The [Digital Entertainment Content Ecosystem or DECE] is setting out to create a common digital standard that would let consumers buy or rent a digital video once and then play it on any device... Under the proposed system, proof of digital purchases would be stored online in a so-called rights locker, and consumers would be permitted to play the movies they bought or rented on any DECE-compatible device.Most consumers have likely never heard of Neustar, yet the firm plays an important role in the telecommunications industry, and has built a highly profitable business faciliating the disclosure of information regarding consumers' communications to law enforcement and intelligence agencies.
[DECE is] selecting Neustar, a company based in Sterling, Va., to create the online hub that will store records of people’s digital purchases, with their permission.
The company created and operates the Number Portability Administration Center (NPAC), which enables US and Canadian consumers to keep their phone number when they switch carriers. Each time a consumer attempts to transfer their number from one phone company to another, Neustar is involved, and thus, it has a database of every one of these transfers.
Neustar also provides law enforcement agencies with a web-based front-end (as well as an API) to access to this database, enabling government agents to instantly determine which telecommunications company any particular phone number is assigned to. In a typical investigation, before law enforcement or intelligence agencies can obtain a suspect's call records, they must first contact Neustar in order to figure out which phone company he or she is using.
How many times a year does Neustar hand over information on individuals to law enforcement and intelligence agencies? Who knows. The company is not required to disclose this by law, and (as far as I know), has not disclosed any statistics to the general public.
On the firm's website, Neustar describes its LEAP service:
Savvy criminals stop at nothing to cover their tracks - including switching telephone carriers repeatedly. Fortunately, law enforcement professionals can now arm themselves with a powerful weapon against the most elusive perpetrators.Neustar also offers a turn-key service for firms that wish to outsource their own legal compliance departments. Telecos and ISPs that don't want to dedicate the manpower to dealing with wiretap, intercept and other surveillance requests from law enforcement and intelligence agencies can pay Neustar to do it for them. The company even has a fancy sales brochure describing the service in detail.
Neustar's Local Number Portability Enhanced Analytical Platform (LEAP) gives LEAs information about recent telephone number porting activity, so you're on the case faster than ever before. Whether your investigations involve pen registers, trap-and-trace, Title III wiretaps or Title 50 wiretaps, LEAP from Neustar puts you in control - and keeps perpetrators within reach.
Who better to manage that legal compliance unit than Joel M. Margolis, a former Department of Justice/Drug Enforcement Administration attorney, who up until 2008, "served as DEA's legal representative on Department of Justice working groups responsible for matters of telecommunications legislation and regulation" and previously "advised [the] Federal Bureau of Investigation on the implementation of the CALEA (lawful surveillance) statute."
(The practice of hiring a former DOJ attorney to manage the group within a company responsible for receiving and responding to law enforcement and intelligence agency requests is actually rather common. Google, Microsoft, and MySpace have made similar hires.)
Back in October of 2009, I attended a surveillance industry conference in Washington DC, and taped several of the panels. One of the panel recordings already lead to headlines just one month ago, regarding comments made by a Sprint employee discussing the extent of the firm's disclosure of customer GPS data to law enforcement agencies.
At the same conference, Mr. Margolis spoke on a panel discussing the methods by which law enforcement and intelligence agencies can compel Internet and telecom companies into using already deployed Deep Packet Inspection technology for intercepts. While I took down my copy of the audio recordings in response to a request from the conference organizers, the Electronic Frontier Foundation continues to mirror them here. Mr Margolis' comments are enlightening -- and highly recommended for anyone interested in surveillance and privacy related issues.
Something to consider
The main reason I highlight all this information regarding Neustar's various products and services is that I believe that privacy, and in particular, law enforcement access to consumer video purchase records, should be part of any serious debate regarding the Digital Entertainment Content Ecosystem.
To be clear - I have no reason to suspect that Neustar has done anything improper or illegal, and I am confident that the firm's lawyers know CALEA, Title III and the Patriot Act inside out.
However, I am concerned about the fact that Neustar has already built a business around faciliating law enforcement and intelligence agency access to consumer data (both the phone number portability data held by the firm, and its outsourced legal compliance unit), and that I am not sure if consumers should be dependent on a firm of this type to protect their highly confidential video purchase and rental records.
As a technologist concerned about privacy, I'm really not keen on the idea of any firm which provides an easy to use API to law enfordcement agencies holding any of my private data, particularly one which does not disclose any information on the number of law enforcement requests it receives, responds to, and more importantly, rejects and fights in court.
Because of the complete lack of statistical and other information regarding Neustar's disclosures to the government, consumers have no way of knowing how often, if ever, Mr. Margolis says no to his former colleagues at the US Department of Justice.
Will the movie studios and other entertainment companies disclose to consumers that they will provide detailed records for each individual's movie purchases to a company that pledges to put "[the police] in control - and keeps perpetrators within reach"?
I doubt it.
Disclaimer: These are my own personal views, and do not reflect those of any other individual or organization with which I am affiliated.