This is a notable example of killing the messenger in fact; Lessig talks about using tech proactively in order to aid privacy and accountability, references a company that happens to have the technology to do it already.
Even if you don't like the company (Oh no, their board member knows this other board member! Oh no, the CIA was indirectly involved years back!), that doesn't invalidate the message. It's this kind of intellectual dishonesty that I didn't even dream computer hackers could actually fall victim to, before my rude awakening. Or I don't know, maybe it's the chemtrails eating my brain and Dr. Lessig was really a CIA plant all along, who knows?
Nobody is suggesting any direct link between Lessig and the CIA, but the ties between Palantir and the surveillance program is becoming obvious.
Use Occam's razor.
* Palantir was funded by the CIA
* Palantir is exactly what the NSA PRISM program needs
* Palantir also had a PRISM product
* Palantir had been associated with the surveillance program in recent Anonymous leaks (right? during the HBGary scandal)
* Facebook (which is known to participate with PRISM) & Palantir share Sean Parker
* Facebook/Google/etc have already denied association with PRISM by factually true but evasive statements. Same with Palantir's recent statement.
They can't even do what Aaron Barr was asking of them.
Please approach this article with some level of skepticism. Especially after the last round of discussions we had surrounding the bogus connection Palantir was alleged to have with the NSA. (Due the naming of an internal project which shared the name "Prism").
For that matter, they can't even do what Lessig was gushing about:
>>there's a company called Palantir who's built a technology to make it absolutely, make you absolutely confident that a particular bit of data has been used precisely as the government says it's supposed to be used. You can find out exactly who's looked at it and for what purpose it's been used at. So the point is there's a way to build the technology to give us this liberty back, this privacy back. But it's not a priority to think about using code to protect us.
Wha? There's always been code that can tell you who accessed what and when: the problem is trusting it to be set up right, not the technology.
Anyone know what the actual Palantir accomplishment is?
Gaining Government contracts?
Also, that reply was after the leak, in PR disaster recovery mode, so its value is rather diminished.
I'd challenge you to show that they did carry Aaron Barr's request out.
So, what? Now it's not even guilt by association, but guilt by one party stating a desire to associate with the other?
These features are a deep part of the platform (i.e. they can't be turned off) that powers a lot of the other features (entity resolution / de-resolution, for example). Say what you want about the people collecting the data and the data they are collecting, but civil Liberties and privacy protections are an inseparable part of Palantir.
What are you blabbering about? What you suggest is impossible.
Are you talking about this "immutable audit log" technology? (http://www.palantir.com/wp-content/static/pg-analysis-blog/2...) That's nothing more than marketing speak powered by research papers that have proven to be insufficient. See: http://www.informatik.uni-freiburg.de/~accorsi/papers/imf09....
Also, see slide 11 and 12 here: http://www.slideshare.net/Nbukhari/audit-trail-protection-av..., and then read this: http://www.std.com/~cme/non-repudiation.htm
Immutable audit trails and non-repudiation without specialized devices (blackboxes) are a lie. It is impossible to create a bulletproof auditing system for access to sensitive data, especially when you're talking about the kind of surveillance that the NSA is doing with PRISM.
I suspect that when government officials cite the "transparency" and "auditability" of NSA PRISM, this is what it all boils down to -- marketing talk from Palantir etc.
That's not the first thing that comes to mind when I read "technologies that could give us, and more importantly, reviewing courts, a very high level of confidence that data collected or surveilled was not collected or used in an improper way."
Anyway, I'm pointing out that he's making/repeating a technically incredible claim. I'm ever so slightly surprised and saddened that scrutiny of that claim isn't the focus here.
Yes, I agree with you. I think it is because we are among the first to find it, sparked by that blog post. This seems to be the technical crux of the debate.
Sensemaking on Streams – My G2 Skunk Works Project: Privacy by Design (PbD) (2011)
Found: An Immutable Audit Log (2007)
Immutable Audit Logs (IAL’s) (2006)
Yesterday’s Technology Review Story: Blinding Big Brother, Sort of (2006)
Other than the whole 4th Amendment thing. Everything you just described is at the very least the bare minimum for chain-of-custody.
So cheers, they aren't apparently "just making stuff up."
Throwing more light on the controversial use of police license plate readers, a new report from the Center for Investigative Reporting reveals the development of a new California database under development with the help of Palantir, a Silicon Valley firm whose data analysis technology is in wide use by the US intelligence and defense communities. According to the report, the company is party to a $340,000 contract to build the new infrastructure. The project is being spearheaded by the Northern California Intelligence Research Center — an office set up after the 9/11 terror attacks to enable police and intelligence agencies to share data.
The new database will collate records coming in from 14 counties across the state, will be able to handle at least 100 million records, and will be accessible to both local and state law enforcement, according to the report. It also notes that license plate records will be held by the new database for two years, regardless of the data retention policies of local law enforcement agencies. The database's total size is unknown, as is the identity of the government organization that administers it. However, LA Weekly wrote last year that a precursor to the new California-wide database in use by Los Angeles police had logged more than 160 million data points.
Despite their undeniable effectiveness at identifying stolen vehicles ("100 times better than driving around looking for license plates" in the words of one San Leandro police officer), license plate scanners have come under sharp criticism from privacy groups like the EFF and ACLU, which sued the LAPD and County Sheriff’s Department in May for access to a week's worth of records from its license plate readers. Since the devices permit automated scans of some 14,000 plates during a single shift, privacy advocates argue that strict data retention policies need to be put in place to stop a useful law enforcement tool from turning into a comprehensive database of citizens’ movements. And while the Supreme Court ruled last year that warrantless GPS tracking violates the Fourth Amendment against unreasonable search, automated license plate readers don't face the same legal restriction.
It worked on me, I have to say.
This is such a saddening comment.
Can anybody show evidence of the "audit trail" Palantir uses to ensure citizens know what's being done with their data by NCTC, FBI and others?
But even with such an audit trail to the core, it is known that it isn't sufficient:
I wager that for any given system that touts immutable audibility, there is a way to hack around it. Privacy through automated means is impossible. At best it is a kind of DRM that the NSA can easily work around secretly if it wanted it. What we should be advocating instead is Perfect Forward Secrecy in our internet architecture, and the dismantling of PRISM and related data centers.
"Those on the extreme ends, commonly referred to as conspiracy nuts, would say: That's exactly what we expect Lessig to do after attending Bilderberg Conferences. But to those I say: Lessig is a honorable citizen, with strong believes in freedom and democracy. Somebody who would never shill as a pseudo credible mouthpiece for defending questionable public-private partnership."
Lessig believes IP is necessary & requires architectural changes to the internet to protect it. He is in favor of government monitoring to protect IP as long as it is done in accordance with the law, and he proposes a flawed mechanism (P3P) to protect your privacy.
Disclaimer: I haven't had the time to scrutinize this guy. I'm merely writing down the ideas that have been crystalizing in my head the past year or so while encountering his books, talks, and such. I'm all ears to criticism.
First, consider his stance on IP. There is no denying, as evidence in reading over his book "Free Culture" ($16.00), that while he sees existing IP laws as having gone too far, IP must exist in order to protect the monetary incentive of the creator. While many people blindly agree with this justification for IP laws, it's worth mentioning that many disagree, and also that he fails to weigh the evidence of whether IP laws actually promote progress in art and science. For Lessig, it is an assumption.
Second, consider his book "Code".
Page 140 under "Choices" he writes, "I've argued that cyberspace will open up at least two important choices in the context of intellectual property: whether to allow intellectual property in effect to become completely propertized..., and whether to allow this regime to erase the anonymity latent in less efficient architectures of control. These choices were not made by our framers. They are for us to make now". Here, I am paraphrasing, he is saying we have to choose between having complete trusted computing in handling our internet activities in order to prevent piracy, or we have to monitor internet activity and lessen our anonymity. His solution, on the same page, is to ensure pseudonymity, which is exactly what the NSA claims. Yet any hacker worth a dime knows the flaw in claiming that the NSA's methods ensure pseudonymity.
Next, page 158 he writes, "It might be said that the principle ... is to ban all of these inoffensive and invisible searches. Perhaps that should be done. But ... imagine substitutions that protect the same value without sacrificing the benefit these technologies might bring." Here he is defending blanket monitoring, as long as it is modified in some way. His idea of this modification is on page 160: "What is needed is a way for the machine to negotiate our privacy concerns for us, a way to delegate the negotiating process to a smart agent." and the mechanism that he proposes is "P3P, ... an architecture within which users can express their preferences and negotiate the use of data about them".
Sure he admits that P3P has unresolvable problems. But his next sentence doesn't sit well either. "... Imagine an architecture, tied to a market, that protects privacy rights" ...
The problem with all of his suggestions is that they simply don't work. Either Lessig is ignorant about the nature of information, or he is deliberately suggesting red herrings to problems of the kind of NSA surveillance. You can't fix that with a P3P or a market. You can't even fix it well with encryption unless you're using Perfect Forward Secrecy. I'll give him the benefit of the doubt, but still... if you connect the dots, you may find that at worst Lessig is an apologist for the surveillance state, and at best offers no real solutions to the problem of internet privacy.
It's also worth noting that while Lessig associates with Aaron in many ways, their roots could not be any more different. Aaron started within the law, helping creating things like RSS and Creative Commons, but over time he became more of an activist, and condoned more aggressive tactics of information freedom, as evidenced in his Guerilla Open Access Manifesto (2008)... "We need to take information, wherever it is stored, make our copies and share them with the world. We need to take stuff that's out of copyright and add it to the archive. We need to buy secret databases and put them on the Web. We need to download scientific journals and upload them to file sharing networks. We need to fight for Guerilla Open Access." On the other hand, Lessig staunchly supports the IP system, and fails to propose a system that Aaron would agree with.
" ... While many people blindly agree with this justification for IP laws, it's worth mentioning that many disagree, ..."
Would you also agree that many people agree with the justification and many people blindly disagree with it? Or is anyone who agrees necessarily blind and all who disagree farsighted?
As technology becomes more important, the availability of source code correspondingly becomes more important. Right now there's a fairly strong social pressure to open the source, but it won't always have to be that way either.