A Pitch Too High

 

In trying to specifically target their advertisements and therefore get a higher return per ad, companies like to know as much as possible about the consumer, and lately some of them have resorted to using ultrasonic beacons embedded in their ads. Say you are at your desktop computer reading a news story from the online version of your local newspaper, and nearby on your desk is your smartphone, which is on but currently idle, or so you would assume. Unknown to you, one of the ads on the webpage you are looking at emits an ultrasonic beacon lasting about 5 seconds through your computer’s speakers. Most likely also unknown to you (because like most people you probably don’t bother to read all the permissions you grant an application when you install it), one or more of the applications on your smartphone pick up that ultrasonic beacon through the phone’s microphone and, through various commercial agreements also done without your knowledge, relays the packet of information encapsulated in the beacon, along with information contributed from the smartphone application, back to the advertiser on the webpage as well as to anyone else who has an interest in information about you.

 

The more advertisers know about you, the better, as far as they are concerned. The problem here is how sneaky they are being about collecting information. It is even possible for advertisers to embed ultrasonic beacons in television advertisements, though so far there is no proof any of them have done that. The Federal Trade Commission (FTC), which regulates deceptive advertising practices, nonetheless recently warned 12 smartphone application developers about deceptively implying they were not monitoring users’ television viewing habits when in fact they were capable of doing so. Researchers recently discovered that as many as 234 Android applications are capable of using beacon technology. Unfortunately, it appears the FTC is reluctant to force the developers to divulge this capability to Android smartphone users. There is even less information available from Apple application developers.

 

Statue of Liberty, NY
The Statue of Liberty, also known as a beacon of freedom, on Liberty Island in New York Harbor; photo by William Warby.

 

This cross-device tracking, as it is known, is as invasive and sneaky as it gets, yet there seems to be little political will to either outlaw it or regulate it. A warning letter? That’s all? In the 1950s and 60s there was a public outcry about subliminal messages in print and television advertising. While the effectiveness of subliminal advertising has always been dubious, people were nevertheless upset they were being manipulated in such a sneaky, underhanded way. Because of the public outcry, the Federal Communications Commission (FCC) was moved to state it would revoke the license of any broadcaster who used subliminal messages in programming or advertising, and the FTC stated that it would prosecute advertisers under Sections 5 and 12 of the Federal Trade Commission Act of 1914, which governs deceptive practices.

 

Given the remarkable similarity of ultrasonic beacons in electronic devices to subliminal messaging, in practice if not in usage, it’s difficult to understand why the FCC and FTC have not come down harder on the commercial use of this technology. The practice is the same because both seek to take advantage of consumers without their knowledge, and certainly not with their explicit approval; the usage is different because subliminal advertisers cast a wide net to boost sales, while companies employing beacons gather information about users in order to more specifically target them, like fish in a barrel. Until federal regulators take stronger action against the use of ultrasonic beacons, people upset by the practice will apparently have to rely on the more acute hearing of their dogs to alert them.
― Techly
His Master's Voice
His Master’s Voice, an 1898 painting by English artist Francis Barraud (1856-1924) of his brother’s dog, Nipper. The Victor Talking Machine Company began using the painting in 1900, and in 1929 the painting became the symbol of the Radio Corporation of America (RCA), aka RCA Victor.

 

We’ll Take That As a Yes

 

Last week the United States Congress voted to repeal new Federal Communications Commission rules which would have required that internet service providers (ISPs) notify their customers of the data they collect on them for their own commercial purposes unrelated to providing the service, and that customers had to specifically opt-in to the practice. The FCC voted 3 to 2 in favor of the new rules in October 2016, and they would have gone into effect on March 2 of this year had the FCC not stayed it on March 1 under new chairman Ajit Pai. Outgoing FCC chairman Tom Wheeler pushed for the new rules in order to spell out consumer privacy protections in relationship to ISPs, something which he and two of the other commissioners felt was inadequately addressed in Section 222 of the Telecommunications Act of 1996.

 

The Telecommunications Act goes back to 1934, when the original law went into effect creating the FCC and granting it the authority to regulate telecommunications companies as common carriers, which is to say the same as utilities. Section 222 of that law pertained to how the carriers could use their customers’ personal information, and it required them to keep the information confidential except as required by law or by consent of the customer. Congress has amended the Act periodically to reflect changes in technology, with the last major revision in 1996.

Common carrier or not is the logical puzzle in question. Substitute “Section 222” for Catch-22 to relish the flavor of the ISP regulatory mess.

 

Since the advent of widespread consumer internet service in the 1990s, there has been a regulatory battle over whether ISPs should be considered common carriers, and thus subject to oversight by the FCC under the Telecommunications Act. Since some providers, such as AT&T and Verizon, were also telephone companies, they were already partially subject to FCC oversight. It wasn’t until early 2015 with the FCC’s Open Internet Rules that all ISPs were brought under the same set of regulations as common carriers and bound by the consumer privacy protections of Section 222.

 

Previously the only regulatory oversight of some ISPs on behalf of consumer privacy came from the Federal Trade Commission, and it was limited to holding the companies accountable to the terms of their own privacy policies. The FTC does not regulate consumer privacy regarding the actions of common carriers. It does regulate consumer privacy regarding the actions of so-called edge providers that offer services by voluntary subscription, like Facebook, and of websites in general, but again only by holding them to their own privacy policies, as invasive as they may be. Since the implementation of the FCC’s Open Internet Rules in 2015, all ISPs must adhere to the more restrictive regulations applied to common carriers.

 


The 1970 film adaptation of Joseph Heller’s brilliant Catch-22 lays out a problem in logic. It does not attempt to explicate it, because that would be impossible and probably unhealthy.

 

Still, Chairman Wheeler and others felt that the language of Section 222 did not go far enough in spelling out consumer privacy protection in the internet age. Originally written in 1934 when the capacity of a common carrier to sweep up vast amounts of customer data was not even a pipe dream, and inadequately addressed in the major 1996 revision of the law, Section 222 did not explicitly deny ISPs the ability to sell customer data because the ISPs could interpret “with the approval of the customer” in Section (c)(1) to mean they could consider customers opted-in unless they stated otherwise. Being passive and silent rather than active and vocal has always been considered assent or approval, especially by sneaky people with an agenda, and it is a prevalent practice on the internet. That is a trick of the interactive internet age that no one foresaw in 1934, and apparently not even in 1996. In 2002, Democratic Senator Paul Wellstone of Minnesota introduced a bill which would have changed “the approval of the customer” to “the affirmative written consent of the customer.” The bill went nowhere.

 

Without legislation from Congress to clarify things in the new regulatory environment, Chairman Wheeler felt obliged to take up the slack by adopting Broadband Consumer Privacy Rules in October 2106. As already noted, the vote was 3 to 2. The 3 ayes came from Chairman Wheeler and the two other Democrats on the Commission board. The 2 nays came from the Republicans on the board, including Ajit Pai, now the new Chairman. When the new Republican Congress and President came to Washington, Chairman Pai stayed the new Privacy Rules before they could take effect, and Republican Senator Jeff Flake of Arizona introduced a bill to repeal the Rules and also prevent the FCC from making similar rules in the future.

That’s an android in the center, but it could just as well be you, an internet service customer, caught between government regulators and telecommunications providers.

 

The rest is history. We are returning to the regulatory environment of the past year and a half after the FCC ruled all ISPs were common carriers, but before it adopted new Privacy Rules to clarify the difference between “approval” and “consent” of customers. Now ISPs, though they are common carriers, have a gray area to navigate in Section 222 of the Telecommunications Act, and their claim that they will still be regulated by the FTC is disingenuous at best, considering the FTC does not regulate common carriers. It should be understandable now why ISPs lobbied to repeal the new Privacy Rules. Citing their own privacy policies in which they claim they never have and never will sell customer data, and which had been enforced by the FTC (they glide over the part about FTC regulation no longer applying to them as common carriers), they claimed the FCC was unnecessarily complicating the regulatory environment. They say they shouldn’t be held to stricter privacy standards than companies like Google and Facebook, thereby putting them at a competitive disadvantage. Except for the part about competitive disadvantage not being applicable to monopolistic utilities that are regulated in the public interest, that’s a fair point. Instead of raising the privacy bar for everyone, however, they and their mostly Republican allies in Congress and in the new FCC prefer to lower the bar, serving corporate interests instead of consumers. Trust us, they say. Uh-huh.
― Techly

 

I Have Nothing to Hide

 

So when they continued asking him, he lifted himself up and said unto them, He that is without sin among you, let him be the first to cast a stone at her.
― John 8:7 (Jubilee Bible 2000)

In any discussion of government surveillance, such as has been revealed by the recent WikiLeaks “Vault 7” release of CIA documents, there are some folks who are apt to pipe up with “Let the government spy on me – I have nothing to hide.” By that they presumably mean for their listeners to understand they are not terrorists, criminals, or perverts, and to drive home their utter lack of impure intentions they will often add a feebly humorous aside about how government agents would fall asleep from the boredom of eavesdropping on them. How reassuring to learn that government flouting of the Fourth and Fifth Amendments to the Constitution is okay because there are some among us who are without sin! Whether these folks realize it or not, their smug pronouncement comes out of them because in their lives the presumption of innocence has always been a given, and therefore government agents would have no interest in their good citizen behavior. It doesn’t seem to occur to them there are others in our culture who, through no fault of their own, are presumed guilty, and there are still others who are just as law abiding as the “nothing to hide” crowd, but may be concerned about hackers and thieves accessing their data, or simply want to be left alone and feel that their affairs are their own and should not be the concern of the government. We can use locks on our doors not only to keep out criminals after all, but nosy neighbors and government snoops as well.

Jesus und Ehebrecherin
Jesus and the Adulteress; drawing by Rembrandt.

The digital age has changed the game somewhat by introducing new channels of communication and cheap storage for vast quantities of information. The Fourth and Fifth Amendments are no less valid, however, in stating that citizens should be secure in their “effects”; that government officials need warrants; that citizens cannot be compelled to testify against themselves; and that government shall follow due process of law in proceedings against any citizen. Naturally the Founding Fathers did not foresee the age of computers, smartphones, and the internet. They didn’t need to foresee those things, because in looking back on thousands of years of ancient Roman and Greek law and English common law, they were able to extract valid principles which were applicable to the general human condition whatever the particulars of any one era might be. Since their time, we have moved from postal mail and personal messenger to phone calls and telegrams, and now to blog posts and email. Government snooping amounts to the same thing whatever the means of communication, and it is protection from the ends that the Founding Fathers wrote into the Constitution.

That much should be obvious, yet the erosion of the Bill of Rights continues bit by bit, often with the excuse that technology has wrought different contingencies in our modern era. There are no different contingencies – what has changed is that the state of emergency appears now to be permanent because it suits the agenda of powerful interests in the military-industrial complex. In the past, the United States government trampled rights for various reasons which seemed sensible to many at the time, from the Alien and Sedition Acts of 1798, to the Palmer Raids of 1919 and 1920, to the internment of Japanese-Americans in World War II. Always the advocates of such policies invoked a state of emergency to justify the abuse of state power, but eventually calmer heads and changing circumstances would prevail and the balance would be corrected.

A segment of Eisenhower’s January 17, 1961 farewell address, with commentary.

As long as there are enablers of government snooping who complacently and self-righteously announce to everyone within earshot that they “have nothing to hide,” dislodging the powerful interests invested in the current status quo and restoring a constitutionally correct balance between citizens and government will be a protracted struggle. Those who value the privacy of their communications enough to take measures to protect it, such as by using the Tor internet browser or encrypting their emails, are thereby presumed guilty of possible anti-state, criminal, or sexually deviant enterprises by government snoops and their sanctimonious “nothing to hide” enablers because the very action of taking privacy measures draws scrutiny from those groups and is something they deem an admission of being up to no good. It is as if the Fourth and Fifth Amendments have been turned upside down, and objecting to having snoops looking in the windows of your house and walking in through the front door any time they please is fussy obstructionism, definitely unpatriotic, and possibly prosecutable. The “nothing to hide” folks are unconcerned over these developments, secure as they are in the comforting knowledge of their own innocence, though they may want to keep in a corner of their uncluttered minds the notion that the perception of innocence by those in power can shift capriciously, and so they are well advised to note this paraphrased bit from a poem by the German Lutheran pastor Martin Niemöller: They came for the Privacy Advocates, and I did not speak out – Because I had nothing to hide.
― Techly

 

The Fickle Fingerprint of Fate

In May of 2016, Department of Justice officials wrote a memorandum seeking a warrant to search a Lancaster, California, premises and to force the occupants to unlock any phones or electronic devices with their fingerprints if the devices were equipped with that technology. This amounted to a fishing expedition to circumvent previous court rulings which held that law enforcement could not compel a criminal suspect to unlock an electronic device with their pass code because that would be a violation of the Fifth Amendment protection against self incrimination. It is unclear whether the DoJ ultimately received the warrant they sought because not all documents related to the case are publicly available.

Creation of Adam (Michelangelo) Detail
“Creation of Adam,” by Michelangelo

Why is compelling a suspect to unlock a device with their fingerprint also not a violation of the Fifth Amendment? Because of a 2014 ruling in a Virginia Circuit Court which stated that fingerprints and other bodily attributes are not protected, while handing over a pass code to law enforcement is divulging of information, which is protected. Law enforcement has long been able to use a suspect’s physical characteristics to incriminate him or her, but has not been allowed to compel a suspect to give up information. The problem now is that technology has leaped ahead of current law, and judges and prosecutors are falling back on anachronistic case law to cope with the use of biometrics like fingerprints and iris scans to lock personal electronic devices. Case law going back one hundred years and more treats fingerprints as a way of determining a suspect’s culpability at a crime scene, not as a key to a suspect’s possessions which may or may not contain evidence. It is obtuse to claim that a fingerprint or any other biometric is not the same as a pass code when it is being used for the same purpose.

All seeing eye
“All seeing eye,” from U.S. currency

The use of biometrics is springing up not only in consumer devices, but in technology used by the military and law enforcement. The 2002 film, Minority Report, depicts a dystopian future when law enforcement and advertisers make great use of biometrics, and those predictions are proving more accurate with each passing year. The Department of Justice already uses facial recognition technology for surveillance of people in public spaces, and as we have seen with the National Security Agency, the ability of modern digital storage to accumulate massive amounts of data encourages the practice of scooping up everything indiscriminately. Like a fishing trawler using a drift net, law enforcement intends to collect everything now, store it, and sort it all out later. They think they are being efficient and better safe than sorry. But people are not fish subject to by-catch, which ought to be obvious enough, and to be sure the Fourth and Fifth Amendments to the Constitution make the distinction clear.
– Techly

Randolph County Veterans Memorial Park Bill of Rights marker
Randolph County, Georgia, Veterans Memorial Park Bill of Rights marker;
photo by Michael Rivera