FYI – when you send a DM, the receiver CAN SEE YOUR EMAIL ADDRESS from the DM sent via email. BE AWARE!!! @twitter #security #fail

– ChicagoBungalow about 18 hours ago on Twitter

For those who aren’t on Twitter, a DM is a “direct message”, twitterspeak for a private message between two people.  When you receive a DM, Twitter notifies you via email.  And sure enough, just as ChicagoBungalow said, if I send you a DM, if you look at the email header information, you’ll see that the “Sender” field has an address like

twitter-dm-jon_pincus=yahoo.com@postmaster.twitter.com

This field is hidden by default — in gmail, you need to select “Show original” to see it — but once you find it, it doesn’t take a rocket scientist to figure out what yahoo.com account name I used to sign up on Twitter.

If I want somebody to have my email address, I’ll send it to them.  I don’t want Twitter giving it out for me. And most especially, I don’t want Twitter doing it behind my back.

jon

PS: I updated this post several times to clarify the description; thanks to all for the feedback, and @NiteStar for the gmail instructions.

He covers privacy, censorship and circumvention as well as laws on cloud computing and some research. READ MORE!

Word Cloud of Popular Words at CFP09

]]> http://www.cfp2009.org/wordpress/?feed=rss2&p=186 0 http://www.cfp2009.org/wordpress/?p=102 http://www.cfp2009.org/wordpress/?p=102#comments Sun, 31 May 2009 20:53:56 +0000 Deborah http://www.cfp2009.org/wordpress/?p=102

The Twittering in the Trenches Workshop is Monday, June 1, 9am-5pm (eastern). Please join us online or in person

In 1995 I went to my first Computers, Freedom, and Privacy (CFP) conference. I was completely boggled: every issue that was discussed had at least three compelling sides to it. I was also inspired because I could really see how the Net could be great for building communities.  Even back then it seemed that the Net was about building bridges and communities.

I remember David Brin speaking about surveillance cameras (no cell phone cameras yet), how ubiquitous they were going to become, and how we had to turn them to our advantage. I remember very smart, tech-savvy, civil libertarians like John Gilmore and Mike Godwin on panels with representatives from the White House and the FBI debating the use of cryptography, free-speech, and privacy issues. The techies stated that the Net was going to be a place where we would have the ability to share knowledge widely, without regard to geographical location, and where we would have more freedom to discus topics than in traditional media.  We could reshape our reality; old-fashioned laws wouldn’t hinder us, technology would finally give power to ordinary people.  It was exciting stuff.

I also remember the White House representative responding, almost in angry frustration, that we may have won the first round of the crypto wars, but that they’d be back and he Net wouldn’t be a “lawless” place — meaning that the status quo would be regained.

Of course, he was right. Now we have CALEA, the Patriot Act, Carnivore and its successors, draconian copyright laws, and a host of other privacy-invading tools that governments can use against people.

So here we are again in 2009.  The same kind of power is there on social network sites – on Facebook, MySpace, Tribe, Second Life, Free-Association, LiveJournal, and all the rest. Unlike Usenet and other ways of communicating on the Net a la 1995, social networks now are quite usable for us non-technical people, and the interfaces are pretty and inviting.  It’s never been easier to communicate with friends, family, and colleagues online.

And those that want to keep the status quo, they see the power too, so they want to hobble the social networks as best they can. They use fear of drug abuse, pedophiles, terrorists, and porn … and draft the same kind of privacy invasive and free speech hindering laws they’ve been pushing for years.

We don’t have to allow entrenched power bases take away our ability to organize and make our voices heard. Let’s not allow the Net to become just another TV outlet and shopping mall.

Social networks have already proved extremely useful in various activist campaigns. Stop Real ID Now, Join the Impact (for marriage equality), Get FISA Right, President Obama’s election campaign, and others, have shown that shown how quickly we can organize using online tools. At this workshop, we’ll discuss what worked and what didn’t, so that we can be more effective in the future.

We’ve learned from our experiences and so can empower users of social networks.  We can provide and expand online resources for people so that they can quickly get up to speed on services like Twitter, and know how to better translate online communications into actions.  We can work with site operators to make it more likely that we’ll have policies that protect our ability to use social networks, policies that protect our privacy and our free-speech rights.  And we can reach out on social networks to involve more diverse groups of people and hopefully jump start activism on privacy and first amendment issues.

Here’s our opportunity to realize the promise of the Net that was so present in 1990s when CFP started. If we don’t take and use our power now to keep social networks as open as we can make them, I don’t think we’re going to get another chance.

Looking at the list above it’s painfully obvious that federal privacy standards, written during a time when “storage facility” literally referred to file cabinets, are overdue for an update in the digital era.  While the basic framework of the Privacy Act has held up well over the past 35 years, changes need to be made to insure that the advent of new technologies do not threaten to undermine the protections that have been put in place.

Today, the Center for Democracy & Technology unveiled an in-depth proposal to update the federal Privacy Act and related federal privacy policy to address the challenges of the digital age. The announcement came as part of a panel discussion featuring government and privacy leaders that coincided with the release of the National Institute of Standards and Technology’s federal Information Security and Privacy Advisory Board’s report on its findings on government privacy rules. ISPAB has also called for significant changes to the existing federal privacy framework.

With today’s information technology and the promise of another 35 years of innovation before we get around to updating the Privacy Act again, it’s important to create leadership within the federal government and try to ensure that the definitions of the Privacy Act are capable of protecting privacy in the face of technologies like data mining. In addition, it is important to make sure that the government takes advantage of innovative technologies to ensure that privacy notices are effective and informative to the public.

We think that these are important steps towards improving the protections of the Privacy Act, but we also want to hear how the public would like the Privacy Act updated and have created an interactive wiki to let the public help us draft amendments. Never before have “Washington insiders” opened the drafting of legislation to the public, for anyone to read, change, and comment on any part of the bill. CDT will edit and moderate this open process and, if appropriate, incorporate suggestions in the final bill it submits to Congress. Come help us re-write the Privacy Act for the next 35 years.

The “wiki” is available here: http://eprivacyact.org

Prior to the changes, the TSA had said that whole body imaging, aka ‘the virtual strip search’, would be used only as a secondary screening tool, and that even then, it would be voluntary. Passengers would still have the choice between going through a virtual strip search and a pat down search. That is about to change. The TSA has announced that whole body imaging will be phased in as a replacement for primary screening, i.e. the metal detectors, and it will cease to be voluntary.

As a result of this announcement, many privacy and civil liberties groups have launched a campaign against the use of these machines as the primary method of screening (see links below).

As ACLU lawyer Chris Calabrese says: “A choice between being groped and being stripped, I don’t think we should pretend those are the only choices. People shouldn’t be humiliated by their government in the name of security…”

Please Help Us

Write a letter to Janet Napolitano at the Department of Homeland Security and let her know of your concerns or use the Privacy Coalition’s sign-on letter. Here is Secretary Napolitano’s address:

Secretary Janet Napolitano
Department of Homeland Security
U.S. Department of Homeland Security
Washington, DC 20528

Keep it short, no more than a page. To see the text of the Whole Body Imaging Campaign letter, see the first link below.
Here are some topics that you may want to include:

• Request a 90 day rule making process that allows public comment on the issue
• Urge that the use of these machines be suspended until the privacy and security risks are fully evaluated
• The machines are designed to capture and record images. Ask how we are to know that storage and dissemination of these images isn’t happening, especially since the TSA has arbitrarily reversed itself on the secondary versus primary screening issue
• Ask that our basic civil rights and dignity be respected, especially when the vast number of passengers are suspected of no wrong doing
• Ask about medical risks, particularly to frequent travelers, pregnant women, people with chronic medical conditions, and children
• Ask that less invasive means of screening be explored (such as the chemical puffer machines)

For more information

EPIC’s campaign (sign-on here)
EPIC’s whole body imaging and air travel page
Congressman Jason Chaffetz’s comments on whole body imaging
TSA page on whole body imaging
Budget Traveler’s Blog (note the comments)
House Bill: HR 2027, use Thomas to search

Speaking of Newmark, Craigslist filed suit against the South Carolina AG “seeking declaratory relief and a restraining order with respect to criminal charges he has repeatedly threatened against craigslist and its executives.” Oddly enough, South Carolina Attorney General Henry McMaster has declared the action a victory.

The University of Michigan has changed the terms of its Library of the Future Project with Google. According to the new agreement, U of M will now get a digital copy of every book on its shelves. Sherwin Siy of Public Knowledge will be joined by Alex Macgillivray, on CFP’s panel about the Google Book Deal.  Macgillivray led negotiations for the original deal.

The Committee to Protect Journalists released a list of the “10 Worst Countries to be a Blogger.” CFP will have bloggers from two of the “worst” countries listed in attendance to discuss what it’s like first hand.

Highschool Hackers: Get ready!  The Pentagon wants to tap your talent. But be careful with your Facebook–there’s been another phishing attack.

In other government news, President Obama and former Vice President Cheney don’t agree on what should be kept secret.  CFP’s opening keynote will feature Susan Crawford of the Obama Administration, who will speak about policies in areas involving technology and liberty.  Also, a panel led by the ACLU’s Mike German will explore whether government secrecy makes sense in the internet age.

We’d love to hear about the news related to CFP topics that you’re interested in! Please share your links and ideas in the comments!

The Computers Freedom & Privacy conference is consistently one of the most interesting and forward-looking privacy conferences. This year, it’s at George Washington University in Washington, D.C. June 1-4.

I helped organize it this time, though by no means does the event skew libertarian.  What it does is bring together people of all ideologies to discuss common concerns about the present and future state of privacy.

I’ll be speaking on a panel called “The Future of Security vs. Privacy” on Tuesday, June 2nd.   Here’s the program page. And here’s the registration page if any of this whets your appetite.

PrivacyCampDC 2009

Computers Freedom and Privacy 2009 isn’t over, and yet we are already discussing how to keep the discussions, learning’s, friendships and new ideas alive and vibrant once the conference closes June 4th and everyone returns home.

How can you continue to learn about what it is that you deeply care about?

How can you maintain the new and old friendships that you’ll make during the CFP 2009 conference once we have all returned to our real lives?

Well, if you are in the Washington, D.C. area you are in luck as a group of privacy folks have begun to self organize a BarCamp (unconference) around Privacy and Government Policy:  PrivacyCampDC 2009.

If you are not familiar with the BarCamp model (some of us older folks are familiar with “open space technology”) it does take a little getting used to.  BarCamps are organized by a small group of volunteers, paid for by sponsors (we are looking for more), and then the agenda is set by the attendees on the day of the event.  Seriously.  Really.

Unlike a regular conference where the agenda and speakers are predetermined ahead of time, the agenda is created in the early morning of the day of the event and discussions and demonstrations are done by those people that are passionate about showing up and dedicating an entire day to the subject at hand.

To get an idea about what happens at a BarCamp you might want to visit some previous BarCamp websites from events that have recently completed this year in Washington, D.C.

There have been a number of BarCamps in the D.C area in the past year.  For example:  eDemocracyCamp, MobileActive, TransparencyCamp, Gov20Camp.  All have been exciting and vibrant places where attendees come to participate and to learn from each other.

There are no spectators!

So, why a PrivacyCamp and why in DC?

The primary reason is that we (Ari Schwartz at the Center for Democracy and Technology and myself, Shaun Dakin from Citizens for Civil Discourse) wanted to have a BarCamp around an issue that we deeply care about, Privacy, in DC.

So, we did.

That is the great thing about BarCamps.  Anyone can do one, anytime, anywhere.

Where can I learn more about the event?

• Visit our Registration site to learn more, visit our sponsors, and to sign up.

When is the event? June 20th, 2009

Where is the event?

• We are close to finalizing a downtown Washington, D.C. location.

Who is on the volunteer organizing committee?

• Shaun Dakin - Citizens for Civil Discourse; Ari Schwartz – Center for Democracy & Technology; Heather West – Center for Democracy & Technology; Allisa Cooper – Center for Democracy & Technology; Alan Rosenblatt - Center for American Progress Action Fund

Who is sponsoring?  We are looking for more sponsors. Currently we have:

1. Center for Democracy and Technology – click here to learn more.
2. Sunlight Foundation – click here to learn more.
3. Center for American Progress Action Fund (Alan Rosenblatt) - click here to learn more.
4. Electronic Privacy Information Center (EPIC) – click here to learn more.
5. Citizens for Civil Discourse - click here to learn more.
6. Rashne Green, Green Design – Responsible for logo design and development - Click here to email her.
7. Democrats.com (Bob Fertik) - Click here to learn more.

I know that I’m looking forward to seeing old friends and making new ones soon.

Shaun Dakin is the CEO and Founder of The National Political Do Not Contact Registry (www.StopPoliticalCalls.org) the nation’s only non-partisan non-profit organization working to rid the nation of Political Robocalls, which are currently exempt from the Do Not Call registry. During the election Mr. Dakin appeared on CNN, MSNBC, FOX, ABC, CBS, NBC, NPR and XM Radio numerous times as the nation’s only spokesperson for the privacy rights of all voters. The NPDNC Registry has over 85,000 members.

Mr. Dakin has also testified in the US Senate on behalf of Sen. Feinstein (D-CA) and the Robocall Privacy Act.    During the election he worked with @BigEasy to develop a Twitter / Google Map Mashup to display robocalls across the nation. The National Political Do Not Contact Registry won the Mashable Open Web Award for best Non-Profit. He Twitters about this issue at @EndTheRobocalls and Twitters about everything else at @IsCool. Mr. Dakin lives in Falls Church, VA with his wife and son.