As a former Minnesotan, this story piqued my attention over the weekend. Police in Edina, which is one of the metropolitan suburbs of Minneapolis, were granted a warrant that permitted them to collect information on any of the city's residents who used specific search terms (on Google's search engine), all in the spirit of locating a thief who stole $28,500.

Why, exactly, did this happen? According to the Edina police:

The complicated investigation stems from the fact the Edina police believe someone used the victim's name, date of birth, social security number and a forged passport to illegally wire the money.

That fake passport included an incorrect photo only attainable by searching the victim's name in Google images. No other search engine allegedly reveals it.

Apart from this raising considerable concerns over privacy voilations for everyone who isn't the thief, Google is taking a stand as well. The broadness of probable cause definitions is at the heart of the controversy, as this kind of thing could set dangerous precedents moving forward. A lot of information is being demanded for residents associated with looking up the name:

In addition to basic contact information for people targeted by the warrant, Google is being asked to provide Edina police with their Social Security numbers, account and payment information, and IP (internet protocol) and MAC (media access control) addresses.

A spokesperson for Google, which received the warrant, said Friday: “We will continue to object to this overreaching request for user data, and if needed, will fight it in court. We always push back when we receive excessively broad requests for data about our users.”

If you know me at all, there's a particular grammatical deployment of the comma I prefer when it comes to serial sentences. A few years ago, I wrote at length about it in my piece, Defending & Deflating the Use of the Oxford Comma. And so it is only fate that I stumble upon this gem of an article on the Times about how the misuse of the comma could cost a Maine dairy company millions of dollars in an overtime dispute from truckers.

How did this exactly come about?

The debate over commas is often a pretty inconsequential one, but it was anything but for the truck drivers. Note the lack of Oxford comma — also known as the serial comma — in the following state law, which says overtime rules do not apply to:

The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:

(1) Agricultural produce;

(2) Meat and fish products; and

(3) Perishable foods.

Does the law intend to exempt the distribution of the three categories that follow, or does it mean to exempt packing for the shipping or distribution of them?

Delivery drivers distribute perishable foods, but they don’t pack the boxes themselves. Whether the drivers were subject to a law that had denied them thousands of dollars a year depended entirely on how the sentence was read.

Apparently, the Maine Legislative Drafting Manual prohibits the use of the Oxford comma. While I'd argue against that directive, perhaps there is simply a clearer way to describe the contentious language in question so as to avoid misunderstanding?

Crooked Media's newish podcast, Pod Save the World, has a great 45 minute interview with The Intercept's Glenn Greenwald, who has been a long-time journalist and constitutional lawyer. His biggest journalist contribution of recent note, of course, was the work he did to sift through and communicate the files and intel Edward Snowden brought to bear. Much of the interview focuses on the Snowden situation and his book, No Place to Hide, but there are some amazing nuggets about how and why Snowden did what he did, national security, and privacy in the modern era.

Of note:

[Snowden's] overwhelming priority was to make sure he meet with the journalists with whom he had selected and safely provide that material to us and review that material with us to make certain we that understood what we needed to understand, and start reporting it.

The fear of being detained before he could get the materials into the journalists hands was felt in both of the recent films about him (Snowden and Citizenfour, the latter of which Greenwald plays a significant role). But the extrapolation of this narrative by Greenwald is fascinating to listen to all over again. The places Snowden goes to, how he instructs the journalists to secure their communication, and the delivery of only some of the materials after he poured over them himself -- essentially, the high-level decision-making around how, why, and with whom to share such sensitive, earth-rattling intel is still to this day underreported and underappreciated. As Greenwald notes, he could have dumped the entirety of the files to Wikileaks and had the whole thing publicly revealed, but instead he took the time to read, understand, and to the best of his ability, share the right kinds of files that we as Americans must trust are the most important aspects of what he had access to that infringe upon our rights as US citizens.

Round-up for March 11-12

Machine Bias: ProPublica's ongoing investigation into machine/data-driven usage for criminal risk assessments and crime predictions.

What should you think about when using Facebook?: Facebook logs drafts of posts/keystrokes before you post, or even if you don't post.

Apple says it’s already patched ‘many’ iOS vulnerabilities identified in WikiLeaks’ CIA dump Title says it all, but it’s a hopeful reassurance that Apple has detected and patched many of the alleged CIA exploits brought forth in the Wikileaks unraveling.

Your Own Facts: A great essay/book review on the “filter bubbles” we continue to create ourselves or sign up for with external apps and services. Essentially, author Eli Pariser argues that “this is not to deny that Silicon Valley engineers […] have responsibilities that extend far beyond their job descriptions. But their modest quests to improve relevance, alleviate information overload and suggest books that may interest us — rather than to engage in algorithmic paternalism and assume a more critical social role — may be the lesser of two evils”.

Internet Censorship and What We’re Doing About It: A leading encryption-based email service provides a rundown of why we should care about internet censorship, and what some of its plans are in terms of helping the wider world. Of course, this is leading up to a release later this summer of their ProtonVPN service, set to compete against other VPNs (virtual private networks) that can assist in black boxing your internet traffic and behaviors.

This happened just a short while ago, but an important development nonetheless. According to the New York Times:

The initial release, which WikiLeaks said was only the first part of the document collection, included 7,818 web pages with 943 attachments, the group said. The entire archive of C.I.A. material consists of several hundred million lines of computer code, it said.

Among other disclosures that, if confirmed, would rock the technology world, the WikiLeaks release said that the C.I.A. and allied intelligence services had managed to bypass encryption on popular phone and messaging services such as Signal, WhatsApp and Telegram. According to the statement from WikiLeaks, government hackers can penetrate Android phones and collect “audio and message traffic before encryption is applied.”

And here's the link to the vault of documents on WikiLeaks. Haven't had a chance to read through anything yet, but will update as needed over the next week.

Update | March 07, 2017 11:42AM CT

Edward Snowden posted an update on Twitter regarding one of the big call-outs, thus far, from the leak: "first public evidence USG secretly paying to keep US software unsafe."

<div
    class="
      image-block-outer-wrapper
      layout-caption-below
      design-layout-inline
      
      
      
    "
    data-test="image-block-inline-outer-wrapper"
>

  

  
    <figure
        class="
          sqs-block-image-figure
          intrinsic
        "
        style="max-width:840px;"
    >
      
    
    

    
      
        
      <div
          
          
          class="image-block-wrapper"
          data-animation-role="image"

data-animation-override

      >
        <div class="sqs-image-shape-container-element
          
      
    
          has-aspect-ratio
        " style="
            position: relative;
            
              padding-bottom:59.404762268066406%;
            
            overflow: hidden;-webkit-mask-image: -webkit-radial-gradient(white, black);
          "
          >
            
              <noscript><img src="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" alt="From Edward Snowden's tweet" /></noscript><img class="thumb-image" src="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" data-image="https://cdn.uploads.micro.blog/25423/2023/529a26eee7.jpg" data-image-dimensions="840x499" data-image-focal-point="0.5,0.5" alt="From Edward Snowden's tweet" data-load="false" data-image-id="58bef0caff7c50a1c83ce2bb" data-type="image" />
            
        </div>
      </div>
    
      
    

    
      
      <figcaption class="image-caption-wrapper">
        <div class="image-caption"><p><em>From Edward Snowden's tweet</em></p></div>
      </figcaption>
    
  
    </figure>
  

</div>

Round-up for March 4-5

New Bill Would Force NYPD to Disclose Surveillance Tech Playbook: Though not as pressing as other privacy disclosures, this is a timely local-level one that could predicate other states/cities following a similar line. What's notable here is that we are all essentially under a watchful eye from city security cameras, other citizen's cameras, and a myriad of tactics alluded to in the bill (including facial recognization). The New York Civil Liberties Union's statement on this being "critical to democracy" is rather obvious.

How to Keep Messages Secure: Friendly rundown of why teens (ahem, anyone) should avoid using popular chatting apps like Snapchat, et al, for serious communication or for chatting at all. Surprising editorial source, too.

Is There a Business Model For Serious Journalism in the Age of Trump?: Comprehensive analysis on the state of serious journalism.

Smart Condom to Track Your Sex: Here we go with another invasive Internet of Things product. At this point we're just turning ourselves into constantly-monitored subject matter for government, medicinal, and corporate overlords.

Government's Privacy Watchdog is Basically Dead, Emails Reveal: Should we have seen this one coming? "[T]he agency, known as the Privacy and Civil Liberties Oversight Board, is down to just a single voting member — which means it has been stripped of nearly all its powers, according to emails obtained by The Intercept." Important to note: it appears that this didn't start with Trump, and it's been "been withering away for almost a year."

That Free Health Tracker Could Cost You: Handing out Fitbits is something my agency recently did, and I've seen a number of health insurance providers do the same thing -- not sure if all circumstances are leading to more risk pooling bullshit, but this is certainly where it starts.

Want to Improve Data Quality, Reduce Liability, and Gain Consumer Trust? Try Deleting: In its latest white paper, CDT "explores th[e] disconnect and the reasons why commercial data stores have grown. We make the case that it is neither in a company’s nor a customer’s best interest to hold onto large amounts of data." Deleting old, unusable, or irrelevant data is absolutely a consideration to make, especially if you don't plan to use it anymore.

Great piece from The Guardian on how no one reads terms of service for apps/services/hardware they sign up for, and points to solutions in the way of redesigning them.

[T]here’s a lot in click-to-agree contracts that would give many people pause if they knew about them. For example, users give web-based services – and third parties the services contract with, about which users know nothing – the right to keep, analyze and sell their data. Increasingly often, too, people click away their right to go to court if anything goes wrong. “There’s a real concern that consumer protection law is basically being swallowed by click-by-agree clauses,” said David Hoffman, a professor at the University of Pennsylvania Law School, who researches the law and psychology of contracts.

Hoffman is among the legal scholars who believe the no-reading problem isn’t new. After all, he points out, few people read the fine print even when it was literally in print.

However, it’s possible that the design of click-to-accept pages makes the problem worse. A few years ago Rainer Böhme of UC Berkeley and Stefan Köpsell of Dresden’s Technische Universität tested alternative wordings of a simple consent form on more than 80,000 internet users. Some were told their consent was required and presented with highlighted “I agree” button. They went along 26% more often than did other users, who had been politely asked to participate (with phrases like “we would appreciate very much your assistance” and both “yes” and “no” options represented by lookalike buttons).

In other words, when design invites people to consider their options, at least some do. If the design nudges them instead to follow a habit that years of click-to-agree has instilled, then they’ll do that instead. “Ubiquitous EULAs [end user license agreements] have trained even privacy-concerned users to click on ‘accept’ whenever they face an interception that reminds them of a EULA,” Böhme and Köpsell wrote.

This kind of thing has been pointed out ad nauseum, but it is a vital struggle to acknowledge and consider. There is a great site out there called Terms of Service; Didn't Read that operates as a user rights initiative rating and scoring websites' terms of services/privacy policies from Class A (good) to Class E (miserable). A wise read for anyone who has clicked or tapped away on agreeing to walls of unreadable text before engaging with software.