu For those folks that may be unconvinced about the power of metadata, MIT has an example of the connections that can be made using the metadata surrounding a person’s Gmail account
- http://oecdprivacy.org/ For those folks looking for a framework of what privacy should entail
What Can Libraries Do?
- Don’t create any information you don’t have to. Or don’t keep information you had to create for long. Examples are reading history for patrons in the catalog or library cards used to log onto public PCs.
- Publish guidelines for librarians detailing what they should do if approached by law enforcement requesting information. This takes the guesswork out of things and will help those folks unsure of what to do.
Types of Request
- Asked to produce some information– The first thing to know is that you are under no legal obligation to give any information without a warrant or subpoena. If they insist say “I do not consent to this search.” That’ll make the use of any information gained hard to use.
- Approached with a warrant– You can ask him or her to wait until you have a lawyer examine the warrant. If they say no, you can check it yourself. Details to verify include:
- Was it issued locally?
- When was it issued?
- Was it signed by a judge?
- Is the information they’re looking for clearly (and narrowly) specified?
- National Security Letter- This is like a warrant but not signed by a judge, just a federal officer. They usually come with a gag order. Exceptions to that gag order always include: staff needed to satisfy the request and your lawyer. Always call the ACLU when you get one of these!
- Subpoena- This is when the grand jury needs information to make a decision. Unlike a warrant the information does not need to be provided right away. So take your time and talk to your lawyer.
- Administrative Subpoena- This usually goes after some metadata. Again, not signed by a judge. This time the DA issues it. And again, let the ACLU know.
What You Can Do
There is plenty of ways to make sure patron information isn’t available on public PCs. These ways can also be done on your own computers both at work and at home. I’m just going to provide a quick list because the Watertown Free Public Library is doing great stuff and should get the lion’s share of the credit here. To get more info, go: http://watertownlib.org/privacy-tools
- Use Firefox. It’s the only open source browser and it’s run by a non-profit organization.
- Install some plug-ins to enhance privacy provided by Firefox:
- Ad Block Plus- block popups and the like
- Disconnect Me- blocks scripts aimed at pulling data from your computer
- HTTPS Everywhere- requires all parts of the website to use a secure protocol (think submitting comments)
- DuckDuckGo- a search engine that doesn’t track you
- Terms of Service DR- grades how transparent web sites are with their terms of service agreements
- Avast- an antivirus plug-in
- LastPass- stores all your passwords (encrypted) so you don’t have to remember them.
Quote of the Day
“For those people who say these types of surveillance measures can help prevent terrorist attacks, I just say they were in place during the marathon bombing. How useful were they then?”
I may have mis-stated something, or missed something altogether. I sit up front during these things but my dastardly hearing difficulties always dash my hopes of catching everything. So if you were there and see a mistake in this post, please leave a comment correcting me! If you weren’t there and still see something, please comment as well.