Sounds like the Transportation Security Administration has a little issue with information security. Consumerist reports that the website TSA operated to allow misidentified flyers to get their names off the no-fly list (bane of toddlers everywhere) has been operating for months without the proper security in place. Security flaws included no SSL on submission forms, and expired SSL certificates where it was in place. The security flaws were made public by the House Oversight and Government Reform Committee in a report last Friday.
Ken Auletta, long known for his in-depth profiles of media titans, has written a profile of the top three at Google. You can read the whole thing at the New Yorker, or Valleywag’s 100-word version. Most relevant for this blog are the telling quotes on privacy from Google Insiders. One anonymous executive says, "Privacy is an atomic bomb. Our success is based on trust." And Eric Schmidt notes that Google would "really be hosed" if it violated its users’ trust with privacy risks from targeted advertising.
According to this New York Times article, a custom officer at Los Angeles International Airport discovered child pornography on the laptop of Michael T. Arnold upon his return from the Philippines. From the government’s viewpoint, searching your laptop is no different from searching your suitcase and so far the federal appeals court has agreed.
Judge Dean D. Pregerson of the Federal District Court in L.A. has a different take- he suppressed the evidence against Mr. Arnold in 2006 contending that, more than just a storage device, electronic storage devices are an extension of our memory. Judge Pregerson’s decision seems to be headed for reversal. The three judges who heard arguments in the appeal of his decision seem to be of the opinion that the same information in hard-copy form would be subject to search.
Questions still remain on when a search is justified. Jennifer M. Chacón, a law professor at the University of California, likens a computer search to a search of the body, where reasonable suspicion would be required for such an invasion.
There are two more instances of laptop searches resulting in child pornography: John W. Ickes Jr.’s laptop was searched after a customs agent grew suspicious after discovering a videotape of a tennis match which focused excessively on a young ball boy. The other case is that of Sebastien Boucher who, when stopped at the Canadian border and asked if his laptop contained child pornography, answered that he was not sure. Mr. Boucher unlocked his encrypted files for the agent and the agent discovered pornography involving children. Mr. Boucher’s laptop was seized, but the government has been unable to re-open the encrypted files. This has brought up a new debate as to whether or not Mr. Boucher should be required to provide the password to his files.
Feb 12, 2008 Update: A lawsuit filed last week by the Electronic Frontier Foundation and Asian Law Caucus in the U.S. District Court for the Northern District of California alleges that airport searches of laptops and other devices are intrusive. The Customs and Border Protection disagrees, saying the agency does not need to show probable cause to look inside suitcases or laptops. A spokesperson for the Department of Homeland Security likens searches of electronic devices to those of papers in briefcases.
Brian Krebs’s Security Fix blog over at the Washington Post has more information.
In 2005, California passed a law requiring companies to respond to consumer requests for information about how they share data with third parties, and to allow consumers to opt out of such sharing. But a recent report by CalPIRG shows that fewer than a third of companies respond adequately to such requests. They’ve issued a call for such sharing to be opt-in only. (from abc7news.com, via Consumerist).