Next week, a special commission created by President Bush will present him with a final report on "articulating a proposed vision for the future of the United States Postal Service." That vision includes the idea that no person should be able to mail a letter without the USPS and their pals in Homeland Security knowing about it.

According to PostalWatch, the Final Report of the President's Commission on the United States Postal Service will include the Final Recommendations of a number of Subcommittees, including this gem from the Technology Challenges and Opportunities Subcommittee:

The Subcommittee believes that a more secure system could be built using sender identified mail. The Subcommittee recommends that the Postal Service, in coordination with the Department of Homeland Security, explore the use of sender identification for every piece of mail, commercial and retail.

And among the other recommendations of the Commission is the maintenance of the monopoly on first-class mail.

Taken together, those two key recommendations mean that this special Presidential Commission is pushing for the legal abolishment of the right to correspond anonymously.

Yet this nation's very Constitution was founded on anonymous correspondence -- the Federalist Papers, which swayed public opinion in favor of its ratification, were authored under the pseudonym "Publius" by John Jay, Alexander Hamilton, and James Madison. Presumably if those fellows were alive in the Commission's "vision for the future," they could not mail their pamphlets without a Homeland-designed mailbox snapping a few pictures and running the images through face-recognition software.

The Commission's document is extremely vague, of course -- the "sender identification" they wish for could take the form of any number of biometric identifiers, or possibly some other scheme. But its implementation will close the circle and end any remaining scraps of privacy in the US mails. For it was four years ago that the USPS announced that it would not deliver to private mailboxes -- like those at Mailboxes, Etc. -- unless the proprietor collected and delivered to the Postal Service peronal information that USPS itself is not allowed to collect.

There's an old journalistic adage: follow the money. It's a principle that privacy proponents would do well to follow, especially when confronted by a populace that really couldn't care less.

Apathy is the biggest ally of those who nibble away at our rights. People have a strange idea of what rights are worth defending: try dropping the speed limit on motorways by five miles an hour and the cries of outrage will violate most weapon test ban treaties. But say that you're about to track everyone's movements by mobile phone and sell the lot to supermarkets, and all you'll get is a silent shrug. Nobody cares about losing their rights and privacy until something goes badly wrong--by when, it's too late. But mention money and you'll get their attention.

An excellent and most interesting paper by Andrew Odlyzko of the University of Minnesota explicitly links privacy and economics by showing how the Internet facilitates price discrimination--a subject that's guaranteed to get people's blood up

Privacy appliances are a bad idea, made worse by the IT industry's tendency to cave in to the search demands of law enforcement agencies.

Privacy appliances already exist and are being further developed by the Defense Advanced Research Projects Agency, or DARPA. Here's one reason they could prove dangerous: "MSN may access and/or disclose your personal information if required to do so by law or in the good faith belief that such action is necessary to ... conform to the edicts of the law or comply with legal process served on Microsoft or the site." That's from The Microsoft Network's privacy statement, but I have yet to read a privacy statement on any commercial Web site that does not contain similar language.

Far from going to bat to protect user privacy, U.S. companies long ago surrendered to the idea that electronic records of any kind are subject to different and far more intrusive government scrutiny than paper-based records. For example, corporations don't let government agencies open and examine their postal mail.

Of course, search warrants are used to find paper records, but that isn't what the new breed of privacy appliances are designed to accommodate. One privacy appliance is under development for DARPA by the recently renamed Terrorism Information Awareness program. From available information, it appears that terrorism researchers would come up with scenarios--presumably using spending, travel and communication records--and then seek permission from private data sources such as credit card providers, airlines and telecom companies to search for pattern matches. The privacy appliance would make sure that no personally identifiable information would be included in the searched data.

Proponents of the program point out that audit logs and other security procedures would make sure that the privacy appliance would not be used for searches on specific people. In addition, DARPA researchers have stated that raw data won't be sent to the government. (Presumably, this means a privacy appliance will be installed in the corporate data center.) Even so, corporate resources will be consumed to support the database queries, and the enterprise will bear the burden of facilitating the wide-scale searches that are needed to find the small-scale patterns most DARPA researchers say they seek.

Further, the vast majority of the information to be searched will be lawfully conducted business. Library lending records, e-mail messages, credit card purchases and equipment rentals will all be subject to scrutiny by a government agent. Under the Patriot Act, libraries can be issued blanket subpoenas for patron lending records.

Privacy statements grant nearly blanket access to any Tom, Dick or Harriet with a "special" (that is, likely not individually reviewed by a judge) subpoena. These new subpoenas might be like the ones authorized in the 1998 Digital Millennium Copyright Act, which allow the music industry to compel corporations to provide data on the basis of a subpoena issued from any U.S. District Court clerk's office without requiring a judge's signature.

"Any departure, such as this, from the traditional requirements for law enforcement subpoenas will open the door to a significant increase in governmental access to personally identifiable information," said David Sobel, general counsel for the Electronic Privacy Information Center.

[ ... ]

Corporate owners of data should heed the words of U.S. Supreme Court Justice Louis Brandeis: "The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men--the right to be let alone."

Spammers promote some unhappy stereotypes about Americans.

From a spam-viewing perspective, the average citizen, it would seem, is aging, balding, out of shape, impotent, undereducated and has incurred significant credit card debt through online encounters with other lusty members of the human race.

The fact that this profile actually fits more than a few Americans makes the portrayal particularly galling. Of course, the opposite is also true. Women are increasingly annoyed by frequent offers to enlarge portions of the human anatomy that are only available to them through gender reassignment surgery

There is some solace. Apparently, there are a large number of Nigerian princesses, diamond mine owners and distressed government ministers who are anxious to share their millions with anyone in the United States who is willing to accept the money. Give them access to your bank account, and they will be happy to manage the electronic funds transfer.

The recent success of the National Do Not Call Registry in the United States has legislators drooling over the idea of eliminating spam. Antispam legislation has incredible allure to both the elected classes and their constituents.

The Can-Spam Act, for example, mandates that all commercial e-mail have a valid return address so that recipients could more easily ask to be removed from future mailings.

There is a requirement for an explicit opt-out mechanism in all marketing e-mail--whether solicited or unsolicited--and improved definitions of proscribed actions like dictionary attacks and address harvesting. The bill provides fines of up to $1.5 million and as much as a year in jail for those who do not comply with its restrictions. The bill was passed unanimously in June.

Sen. Charles Schumer, D-N.Y., has introduced a bill that goes significantly further. The Stop Pornography and Abusive Marketing (SPAM) Act would create a national do-not-spam directory that the Federal Trade Commission would maintain as it does the Do Not Call list. People would have the ability to register for this opt-out service and also flag their children's e-mail addresses with a special designation to ensure that they do not receive adult content.

[ ... ]

Many of these legislative goals are laudable. However, they fail to make several key distinctions. Most people have an implicit hierarchy of what they consider spam. Illegal, fraudulent and misleading e-mail is spam. E-mail from an unknown source is "spam lite." Unsolicited commercial e-mail from a respected company may be spam, junk mail or simply unwanted but acceptable free speech. E-mail from a company with whom the consumer has an existing commercial relationship can also be considered spam if it is simply unwanted or repetitive. These distinctions are highly idiosyncratic and are not amenable to broad legislation.

Many Americans consider the explicit opt-in mechanism in the European Union to be overly restrictive of commercial speech and vaguely un-American. Others will never be satisfied until all unwanted e-mail (commercial or otherwise) is eliminated. Finding the right balance between personal privacy and freedom of speech will continue to be one of the great American debates for years to come.

The economics of the Internet are different from those of telephone networks or the postal system and do not bode well for any legislative campaign. Moving a telemarketing operation offshore is an expensive proposition, while direct mail costs increase dramatically when mail crosses geographic borders. But it usually costs less to operate a sophisticated e-mail marketing program from New Delhi than it does from New York.

LAS VEGAS--A widely publicized project to transform a man-made platform in the English Channel into a "safe haven" for controversial Web businesses has failed due to political, technical and management problems, one of the company's founders said.

Ryan Lackey, former chief technology officer of HavenCo, said on Sunday afternoon that he left the project because his business partners had become nervous about hosting objectionable material and were leading the company toward financial ruin, with only about six customers remaining.

"The key lesson on this is if you're going to put a 'co-lo' facility somewhere, political and contract stability in that jurisdiction is very important," Lackey said, referring to co-location setups, or virtual site-hosting facilities. "Customers want stability. They don't want the network to be down for two months." The 24-year-old Lackey spoke to an audience of about 600 at the DefCon hacker convention here.

A HavenCo representative disputed Lackey's characterization of the company's problems and said he was no longer in a position to know details about its workings. "We have a moderate-sized installation which is growing monthly, very many more than the alleged six customers and their servers in operation, and in the last eight months or so have been able completely to reengineer our network and its international connectivity arrangements," the representative said in e-mail on Monday.

Linux seller SuSE and server maker IBM have obtained a crucial security certification that will make the operating system an option for demanding military and government customers, the companies are expected to announce Tuesday.

Many governments require certification to the international Common Criteria standard before they're allowed to purchase a specific computing product. SuSE Linux Enterprise Server 8 running on IBM's Intel-based xSeries servers achieved Evaluation Assurance Level 2 (EAL2) of the Common Criteria, the companies are expected to announce at the LinuxWorld Conference and Expo.

"It certainly raises the viability and increases the trust level of Linux in government contracts," IDC analyst Chris Christiansen said. Though commercial buyers don't usually give Common Criteria certification much more than passing notice, "the government market is very large," he said.

As the flaws keep flowing in, hackers and security experts gather in Las Vegas to work out what's needed to keep the Internet safe--and whether it's time for less talk and more action.

U.S. Senator Lisa Murkowski (R.-Ala.) introduced legislation Friday designed to rollback certain provisions of the Patriot Act, including requiring a court order for U.S. law enforcement agencies to conduct electronic surveillance.

According to Murkowski, her bill would not repeal any portion of the Patriot Act, but would curb some the police powers granted under the legislation. The Patriot Act was passed in the immediate aftermath of the Sept. 11, 2001, terrorist attacks.

"We must strike a careful and constitutional balance between protecting the individual rights of Americans and giving our law enforcement and intelligence officials the tools they need to prevent future terrorist attacks," Murkowski said in a statement. "To date it appears portions of the Patriot Act may have moved the scales out of balance. My goal is simply to make sure that our laws are balanced."

The Protecting the Rights of Individuals Act (S. 1552) requires that law enforcement agencies demonstrate a cause for suspicion before courts could issue authority to monitor certain telephone and Internet use and also seeks to limit the FBI's ability to review a person's personal data, including medical, library and Internet records.

A UCLA professor is working on set of sensors and data-capture applications to record a school classroom in intimate detail. The project webpage has more information; see also an older story. The professor apparently envisions actually deploying these sensors in a classroom next spring, but doesn't mention what school is willing to participate.

Interesting blurb, but the content comes up missing when I call the page. The server appears to be overloaded. Nothing to be available at the moment, sigh.

In a collaborative project, researchers from Electrical Engineering, Computer Science, and the Graduate School of Education and Information Studies are applying new technologies to study early childhood education in a sensor-in

[ ... ]

Sensors placed around the classroom will continually capture interactions between students, teachers, and common classroom objects. The sensors in the Smart Kindergarten include fixed cameras and microphones, "smart toys," and iBadges. The team is also using Sylph, a sensor middleware infrastructure developed by Muntz.