A local initiative for the people’s right to privacy

“Gentlemen do not read each other’s mail.”

This was said by Henry L. Stimson in 1929 in support of the US State Department’s defunding of the Black Chamber program that was used to decipher foreign ambassador communications. At that time, Stinson was the Secretary of State under President William Howard Taft. Stinson’s opinion, however, is said to have changed while he served as the Secretary of War under President Herbert Hoover and President Franklin D. Roosevelt, in which the United States government relied heavily on the enemy’s decrypted communications during wartime.

Mass surveillance is a crime against people, not just the American people. The people did not ask for it, not even the special interests behind the development of the Patriot Act. Secret mass surveillance and secret laws are instituted and accepted by people in power, to gain and maintain power, which are acts that are illegitimate of a developing democracy. They are illegitimate acts of a country that developed the Internet.

Civilly speaking, cryptographically encrypting information before transmission is the same as licking and sealing a letter before mailing it. It is the same as closing a clear glass door on a telephone booth before having a private conversation. It is the same as putting on clothes to protect things expected to remain private.

I expect that only entities that privately sign digital certificates that create the foundation for private chats, private socializing, and secure transactions on the internet can decrypt my information. It should be illegal for entities beyond the original signer of public key infrastructure certificates to have a copy of the private key in such a way that allows said entity to view or record the decrypted content that is expected to remain private between two specific parties. It should also be illegal for any entity to attempt to break or subvert encryption mechanisms on common-carrier infrastructure as long as that data is being transmitted or being stored on American soil, no matter the nationality of the person transmitting their encrypted internet content. It is time for the United States to learn from its mistakes and emerge as a civil liberties leader.

What I would like to do is identify other leaders throughout the United States that want to pass a shared city law that makes illegal the above acts. We should all vote for and approve these laws in tandem to reduce the risk of federal or state legal threats. Cities need to come together to protect local internet infrastructure.

Governance representatives are failing to protect the nature of our constitutional protections in law and debate.  They are failing to understand the importance of the Internet. Federal representatives are literally working backwards at times, with the Patriot Act, CISPA, PIPA, and the TPP as perfect examples. It is time to work from the ground up and enact local laws that affect local internet infrastructure.

We cannot let special interest groups, that bribe our representatives, write our laws for us. The interest of the people needs to be voiced through local law. Let us tell state and federal government that it is not okay to subvert public law with secret law, and that mass surveillance cannot be tolerated, period. Law enforcement has worked, successfully, for hundreds of years without mass surveillance. The city laws that I am proposing do not inhibit the normal procedure of law enforcement to acquire a warrant, through justified evidence, to obtain private information about specific individuals to prevent or punish crime.

In addition to hosting DNS root servers and the Seattle Internet Exchange, the Westin datacenter connects us to billions of un-Americans on the other side of the Pacific Ocean. Many other cities throughout the United States host similar infrastructure. These communication points are ideal for the placement of unethical surveillance equipment, and we must make this act illegal in our cities. Let us put pressure on our state by protecting local resources, the technology that ensures the security of our online communications, and the integrity of our local businesses.

From https://www.aclu.org/sites/default/files/assets/lavabit_brief_of_us.pdf, it is clear that sometimes our founding legal frameworks are not explicit.

THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT

Let us build our own laws for our expectations of privacy. For example, as described in the book, Toward an Information Bill of Rights & Responsibilities (http://yawnbox.com/?p=283):

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • Technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • Proliferation of powerful computing capacity to the desktop;
  • Creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • Increasing use of target marketing, modeling, and profiling;
  • New technological abilities that permit individuals to access personal data maintained by others;
  • Decreasing cost of computing technology used to manipulate data;
  • New social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

Together we must begin drafting a law that can be shared by the people, city governance, and our local businesses. Together we must approve these measures and begin putting a stop to mass surveillance on any and all people, not just Americans, while also demonstrating our right to privacy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s