Data security and the FBI’s attempts to screw it up

I can’t believe we’re even having this discussion in the USA.

This recent article in National Journal reports on a recent discussion hosted by Christian Science Monitor with Amy Hess, the executive assistant director of the FBI’s science and technology branch. The crux of this discussion was that encryption with “back doors” in it is an acceptable tradeoff for law enforcement.

The problem with Ms. Hess’s (and I would assume also the FBI’s) view is that when it comes down to it, computers are stupid. Example: when I type in my login ID “skquinn” and my password into a computer I have an account on, the computer gives me access based on that password. It’s going to give anyone access who has that password matching up with that login ID, it doesn’t matter whether it’s really me, my mom, a friend of mine, or some bozo that just stole my computer (for all values of “stole” whether it’s basic theft, burglary, or a cop with a warrant). There are ways around that password check, though, and this is why I keep my home directories encrypted (in my case, with eCryptfs).

Ms. Hess’s proposal would ask encryption software developers (such as the developers of eCryptfs) to include alternate ways of accessing the keys to decode my home directory, assumably for law enforcement use pursuant to a valid search warrant. The problem with that is that, again, computers are stupid, and the computer won’t be able to tell if it’s legitimate or not. The key can still be used to compromise my privacy; it’s bad enough if it’s a legitimate law enforcement use, but let’s say it’s some rogue cops who would like to see this blog disappear off the face of the Internet for good?

Real data security, whether the government likes it or not, means it is secure against even law enforcement access without the consent of the owner. Perhaps it could be said, especially against law enforcement access. While I would like to think the government acts in our best interests, there are quite a few instances from around the world past and present where this has not been the case. Present-day China, Nazi-era Germany, and recent governments in the Middle East (Iran, Iraq, Afghanistan) all come to mind. I’m certain that if computing technology like this had existed in the 1940s, Adolf Hitler would have loved to have backdoors like that for surveillance purposes.

It’s not our problem if the FBI or any other law enforcement agency can’t spy on us. I concur with the quote of John Basil Barnhill (mis-attributed to Thomas Jefferson): “When government fears the people, there is liberty. When the people fear the government, there is tyranny.”

I don’t want tyranny. And last I checked, that’s not the Statue of Tyranny standing in New York Harbor, either.

The Fifth Amendment and a school’s drug use survey

This recent article on addictinginfo.org tells the story of John Dryden, an Illinois high school teacher who informed students of their Fifth Amendment rights before handing them a survey which contained questions about such things as drug and alcohol use. John saw the students’ names were on the surveys, and feared the worst. This follow-up story from the Kane County Chronicle indicates he was not the only teacher to do so; however, John was singled out by the school board for some reason, and his reward for this was a written warning of improper conduct, and he was docked one day’s pay.

To their credit, the school board’s side of this is that students are already protected from self-incrimination at school based on existing laws. Even if this is the case, this is knowledge that is sufficiently uncommon that at least one teacher didn’t know it. Given the number of students that are arrested at school these days, it’s really hard for me personally to fault John for looking out for his students, especially given that it was not immediately obvious to him that students could opt out.

What also stuck out is the pre-printing of students’ names on surveys with such personal questions. This presents two problems. First, the students that opt-out will have a blank form with their name on it hanging around. Second, it’s way too easy for either the filled-out forms or the blank forms with the students’ names on them to get in the wrong hands. The surveys should not be keyed on name at all, but on a student ID number which is only ever shared with the student, the parents, and the appropriate members of school staff, specifically for surveys such as this one. Student privacy should come first, not be an afterthought.

I hope word gets around to the other school districts, not just in Illinois, but across the US, about this survey as it was handled at this school. It is an example of something that needs to be highlighted as an example of what not to do.

GM/OnStar “spy car” T&C update: followup 1

Oh, the things I find out by reading.

The thoughts that I were left with when finishing the earlier post about GM/OnStar were along the lines of “people really should not have to disconnect OnStar to preserve their privacy, there has to be something I am missing”. And in addition to being incorrect about being able to disconnect OnStar by just pulling a fuse (sometimes you disconnect more than just OnStar that way, unless you go straight to the OnStar box and disconnect power there), I also had no idea, until today, that Texas law actually forbids some of what GM is doing.

I was looking up something in the Texas Transportation Code researching an unrelated matter, and happened to notice http://www.statutes.legis.state.tx.us/Docs/TN/htm/TN.547.htm#547.615 entited “Recording Devices” which appears to address services such as OnStar. I have reproduced the section in its entirety below:

Sec. 547.615.  RECORDING DEVICES. (a) In this
section:

(1)  "Owner" means a person who:

(A)  has all the incidents of ownership of a motor
vehicle, including legal title, regardless of
whether the person lends, rents, or creates a
security interest in the vehicle;

(B)  is entitled to possession of a motor vehicle
as a purchaser under a security agreement; or

(C)  is entitled to possession of a motor vehicle
as a lessee under a written lease agreement if the
agreement is for a period of not less than three
months.

(2)  "Recording device" means a feature that is
installed by the manufacturer in a motor vehicle
and that does any of the following for the purpose
of retrieving information from the vehicle after
an accident in which the vehicle has been
involved:

(A)  records the speed and direction the vehicle
is traveling;

(B)  records vehicle location data;

(C)  records steering performance;

(D)  records brake performance, including
information on whether brakes were applied before
an accident;

(E)  records the driver's safety belt status; or

(F)  transmits information concerning the accident
to a central communications system when the
accident occurs.

(b)  A manufacturer of a new motor vehicle that is
sold or leased in this state and that is equipped
with a recording device shall disclose that fact
in the owner's manual of the vehicle.

(c)  Information recorded or transmitted by a
recording device may not be retrieved by a person
other than the owner of the motor vehicle in which
the recording device is installed except:

(1)  on court order;

(2)  with the consent of the owner for any
purpose, including for the purpose of diagnosing,
servicing, or repairing the motor vehicle;

(3)  for the purpose of improving motor vehicle
safety, including for medical research on the
human body's reaction to motor vehicle accidents,
if the identity of the owner or driver of the
vehicle is not disclosed in connection with the
retrieved information; or

(4)  for the purpose of determining the need for
or facilitating emergency medical response in the
event of a motor vehicle accident.

(d)  For information recorded or transmitted by a
recording device described by Subsection
(a)(2)(B), a court order may be obtained only
after a showing that:

(1)  retrieval of the information is necessary to
protect the public safety; or

(2)  the information is evidence of an offense or
constitutes evidence that a particular person
committed an offense.

(e)  For the purposes of Subsection (c)(3):

(1)  disclosure of a motor vehicle's vehicle
identification number with the last six digits
deleted or redacted is not disclosure of the
identity of the owner or driver; and

(2)  retrieved information may be disclosed only:

(A)  for the purposes of motor vehicle safety and
medical research communities to advance the
purposes described in Subsection (c)(3); or

(B)  to a data processor solely for the purposes
described in Subsection (c)(3).

(f)  If a recording device is used as part of a
subscription service, the subscription service
agreement must disclose that the device may record
or transmit information as described by Subsection
(a)(2).  Subsection (c) does not apply to a
subscription service under this subsection.

Added by Acts 2005, 79th Leg., Ch. 910, Sec. 1,
eff. September 1, 2006.

So, according to my interpretation of the law, it would appear that GM/OnStar can’t do what they plan to do with non-subscriber info. It is unfortunate that the law, as written, has a loophole in it that’s (pardon the awful pun) big enough to drive a truck through. Subscribers should be protected from undesired privacy invasion such as that which GM/OnStar is effecting with their change in terms and conditions.

I’d like to know what the official GM/OnStar line is regarding Texas Transportation Code section 547.615. Shouldn’t Federal law also prohibit what GM/OnStar is changing the T&C to allow? I think it should, and I doubt I am the only one.

GM enters the spy car business with OnStar T&C update

In the past I’ve written about some pretty evil things done by large corporations: Google, Apple, Microsoft, AT&T, and a few others. What I read today, though, sets a new low, and from a most unlikely source.

Jonathan Zdziarski recently wrote a piece on GM’s OnStar service and a recent update to its terms and conditions. Jonathan was disturbed, to the point where he immediately canceled his OnStar service. And I don’t blame him; from the looks of it, GM vehicles with OnStar are now spy cars–and I don’t mean the James Bond type, either, I mean the type that spy on you. From the article:

OnStar’s latest T&C has some very unsettling updates to it, which include the ability to sell your personal GPS location information, speed, safety belt usage, and other information to third parties, including law enforcement. To add insult to a slap in the face, the company insists they will continue collecting and selling this personal information even after you cancel your service, unless you specifically shut down the data connection to the vehicle after canceling.
[…]
As you scroll down the list of information collected, you see that once you get past important emergency services (what we pay OnStar for), OnStar now has given themselves the right to also use this information to stuff their pockets. OnStar has granted themselves the right to collect this information “for any purpose, at any time, provided that following collection of such location and speed information identifiable to your Vehicle, it is shared only on an anonymized basis.”

(some emphasis added)

As Jonathan goes on to say, there really is no such thing as anonymized GPS data. It’s a simple matter to find the GPS coordinates where a vehicle is parked at least 12 hours out of the day, and assume that’s probably the owner’s residence. If location is involved at all, the data is not anonymized.

I’m disturbed enough that this data is being shared with law enforcement; if OnStar knows a car regularly exceeds an underposted speed limit by 10 miles per hour or more, and shares that with the cops, that’s problem enough right there. Especially when they know, for example, there are sports car models or high-end luxury vehicle models disregarding the posted limits (i.e. vehicle owners that can definitely afford tickets and are ideal for maximizing revenue). It’d be bad enough if the privacy invasion affected only GM vehicle owners, but the invasion of privacy actually spills over to the rest of us that will never buy another GM vehicle.

Again quoting Jonathan:

This is too shady, especially for a company that you’re supposed to trust your family to. My vehicle’s location is my life, it’s where I go on a daily basis. It’s private. It’s mine. I shouldn’t have to have a company like OnStar steal my personal and private life just to purchase an emergency response service. Taking my private life and selling it to third party advertisers, law enforcement, and God knows who else is morally inept. Shame on you, OnStar. You disgust me.

I couldn’t have said it any better myself.

Particuarly infuriating, is that we, the government, bailed out GM, and they repay our gratitude by doing something that is downright un-American. This country was founded on privacy; see the Fourth and Fifth Amendments to the Constitution (and it’s quite possible other amendments, such as the Ninth and Tenth, apply as well in certain cases). This is a wholesale invasion of our privacy, that has a disastrous effect on all of us, GM customers or not.

I’m horrified. This is inexcusable. Shame on you, GM. I wish you a speedy bankruptcy, this time without a taxpayer bailout.

Action items for my readers:

  • First, be aware of the issue. This affects you if you own, drive, or ride in a GM vehicle with OnStar service, even if the OnStar service is not active, unless the OnStar circuit has been deactivated by pulling the fuse.
  • If you don’t like what GM is doing here, and you own one or more GM vehicles with OnStar capability, cancel the service and remove the OnStar fuse (search in your favorite search engine for “onstar fuse location” followed by the make, model, and model year of your vehicle).
  • If you drive someone else’s GM vehicle with OnStar capability, be aware your privacy basically doesn’t exist if the OnStar circuit is active. Whether or not you pull the OnStar fuse for the time you’re driving the vehicle is your decision; the possible unhappiness of the vehicle’s owner should be weighed against your lack of privacy. Likewise, when you’re done driving that vehicle, put the fuse back in if you took it out (unless the owner instructs you otherwise).
  • Since seat belt information is involved, this technically even affects passengers in a GM vehicle with OnStar capability. Unfortunately, you may not have much choice here, as many state laws now require seat belt usage for all passengers, front seat or otherwise.
  • If you are in the market for a new car, and a GM vehicle was on the list, it’s time to rethink that. It goes without saying I think this is reason enough to disqualify all GM vehicles from consideration.

A new twist on “school-owned”

A recent Computerworld story reveals a shocking violation of student privacy from a Pennsylvania school district.

The Lower Merion School District of Ardmore, Pennsylvania, provided laptops to its students, complete with webcams. This by itself is not an issue. What is an issue is that the school district had the ability to remotely activate the webcam and see whatever was in front of it, without the students’ or parents’ consent or knowledge.

From the article:

Michael and Holly Robbins of Penn Valley, Pa., said they first found out about the alleged spying last November after their son Blake was accused by a Harriton High School official of “improper behavior in his home” and shown a photograph taken by his laptop.

An assistant principal at Harriton later confirmed that the district could remotely activate the Webcam in students’ laptops. “Michael Robbins thereafter verified, through [Assistant Principal] Ms. Matsko, that the school district in fact has the ability to remotely activate the Webcam contained in a student’s personal laptop computer issued by the school district at any time it chose and to view and capture whatever images were in front of the Webcam, all without the knowledge, permission or authorization of any persons then and there using the laptop computer,” the lawsuit stated.

What could they possibly have been thinking?

While at school or at school-sponsored activities, discipline is the school’s responsibility. Cameras in schools and on school buses are fine. However, it is really not the school’s realm to discipline outside of school hours and school functions, and usually what goes on at home is none of school officials’ business. (I say “usually” because adults have the legal responsibility to report suspected child abuse and things of that nature.)

Shame on the snoops at Harriton High. And kids, don’t assume anything about that shiny laptop the school gave you; if it’s the school’s computer, there’s the ever-present possibility it can do anything the school wants, including rat you out at home. Just ask Blake.