This video fascinates me. I’ve watched it a number of times since Nerdist shared it last month; it’s the 24-minute long set by Freddie Mercury and Queen at the 1985 Live Aid concert held in Wembley Stadium.
Nerdist noted the audience’s response reflects the speed of sound — the visible ripple of fans’ hands speeds across the crowd in response to the sound as it leaves the stage area and travels across the venue. The gif they shared was taken about 16:37 into this set, just as the band begins We Will Rock You.
I think there was more at work here because earlier snaps of the audience reaction during Radio Gaga (roughly 4:25 onward) don’t show the same marked wave across the crowd. But several points in the set Mercury interacts with the audience, coaxing them to sing and shout along with him.
And then at 16:35 when he begins We Will Rock You, the crowd is completely in sync with him. They adore him and are utterly engaged. The wave is not just sound but their feeling for Mercury and his performance.
Can you imagine a politician who could induce such a response?
Adobe Flash must die, and Google’s slowly exterminating it in Chrome (Ars Technica) — By year’s end, Flash will be disabled by default in Google’s Chrome browser. It will only play when manually enabled. All part of the slow migration to HTML5 away from risky Flash.
Antivirus app halts heart surgery (Ars Technica-UK) — Holy crap. Why does medical equipment need antivirus software to begin with, let alone how does an A/V app launch and run during surgery?
Dude, that female TA you hit on? An AI bot (Sydney Melbourne Herald) — Wow. Future’s already here and you can’t tell you’ve been dissed by both your prof and the chick-bot-TA.
A series of tubes
Remote healthcare not ready for prime time (ScienceDaily) — Study using fake patients to test direct-to-consumer teledermatology remote health care systems found security problems with IDs, poor-to-bad assignment of clinicians, many errors made in major diagnoses, insufficient warning to pregnant patients when meds prescribed, just for starters. Think of this as Healthcare Internet of Things Fail.
Super. Fast. Wireless. Internet. Coming. To. YOU! Really? (MIT Technology Review) — Ugh, so breathless with excitement they are about this startup called Starry. I was, too, initially, but we’ve been told this crap for more than a decade. Since this requires the cooperation of Verizon, AT&T, Facebook, and Google to standardize on this platform AND reception relies on line-of-sight, I’m not holding my breath.
New business for Amazon to tackle: its own private label groceries (Techcrunch) — Amazon doesn’t want to leave a penny on the table. If customers are too price sensitive to click their Dash button for a big name brand consumer good, they’ll offer their own instead. Prime accounts only, though; first goods will be heavy on baby needs, which makes sense given parents are often a captive audience.
Norway’s sovereign (oil) wealth fund to sue Volkswagen (AP) — Fossil fuel-created fund owns 1.64% stake in Volkswagen. It’s suing to protect its assets exposed by VW’s emissions controls cheat. Imagine me laughing at oil suing a car company for the manner in which it promulgated oil consumption.
Norway’s Statoil to launch first floating wind farm (Bloomberg) — This company is well ahead of Shell when it comes to diversifying energy production.
Flint Water Crisis
Michigan’s top law enforcement agent unaware of Michigan State Police “quiet investigation” (WZZM) — Still scratching my head over this one. Why did the governor ask MSP to conduct an administrative — not criminal — investigation, omitting the state attorney general? And who’s conducting a genuine criminal investigation, including the governor’s role?
Toy maker(s) insisted Iron Man 3 movie must have male, not female villain (The Mary Sue) — In other words, Marvel’s big sweeping superhero movies are really just very long trailers to sell boys’ toys. Girls and women need not apply. I have no idea how they can make a decision based on any realistic data given the dearth of female villains on screen and in toys. Is this just some lame argument for inequity in front and behind the camera?
Running behind, probably read too much today and swamped my processing circuits. Hope mid-week becomes a little more focused — catch you tomorrow!
Why’d I pick this music video, besides the fact I like the tune? Oh, no reason at all other than it’s trash day again.
Speaking of trash…
“…News curators aren’t Facebook employees—they’re contractors. One former team member said they received benefits including limited medical insurance, paid time off after 6 months and transit reimbursement, but were otherwise excluded from the culture and perks of working at Facebook. […] When the curators, hired by companies like BCForward and Pro Unlimited (which are then subcontracted through Accenture to provide workers for Facebook), arrive at work each day, they read through a list of trending topics ranked by Facebook’s algorithm from most popular (or most engaged) to least. The curators then determine the news story the terms are related to.
The news curation team writes headlines for each of the topics, along with a three-sentence summary of the news story it’s pegged to, and choose an image or Facebook video to attach to the topic. The news curator also chooses the “most substantive post” to summarize the topic, usually from a news website. […] News curators also have the power to “deactivate” (or blacklist) a trending topic—a power that those we spoke to exercised on a daily basis. …” (emphasis mine)
I see a Facebook-generated algorithm, but no direct employees in the process — only curator-contractors.
“…Over time, the work became increasingly demanding, and Facebook’s trending news team started to look more and more like the worst stereotypes of a digital media content farm.
Burnout was rampant. ‘Most of the original team isn’t there anymore,’ said another former news curator. ‘It was a stop-gap for them. Most of the people were straight out of [journalism school]. At least one of them was fired. Most of them quit or were hired by other news outlets.’ …” (emphasis mine)
It’s not as if unhappy contractors won’t have newsworthy tips, but what about unhappy Facebook employees? Where are they in either of Gizmodo’s pieces?
“Facebook workers routinely suppressed news stories of interest to conservative readers from the social network’s influential “trending” news section, according to a former journalist who worked on the project.
Other former curators interviewed by Gizmodo denied consciously suppressing conservative news, and we were unable to determine if left-wing news topics or sources were similarly suppressed. The conservative curator described the omissions as a function of his colleagues’ judgements; there is no evidence that Facebook management mandated or was even aware of any political bias at work. …”
Note the use of “a” in front of “former journalist” and “the” in front of “conservative curator.” (Note also Gizmodo apparently needs a spell check app.)
When asked about the trending news team and its future, a Facebook spokesperson said, “We don’t comment on rumor or speculation. As with all contractors, the trending review team contractors are fairly compensated and receive appropriate benefits.”
I’m disappointed that other news outlets picked up Gizmodo’s work without doing much analysis or followup. Reuters, for example, even parrots the same phrasing Gizmodo used, referring to the news curators as “Facebook workers” and not contract employees or contractors. Because of this ridiculous unquestioning regurgitation by outlets generally better than this, I felt compelled to write about my concerns.
And then there’s Gizmodo itself, which made a point of tweeting its report was trending on Facebook. Does Gizmodo have a beef with Facebook, too? Has it been curated out of Facebook’s news feed? Are these two pieces really about Facebook’s laundering of Gizmodo?
I don’t know; I can’t tell you because I don’t use Facebook. Not going to start now because of Gizmodo’s sketchy reporting on Facebook, of all things.
Just some odd bits read because today is as themeless as yesterday — lots of garbage out there.
Skepticism: I haz it
As I read coverage about news reporting and social media leading up to the general election, I also keep in the back of my mind this Bloomberg report, How to Hack an Election:
As for Sepúlveda, his insight was to understand that voters trusted what they thought were spontaneous expressions of real people on social media more than they did experts on television and in newspapers. […] On the question of whether the U.S. presidential campaign is being tampered with, he is unequivocal. “I’m 100 percent sure it is,” he says.
Be more skeptical. See you tomorrow morning!
UPDATE — 1:30 P.M. EDT —
JUST IN: Senate Commerce Commtitte chair sends letter to Facebook’s Mark Zuckerberg seeking answers on alleged manipulation of trending news
ARE YOU FUCKING KIDDING ME WITH THIS? THE SENATE GOING TO WASTE TAX DOLLARS ON THIS WHEN EVERY. SINGLE. NEWS. OUTLET. USES EDITORIAL JUDGMENT TO DECIDE WHAT TO COVER AS NEWS?
poorly sourced hit piece says,
“…In other words, Facebook’s news section operates like a traditional newsroom, reflecting the biases of its workers and the institutional imperatives of the corporation. …”
Yet the Senate is going to pursue this
bullshit story after Gizmodo relied on ONE conservative curator-contractor — and their story actually says an algorithm is used?
Jeebus. Yet the Senate will ignore Sheldon Adelson’s acquisition of the biggest newspaper in Las Vegas in a possible attempt to denigrate local judges?
I can’t with this.
UPDATE — 3:35 P.M. EDT —
The Guardian reports the senator wasting our tax dollars questioning a First Amendment exercise by Facebook is John Thune. Hey! Guess who’s running for re-election as South Dakota’s senior senator? Why it’s John Thune! Nothing like using your political office as a free press-generating tool to augment your campaign. I hope Facebook’s algorithm suppresses this manufactured non-news crap.
When you need a break this hectic Monday morning, take five minutes and watch ANA from Factory Fifteen. I’m intrigued by the props and set — how much is CGI, and how much is actual production line? What company allowed this production company access to their equipment?
Though snappy and visually engaging, the story’s not realistic — yet. But much of the equipment on the production line is very close to that used in manufacturing today. And just as depicted in this short film, the weakest link is the human.
Worth keeping in mind this week as we plow deeper into the conflict at the intersection of humans and devices. Speaking of which…
Apple-heavy week ahead
HEADS UP TECH USERS
Before the machines complete their occupation of our world…
After watching that video at Bloomberg, I think we’re a lot closer to ANA than we realized. Watch your backs — Monday is certainly gaining on you, if robots aren’t.
Folks overseas don’t understand how St. Patrick’s Day blew up to the same proportions as other holidays like Halloween, blaming it on American commercialization. But the holiday as observed in the U.S., like Halloween, has roots in immigration. Four to five million Irish immigrated to the U.S.; their descendants here are nearly 40 million today, roughly seven times the number of actual Irish in Ireland now. With this many Irish-Americans, even a tepid observation of St. Patrick’s Day here would be visible abroad.
In addition to all things green, we’ll be watching this week’s second #FlintWaterCrisis hearing. Representatives Chaffetz and Cummings can go all shouty on Michigan’s OneLawyeredUpNerd Governor Rick Snyder and EPA’s Gina McCarthy though I have my doubts anything new will emerge. (And you’ll see me get really angry if Rep. SlackerForMichigan Tim Walberg shows up to merely make face on camera. Useless helicoptering.)
Unlike Tuesday, I hope like hell somebody brings up Legionnaire’s cases and deaths in Flint after the cut-over of Flint’s water to Flint River. Thousands of children may have been permanently poisoned by lead, but people sickened and died because of this complete failure of government-as-a-business.
I can’t stress this enough: There were fatalities in Flint because of the water.
Hearing details – set a reminder now:
You can find my timeline on Flint’s water here — as noted Tuesday, it’s a work in progress and still needs more entries.
Apple leaves Amazon for Google’s cloud service
Wait, what?! File under ‘Wow, I didn’t know!’ because I really though Apple housed all its cloud services under its own roof. I mean, I’ve written about data farms before, pointed to a new Apple location. I didn’t know Apple had outsourced some of its iCloud to Amazon.
Which makes Senator Ron Wyden’s remarks about asking the NSA with regard to the San Bernardino shooter’s iPhone even more interesting.
No wonder Apple is moving to Google, considering Amazon’s relationship with certain government agencies as a cloud service provider. Some of Apple’s data will remain with Amazon for now; we might wonder if this is content like iTunes versus users’ data. Keep your eyes open for future Apple cloud migrations.
US Navy sailors’ electronic devices combed for data by Iran
Gee, encrypted devices and communications sure are handy when members of the military are taken into custody by other countries. Too bad the Navy’s devices weren’t as secure as desired when Iran’s navy detained an American vessel in January this year. To be fair, we don’t know what all was obtained, if any of the data was usable. But if the devices were fully encrypted, Iran probably wouldn’t have said anything.
American Express’ customers’ data breached — in 2013
Looks like a select number of AmEx customers will receive a data breach notice with this explanation:
We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved. It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure.
The breach happened on December 7, 2013, well into the Christmas shopping season, but we’re just finding out now? “Third party service” means “not our fault” — which may explain why AmEx shareholders (NASDAQ:AXP) haven’t been notified of a potential risk to stock value as yet. Who/what was the third party service? Where’s their notification to public and shareholders?
I need to brew some coffee and limber up before the hearing on Flint, track down my foam footballs and baseballs to throw at the TV while Gov. Snyder goes on about how sorry he is and how he’s going to fix Flint’s water crisis. Oh, and find an emesis basin. See you here tomorrow morning!
As he has said repeatedly in Congressional testimony, FBI Director Jim Comey wants to change Apple’s business model.
The former General Counsel for defense contractor Lockheed and hedge fund Bridgewater Associates has never, that I’ve seen, explained what he thought Apple’s business model should be, or how much he wants to change it, or how the FBI Director put himself in charge of dictating what business models were good for America and what weren’t and why we’re even asking that in an age of multinational corporate structures.
It seems there are three possible business models Comey might have in mind for Apple:
I raise these models, in part, because I got into a conversation on Twitter about what the value of encryption on handsets really is. The conversation suffered, I think, from presuming that iPhones and Android phones have the same business model, and therefore one could calculate the value of the encryption offered on an iPhone the same way one would calculate the value of encryption on an Android phone. They’re not.
Even aside from the current difference between Google’s business model (the data model at the software level, the licensing model at the handset level) versus Apple’s model, in Apple’s model, the customer is the customer, and she pays a premium for an idyllic walled garden that includes many features she may not use.
I learned this visiting recently with a blind friend of mine, whom I used to read for on research in college, who therefore introduced me to adaptive technologies circa 1990 (which were pretty cutting edge at the time). I asked her what adaptive technologies she currently uses, thinking that as happened with the 90s stuff the same technology might then be rolled out for a wider audience in a slightly different application. She said, the iPhone, the iPhone, and the iPhone. Not only are there a slew of apps available for iPhone that provide adaptive technologies. Not only does the iPhone offer the ability to access recorded versions of the news and the like. But all this comes standard in every iPhone (along with other adaptive technologies that wouldn’t be used by a blind person any more than most sighted ones). All iPhone users pay for those adaptive technologies as part of their walled garden, even though even fewer realize they’re there than they realize their phone has great encryption. But because they pay more for their phone, they’re effectively ensuring those who need adaptive technologies can have them, and on the market leader in handsets. Adaptive technologies, like online security, are part of the idyllic culture offered within Apple’s walled garden.
The notion that you can assign a value to Apple’s encryption, independent of the larger walled garden model, seems mistaken. Encryption is a part of having a walled garden, especially when the whole point of a walled garden is creating a space where it is safe and easy to live online.
Plus, it seems law enforcement in this country is absolutely obtuse that the walled garden does provide law enforcement access in the Cloud, and they ought to be thrilled that the best encryption product in the world entails making metadata — and for users using default settings, as even Syed Rizwan Farook seems to have been — content readily available to both PRISM and (Admiral Rogers made clear) USA Freedom Act. That is, Apple’s walled garden does not preclude law enforcement from patrolling parts of the garden. On the contrary, it happens to ensure that American officials have the easiest ability to do so, within limits that otherwise ensure the security of the walled garden in ways our national security elite have been both unwilling and even less able to do.
But there’s one more big problem with the fanciful notion you can build a business model that doesn’t allow for encryption: Signal is free. The best app for encrypted calls and texts, Signal, is available free of charge, and via open source software (so it could be made available overseas if Jim Comey decided it, too, needed to adopt a different business model). The attempt to measure in value what value encryption adds to a handset is limited, because someone can always add on top of it their own product, so any marginal value of encryption on a handset would have to make default encrypted device storage of additional marginal value over what is available for free (note, there is a clear distinction between encrypting data at rest and in motion, but the latter would be more important for anyone conducting nefarious actions with a phone).
Finally, there’s one other huge problem with Comey’s presumption that he should be able to dictate business models.
Even according to this year’s threat assessment, the threat from hacking is still a greater threat to the country than terrorism. Apple’s business model, both by collecting less unnecessary data on users and by aspiring to creating a safe walled garden, offers a far safer model to disincent attacks (indeed, by defaulting on encryption, Apple also made iPhone theft and identity via device theft far harder). Comey is, effectively, trying to squelch one of the market efforts doing the most to make end users more resilient to hackers.
The only model left–that could offer a safer default environment–would effectively be an AT&T model pushed to its limits: government ownership of telecoms, what much of the world had before Reagan pushed privatization (and in doing so, presumably made the rest of the world a lot easier for America to spy on). Not only would that devastate one of the brightest spots in America’s economy, but it would represents a pretty alarming move toward explicit total control (from what it tacit control now).
Is that what former Hedgie Jim Comey is really looking to do?
One final point. While I think it is hard to measure marginal value of encryption, the recent kerfuffle over Kindle makes clear that the market does assign value to it. Amazon dropped support for encryption on some of its devices last fall, which became clear as people were no longer able to upgrade. When they complained in response, it became clear they were using Kindles beyond what use Amazon envisioned for them. But by taking away encryption users had already had, Amazon not only made existing devices less usable, but raised real questions about the CIA contractor’s intent. Pretty quickly after the move got widespread attention, Amazon reversed course.
Even with a company as untrustworthy and data hungry as Amazon, removing encryption will elicit immediate distrust. Which apparently is not sustainable from a business perspective.
It’s Friday, and that means more jazz. Today’s genre is Afrobeat, which emerged in the late 1960s/early 1970s.
Nigerian musician Fela Kuti is credited as the genre’s progenitor, though Fela maintained drummer Tony Allen was essential to style, saying, “[w]ithout Tony Allen, there would be no Afrobeat.”
Afrobeat fuses a number of different types of music with jazz, including funk, highlife, rock, and folk music from West African cultures. In this video, Beasts of No Nation, it’s easy to hear the different styles of music added as layers underpinned and unified by drums.
The lyrics of many Afrobeat tunes are very political; the album of the same name, Beasts of No Nation, was an anti-apartheid statement released in 1989.
Recommended read to accompany today’s musical selection: The Wealth of Nations by Emmanuel Iduma (Guernica magazine).
Not far from the Apple tree
Lots of developments yesterday in the #AppleVsFBI story.
“The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure…”
Emphasis mine. WHAT. EVEN. Dude just screwed law enforcement, making the case (using a made-up term) for the iPhone to never be opened.
Brazil’s former president Lula held for questioning as home raided
The investigation into state-run oil company Petrobras now reaches deeply into the highest levels of Brazil’s government. Investigators are looking into former president Luiz Inacio Lula da Silva’s role in Petrobras’ corruption, including kickbacks and influence peddling. The investigation’s discoveries threaten the viability of current president Dilma Rousseff’s ruling coalition. Wonder if the NSA was following this when they were spying on Petrobras?
Ugh. That’s a wrap on this week, stopping now before this really devolves though I can’t see any distance between here and absolute bottom. Have a good weekend!
Now an oldie but goodie, this Fiona Apple ditty. The subtle undertow of irony seems fitting today.
Speaking of guidance…
Google’s self-driving car went boom
Oops. Autonomous vehicles still not a thing when they can’t avoid something the size of a bus. Thank goodness nobody was hurt. Granted, until now Google’s self-driving test cars were not the cause of accidents — human drivers have been at fault far more often. In this particular accident, both the car and the human test driver may have been at fault.
VW’s CEO Mueller spins the (PR) wheels on agreement with U.S.
This is now a habit: before every major international automotive show, VW’s Matthias Mueller grants an interview to offer upbeat commentary on the emissions standards cheating scandal, this time ahead of the 2016 Geneva International Auto Show. Not certain if this is helping at all; there’s not much PR can do when no truly effective technical fix exists while potential liability to the U.S. alone may approach $46 billion. Probably a better use of my time to skip Mueller’s spin and spend my time slobbering over the Bugatti Chiron. ~fanning self~
Apple all the time
#YearInSpace ends this evening for astronaut Scott Kelly
Undocking begins at 7:45 p.m. EST with landing expected at 11:25 p.m. EST, barring any unforeseen wrinkles like negative weather conditions. NASA-TV will cover the event live. Can’t wait to hear results of comparison testing between Scott and his earth-bound twin Mark after Scott’s year in space.
Department of No
That’s enough for now. I’m off to be a bad, bad girl. Stay safe.
Somebody out there knows what this tune means in my household. For our purposes this Monday morning, it’s a reminder to take a look around — all the way around. Something might be gaining on you.
Android users: Be more vigilant about apps from Google Play
Better check your data usage and outbound traffic. Seems +300 “porn clicker” apps worked their way around Google Play’s app checking process. The apps rack up traffic, fraudulently earning advertising income; they persist because of users’ negligence in vetting and monitoring downloaded apps (because Pr0N!) and weakness in Google’s vetting. If this stuff gets on your Android device, what else is on it?
IRS’ data breach bigger than first reported
This may also depend on when first reporting occurred. The number of taxpayers affected is now ~700,000 according to the IRS this past Friday, which is considerably larger than the ~464,000 estimated in January this year. But the number of taxpayers affected has grown steadily since May 15th last year and earlier.
Did we miss the ‘push for exotic new weapons’?
Nope. Those of us paying attention haven’t missed the Defense Department’s long-running efforts developing new tools and weapons based on robotics and artificial intelligence. If anything, folks paying attention notice how little the investment in DARPA has yielded in payoff, noting non-defense development moving faster, further, cheaper — a la SuitX’s $40K exoskeleton, versus decades-plus investment by DARPA in exoskeleton vaporware. But apparently last Tuesday’s op-ed by David Ignatius in WaPo on the development of “new exotic weapons” that may be deployed against China and Russia spawned fresh discussion to draw our attention to this work. THAT is the new development — not the weapons, but the chatter, beginning with the Pentagon and eager beaver reporter-repeaters. This bit here, emphasis mine:
Pentagon officials have started talking openly about using the latest tools of artificial intelligence and machine learning to create robot weapons, “human-machine teams” and enhanced, super-powered soldiers. It may sound like science fiction, but Pentagon officials say they have concluded that such high-tech systems are the best way to combat rapid improvements by the Russian and Chinese militaries.
Breathless, much? Come the feck on. We’ve been waiting decades for these tools and weapons after throwing billions of dollars down this dark rathole called DARPA, and we’ve yet to see anything commercially viable in the way of an exoskeleton in the field. And don’t point to SKYNET and ask us to marvel at machine learning, because the targeting failure rate is so high, it’s proven humans behind it aren’t learning more and faster than the machines are.
Speaking of faster development outside DARPA: Disney deploying anti-drones?
The Star Wars franchise represents huge bank — multiple billions — to its owner Disney. Control of intellectual property during production is paramount, to ensure fan interest remains high until the next film is released. It’s rumored Disney has taken measures to reduce IP poaching by fan drones, possibly including anti-drones managed by a security firm protecting the current production location in Croatia. I give this rumor more weight than the Pentagon’s buzz about exoskeletons on the battlefield.
That’s a wrap — keep your eyes peeled. To quote Ferris Bueller, “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”
Last week, precisely 10 days after USA F-Redux — with its different formulas allowing for provider transparency –passed, Amazon released its first transparency report. In general, the report shows that Amazon either doesn’t retain — or successfully pushes back — against a lot of requests. For example, Amazon provided no or only partial information to a third of the 813 subpoenas it received last year.
Also of note, in a post accompanying the report, Stephen Schmidt claimed that “Amazon never participated in the NSA’s PRISM program,” which may not be all that surprising given that it has only received 25 non-national security search warrants.
As I’ve already suggested, I find the most interested detail to be the timing: given that Amazon has gotten crap as the only major company not to release a transparency report before, I suspect either that Amazon had a new application 2 years ago when everyone started reporting, meaning it had to wait until the new collection had aged under the reporting guidelines, or something about the more granular reporting made the difference for Amazon. Amazon reported in the 0-250 range (including both NSLs and other FISA orders), so it may just have been waiting to be able to report that lower number.
That said, Amazon received 13 non-national security court orders (aside from the one take down order they treat separately, which I believe has to do with an ISIL site), only 4 of which they responded fully to. I think this category would be where Amazon would count pen registers. And I’d expect Amazon to get pen registers in connection with their hosting services. If any of the 0 to 250 National Security orders are pen registers, it could be fairly intrusive.
Finally, Amazon clarified (sort of) something of particular interest. While Amazon makes clear that content stored in a customer’s site is content (self-evident, I know, but there are loopholes for stored content, which is a big part of why Amazon would be of interest (and was when Aaron Swartz was using them as a hosting service).
Non-content. “Non-content” information means subscriber information such as name, address, email address, billing information, date of account creation, and certain purchase history and service usage information. Content.
“Content” information means the content of data files stored in a customer’s account.
But Amazon doesn’t include “certain purchase history information” to be content.
As the country’s biggest online store, that’s where Amazon might be of the most interest. Indeed, in the legal filings pertaining to Usaamah Abdullah Rahim (the claimed ISIL follower whom Boston cops shot and killed on June 2) show they were tracking Rahim’s Amazon purchase of a knife very closely.
If you wanted to do a dragnet of purchase records, you’d include Amazon in there one way or another. And such a dragnet order might represent just one (or four) of the fewer than 250 orders Amazon got in a year.
It’s not surprising they’re treating (“certain”) purchase records as metadata. But it is worth noting.
Update: According to the DOJ IG NSL Report released today, the rise in number of Section 215 orders stems from some Internet companies refusing to provide certain data via NSL; FBI has been using Section 215 instead. However they’re receiving it now, Internet companies, like telephone companies, should not be subject to bulk orders as they are explicitly exempted.
WaPo’s MonkeysCage blog just posted a response I did to a debate between H.L. Pohlman and Gabe Rottman over whether Patrick Leahy’s USA Freedom includes a big “backdoor” way to get call records. The short version: the bill would prevent bulk — but not bulky — call record collection. But it may do nothing to end existing programs, such as the reported collection of Western Union records.
In the interest of showing my work, he’s a far more detailed version of that post.
Leahy’s Freedom still permits phone record collection under the existing authority
Pohlman argues correctly that the bill specifically permits the government to get phone records under the existing authority. So long as it does so in a manner different from the Call Detail Record newly created in the bill, it can continue to do so under the more lenient business records provision.
To wit: the text “carves out” the government’s authority to obtain telephone metadata from its more general authority to obtain “tangible things” under the PATRIOT Act’s so-called business records provision. This matters because only phone records that fit within the specific language of the “carve out” are subject to the above restrictions on the government’s collection authority. Those restrictions apply only “in the case of an application for the production on a daily basis of call detail records created before, on, or after the date of the application relating to an authorized investigation . . . to protect against international terrorism.”
This means that if the government applies for a production order of phone records on a weekly basis, rather than on a “daily basis,” then it is falls outside the restrictions. If the application is for phone records created “before, on, [and] after” (instead of “or after”) the date of the application, ditto. If the investigation is not one of international terrorism, ditto.
However, neither Pohlman nor Rottman mention the one limitation that got added to USA Freedumber in Leahy’s version which should prohibit the kind of bulk access to phone records that currently goes on.
Leahy Freedom prohibits the existing program with limits on electronic service providers
The definition of Specific Selection Term “does not include a term that does not narrowly limit the scope of the tangible things … such as–… a term identifying an electronic communication service provider … when not used as part of a specific identifier … unless the provider is itself a subject of an authorized investigation for which the specific selection term is used as the basis of production.”
In other words, the only way the NSA can demand all of Verizon’s call detail records, as they currently do, is if they’re investigating Verizon. They can certainly require Verizon and every other telecom to turn over calls two degrees away from, say, Julian Assange, as part of a counterintelligence investigation. But that language pertaining to electronic communication service provider would seem to prevent the NSA from getting everything from a particular provider, as they currently do.
So I think Rottman’s largely correct, though not for the reasons he lays out, that Leahy’s Freedom has closed the back door to continuing the comprehensive phone dragnet under current language.
But that doesn’t mean it has closed a bunch of other loopholes Rottman claims have been closed.
FISC has already dismissed PCLOB (CNSS) analysis on prospective collection
For example, Rottman points to language in PCLOB’s report on Section 215 stating that the statutory language of Section 215 doesn’t support prospective collection. I happen to agree with PCLOB’s analysis, and made some of the same observations when the phone dragnet order was first released. More importantly, the Center for National Security Studies made the argument in an April amicus brief to the FISC. But in an opinion released with the most recent phone dragnet order, Judge James Zagel dismissed CNSS’ brief (though, in the manner of shitty FISC opinions, without actually engaging the issue).
In other words, while I absolutely agree with Rottman’s and PCLOB’s and CNSS’ point, FISC has already rejected that argument. Nothing about passage of the Leahy Freedom would change that analysis, as nothing in that part of the statute would change. FISC has already ruled that objections to the prospective use of Section 215 fail.
Minimization procedures may not even protect bulky business collection as well as status quo
Then Rottman mischaracterizes the limits added to specific selection term in the bill, and suggests the government wouldn’t bother with bulky collection because it would be costly.
The USA Freedom Act would require the government to present a phone number, name, account number or other specific search term before getting the records—an important protection that does not exist under current law. If government attorneys were to try to seek records based on a broader search term—say all Fedex tracking numbers on a given day—the government would have to subsequently go through all of the information collected, piece by piece, and destroy any irrelevant data. The costs imposed by this new process would create an incentive to use Section 215 judiciously.
As I pointed out in this post, those aren’t the terms permitted in Leahy Freedom. Rather, it permits the use of “a person, account, address, or personal device, or another specific identifier.” Not a “name” but a “person,” which in contradistinction from the language in the CDR provision — which replaces “person” with “individual” — almost certainly is intended to include “corporate persons” among acceptable SSTs for traditional Section 215 production.
Like Fedex. Or Western Union, which several news outlets have reported turns over its records under Section 215 orders.
FISC already imposes minimization procedures on most of its orders
Rottman’s trust that minimization procedures will newly restrain bulky collection is even more misplaced. That’s because, since 2009, FISC has been imposing minimization procedures on Section 215 collection with increasing frequency; the practice grew in tandem with greatly expanded use of Section 215 for uses other than the phone dragnet.
While most of the minimization procedure orders in 2009 were likely known orders fixing the phone dragnet violations, the Attorney General reports covering 2010 and 2011 make it clear in those years FISC modified increasing percentages of orders by imposing minimization requirements and required a report on compliance with them
The FISC modified the proposed orders submitted with forty-three such applications in 2010 (primarily requiring the Government to submit reports describing implementation of applicable minimization procedures).
The FISC modified the proposed orders submitted with 176 such applications in 2011 (requiring the Government to submit reports describing implementation of applicable minimization procedures).