National Privacy & Data Governance Congress (April 5-7, 2017)

Registration is open for the National Privacy & Data Governance Congress being hosted by the Privacy and Access Council of Canada with the support of the Office of the Information and Privacy Commissioner of Alberta, Miller Thomson LLP, Legal Education Society of Alberta, the Runnymede Society, (ISC)2, CIPS, CHIMA, and NIHI. The Congress is organized in collaboration with the Rocky Mountain Civil Liberties Association.

From April 5-7, regulatory authorities and thought leaders from industry, government and academia will gather to share insights about technological trends and regulatory developments that affect public and private sector organizations’ efforts to protect data and comply with privacy laws.

The Focus

The Congress theme — A World of Change — will focus on the most critical and timely privacy and data protection issues facing organizations today: those that foretell significant consequences for employers, employees and policy makers. A range of topics will address timely issues affecting employers and employees including:

  • Privacy Impact Assessment Fundamentals
  • Managing a Data Breach
  • Privacy Guidance for Small & Medium Businesses
  • Crafting Clear Cloud Computing Contracts
  • GDPR and the Death of Privacy Shield
  • Urgent Privacy Challenges in the Internet of Things
  • Digital Privacy at the Border

Participants

The National Privacy & Data Governance Congress is an important opportunity to increase awareness about the intersection of privacy, security, law and technology. The Congress takes a uniquely multi-disciplinary approach that offers practical guidance that can be put to use right away — to increase skills, minimize risk, and improve compliance.

Lawyers, privacy professionals, access-to-information practitioners, members of the media, civil libertarians, as well as compliance, security, and governance and public policy professionals will find value in the Congress.

Posted in Uncategorized

Cybercrime is a Growth Industry

How often have you marveled at a child’s cleverness? They quickly catch on to new concepts — whether how to dress their latest doll, ride a bike, or use their parent’s cellphone or tablet. The newfound skills are acquired and honed at the child’s pace, typically with plenty of encouragement but little guidance.

Long before many children are taught about online safety they receive a mobile phone for their own use — and tacit guidance that it’s perfectly fine to reveal their innermost secrets to a smartphone or computer screen. Using FaceTime, Skype or any other videoconferencing system allows children to see and talk with a face on screen. Mommy has said the face is that of Grandma — whom the child might have never met — and the repeated experience inculcates the youngster with the clear knowledge that talking to a face on a computer screen is perfectly fine. Mommy said so.

Another facet of this training — or, more correctly, desensitization — process comes in the form of countless toys armed with digital sensors, microphones and speakers. Imagine how thrilling it will be for any child to be able to talk to their new Hello Barbie doll. No more imaginary friends. Hello Barbie is real.

Like Nest and Alexa that help around the house, Wifi enabled Hello Barbie monitors what’s going on around her. Not only is she among the latest toys that desensitizes children to accept surveillance as the norm, but Mattel continuously updates and enhances Hello Barbie’s vocabulary. Within months of being launched into the market, more than 1700 phrases had been added to Hello Barbie’s voice recognition/response system that is programmed with more than 8,000 lines of dialogue,

By listening to children’s delightful banter Hello Barbie learns everything it can: Her likes and dislikes, her preferences, her family and friends, and the nearby conversations and sounds.

Does Mattel really need to hear, record and retain the conversations from a child’s bedroom or living room? Do parents realize that inviting Hello Barbie and other digital surveillance devices into their home might (and often does) grant virtually unlimited access to their personal information? Perhaps parents are reassured knowing that Hello Barbie has been reviewed by kidSAFE Seal Program and that, like My Little Pony Storybook Collection, it meets minimum standards of online safety and/or privacy.

Like their children, many mommies and daddies (many of whom are teachers!) are baffled why targeted ads appear on their screen so soon after asking ‘Mr Google’ a related question. They marvel at how accurately Google can predict their needs and pander to their predilections; but few appreciate how that came to be.

Although desktop computers became commonplace in the early 1980s — almost 40 years ago — online privacy, safety and digital citizenship remain foreign concepts to many people. The extent of many people’s digital education is the oft-repeated mantra “stay safe online” — which imparts as much knowledge as does tossing one’s car keys to a 10-year-old and urging them to “stay safe out there”.

The parallel to driving is even greater: The time lag between the world’s first practical automobile to be powered by an internal-combustion engine — in 1885 — and the first high school driver’s education course, in 1935, was 50 years. That was long after the first automobile-related fatality was recorded in the United States, in 1899 and only 15 years before the millionth in 1951.

Computers, on the other hand, became commonplace in offices and homes at about the same time that Canada’s Privacy Act and the Access to Information Act were proclaimed, in July of 1983. When dial phones were giving way to push button phones and fax machines were being introduced. The technology-based future that Star Trek predicted a mere 20 years earlier had started to come to life, and moved ahead at light speed.

No need to wait until Stardate 1513.1 in the 23rd century for personal communicators. We carry those already. iPhones. Androids. Galaxies. And we count on our pocket-sized computers for staying in touch in our personal lives, and often for our professional existence as well.

The power and potential of new phones, new apps, and new disruptive technologies offer tremendous potential benefit for people, nations and corporations. But without a clear and correct understanding of how their design can affect people — not just corporate bottom lines or governments’ tax revenues — the trend of ignorance that has been so carefully cultivated will continue. And it is being further entrenched as curricula are updated to include robotics and coding — but not how to evaluate risk or be self-sufficient.

Young coders will soon be able to tinker with the inner workings of computers and apps, but remain ignorant about how to evaluate risk. Governments, lawmakers and lobbyists know that there is great utility in ignorance. Perpetuating ignorance is important to ensuring people continue to be reliant on third parties. It’s also important to ensure they are unable to link the cause and effect of their new apps that transmit personal information and health data to nameless, faceless corporations that promise to provide a better user experience.

Perhaps that’s why, for all the breaches that have occurred, despite the billions of dollars devoted to developing and promoting security and privacy safeguards, there’s been precious little improvement. Breaches — that continue to occur with increasing frequency and impact — have been used as justification for new apps and laws ostensibly to help protect people from their own ignorance — but not for new education enabling people to be knowledgeable and self-sufficient about computer technology.

Like youngsters who grow up with their head under the hood of a car and can adjust a car’s fuel injectors, but don’t know the rules of the road, it’s an accident waiting to happen.

Depending on one’s perspective, it’s all very discouraging or very, very motivating indeed!

Posted in Uncategorized

PACC to Participate in the Canadian Cybersecurity Alliance

The Privacy and Access Council of Canada (PACC) will be participating in the Canadian Cybersecurity Alliance (CCA) / Alliance canadienne sur la cybersécurité (ACC). The CCA-ACC (originally initiated as the Inter-Association Working Group on Cyber Security – IAWGCS) is a voluntary, non-hierarchical, not-for-profit agile network, founded by Grant Lecky in 2013. The primary purpose of the CCA-ACC is to enhance the professionalization of the Canadian cyber domain through effective inter-association engagement and knowledge-sharing.

To date, more than 90 associations with a stake in cyber security have confirmed their participation in the CCA-ACC, making this initiative unprecedented in both scale and scope. Each of the participating associations contribute their own unique perspective on the Canadian cyber landscape.

The CCA-ACC is administered by a National Council, whose role includes maintaining the structure of the CCA-ACC itself, and facilitating inter-association dialogue.

PACC President Sharon Polsky, MAPP, will be the primary association representative to participate on behalf of PACC.

The Alliance is a national network that contributes to an increased understanding of the current state of cybersecurity in Canada, and the identification of future directions for research, education, dialogue and professionalization of the domain.

Alliance members include the Canadian branch of the High Technology Crime Investigation Association,  the Canadian Centre for Cyber Risk Management,  Gaming Security Professionals of Canada, the Canadian branch of the International Information System Security Certification Consortium (ISC2),  the Association de la sécurité de l’information du Québec (ASIQ), the Ottawa Area Security Klatch (OASK), the Canadian Association of Petroleum Producers, The Canadian Gas Association, the Canadian Advanced Technology Association (CATA), the Cloud Security Alliance (Canada), the Canadian Information Processing Society (CIPS) , National Cyber-Forensics and Training Alliance Canada and others.

Posted in Uncategorized

Biometric Bonanza or Boondoggle

First it was passwords, then two factor authentication that promised to be the ultimate form of data protection. Then came fingerprint scanners as the new and improved security mechanism. And now comes word that iris scans will become the standard form of protecting smartphones from prying eyes. Or spying eyes.

Like the latest version of new and improved laundry soap, each iteration of newfangled security technology has come with the promise of better security. For our data, our finances and our future.

Biometrics-Boondoggle-Fiche_Henri_Leon_SCHEFFER_2_novembre_1902We have been promised that the reward for offering up pieces of ourselves will include greater data security and better data protection. But while the production and implementation costs of biometric systems have been dropping and reliability has improved, the promise has not yet been fulfilled. As we see almost daily, many of the most well-funded, technically competent public and private organizations are vulnerable. Even governments and the NSA haven’t been able to avoid being hacked.

Why? Perhaps it’s because the imperfect systems are created by imperfect people.

Indeed, iris, facial, and fingerprint are among the biometric security systems that have already been proven to be imperfect — sometimes using remarkably low technology such as Gummy Bear candies. Even something as variable as our own unique handwriting can be recreated by computers, eliminating the security of our penmanship.

And because more information in a database — and more sensitive information, such as biometrics — increases the likelihood that the data will have greater marketability, biometrics repositories are very attractive targets indeed.

We also have to consider that in many countries, discrimination based on disability is illegal. Employers have a duty to accommodate and cannot refuse to hire someone based on their disability. In other words, if an employee loses their eyes and the company implements iris scanning for security, it can’t simply dismiss the employee. The company has a duty to accommodate and could be compelled to provide a way for the person to use the security system without having to provide an iris scan. In other words, high-tech biometric security systems must have an override — a built-in backdoor that could be used to defeat the entire system and make an entire enterprise vulnerable.

From a privacy perspective, biometrics makes it easier to safeguard information than having to type in pesky passwords, and biometrics can make it more difficult for someone else to use your device. But it also makes it almost impossible to refute allegations of impropriety. So while it’s relatively easy to argue if your password has been compromised that the account activity was carried out by someone else, it’s much more difficult to substantiate a claim that your biometrics aren’t your own. Worse yet is that passwords can be changed, but biometrics cannot.

Biometric challenges already follow us to the grave. It is now possible to create fake fingerprints and to recreate the fingerprints of a dead person to be able to unlock their phone, but it will be much more difficult to recreate an iris scan. That will ensure ongoing protection of the information within a device; but it will also frustrate any attempt by family or police who might want to gain access to a dead person’s smartphone, whether to retrieve family photos or for investigative purposes.

So what recourse will we have if — or, more likely, when — biometric databases or iris scans are compromised? As Tom Cruise’s character forewarned us in Steven Spielberg’s 2002 science fiction thriller Minority Report, changing eyes won’t be very easy.

The easier route will be to balance the value of biometrics against the significant risk that relying on them poses to privacy, data compromise, identity theft and, like Tom Cruise’s character, false arrest and conviction.

So while biometrics offer great promise, the risk just might be greater than the reward.

Posted in Uncategorized Tagged with:

The Motive Behind the Madness

Security industry estimates indicate that it costs $100 per person for notification/remediation about a data breach. Add to that the beneficial economic spinoffs from consulting fees, credit monitoring fees, and Identity Theft Insurance premiums, tuition fees to teach a new generation of cyber sleuths and government agents, etc., etc., and it becomes hard to dispute that there just might be a method to this madness.

Imagine the economic impact if USBs were encrypted by default or if individuals were properly educated, starting in kindergarten, to be able to be knowledgeable and self-sufficient about privacy and computer technology, instead of being ignorant about scams and online predators, and reliant (hostage) on third parties for advice and protection. What would happen to the consulting and license fees paid to the security software and consulting firms of the world? What would happen to the new Identity Theft Insurance industry that has been spawned by breaches, inadequate privacy awareness, and fallible security?

And what would the political fallout be when an educated public is harder to bamboozle and reduces its reliance on third parties? How easily could the economy, and the government, withstand the consulting/security sector shrinking, resulting in temporary increases in unemployment and a reduced tax base as that sector adjusts to a new reality. And what sort of questions would come from an educated populace?

Who could withstand the scrutiny of an electorate that is well enough educated to know the right questions to ask. Who would venture a guess as to why — for all the billions spent on improved security, system upgrades, and public awareness campaigns — has there been so little improvement; nay, why have the breach rates continued to climb?

Why has there been so little education to enable individuals to be knowledgeable about handling, divulging, and safeguarding sensitive information.

Why haven’t schools embedded digital citizenship and privacy into the mandatory curriculum, starting in kindergarten (by which time many children have already been using tablets and smart phones)?

Why haven’t governments written laws to limit the amount of personal data that industry and government may gather and commoditize?

Why have people (including the same ones who work in the organizations that collect and broker endless reams of data about us and themselves) been so reticent to question the message that nobody cares about their own privacy, and that giving up our privacy and other freedoms is good and right and necessary so that we can be saved from…. well, we were originally told that it was to save us from terrorists but we might want to reconsider just who that is and what their motives really are. And what is the real cost to us all.

Posted in Uncategorized

Senator James Cowan — on Genetic Privacy

Speaking Notes for Senator Cowan

National Privacy and Data Governance Congress

Calgary, March 30, 2016

It is a pleasure to be here for this very important and timely Congress.  I want to thank the organizers for inviting me to participate, and especially Sharon Polsky for her hard work in bringing this impressive, far-reaching program together.

The agenda covers a wide gamut of new challenges for privacy advocates, from the privacy implications of “big data”, to Internet-connected cars, to surveillance – which gives some idea of the range and size of the issues raised by science and technology today.

The issue I will address is simultaneously very small and very large.  It is the privacy implications of genetic testing.  Small because it relates to information stored in our genome – and to give you some perspective, the genome that each of us carries in each of the literally trillions of cells in our bodies is composed of 3 billion chemical “bases” of information.  This is almost impossible to conceptualize.  Here is another description:  I am told you could fit 25,000 strands of DNA side-by-side in the width of a single human hair.

But despite that infinitesimal size, the issue is also very large because the quantity of information that is stored is massive.  For instance, according to the United Kingdom Association for Science and Discovery Centres, if you tried typing out your own genetic code, typing at 200 letters per minute – a feat I certainly could not achieve – it would take 29 years of straight typing – no sleeping, no eating, no breaks – to complete the task.

(Don’t you wonder how people come up with those points of comparison?!)

And while just a few years ago, very little was known about our genome, medical science today is advancing at truly exponential speed in unlocking its secrets.  In 2003, scientists completed what had been thought to be an impossible, science-fiction task:  they mapped the entire human genome.  But of course, that was just the start.  For medical science, a major goal is understanding – and then treating or even preventing – diseases that have their roots in our genes.  Many conditions or diseases, we are discovering, are or can be linked to certain specific genetic mutations, or combinations of genetic mutations, found in some individuals’ genome.

In 2003, when the human genome was mapped, there were some 100 genetic tests available to discover such mutations.  Ten years later, when I first spoke about this issue in the Senate, that number had jumped to 2,000 – which I thought was very impressive.  Today, less than three years later, there are more than 33,535 genetic tests.  These relate to some 10,000 conditions and 4,752 genes.

In most cases, having a certain genetic mutation does not necessarily mean that a person will develop the associated condition or disease, only that one might.  And conversely, many people who develop a condition or disease may not have the genetic mutation that science today associates with it.  But knowing that one has a certain genetic predisposition can enable a person to take positive steps to actually reduce the likelihood that the condition or disease develops in the first place.  This may involve simple lifestyle changes – for example, eating better and exercising more – or closer monitoring by one’s doctor, or taking certain medications, or in some extreme cases, surgery.  Knowledge in this case of what is contained in your genes truly is power.

Angelina Jolie is a famous example.  Several years ago, she learned that she carries the BRCA1 gene, which is associated with a higher incidence of breast cancer and ovarian cancer.  She did not have cancer, but having lost her mother to the disease, she decided to undergo preventative surgery.  By doing so, she reduced her chances of developing breast cancer from 87% to under 5%.  She wrote in the New York Times: “I can tell my children that they don’t need to fear they will lose me to breast cancer.”

There are genetic tests for mutations associated with certain forms of prostate cancer, colon cancer, heart disease, kidney disease, ALS, cystic fibrosis, Huntington’s Disease – the list goes on and on, and it is growing, as I have said, at a truly staggering pace.

The decision whether or not to take a genetic test is, and in my opinion, should be a very personal one.  There are many factors a person weighs in deciding to take a test – the medical options available if one tests positive for a particular genetic mutation, the emotional impact on one’s family members, who themselves may worry if they too carry the gene, and the emotional impact on oneself, thinking about the impact on one’s future.

The problem is that in Canada, unlike in many other Western countries around the world, a person considering having a genetic test also needs to consider the very real possibility that the test results will be accessed by third parties, such as an insurance company or an employer – and then having that information used against them.  This is what has come to be called “genetic discrimination.”

Most other western nations have some kind of legal protection against this, but here in Canada, there are no laws on genetic discrimination, anywhere in the country.

I think as a matter of principle, this is wrong.  Accordingly, starting in 2013 and in every Parliament since, I introduced a bill – the Genetic Non-Discrimination Act, now Bill S-201 – to provide that protection.

The bill is quite short and straightforward.  It would create a new statute called, as I said, the Genetic Non-Discrimination Act.  That would make it a criminal offence for service providers to require someone to take a genetic test; to require someone to disclose the results of a genetic test; or to collect, use or disclose someone’s genetic test results without that person’s prior written consent.

There are exceptions for health care practitioners with respect to persons in their care, and for medical, scientific and pharmaceutical research with respect to persons participating in that research.

The bill also would make amendments to the Canada Labour Code and to the Canadian Human Rights Act, which I would be happy to discuss if you like during the Qs and As.  But the heart of the bill is the proposed new Genetic Non-Discrimination Act.

The new Act would not target specific sectors, or industries.  It would target unacceptable conduct.  Other jurisdictions have approached the issue on a sector-by-sector basis, and are now encountering problems because they are discovering genetic discrimination taking place in all sorts of contexts.  My bill will hopefully avoid that problem, as it prohibits genetic discrimination whoever the perpetrator is, in whatever sector or industry.

The bill has been very well received by doctors, scientists, and by not-for-profit organizations across the healthcare field like the Huntington Society and the Parkinson Society – there is a long list.  The Privacy Commissioner of Canada supports the bill, as does the Canadian Human Rights Commissioner.  And individual Canadians have written to me, telling me of their strong support – indeed, telling me their stories and their urgent need for this kind of legislative protection from genetic discrimination.

The principal opposition to the bill is from the insurance industry and, to a lesser extent, from employers.  The insurance industry believes it has the right to see all genetic test results, and a right to use that information as they see fit, whether to deny someone insurance altogether or to offer policies but only at very high – some would say exorbitant – rates.

Let me be clear, nothing in my bill would prohibit an insurance company or anyone else asking someone about their actual medical history, or even that of family members.  But a genetic predisposition is quite different.  A genetic predisposition simply tells you about something that may develop, sometime – perhaps decades – in the future.  Or may never develop at all.  And of course, having the knowledge of the genetic predisposition often then enables the person to take steps to actually reduce the likelihood that in fact the disease or condition does develop.

There is also something inherently unfair about targeting someone who happens to have one of the genetic mutations associated with a particular disease or condition, from others who may not have that mutation, but may in fact have one that predisposes to a much worse condition – but one that medical science has not yet identified.  I am told by scientists that each of us has 25,000 genes in our genome.  Of these, medical science has knowledge about 5,000 (and even that knowledge is imperfect).  Is it fair to treat one person differently because they happen to have been born with one of the genetic mutations we know may be linked to the possible future development of a disease, but not another person who was born with a gene associated with something else, that we just haven’t discovered yet?

None of us has perfect genes.  Each of us carries some genetic mutation.  That is part of the human condition.

And there is something very – one might even say uniquely – private about one’s genetic makeup.  As a former Privacy Commissioner of Canada once said, “When it comes to personal information, it doesn’t get more personal than your DNA.”

In preparing my notes for this conference, I took a few minutes to look at the history of privacy law.  The saying that one’s home is one’s castle goes back at least as early as 1499, and found judicial expression in the 1604 Semayne’s Case, where the court held that “the house of every one is to him as his castle and fortress.”

So we readily protect the inviolability of the bricks-and-mortar homes where we live – yet 500 years after Semayne’s Law, we still have to fight for the right to protect our privacy to our flesh-and-blood-and-DNA “homes” – our bodies – in which we live.

Genetic discrimination is very real, and it is happening every day, here in Canada.  There are many stories – it seems that every time I speak about my bill, someone takes me aside, and tells me their own story.  Let me share with you an email I received just recently from a young woman.  For obvious reasons, I won’t reveal her name, but she has agreed that I may share her story.  Here is what she wrote to me:

“My mother, now facing cancer for the third time in her life, recently tested positive for the BRCA1 genetic mutation. I had already been approved for life insurance when she received her test results and immediately chose to undergo testing myself. I moved quickly as I am expecting my second child any day now. Unfortunately, when I mentioned this to my insurance broker, he insisted on informing the insurance company that had approved my coverage, arguing that the policy had not yet been delivered and therefore was not in force. You can probably guess what happened next. The insurance company indicated it would not deliver the policy until it saw the results of the testing and would reserve the right to adjust its offer. I chose to cancel my application. Although I have yet to receive the results, as you can imagine, I am very nervous. If I test positive, I worry I will not be able to secure affordable life insurance to protect my family just when I would need it the most. Hopefully, my test will be negative and this will prove a non-issue for me personally, but my heart aches for the many Canadians who must find themselves in similar situations and the dire consequences and difficult choices they would be faced with.”

That is a recent example of genetic discrimination by an insurer.  Another story concerns a young man, 24 years old, who was working at his first job in his chosen field.  He has family members who tested positive for the Huntington’s gene. Huntington’s is a terrible disease.  It is one of the few where if you have the gene, you will develop the disease.  However the disease usually does not begin to develop until middle age or later.  Indeed, some people die of other causes before ever developing the disease.  And there are on-going clinical trials of treatments to delay the onset of Huntington’s even later.

This young man took the agonizing decision to get himself tested.  He shared with his employer that he was going to do this.  On a Friday, he found out that he had tested positive; he has the Huntington’s gene.  His employer asked what the results were, and the young man answered honestly.  That was, as I said, on a Friday.  On the Monday, the young man was fired.  He was a video editor.  The employer said he was afraid for his equipment.

He is 24 years old.  He is unlikely to develop the disease or show any symptoms for decades.  But now he has been fired.  What does he do?  When he applies for another job, how does he explain being fired?  If he tells the truth, will he risk being fired again?

Huntington’s is, as I say, a terrible disease when it develops.  But genetic discrimination takes a disease and magnifies its power, so that it casts its dark shadow over the years when one is healthy and disease-free.

Fear of genetic discrimination is having the result that many Canadians are reluctantly deciding not to have genetic testing for themselves or their children – testing that their doctors strongly believe could help in their health care.  Dr. Ronald Cohn is a medical geneticist at SickKids Hospital in Toronto.  He has too many heartbreaking stories of families who desperately want genetic testing to help point the way to a diagnosis and treatment for their very sick child.  But many feel compelled to make the terrible choice not to consent to the test, for fear of genetic discrimination.  Without the testing, Dr Cohn cannot properly treat these very sick children.  In his words:  “It is paralyzing for me as a clinician that I can’t offer the best, optimal care to the patients and families I see in my clinic, because we are dealing with a lack of protection against genetic discrimination.”

As I said at the beginning of these remarks, there are many reasons why a person may choose not to have genetic testing.  But fear of genetic discrimination simply should not be one those reasons.

I am optimistic that Bill S-201 will pass the Senate in the next few weeks.  At that point, it will move for consideration to the House of Commons.  We still have a long way to go, but I am hopeful that we will finally see legal protection for what should be a fundamental component of our right to personal privacy.

In my view, an individual’s right to control access to their DNA, to the building blocks of their very being, is a fundamental privacy right, and is a prime example of science and technology raising new challenges for privacy rights.  Undoubtedly there will be more.  But now I look forward to hearing your views, and any questions you may have, on genetic testing and privacy, and to learning about other issues over the course of the next three days.

Posted in Uncategorized

Domestic Spying Is Irrelevant to Access & Privacy Pros—Or Is It?

When my children were young and they found intrigue in Hardy Boys books, I taught them how to do many things the old-fashioned way. How to tie shoelaces and not take the easy Velco route. How to spell and look up words in a dictionary. How to hold a pencil, write, and add a column of numbers. After all, I said, if they only know how to keyboard and rely on spell checkers, what will they do when the power goes out? Read more ›

Posted in Uncategorized

How relevant is Bill C-51

In his article, “Do Tech Companies Owe it to the Public to Cooperate with Surveillance?” (The Atlantic, March 9, 2015) George Washington University Professor Amitai Etzioni states unequivocally that “some surveillance is justified, as long as it is in line with laws enacted by Congress and guidelines approved by the courts, and the implementation of these measures is properly supervised by independent oversight authorities such as inspectors general, the Privacy and Civil Liberties Oversight Board, and congressional committees.”

That’s hardly reassuring. Read more ›

Posted in Uncategorized