Here are examples of the private information that state and local governments collect:

Health:

• Prescription Drug Monitoring Programs (PDMPs) in which “physicians and pharmacists… log each filled prescription into a state database to help medical professionals prevent abusers from obtaining prescriptions from multiple doctors.”
• Adult Medical histories (including sexual orientation, drug history, lists of medical problems, work history). Gathered for vaccinations and state health testing.
• Vaccine immunnization records (Children and Adults)
• Lists of people who are immunocompromised
• Lists of pregnant women and their doctors
• HIV/AIDS test results

Taxation:

• Income sources and levels
• Bill owed (doctors, lawyers, etc) for certain cases (see p.10)
• Bank statements
• Bank account numbers(see p. 14)
• Credit card numbers(see p. 14)
• Social security numbers
• Pension information
• Life insurance information
• Detailed employment records
• Deductions
• Value of assets (house, car, etc)
• Address, phone, extensive contact information
• Children’s names, Social Security numbers, ages
• Names of daycare providers

Unemployment:

• Names of people who have been unemployed
• Bank routing and checking account numbers
• Extensive personal details, including SSN, Driver’s license info, etc.
• Previous employment history
• Details regarding job search
• Salary records
• Records of unemployment funds received

Transportation:

• Detailed travel records (EZ-Pass, Fastlane, Subway passes)
• Dates, times, and locations that subway/EZ-pass cards were used
• Lists of senior citizens, contact information and photographs
• Lists of disabled people, contact information and photographs
• Credit-card and payment information
• Rider photographs and video footage

Motor Vehicle Services:

• Driver personal info:
• Height
• Weight
• Eye correction
• Address
• Social Security Number
• Payment information
• Violations (see p.3 for a list of info typically included in citations)
• Locations, dates, times
• Description and details
• Images (photographs, videos)
• Red-light camera images
• License-plate tracking

Government Employee records

• Social Security numbers
• Employee reviews
• Health insurance information

Education:

• Childrens’ standardized test scores

Police:

• Confidential informant records
• Confidential juvenile records
• Video surveillance footage of streets and intersections
• Rape victim statements and details
• Officer personal information and disciplinary records
• Investigative data

 
We conduct routine inspections of restaurant kitchens for public safety, and the public is entitled to see inspection certificates. Shouldn’t management of our public data be held to the same standards?

The public deserves to have input regarding what data is put into the hands of companies which are not controlled by the public. We deserve regulations which protect our private information from abuse, and which specify what types of information can or cannot be hosted by foreign companies and private companies.

Most importantly, we deserve assurance. Our government must routinely verify through inspection and public reports that confidential information is not being misused by private companies, and that only appropriate types of information are being shipped off-site. If private companies are to hold taxpayer information, the public deserves independent verification and reassurance that our data is well-managed.

For information about the specific data used by your state, check out your state’s web site and look at the services it offers. (Here’s a nice example from the State of New Mexico.) Then think about all the private information that your government needs to collect and process in order to support those services. You might be surprised.

“Over 60% of the U.S. state governments have gone Google.”

Does this mean that we’ve now handed the majority of our state governments’ operational data to a single privately-controlled company which has well-publicized partnerships with other governments such as China?

To find out more, I contacted Google’s press department. A representative promptly got back to me with more information:

“The reference to Going Google refers to US state governments using one or more of Google’s enterprise products…With regard to data hosting, Google Apps is a cloud computing solution meaning Google hosts the data in our data centers, relieving the customer or gov agency of the burden of managing their own servers in house.”

In other words, according to Google, United States state governments have literally handed over our public data to be held and managed by a private company which has well-publicized partnerships with other governments such as China. The data is physically stored in Google’s buildings, on Google’s servers, managed by Google’s employees. This means Google now controls our government’s access to it’s own data.

Google declined to make their list of state government customers public, so instead I checked to see which states had active Google Apps login pages for their domains. There are 19 states that have active Google Apps login pages (plus Washington D.C.) These include:

In September, Google announced its plans to create a major government data hosting operation for the United States. “Today, we’re excited to announce our intent to create a government cloud, which we expect to become operational in 2010. Offering the same services and features as our existing commercial cloud (such as Google Apps), this dedicated environment within existing Google facilities in the US will serve the unique needs of US federal, state, and local governments…”

Moving the data itself offsite is a BIG change, and one that comes at a BIG price. This effectively places state governments’ data outside the direct control of our government. If Google (or an ISP) were to decide for whatever reason– economic, political– to cut us off from our data, governments using their services would be, well, Scroogled.

To me, this is an unacceptable level of control for a single private company to have over federal, state or local government. When you reach a point where the government cannot operate without a private company, then the private company has effectively gained control of the government.

With Google physically housing and managing state government operational data, they literally gain control of our government’s operations. What’s more, Google also has access to data mine the information. Would this be legal? Hopefully not, depending on the contract that our governments have signed. Would it be technologically possible? Of course.

In another twist, state governments’ moves to outsource their data could also open their information to far greater access by intelligence agencies. It might be legal under homeland security rules for federal intelligence agencies to force Google to turn over information from state and local governments, perhaps without even notifying them. For issues where state laws are in direct conflict with federal laws, the implications for states’ rights are serious. For example, several states maintain lists of registered medical marijuana patients. Could a federal agency force or coerce Google to turn over lists of names without permission from the state?

Google is extremely good at managing its own public image (it undeniably has a leg up due to the fact that it controls news sources and search engine returns). However, it is still a for-profit corporation and ultimately works for the good of its owners, not the public. The fact that Google is working to host a large percentage of U.S. government data should set off alarm bells. How can the U.S. government effectively manage its own security and the interests of the people when large corporations have it by the balls?

The long-term, hard-to-quantify risks of moving the United States’ operational data to a private company are easy to ignore when you look at the short-term technological benefits and shiny flashy features. No one can deny that Google enables government entities to operate with a level of sophistication that would inconceivable if all operations were done in-house. Governments typically suffer the same problems as many midsize companies with underfunded IT departments and political complexities that make it difficult to centralize and streamline operations. It doesn’t really make sense for every state and local government to reinvent the wheel with respect to IT. With no “public option” for scalable, government-sponsored IT services, it’s understandable that state and local governments would outsource to the private sector.

That said, the practice of outsourcing government IT management is risky and deserves careful scrutiny and regulation. It’s funny that we’re chasing after “terrorists” in our airports, and at the same time our state governments have moved fundamental operations data over to a private company which is not controlled by the public and has strong ties to foreign governments.

Google is outside our system of checks and balances. They are quickly becoming absolutely necessary for our government to function, but their operations are not transparent and are outside the control of the American people.

Here are a few related press materials published by Google:

District of Colombia

Virtual Alabama

City of Los Angeles

The coupon is similar to a credit card, with a serial number and expiration date printed on the front (as well as a nifty hologram that reads “Security”). It also has a magnetic stripe. Curious, I borrowed a coupon and swiped it through my trusty mag-stripe reader. The output was as follows (name/number have been changed for privacy):

%B5897320630985200^SMITH/FRANK ^0903121000000000000000798000000?
;5897320630985200=09031210000079800000?

Much to my surprise, the applicant’s name was encoded on the coupon, in addition to the serial number and expiration date.

Consumers are clearly not aware that their names are encoded on the cards. Although National Telecommunications and Information Administration (NTIA) documents refer to “identifying serial numbers,” (NTIA 2006) there is no mention of the fact that names themselves are encoded on the cards. Since the name is not printed on the face of the card itself, there’s no way for recipients to tell it is there without special card-reader equipment.

As a result, over 24 million Americans have now unknowingly submitted their names into the tracking systems of nationwide corporate retailers such as Wal-Mart and Best Buy. “There are federal privacy laws that say what the government can do with your information, but once that information is given to private industry, it’s theirs,” commented senior security consultant Jonathan Ham.

What’s more, the NTIA itself tracks the location, date and time of each purchase. Retailers are required to “provide NTIA electronically with redemption information and payment receipts related to coupons used in the purchase of converter boxes, specifically tracking each serialized coupon by number with a corresponding [certified converter box] purchase.” (NTIA retailer site.) Each week, the NTIA publishes statistics indicating the number of cards used in each zip code.

Consumers are not explicitly informed of the coupon tracking on the TV Converter Coupon Program web site or application. Buried in the NTIA’s web site is the statement that “to keep track of the number of coupons issued, used and redeemed, as well as to minimize fraud and counterfeiting, NTIA intends to place identifying serial numbers on the coupons.” (NTIA 2006)

I went to Best Buy to get a retailer’s perspective on the TV Converter Coupon Program. Like most retailers, Best Buy likes to track their customers. With cash or check, this is difficult, but with credit cards and similar systems (such as the DTV coupons), customers can be automatically added to their database.

Rob Hooper, the helpful manager on duty, explained, “[The DTV coupon] would probably have their name, a number, and they probably have to put in their phone number for us to ring out the remainder of the transaction. As soon as that number gets rung through a Best Buy retailer or a Wal-Mart retailer or anywhere else, [NTIA can] probably break it down underneath the ID of the retailer, and then also the ID of the individual who applied for that particular card number. Not only do they have demographics, they also have geographics– where each card is used.”

In other words, the government receives detailed information about precisely where and when each card is used, and each card is explicitly linked to a name. What’s more, since the names are stored on the coupon’s magnetic stripe itself, the retailer also receives and can store personal information about the consumer. The consumer may never even be aware that his or her name has been given to the retailer.

My mother, who applied for the program by phone, was shocked to learn that her name was encoded on the card and her purchases were tracked. “The government should have made me aware of the information they would be collecting about me if I used the card,” she said. “They’re taking away my freedom. If they decide they need to collect information, they should do so with the people they are collecting the information from volunteering to give it, not being forced.”

Presumably the names encoded on the coupon’s magnetic stripe can be used to prevent fraud, but in practice this has not been occurring. Even if the name on the coupon doesn’t match the consumer, retailers still accept the coupons.

“We generally don’t check IDs against the card,” said Rob. “If someone’s out there stealing digital converter box cards and they’re just hoarding boxes of those cards, that’s not on the top priority list for Best Buy’s loss prevention.”

“We haven’t really seen too much fraud whatsoever with these coupon cards,” he added. “It would be a really interesting thing to try to steal $40 converter box cards, because you’re basically getting paid off in technology that will be antiquated.”
 
Millions of Americans using the DTV converter coupons have unknowingly had their shopping habits tracked and names given to third parties such as Best Buy and Wal-Mart. What is the value of our privacy? Is watered-down “fraud protection” really worth giving away millions of American’s names to retailers? Would my mother really want her shopping habits recorded in an obscure government database, even to save $40?

“I like to shop for a product without Big Brother watching over me,” said Mom.

One chilly day last September, United Airlines’ stock temporarily crashed more than $1 billion due to an accidental re-release of an old news report about its 2002 bankruptcy. The New York Times reported that “shares of United traded at one cent… down 99.92 percent, or $12.29.” Other news sites and blogs quoted or linked to the NY Times story.

Shortly afterwards, the NY Times article changed.

Today, the New York Times article from Sept 8, 2008 instead reads “United Airlines shares fell to about $3 from more than $12 in less than an hour before trading was halted… Its shares closed at $10.92, down 11.2 percent.” There is no record of that earlier statement on the NYTimes site. There is no indication in the article that a correction or previous release was made. It’s almost impossible to find the earlier version online, except in a few personal reports and isolated quotes on random sites. Months ago there were blogs with comments that referred to the $.01 low point, which have now mostly disappeared. The statement they refer to does not seem to exist in public archives.

Fifty years ago, physically published mainstream newspaper articles provided a fairly high degree of reliability: physical copies were distributed throughout the country, and then locally archived. Corrections necessarily left an audit trail. Readers could go to trusted custodians at their local libraries to verify that certain information had been released by a major central news source.

Nowadays, the fox is guarding the henhouse. Major publishers offer their own global public archives, and a decreasing number local libraries are archiving printed news articles. “[N]ews libraries have stopped clipping newspapers because so much of the information is available online,” write Christine Malesky and Richard Geiger in “News Media Libraries.” Unlike librarians, publishers do not have strong incentives to retain comprehensive records of revisions, errors and corrections. Instead, news publishers want to preserve the very “best” article possible.

At the New York Times, the online editors run a “continuous news desk,” which is “kind of an in-house re-write desk that feeds the Web site,” said Toby Usnik, director of public relations for the Times. “As we know new information, we add it. As information changes, we update it. If we misspell a name we spell it right and update the story again.” (OJR) History is routinely rewritten.

With respect to the United stock crash, Kim Zetter of Wired wrote “the problem wasn’t the market, it was the newspaper’s archive, which stored the story without a publication date attached to it — not a completely uncommon occurrence.”

As publishers, not librarians, increasingly store and provide access to their own media archives, readers lose the ability to independently verify the source, date and original content of news articles. If the world economy hinges on verifiable information, why not cryptographically sign articles as soon as they’re published? Ironically, the same unreliability that caused the United stock crash also manifested itself in the NYTimes article which reported it.

The Great Firewall of Britain

The United Airline stock crash was really just a tremor, the symptom of a profound global shift. Last month, millions of people in the UK were suddenly blocked from editing Wikipedia after the Internet Watch Foundation (IWF) blacklisted a single page. This was able to occur because “95 per cent of British residential internet” traffic is reportedly routed through only six ISPs, which “voluntarily” send traffic through a centralized content filtering system called Cleanfeed at the request of the IWF. (Wikipedia) This week, the point was underscored when another IWF blacklist suddenly left many UK residents without access to the Internet Archives (aka the Wayback Machine).

In both the recent Wikipedia and Wayback Machine cases, end users quickly detected the blocks, public outcry ensued, and most access was restored. However, now that traffic filtering in the UK has become automated and centralized, future blocks could certainly go unnoticed by end readers. The current Cleanfeed implementation has been rather crude, in that it has been used to block entire pages and web sites in response to a single objectionable image. However, it is technically possible to quietly drop (or replace) “questionable” images and text much more subtly.

The “voluntary” British ISP filtering has more in common with China’s censorship than many Westerners realize. In China, “the ISPs and other service providers are restricting customers’ actions for fear of being found legally liable for customers’ conduct. The service providers have assumed an editorial role with regard to customer content… Although the government does not have the physical resources to monitor all Internet chat rooms and forums, the threat of being shut down has caused Internet content providers to… stop and remove forum comments which may be politically sensitive.” (Wikipedia)

East and West, a little fear goes a long way.

What can we do?

The September United Airlines stock crash resulted in one good thing: there is now demonstrated financial incentive for technology that would allow businesses to instantly verify the source, publication date and content of news articles. Perhaps economics will help spur the tools of democracy.

Geeks can also take matters into our own hands. Technically speaking, the tools to cryptographically sign and verify web pages are within reach. For instance, publishers could voluntarily embed PGP markers and signature as comments inside web page source code. A Firefox plugin could search for PGP beginning and ending markers within web page source code, grab only the static ASCII text between these markers, automatically verify signatures, and present the publisher, date, etc in a browser toolbar. Browsers could store signatures locally, or check them against independent online repositories.  There’s already a beta Firefox plugin (FireGPG) which facilitates the use of PGP signatures with web pages. That’s a good start.

Philosecurity will be regularly releasing PGP signed versions of articles from now on. Check the bottom of each article from here on out for a link. I’m sure this system will be a little clunky at first, but I hope it will evolve to be more user-friendly. Feel free to send feedback and suggest better methods, tools, etc.

Censorship and silent corrections to online news archives are two sides of the same coin. Whether an article has been modified by the publisher, the ISP or the government, readers and journalists deserve to know. Unfortunately, our current system of online news distribution does not allow readers to independently verify publications dates and sources, or identify retroactive changes and omissions.

We have the technology to provide a verifiable audit trail as news articles are published, modified or retracted. We have the ability to make this accessible to everyday readers. Ultimately, readers can and should demand that our professional media sources cryptographically sign articles upon release. In a world where knowledge is power, verifiably accurate information is as important as running water.

To Rolling Stone,

Several months ago you began stamping my name and address on piles of dead trees and convincing the United States postal service to drop these unrequested items on my doorstep.

I like reading your magazine. It’s fun getting it delivered, and I enjoy learning about music and politics over breakfast. However, my respect for your business practices has been damaged by the action these deliveries represent: misuse of my personal information. I have never subscribed to your magazine. Rather, you purchased my name and address and hope to profit from it. You’re using me to beef up your “subscribers” list, lower the average age of your “readers,” and appease your shareholders.

Is this practice really in keeping with the concept of freedom that America, and your magazine, theoretically represent? I believe that a free country is one in which I can correspond with my friends, ride the subway, buy a book or rent a movie without having my actions tracked, my behavior analyzed and automated systems send me glossy packages afterwards in a manipulative attempt to milk me for my time and money.

As demonstrated by the growing amount of resources dedicated to the anti-spam industry, receipt of information is not free. Every time you or one of your business contemporaries sells my information, you contribute to the growing stack of mail which drowns my legitimate correspondence and sucks away my time and attention.

I understand that the magazine industry is rapidly changing, and in order to stay competitive, you must evolve your business strategies. Current fashion in the business world is to harvest information from individuals through enticement, theft and legitimate service, and then to sell or trade that information for profit behind the scenes. It is no wonder that you’ve chosen this technique. However, at one time, it was fashionable to buy and sell people in this country in order to stay competitive in the business world. Buying and selling people’s personal information without their knowledge and permission is just another, more subtle evolution of this exploitation.

Over the years, Rolling Stone’s authors and editors have often expressed strong support of social justice and individual freedom. This is what drew me to purchase your magazine at newsstands in the past, and the reason that I am taking the time to write to you today. I’d like to purchase your magazine in the future, but I can’t in good conscience support the unsolicited harvest and trade of personal information. I hope that you will publicly practice the values that your staff have so eloquently supported over the years by showing more respect for people’s time, attention and privacy.

To provide financial incentive, I’d like you to know that I will not purchase or read your magazine again until you:

1) Remove my personal information from your systems;

2) Assure me that in the future, you will never buy or sell my personal information without my explicit permission;

3) Donate $25 to the Electronic Frontier Foundation for the time I have spent responding to your repeated unsolicited mail.

I am not for sale, and neither is my personal information.

Thank you,

Sherri Davidoff