The LA Times learned the wrong lesson. Rather than giving up the experiment, it should have tried again.

The failed LA project comes to mind in the wake of the Wall Street Journal’s launch of a WikiLeaks-like experiment, a site called SafeHouse. The page pitches these bullet points:

• Help The Wall Street Journal uncover fraud, abuse and other wrongdoing.
• Send documents to us using a special system built to be secure.
• Keep your identity anonymous or confidential, if needed.

Uh, not really, at least on the second and third points.

Security experts immediately poked holes in the site security. And the site’s Terms of Service contain what might be termed a “Get Into Jail Free Card” — reserving “the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others.”

Unlike the LA Times, the Journal isn’t abandoning the experiment and seems to be working to fix at least some of the site’s flaws. That’s good news, even though I’d still advise any whistleblower to steer clear of this for the moment, not least because the notion of trusting a company controlled by Rupert Murdoch is, well, problematic even if one might trust (as I would) many of the Journal’s lower-level editors.

Which raises the larger question in any case: While I tend to believe that every news organization should have a drop-off point for documents from whistleblowers, there’s always going to be a question of how much a leaker should trust any private company on which a government can exert pressure, apart the issue of whether the company itself can always be trusted. Remember, the New York Times has frequently felt obliged to ask permission from the U.S. government before publishing a variety of things.

Still, these experiments are worthwhile. But it’s going to take some time before we can call them successes in any respect.

The FTC’s proposal is a potentially useful improvement in our woefully inadequate online privacy

Americans have become so numb to the relentless erosion of our privacy that we tend to view even small advances with skepticism, if not outright cynicism. Such is the case with yesterday’s Federal Trade Commission proposal for a “do not track” system, whereby people could tell online marketers that they don’t want their online activities to be captured and used by websites or online advertising firms.

The FTC’s report is just that: a document with no regulatory power. But FTC Chairman Jon Leibowitz told reporters in a conference call that the commission will urge Congress to act if the industry doesn’t “step to the plate.” I take the need for congressional action as a given, since the online industry’s self-regulation has ranged from weak to bogus.

What’s best about the FTC’s approach is its recognition of reality. It calls for a multilayered approach to enhancing privacy. One piece is to encourage websites and services to build in privacy protection from the ground up. This is laughable, given the industry’s record of bolting privacy on later, if at all, not to mention the currently enormous economic incentives to abuse it.

Another principle is transparency: Tell us, in clear language, what you’re tracking and how you’re doing it. Privacy policies on most websites and services take hundreds to thousands of words, in the densest legalese, to tell us we have no privacy and that’s tough. In today’s world, sorry to say, clarity would only mean language like this: “We can do pretty much whatever we choose with your data, and you can take us or leave us.” Not good enough, either.

The best principle is countermeasures, technical and, perhaps, regulatory. I use a variety of protective plug-ins for my Firefox browser. But I’m under no illusion: The technologists who create the privacy-invading tools are better funded and just as smart as the protectors — and so far, they’re winning the arms race. I would pay for a browser that really, truly blocked the spies or fed bogus data back to them. What I don’t know is whether there’s a sufficiently large market to support it.

A do-not-track list is a mostly regulatory approach. Saying we want it is a lot easier than making it happen in a way that works as intended and doesn’t create massive new privacy problems. For one thing, contrary to some of the commentary about the proposal, it wouldn’t be precisely analogous to the hugely popular “Do Not Call Registry” that has greatly reduced those annoying dinnertime phone calls from people pitching crappy products, loser stocks and beachfront property in Kansas. The online tracking, in theory, is designed in part to help marketers pitch us products and services we might actually want, based on what we do online. In a system that worked to preserve real privacy, which the current one does not, that would be the opposite of annoying.

There are many reasons to question whether a do-not-track system could even work as intended. For one thing, as privacy expert Lauren Weinstein has noted, we’d have to create some kind of unique identifier to notify the marketers and digital trackers. Wouldn’t this become a ripe target for abuse?

For another, many people are still getting junk phone calls, albeit at a reduced rate, and the callers are using digital technology to disguise their origins; over time they could well make the registry a nice idea that ultimately failed. If we know anything about the people creating the online spying tools, it’s that they are ingenious and resourceful. Mere laws and regulations won’t end the abuses.

Online tracking, even if the trackers have good intentions, is so worrisome in part because we don’t generally have much knowledge of what’s happening to us — and because the online spies are going way beyond the bland assurances we’ve heard in the past. For example, few people would object to having a news website track what we do on that site. If the New York Times knows what I’ve read on nytimes.com, it can do a better job of showing me material I might want to see there.

The tracking gets offensive when it crosses boundaries — and it almost always does these days. As Ed Felten, the Princeton computer scientist who just joined the FTC as chief technologist, explained at Wednesday’s event, the potential for harm soars when online trackers create a centralized database, “connecting the dots between consumers’ activities at different times and places to build up a profile of what a person has been doing.”

The tracking companies, as noted, are clever. Yesterday’s Wall Street Journal article on device “fingerprinting” — essentially creating unique identifiers that can’t be removed — was another example of why we should not trust the tracking companies’ bland assurances that they have only our best interests in mind.

The Journal has taken the journalistic lead in looking at this matter. While its seemingly endless series about online privacy has had some glaring flaws — not least of which the newspaper’s too-hysterical tone and tendency to conflate the big abuses with the small ones — it’s also educated me (and I try to, uh, track this stuff) about things I didn’t know, such as the fingerprinting advances.

The Journal, which does its own share of online tracking, has another horse in this race, of course. It charges for much of what we can read there, via a paywall that is one of the news industry’s only successful such initiatives. Its corporate parent, Rupert Murdoch’s News Corp., is pushing its other properties in that direction, with initially pathetic results. Murdoch, meanwhile, has been in full-rant mode for several years about what he sees as the need to end the era of “giving away” the news, or at least trying to pay for online news via advertisements only. So when you read the Journal’s series, make sure you have that perspective on its own corporate interests.

But we should recognize a reality in any do-not-track world: To the extent that online spying has been a revenue source for companies providing products (including news) and services, the loss of that revenue will mean A) website investors will get less return on their money; B) we’ll get less of what they’ve been providing us; C) sites will find new ways to attract online advertising that’s less targeted to individuals, which would mean more irrelevant ads; or D) we’ll pay more directly for what is subsidized today — most likely some combination of all of those options.

Option D is OK with me. I pay now for the Journal’s website and several others (such as Consumer Reports), and would be willing to pay for some others, ideally in a bundle of top-quality information services. I’d expect lots of activity in that vein if real privacy measures ever take hold, but I don’t dispute the widely held belief that most people have come to take “free” — a word that should almost always be enclosed in quotes — for granted and would be, at best, reluctant to pay directly for what they use.

All I know for sure is that the online trackers are expanding in their invasiveness and creepiness. It’s time we pushed back, and hard.

* * *

Some folks did push back, and are continuing to do so, in another privacy attack that got tons of press last week. I’m referring to fliers’ outrage at the federal government’s deployment of “porno-scanners” in airports, and the deep groping techniques Transportation Security Administration personnel impose on fliers who decline to go through the scanners.

Traditional media latched onto a specific protest movement, in which fliers were urged to refuse to go through the scanners the day before Thanksgiving, the busiest day of the year in most airports. When that ill-advised protest predictably flopped, some media reports declared that Americans didn’t care all that much about the invasive nature of the new rules, or not enough, at any rate, to make much of a fuss. And a variety of commentators — most from traditional media — lectured the people who had had enough of government encroachments on privacy, or at least this one. “Grow up,” they said, as if they were grown-ups and the rest of us were wayward children who needed to be reminded of our place.

We’re not kids, and we’re not going to let this go. Not only is the effectiveness of these scanners questionable — and the safety of the newer X-ray machines in sufficient doubt to avoid them — but the groping is plainly designed, in part, as punishment for people who dare to say no to the scanners.

Once upon a time, journalists challenged government to prove its worth. Today, too many journalists bow and scrape to keep their access to the rich, powerful and influential people who run this country. With too few exceptions, especially in Washington, they want to be members of the club, and their work tends to show it.

District loaned laptops to students, then used spyware to take pictures of them. Prosecutors: No “criminal intent”

Federal prosecutors are showing uncommon sympathy for some Pennsylvania school officials who spied on students via webcams in their school-owned laptop computers: They’ve decided not to prosecute.

The reason? ”For the government to prosecute a criminal case, it must prove beyond a reasonable doubt that the person charged acted with criminal intent,” the U.S. Attorney’s office said in a statement. “We have not found evidence that would establish beyond a reasonable doubt that anyone involved had criminal intent.”

Let’s leave aside the fact that people are charged all the time for criminal offenses despite having no idea they’re committing crimes. And since when did ignorance of the law confer immunity?

Let’s focus instead on the fundamental creepiness in what happened at the Lower Merion School District in suburban Philadelphia. A lot of the facts and fuller context in this privacy debacle remain murky. Let’s hope that the discovery process in the several civil suits results in a more complete disclosure, but we do know this:

The district loaned laptop computers to students and then, under a program the district said was aimed at recovering lost or stolen machines, used spyware to capture tens of thousands of images of kids. Some of those images, it emerged in civil suits filed against the officials, were taken in students’ homes — and some of those in their bedrooms. Oh, just a terrible mistake, said the district.

Some 38,000 images from six computers alone, not to mention video chats and IMs in at least one case? If this is an oversight, a mere mistake, yike. But if so, the people who were that sloppy shouldn’t be trusted to teach elementary arithmetic or anything else.

There’s apparently no state law against this kind of thing. That’s outrageous by itself. And while the feds have concluded that they can’t pursue criminal charges, no one should even consider letting the school district off the hook in any moral way for its reprehensible behavior.

The case also reminds us that civil lawsuits play a vital role in our society. Yes, some plaintiffs’ lawyers launch meritless lawsuits and cause wide harm. But sometimes, as in this case, they are the last line of defense when powerful institutions beat up on individuals. We forget that at our peril.

When officials claim limited goals and strong privacy guarantees with security technology, don’t believe them

When government officials launch new security technologies, they always promise that the devices and methods will A) not unnecessarily invade people’s privacy;  B) have strong policies in place to prevent abuse; and C) not go beyond their initial mandate. Then they break the promises.

The latest case in point involves the full-body scanners that are being installed in airports and some other federal installations: As CNETreports:

For the last few years, federal agencies have defended body scanning by insisting that all images will be discarded as soon as they’re viewed. The Transportation Security Administration claimed last summer, for instance, that “scanned images cannot be stored or recorded.”

Now it turns out that some police agencies are storing the controversial images after all. The U.S. Marshals Service admitted this week that it had surreptitiously saved tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse.

It’s an example of “mission creep” — the pervasive tendency to expand original goals or tactics beyond supposedly narrow original goals. It’s how laws supposedly aimed solely at crime lords end up being used against average folks. The only surprise in this case is that anyone would be surprised.

The misrepresentations about the body scanners have been a key feature of the machines’ rollout. First we were told that no images could be stored because they’d be automatically deleted. Whoops, not true. In fact, these machines are specifically designed to store the images.

Now the Department of Homeland Security has done what everyone paying attention knew was coming: It’s mandating the rollout of the body scanners nationwide. Soon, everyone who flies will be invited to bare all for the sake of security.

But you don’t have to actually go through the scanner, right? Isn’t there an option to be checked in some other way? There sure is, but be prepared for a serious hassle if you do.

Be prepared for some other upcoming realities. Even though lots of celebrities make sex tapes, there are at least a few movie stars and other public figures who have retained some old-fashioned modesty. Think any of these folks, however they regard their own privacy, won’t be targets? Think again.

And watch as the full body scan becomes less and less optional if you want to actually catch your flight. Either it’ll be mandatory, or the alternative will be hugely time-consuming and/or physically invasive. So if you find yourself shocked one day that yet another vestige of your liberty and dignity has been taken away, you won’t have been paying attention.

Naturally, the corporate spin has tried to disguise the harsh reality. Under the name of Facebook founder and CEO Mark Zuckerberg we read this blog post, which includes this paragraph:

The number one thing we’ve heard is that there just needs to be a simpler way to control your information. We’ve always offered a lot of controls, but if you find them too hard to use then you won’t feel like you have control. Unless you feel in control, then you won’t be comfortable sharing and our service will be less useful for you. We agree we need to improve this.

It’s impossible for anyone other than Facebook to say if this is the truth; only the company can count the communications it has received from users. I don’t believe this spin, because the criticism I’ve heard has not just been about simpler control. It’s been about the constant encroachments on people’s privacy that Facebook has been making for several years now. As IBM’s Matt McKeon brilliantly illustrated in his visualization, the default settings have exposed vastly more personal information:

Look at the original visualization to see how profoundly and systematically Facebook has made these encroachments on privacy as the years passed. These were systematic violations of trust.

To be sure, the latest changes will help. They do not go far enough, however, and along with the company’s obfuscation of the issues they only reinforce my strong belief that Facebook has a long, long way to go before it’ll re-earn any of my faith or trust.

I’m still not planning to delete my account entirely. I need to understand what goes on inside Facebook in order to do my work properly. As noted earlier on this blog, I made a pretty drastic change myself a few months back: deleting my account and restarting it in a much-reduced way. For now I’ll stay with this arrangement.

Which reminds me: If you friend me on Facebook, please only do so if you’re an actual friend. If you want to connect with me in a business or professional context, please use LinkedIn.

Like many other people, I have a Facebook account. One reason is to keep track of what’s happening in the planet’s largest social network, including what application developers and users are doing there.

Another is that some of my friends — actual friends — are using the site. Facebook helps me stay in touch.

But the privacy fiasco of the past few days has left me feeling that I really can’t entirely trust Facebook, even with the limited amount of things I’ve said and done on the site since I got an account several years ago. Maybe I’m over-reacting — and I continue to admire the company’s accomplishments in many other ways — but that’s just the way it is.

Why don’t I feel safe and sound in their benevolent hands? Because although some of the changes they’ve made in their privacy settings are actually helpful, they are suggesting that users share much more of their data and other information, much more widely than ever. Facebook’s extremely smart leaders know perfectly well that the majority of users are likely to accept these suggestions, because most people say yes to whatever the default settings are in any application.

I wasn’t very happy with my Facebook situation in any case. Early on, I said yes to just about everyone who asked me to “friend” them, including people barely knew and some I didn’t know at all.

The privacy changes — and my continuing uncertainty, given the number of pages you have to look at to modify your settings — made me realize I’d rather take fewer chances. So I’ve made a fairly drastic change.

This morning, I deleted my account. Then I started a new one.

Actually, I scheduled the old one for deletion several weeks from now, which is all Facebook allows. The company figures, perhaps correctly, that some people will have made this decision rashly and wants to give them a way to reconsider. And it’s clearly in Facebook’s interest to avoid as many cancellations as possible for business reasons.

It wasn’t easy to figure out how to delete the account, which no doubt is part of the company’s strategy, too. If you go to your Settings page, the only option in this realm is to “deactivate,” not delete.

But a little searching on the site turns up this Facebook Group called “How to permanently delete your facebok account” (more than 35,000 members) — which in turn reveals this link to a delete-account form.

Before I did the actual deletion, however, I went to my Account Settings and opened up the Username option. I’d previously set my username to “dangillmor” so my Facebook URL would be facebook.com/dangillmor, and wanted to be able to use that again. I changed the username to something else, and only then did I delete the account.

Then I started a new account, using a different email address, and set the username to match the old one.

Next up was a check of the default privacy settings for new users. They’re pretty un-private, in my view, sharing way too much with people you don’t know. I systematically went through the various screens — Facebook makes this chore both annoying and obscure, perhaps on purpose — to ratchet down the settings to something I can live with.

Look, we all know what is Facebook’s best interest: exposing to search engines and advertisers the largest possible number of pages by among the largest number of people willing to create stuff and make it all public. Marketers drool at what they can do at Facebook if the company will only let them, and Facebook’s entirely rational goal, like almost every other Internet company’s, is to make profits in almost any way it can. What’s in the corporate interest, however, doesn’t necessarily match what’s in my interest, or yours.

So I’m still at facebook.com/dangillmor — though my real Web homebase is dangillmor.com — with just two Facebook friends at the moment. I’ll be adding more, but not in any hasty way.

UPDATE: Wired News explains How to UnFacebook Yourself.

And Jason Calacanis asks, “Is Facebook Unethical, Clueless or Unlucky?” I vote mainly for the first.