Loss of Privacy

A bill [pdf] making its way through the Hawaiian state legislature would force ISPs to retain all users’ data for two years, allowing tracking of all web site data. This information would then be available to law enforcement without a warrant. All they need to do is ask for it.

The measure, H.B. 2288, says “Internet destination history information” and “subscriber’s information” such as name and address must be saved for two years.

Democrat Jill Tokuda, the Hawaii Senate’s majority whip, who introduced a companion bill, S.B. 2530, in the Senate, told CNET that her legislation was intended to address concerns raised by Rep. Kymberly Pine, the first Republican elected to her Oahu district since statehood and the House minority floor leader.

“I was asked to introduce the Senate companions on these Internet security related bills by Representative Kymberly Marcos Pine after her own personal experience in this area,” Tokuda said. “I would defer to her on the origins of these bills as she has done the research and outreach, and been the main champion of this effort.”

Pine, who did not immediately respond to queries, has been targeted by a disgruntled Web designer, Eric Ryan, who launched KymPineIsACrook.com and claims she owes him money, according to an article last summer in the Hawaii Reporter. Her e-mail account was also reportedly hacked around the same time. The article said Pine would advocate for “tougher cyber laws at the Hawaii State Capitol” as a result.

“We must do everything we can to protect the people of Hawaii from these attacks and give prosecutors the tools to ensure justice is served for victims,” Pine said at the time.

The problem here is that this a personal, knee-jerk response to a specific situation that can be taken care of already with the appropriate laws already on the books. What Kym Pine doesn’t realize is that this bill will have unintended consequences for her. If this bill were to become a law, she would be subjected to it as well. You can guarantee that people will start requesting information about her. It will not make her life any easier and people like Eric Ryan will use it to harass her further.

This bill has no privacy protections, no encryption protocols, and doesn’t limit anyone from selling the data collected. It does, however, remove the restriction of law that the police must obtain a court order before obtaining the information. Law enforcement merely needs to request the data.

Politicians need to start learning the law that is already out there and using it to prosecute people if they think the law is being broken. These types of laws do nothing other than erode the privacy that Americans already have and take for granted. Stomping on the fourth and fourteenth amendments should not be an option.

EDIT: Due to pressure, the Hawaiian legislature has decided to table the bill.

What it comes down to is that google is a giant marketing company based on ads. They feed you ads so their product remains free for you. This time, there is no opt-out. Basically, if you don’t like their new policies, you will have to move your information elsewhere. The new policies will take effect March 1, 2012.

A Colorado judge has ruled that a defendant must decrypt her PGP- encrypted hard drives and allow the police to look at the device for incriminating evidence.

Blackburn, a George W. Bush appointee, ruled that the Fifth Amendment posed no barrier to his decryption order. The Fifth Amendment says that nobody may be “compelled in any criminal case to be a witness against himself,” which has become known as the right to avoid self-incrimination.

“I find and conclude that the Fifth Amendment is not implicated by requiring production of the unencrypted contents of the Toshiba Satellite M305 laptop computer,” Blackburn wrote in a 10-page opinion today. He said the All Writs Act, which dates back to 1789 and has been used to require telephone companies to aid in surveillance, could be invoked in forcing decryption of hard drives as well.

Although the defendant in the case intends to appeal, there are conflicting decisions already on the books.

In March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That’s “protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination,” the court ruled (PDF).

A year earlier, a Vermont federal judge concluded that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, did not have a Fifth Amendment right to keep the files encrypted. Boucher eventually complied and was convicted.

The debate as to whether or not decrypting a computer by a defendant is a violation of the fifth amendment will continue as more cases like these come to trial. On the one side the argument is that decryption is similar to handing over the keys to a storage or safe deposit box while, on the other, privacy advocates state that giving up any information to decrypt a computer is the equivalent of testifying against oneself.

Also of note is that, in this particular case, the prosecution has to prove that she has the means to decrypt the laptop. If she is unable to do so, there is little else the prosecution can do.

As it stands right now, there is case law for both sides and it does not appear as if the debate is going to be settled any time soon. At some point, this issue will reach the Supreme Court because there are far too many conflicting points on both sides, in numerous cases, for the issue to be clear.

Source.