I realized that I haven't made a new PGP key in a while. I just installed the new PGP and made a new key. I've signed it with all of the old keys that I can remember the passwords for and revoked the second to the oldest one. The most recent one still works, but please switch to this one as soon as you can.

Here is the public key: joi.asc and here is the fingerprint: B652 199B 6996 219B 62AE 6364 E349 8387 783D 4E0A

I keep wondering if I should make expiring keys, but it seems like it would be inconvenient as well. What do you all do?

Donna Wentworth @ EFF: Deep Links

It's Official: TSA Lied

Two government reports confirm what EFF and other privacy advocacy organizations have long known: the Transportation Security Administration (TSA) lied about its role in using airline passengers as guinea pigs for testing "Secure Flight" - the latest version of a fundamentally flawed passenger-profiling system for screening terrorists. And not only did TSA lie, it lied repeatedly, to everyone.

A DHS report [PDF], released this past Friday, reveals that TSA misled individuals, the press, and Congress in 2003 and 2004. A GAO report [PDF], released Monday, also shows that Secure Flight has failed to meet 9 out 10 conditions the GAO set for giving the program the go-ahead. These conditions include providing adequate protection for passengers' privacy and ensuring the accuracy of the data it would use to classify people as terrorist risks.

Passenger records contain detailed personal information, such as your name, address, phone number, travel itinerary -- even your credit card number. Yet the DHS report says TSA shared passenger information with outside contractors while neglecting to "inquire whether the data used by the vendors had been returned or destroyed."

"This is worse than ChoicePoint," says EFF Senior Privacy Attorney Lee Tien. "It reflects an attitude toward the privacy of Americans that falls well below what people are up in arms about in the commercial data industry. These people have a public trust and they're abusing it."

For additional information, see Bruce Schneier's GAO's Report on Secure Flight; for background, see TSA and CAPPS II -- Anatomy of a Cover Up.

The US doesn't have a monopoly on this stuff of course. I've been fighting very hard for privacy in Japan. What we ended up with was a privacy bill that allows the government to strictly enforce privacy rules for businesses, but leaves the government quite free and exempt from similar oversight, focusing more on the "ethics of civil servants." Of course there is also a carve out for "the media" so they don't scream about it too much. Unfortunately, in the case of the Japanese privacy bill, "the media" includes only TV and newspapers and not magazines and of course not bloggers. Although I agree that privacy violations by businesses is a problem and a threat, I'm still much more concerned about abuse by governments, particularly when there isn't a good oversight process. The US is lucky it has the GAO.

Donna Wentworth @ Copyfight

Your ISP Knows You're a Dog

Fred von Lohmann, in a Law.com column on the importance of preserving anonymous speech on the Internet: "[R]emember, on the Internet, your ISP knows you're a dog, and your adversary is only a subpoena away from compromising your constitutionally protected right to bark anonymously."

It's not only the EFF and people like myself who believe in anonymous free speech. The American Association for the Advancement of Science came out on the side of anonymity and said that, "this is not a fruitful area of regulation for now or in the future." Of course this was back in 1999. (Wired article on this report) As Fred says in his article, the founding fathers of the US published the Federalist Papers anonymously and were acutely aware of the necessity of protecting anonymity and tried to build that into the constitution. Today we are all chipping away at this right with the fear of copyright infringement, terrorism, child pornography and a variety of boogymen leading the charge.

tins ::: Rick Klau's weblog

Bonus goofy news item of the week: Paris Hilton’s Blackberry was hacked.

Quoth the source for this bombshell:

“It’s one thing to have people looking at your sex tapes, but having people reading your personal e-mails is a real invasion of privacy.”

In Airport 'Pat-Downs' and Fear of Retaliation, Dan Gillmor links to a New York Times story about U.S. airport screening and women who are humiliated but afraid to retaliate. This is how profiling and lists will begin to inhibit our actions and free speech. What's your national ID # again?

A great flash animation by the ACLU simulating a pizza delivery call in a future where they're "plugged-in" in a Total Surveillance Society.

via Dan Gillmor

I originally saw this article in the IHT, but found it online on E-Commerce News.

Howard W. French

China's Web Police Send Mixed Message

...Internet cafe users in China have long been subject to an extraordinary range of controls. They include cameras placed discreetly throughout the establishments to monitor and identify users and Web masters, and Internet cafe managers who keep an eye on user activity, whether electronically or by patrolling the premises.

The average Internet user, meanwhile, neither sees nor, in many cases, suspects the activities of a force widely estimated to number as many as 30,000 Internet police officers. Experts on China's Internet say the officers are constantly engaged in a cat-and-mouse game with equally determined Web surfers, blocking access to sites that the government considers politically offensive, monitoring users who visit other politically sensitive sites and killing off discussion threads on Internet bulletin boards.

[...]

Asked if the privacy of Internet users could be infringed, the official said that the Shanghai government had noted the issue, but added that "Internet bars are public areas, and some experts say that what one says in a public area should not be considered private."

Seriously though, I can only see how this will get worse for both sides. Obviously the "arms vendors" will make money in the cat-and-mouse game, but can China afford to ramp up the Internet police force as China gets more and more wired/wireless. I wonder how long this "control" can continue and how much it's going to cost them. I guess that for now, they believe the control is worth the price.

Future Now

Black boxes for taxis

According to dottocomu, Japanese taxi firm "Nihon Kotsu has announced it is to introduce "flight recorders" to its fleet--a device that will record video as seen from the driver's seat for 18 seconds spanning before and after an accident."

via Ross

Roger Clarke, one of my favorite privacy experts, rips apart the Australian Government's attempt to make their face recognition technology trial look good. Face recognition systems have not been found to work well and are very intrusive. Here's another attempt to make them look better than they are.