Unsettling developments, on several fronts:
U.S. surveillance. The Obama administration, once again, is reaching farther than its predecessor on electronic surveillance. Now it wants a law requiring internet service providers to keep logs of their customers on the web — all of them, not suspected bad actors — just in case the government may want the data. Lots of ISPs keep logs already, but the government is trying to ensure that you can’t find one that offers greater privacy. This is not different in concept from requiring hotels and restaurants to install microphones and video recorders in every public space, lest the country’s 30 million existing surveillance cameras miss a spot. The Justice Department’s Jason Weinstein told Congress the proposed new law is — no, really — good for privacy:
… malicious cyber actors do not respect our laws or our privacy. The government has an obligation to prevent, disrupt, deter, and defeat such intrusions…Privacy interests can be undercut when data is not retained for a reasonable period of time, thereby preventing law enforcement officers from obtaining the information they need to catch and prosecute those criminals.
Can you spot the logical elision here? Surveillance is usually justified by reference to pedophiles and cyber spies, but most of the government’s data mining — involving hundreds of thousands of secret requests each year — do not even assert a reasonable suspicion that a customer has done anything wrong. The post-Patriot Act legal standard requires only that authorities can plausibly describe the information as “relevant to” an investigation. Authorities acknowledge that an enormous number of innocent Americans have had their private data swept up and stored (usually forever) in government archives.
Chinese cyber-spying. Government sponsored hackers in China appear to have impersonated National Journal‘s Bruce Stokes in a spear-phishing email attack on US diplomats. It’s a new twist on an old scheme, and it’s a reminder that you can’t assume the person on the “From” line is who he says he is:
The e-mails that seemed to come from Stokes contained a virus that, if opened, would have burrowed an electronic tunnel to the host computer, letting the intruder root around in the owner’s files and siphon off copies.
A minimum precaution: keep your anti-malware protections up to date, and install security updates for all your software as soon as they arrive.
Why I’ll Probably Be Locked Out of Facebook Soon. Facebook means well with its new security plan, which authenticates suspicious log-on attempts by asking users to identify photos of their friends. But there are “friends” and friends. Readers of my book on Dick Cheney often friend me, and I couldn’t name one of them by sight. And what about all those friends of yours whose profile pictures are babies and animals? Pick ten random names from your friends list. Could you pass Facebook’s new test?
More on Time.com:
10 Things You Shouldn’t Do on Facebook