Big Brother takes the wheel

This is VERY scary, and should be banned by states generally.  At minimum, provide the ‘opt-out’ option at NO COST to the consumer! – Number Six

From Salon:

Big Brother takes the wheel

Your insurance company wants to install a device in your car to track your every decision and move. Be afraid

By David Sirota

Your chipper TV friend Flo, otherwise known as Progressive’s ubiquitous shill, wants you to be excited — very excited. As you’ve probably learned from her gratingly effervescent commercials, she and her Big Brothers in the insurance biz want you to see the latest Orwellian scheme not as a privacy-destroying step to justify raising your government-mandated car insurance premiums. Instead, she wants you to see her “patented, proprietary” device “from the future” as a great innovation aimed at saving you money.

And yet, as the federal government this week takes a big step toward possibly mandating “black boxes” for new cars, and as more car firms like Progressive pressure you (and potentially soon require you) to put tracking bugs in your vehicle, serious questions are now swirling around so-called “telematics-based insurance” — questions that Flo doesn’t want you to ask. She purports to have all the answers, shrouding this complex surveillance system in her squeaky voice, wide smile and promises of car-insurance utopia — almost as if she were deliberately parodying the saccharine avatar of an autocratic mega-corporation in a dystopian sci-fi flick. But despite the TV ad barrage, the questions nonetheless persist because the tracking system is both so invasive and so arbitrary.

To appreciate that disturbing reality, consider this dispatch about how the system works:

Richard Hutchinson, the usage-based insurance manager at Progressive, says the SnapShot works on algorithms that use your driving style to predict how likely you are to have an accident, and how expensive it will be if it happens. Normal insurance plans use dozens of set variables like age and gender to calculate rates, but the SnapShot taps into literally thousands of dynamic inputs including how fast and what time of day you drive. The device captures data in one-second intervals. One of the most revealing stats: how much you brake and how often. Over-braking is a key indicator of an accident-prone driver…

In the end, (Thilo Koslowski, an automotive analyst with Gartner) says the major hurdle is the Big Brother effect. While (the system) might seem innocuous, once there’s a way to capture how you drive and transmit the results to a home base, the next step could be to monitor your daily commuting route and force you to take a different, theoretically safer, way.

If this seems eerily familiar, that’s because it follows earlier evidence that the 2002 film “Minority Report” was less fantasy than spot-on prophecy. In that film, humans have developed technology to fight “pre-crime” — that is, to stop crimes before they occur, and punish people as criminals for allegedly preparing to commit said crimes.

“Telematics-based insurance” is simply the insurance-industry realization of that technology — a technology that can punitively charge you higher rates for embracing driving styles and geographic routes that supposedly mean you are about to incur collision costs, even if you haven’t actually incurred said costs yet, and even if you never will incur said costs in the future. Essentially, the insurance firms are combining data from the past with real-time data from your car to presuppose that if you brake in a certain style, commute on a certain road, or drive in other myriad ways deemed “risky” but legal, there’s a higher chance that you will get into an automobile accident. So rather than charge you a higher premium after you incur those accident costs, the companies are looking to punitively charge you beforehand à la a Department of Pre-crime.

What’s wrong with such a system? The assumptions baked into the algorithms, that’s what. Yes, your particular braking method may be idiosyncratic, and actuarially, that may indeed suggest you are more likely to crash at some point. But citing generalized odds to assume that you in particular will definitely crash in the future — and to then act on that assumption by charging you higher premiums in the present — is both illogical and predatory, forcing you to pay for accidents you haven’t yet been involved in, or may never be involved in in the first place.

Of course, Flo and other insurance-industry spokespeople like her insist that the system today only exists to give customers premium discounts for “good” driving (however arbitrary that definition of “good” is), but not to raise premiums for “bad” driving. However, if and when the devices become a prerequisite for insurance — which many experts say will soon happen — we would likely see a system in which the “standard” premium is inflated, and the “discounts” for “good” driving only slightly reduce premiums. That is, we would likely see a system in which the technology stealthily raises overall premiums for everyone.

What can be done about all this? Fox reports that some states “currently have specific mandates that prevent insurance companies from requiring” the tracking devices. That’s a good first step, but the regulation is easy for the industry to get around with punitive pricing schemes — the kind that will hold a proverbial gun to the consumer’s head and make the devices a de facto obligation.

No, the only real protection is for states to ban insurers from using these devices to charge higher premiums. It’s a rather simple legislative initiative; a state could simply say that a licensed insurer cannot raise a customer’s premium unless that customer incurs a financial outlay by the insurance company (say, via a collision).

Insurers will no doubt say that’s an unacceptable government intervention into the “free market.” But, then, so too is the government requirement that all drivers buy the car insurance industry’s products. And if states are going to use statutory power to force people to be the insurance industry’s customers, which is a huge financial boon to insurance companies, then in exchange it’s more than fair to require those companies to adhere to some basic consumer-protection rules.

Without such rules, Flo or another one of her Big Brothers will probably soon be in your car — whether you like it or not.

Privacy-*favorable* ISP….?

be still my heart….From Declan McCullagh’s Privacy Inc. CNET column…. Number Six

This Internet provider pledges to put your privacy first. Always.

Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance.

Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he’s raising funds to launch a national “non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption” that will sell mobile phone service and, for as little as $20 a month, Internet connectivity.

The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also — and in practice this is likely more important — challenge government surveillance demands of dubious legality or constitutionality.

A decade of revelations has underlined the intimate relationship between many telecommunications companies and Washington officialdom. Leading providers including AT&T and Verizon handed billions of customer telephone records to the National Security Agency; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008.

By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx Institute with for-profit subsidiaries, will put customers first. “Calyx will use all legal and technical means available to protect the privacy and integrity of user data,” he says.

Merrill is in the unique position of being the first ISP exec to fight back against the Patriot Act’s expanded police powers — and win.
Nick Merrill, who once challenged a demand from the FBI for user data, is planning to create the world's first privacy-protective Internet and mobile phone provider.

Nick Merrill says that “we will use all legal and technical means to resist having to hand over information, and aspire to be the partner in the telecommunications industry that ACLU and EFF have always needed but never had.”
(Credit: Sarah Tew/CNET)

In February 2004, the FBI sent Merrill a secret “national security letter” (not an actual court order signed by a judge) asking for confidential information about his customers and forbidding him from disclosing the letter’s existence. He enlisted the ACLU to fight the gag order, and won. A federal judge barred the FBI from invoking that portion of the law, ruling it was “an “unconstitutional prior restraint of speech in violation of the First Amendment.”

Merrill’s identity was kept confidential for years as the litigation continued. In 2007, the Washington Post published his anonymous op-ed which said: “I resent being conscripted as a secret informer for the government,” especially because “I have doubts about the legitimacy of the underlying investigation.” He wasn’t able to discuss his case publicly until 2010.

His recipe for Calyx was inspired by those six years of interminable legal wrangling with the Feds: Take wireless service like that offered by Clear, which began selling 4G WiMAX broadband in 2009. Inject end-to-end encryption for Web browsing. Add e-mail that’s stored in encrypted form, so even Calyx can’t read it after it arrives. Wrap all of this up into an easy-to-use package and sell it for competitive prices, ideally around $20 a month without data caps, though perhaps prepaid for a full year.

“The idea that we are working on is to not be capable of complying” with requests from the FBI for stored e-mail and similar demands, Merrill says.

A 1994 federal law called the Communications Assistance for Law Enforcement Act was highly controversial when it was enacted because it required telecommunications carriers to configure their networks for easy wiretappability by the FBI. But even CALEA says that ISPs “shall not be responsible for decrypting” communications if they don’t possess “the information necessary to decrypt.”

Translation: make sure your customers own their data and only they can decrypt it.

Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project.

“I have no doubt that such an organization would be extremely useful,” ACLU deputy legal director Jameel Jaffer wrote in a letter last month. “Our ability to protect individual privacy in the realm of telecommunications depends on the availability of phone companies and ISPs willing to work with us, and unfortunately the number of companies willing to publicly challenge the government is exceedingly small.”

The next step for Merrill is to raise about $2 million and then, if all goes well, launch the service later this year. Right now Calyx is largely self-funded. Thanks to a travel grant from the Ford Foundation, Merrill is heading to the San Francisco Bay Area later this month to meet with venture capitalists and individual angel investors.

“I am getting a lot of stuff for free since everyone I’ve talked to is crazy about the idea,” Merrill says. “I am getting all the back-end software written for free by Riseup using a grant they just got.”

While the intimacy of the relationship between Washington and telecommunications companies varies over time, it’s existed in one form or another for decades. In his 2006 book titled “State of War,” New York Times reporter James Risen wrote: “The NSA has extremely close relationships with both the telecommunications and computer industries, according to several government officials. Only a very few top executives in each corporation are aware of such relationships.”

Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a project to intercept telegrams in the 1970s. Called Project Shamrock, it relied on the major telegraph companies including Western Union secretly turning over copies of all messages sent to or from the United States.

“All of the big international carriers were involved, but none of ’em ever got a nickel for what they did,” Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA’s inspector general.

Like the eavesdropping system that President George W. Bush secretly authorized, Project Shamrock had a “watch list” of people whose conversations would be identified and plucked out of the ether by NSA computers. It was initially intended to be used for foreign intelligence purposes, but at its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda and the Rev. Martin Luther King Jr.
Nick Merrill says that "if we were given any orders that were questionable, we wouldn't hesitate to challenge them in court."

Nick Merrill says that “if we were given any orders that were questionable, we wouldn’t hesitate to challenge them in court.”
(Credit: Sarah Tew/CNET)

Even if Calyx encrypts everything, the surveillance arms of the FBI and the bureau’s lesser-known counterparts will still have other legal means to eavesdrop on Americans, of course. Police can remotely install spyware on a suspect’s computer. Or install keyloggers by breaking into a home or office. Or, as the Secret Service outlined at last year’s RSA conference, they can try to guess passwords and conduct physical surveillance.

That prospect doesn’t exactly please the FBI. Last year, CNET was the first to report that the FBI warned Congress about what it dubbed the “Going Dark” problem, meaning when police are thwarted in conducting court-authorized eavesdropping because Internet companies aren’t required to build in back doors in advance, or because the technology doesn’t permit it. FBI general counsel Valerie Caproni said at the time that agents armed with wiretap orders need to be able to conduct surveillance of “Web-based e-mail, social networking sites, and peer-to-peer communications technology.”

But until Congress changes the law, a privacy-first ISP like Calyx will remain perfectly legal.

“It’s a really urgent problem that is crying out for a solution,” Merrill says.

Update 12:05 p.m. PT: This article sparked a lengthy Reddit thread, complete with repeated suggestions that Nick Merrill should turn to Kickstarter to raise money. Merrill told me this morning that Kickstarter “wouldn’t accept Calyx as a campaign because it’s not a physical product, or arts-related.” But he has set up a contribution page, with a $1 million target, on, a self-described crowdfunding platform. “There has been a ton of interest in the idea,” Merrill told me. “Due to popular demand I have decided to try crowd-sourced funding the idea in order to prove that the demand exists.” If he makes the $1 million target, IndieGogo takes a smaller percentage. Internet privacy aficionados, what say you?

People don’t want search engine tracking – big surprise?

From the Seattle PI:

“…The Pew Internet & American Life Project found that 73 percent of search users said they would “not be okay” with an online search engine keeping track of their searches even if the data provides personalized search results in the future.

And 68 percent said they were “not okay” with targeted advertising because they don’t want their online activities tracked and analyzed.

The report could bolster criticism by consumer groups and government officials over the online privacy policies of companies such as Google, Microsoft, Yahoo and Facebook. President Obama has proposed a “privacy bill of rights” to give consumers control over how their data is collected, stored and shared.

“Search engines are increasingly important to people in their navigation of information spaces, but users are generally uncomfortable with the idea of their search histories being used to target information to them,” said Kristen Purcell, author of the report “Search Engine Use 2012.”……” (more from the report directly here)