This is the first of what I hope will be a series of interview/posts based on the proposition that it’s a hell of a lot easier to type up smart things that someone else says than to think up smart things to say your ownself.
I’m happy and honored to open the series with the first part of a three-part interview with Cindy Cohn, legal director of the Electronic Frontier Foundation (EFF), a public interest law firm dedicated to "defending your rights in the digital world."
More, including the first part of the interview, after the break.
The first part of the interview focuses mainly on some issues that have arisen these past few weeks as the Obama government gets its sea legs. With a relatively technology-savvy administration attempting to avail itself of the potential of the internet, it was perhaps inevitable that unforeseen threats to freedom would accompany those efforts. The White House’s use of YouTube as a host for government videos on whitehouse.gov has already provided just such an issue. Cohn and EFF are on the case:
Houndcat: You guys are busy.
Cindy Cohn: Yeah, we're busy.
HC: I checked your web site. Why are you bothering my President about his cookies?
CC: You know, this president ran on the argument of transparency and trusting government again and then for them to turn around and actually undo a rule that OMB adopted in 2000.
HC: Tell me about that. Who adopted the rule?
CC: The Office of Management and Budget did a study and decided that it wouldn’t be appropriate for government web sites to track you (based on) the pretty fundamental observation that you ought to be able to privately review government information without the government tracking you and knowing what you’re looking at.
HC: If I read your website correctly, the problem arose because of interaction with You Tube.
CC: Yeah, the Obama administration wants to use YouTube as host for Obama’s videos. That’s OK but you’ve gotta recognize how YouTube works and make adjustments so you don’t undermine your basic goal. So now not only does the government know what you’re reading on government sites, YouTube knows what you’re reading on government sites and can use that information to feed into the dossiers they’re already building on all the rest of us, right? You’ve got a cookie that can talk to the regular Google cookie. So suddenly Google knows what you search for, what you’re reading on Gmail and what videos you’re watching on government websites. This is starting to get, I think it’s fair to say, a little creepy. So all I said to the Obama administration was "Look, if you wanna use YouTube to host things, that’s fine, but tell YouTube to turn off the cookies on government websites. YouTube doesn’t need that information and neither do you." They may not technically (have to) turn off the cookies. There’s a couple of other workarounds they could do but that’s really all we’re suggesting.
HC: Have they responded?
CC: Not yet. I have had some conversations with YouTube yet but they’re kind of preliminary so I know they’re looking at this but I haven’t heard back. In fact, as you called, I was drafting a follow-up letter to White House Counsel just asking them to confirm they got my letter and letting me know when I might hear a response. Because the second thing we want to know is how did they come to this decision to exempt cookies. The White House counsel isn’t strictly responsible under the Freedom of Information Act. But the Obama administration has embraced this new transparency so we think they should tell the American people how it is that they decided to let there be cookies.
HC: As far as we know the OMB decision remained in effect through the Bush administration?
CC: Yeah, the Bush administration as far as anybody knows but they’ve trundled all that stuff off to the National Archives, but at least as far as we can tell they didn’t (change the policy). ... They had a much more rudimentary website than the slick new whitehouse.gov. They didn’t have videos. So I don’t think they had cookies turned on either but that’s probably more a function of the fact that they weren’t as "Web 2.0."
HC: Now how did you find out that this was going on with the Obama site?
CC: I think we learned about it from a couple of sources. There’s a professor at Columbia University, a guy named Steve Bellovin who’s a security professor who had written something about it on his blog and a reporter at CNET, a columnist named Chris Soghoian had covered it. You know we tend to hear about things at EFF. These I happen to know because I talked to them both a little bit. They covered this first and we picked it up because we thought that it might help the cause a little bit to have us weigh in.
HC: That’ll be a developing issue, obviously, and I hope my president will do the right thing.
CC: I hope he will. We do have this problem that we’re going to have to face as a culture which is that there’s a whole lot of data collection and analytics and there’s all sorts of ways you can dress it up but essentially surveillance as a business model is a pretty significant part of a lot of current business plans. And I think as a country, we’re going to have to start really thinking seriously about what we want to do both with government collections of data about (internet use) and private collections of data about it. Because one of the things we learned in the Bush administration is that a private entity’s having information about us doesn’t actually mean that it’s not available to the government. Warrantless wiretapping is a great example. You think that your phone company is actually just serving you, your phone calls and carrying your emails for you and it turns out it’s a conduit to the federal government. So we need to start thinking about how we treat information about us that’s in the hands of third parties and what level protection we want to give it, both legal and technical.
HC: The technology is going so fast, there’s gotta be new threats to privacy that pop up every two weeks.
CC: There are, but there’s some basic principles that I think could be instituted in a way that would solve a lot of these problems. We’d still have issues that came up and things that’d have to change. But the principle that just because information about you is in the hands of a third party . . . you retain your privacy rights regardless of who’s holding the information about you. In a lot of instances, (that principle) would solve a lot of these problems. That’s what the rule was for your phone calls. It’s the rule that the Bush administration bypassed in doing the warrantless wiretapping. But that ought to be the rule. All we really need in that instance is for the rule to be enforced. It really doesn’t matter what technology’s (involved) – how the third party gets the information about you, in what context or under what rubric is it. If you retain some privacy interest in it and it’s protected in it, it can be a technology-neutral rule. It’s not a hard and fast rule. Obviously there are First Amendment interests and other interests that may come into play on the other side. But it would be a good start.
HC: Aren’t there constantly emerging new ways to get information about you out there? I’m still trying to figure out data mining.
CC: Most of the data that gets mined about you is in third parties’ hands. Data mining is a powerful tool, and frankly some of it is really cool. But we need to start thinking in a more sophisticated way about data mining, about data flows because the government is. There’s kind of an imbalance now. There was a time when techies knew a lot more than the government did about how some of this stuff worked and were more sophisticated about technology than maybe the feds were. But those days have kind of passed us by and now there’s an imbalance in the other direction where the government has very sophisticated tools to try to listen in on us and investigate us. And that’s fine. I don’t want to deny them a lot of those tools. But we do need to bring the pieces of the law and technology that protect us against over-zealous government into the same level of technical sophistication. So for instance we have very sophisticated surveillance techniques and very rudimentary encryption. Encryption is the science of keeping things secret and it’s not on your e-mail program. It’s in your web browser, but it’s only used to protect your credit card information when you go to buy things. It’s not actually deployed more broadly to protect you in the privacy of what you read on line. That’s a policy decision that we need to think about. We need to think about how to give people self-protective tools for their privacy even as the government gets stronger tools to try to investigate us. There’s gotta be a balance there.
HC: As far as encryption goes, what are the options? Is that something that I could just say, ‘I’d like this on my computer’?
CC: Oh, yeah, yeah. There are encryption programs that are free. There's a good one called Pretty Good Privacy (PGP). There are a bunch of others that are available. But right now though they’re a little tricky to use. They take a level of technological sophistication and often times take the other person you’re talking to on the other end having the same program in order for it to work well. But that’s not a hard problem to solve if we actually invested real attention to it. But there’s free encryption programs available. People don’t use them because they’re a bit of a hassle.
HC: In terms of the work you guys do, how does that come up? Or does it?
CC: It does sometimes. There are people we work with who I communicate with over encrypted channels. There are other people who I meet in person.
HC: But is it an issue you confront in your legal work?
CC: The very first internet case I did way back when was in order to free encryption technology from government regulation. We succeeded. We were able to free it from the government which had maintained encryption technology was a munition. It was on the same list with guns and surface-to-air missiles and things like that that you can’t export from the US without a license. And we were able over the course of some litigation and some activism during the Clinton administration to get those rules dropped so this technology is now available to people. And we continue to evangelize it. The technical problems are solved in terms of having programs available. The piece we think has really fallen down is having these programs easy to use, as seamlessly part of your email program rather than something you have to add on, really working in a seamless way. That actually ought to be the easy part.
In Part 2, of the interview, Cohn discusses FISA and other leftover issues from the Bush years. Part 3 focuses on bloggers' rights. Coincidentally, between the time I conducted this interview with Attorney Cohn and now, EFF posted it's latest, greatest, spiffy new up-to-date, incredibly helpful Bloggers' Legal Guide. Check it out. While you're there, buy cool stuff or even join EFF or make a donation. Them's good folks.
Keep an eye out for Part II.