Menu

Google Demands Warrants for Access to Email and Cloud Data

By
January 24, 2013

Despite federal law that states authorities do not need warrants for e-mails stored for longer than 180 days, Google demands probable cause warrants when asked for user data from Gmail or other cloud-based services. “Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Google said in a statement. Continue reading Google Demands Warrants for Access to Email and Cloud Data

Will Failure of Internet Self-Regulation Lead to Do-Not-Track Option?

By
December 20, 2012

“If you want to see how industry self-regulation can fall short, take a look at the online advertising business and the fight over a do-not-track protocol to protect consumer privacy,” suggests the Wall Street Journal. “It would seem to be in business’s interest to keep customers happy,” notes the article, “to give those who want it the guarantee that they aren’t being tracked on the Internet.” Continue reading Will Failure of Internet Self-Regulation Lead to Do-Not-Track Option?

Instagram Users and Privacy Advocates Riled by New Terms of Service

By
December 19, 2012

Despite panicked reports regarding recent changes to Instagram’s terms of service, The Verge notes that the Facebook-owned photo-sharing service always had an expansive license to use and copy images, not unlike the agreements of other Web services that store user data. There has been an uproar to the following sentence, released earlier this week: “You agree that a business may pay Instagram to display your photos in connection with paid or sponsored content or promotions without any compensation to you.” Continue reading Instagram Users and Privacy Advocates Riled by New Terms of Service

Will Changes to Facebook Privacy Controls Make Users Feel Secure?

By
December 17, 2012

Facebook will offer improvements to its privacy settings by the end of the year to allow users to change and understand their privacy settings without going to a remote privacy settings page.

The social network will provide a dropdown box on “almost every page,” reports The Atlantic. Facebook will also include messages alongside posts to help people understand who can see the specific status update or picture.

Changes to the privacy settings are intended to help people understand who can see content, and to help users target and remove inappropriate or unwanted content.

The changes will not affect Facebook’s data sharing, and Facebook will continue to leverage user data to build targeted advertising.

While The Atlantic classifies the changes as mostly “cosmetic,” it still says they are important because simplifying privacy control could help Facebook gain user trust.

FTC Mobile Apps for Kids Report Finds Little Progress in Privacy

By
December 13, 2012
  • The Federal Trade Commission’s staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade,” analyzes mobile applications aimed at children, and finds that little progress has been made since last year in terms of warning, or even informing, parents about the data collection in applications.
  • The report notes that the applications have interactive features and social media sharing that can send information on the children to advertising companies or analytics companies without seeking parental consent. Some applications do not even disclose the actions to parents, according to the report.
  • “While we think most companies have the best intentions when it comes to protecting kids’ privacy, we haven’t seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids,” said FTC Chairman Jon Leibowitz. “In fact, our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents.”
  • “All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job,” he added. “We’ll do another survey in the future and we will expect to see improvement.”
  • The report, which examined disclosures within the app, disclosures on the promotion page in the app store, and at the app developer’s website, found “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data.”
  • “Even more troubling, the results showed that many of the apps shared certain information with third parties — such as device ID, geolocation, or phone number — without disclosing that fact to parents,” according to the report.

Is the Carrier IQ Rootkit Tracking Everything on Your Smartphone?

By
December 1, 2011
  • As an Android, Blackberry or Nokia user, you may not know that an app called Carrier IQ is logging literally everything you are doing on your smartphone including keystrokes, SMS messages and HTTPS sessions. Other articles on Carrier IQ report that this information is being sent to the carriers.
  • Apparently, there is no way for a user to turn Carrier IQ off without replacing the operating system.
  • A former Justice Department prosecutor has told Forbes that this is “likely grounds for a class action lawsuit” as it violates federal wiretapping law. This story is beginning to get a significant amount of attention online.
  • To see Carrier IQ in action, watch the 17-minute video posted to the PC World article.

Surveillance Catalog: Government Uses New Monitoring Techniques

By
November 23, 2011
  • Take a look at the toolkit for governments to legally monitor what people are doing on the Web. It’s an impressive catalog that includes hacking, intercept, data analysis, Web scraping and anonymity products. It makes one aware that nothing is safe from surveillance.
  • Hacking tools use techniques commonly used in malware.
  • Intercept tools can filter all traffic from the Internet backbone and determine which to forward to law enforcement.
  • Data analysis sorts, stores and analyzes information from a variety of sources including wired and wireless networks, surveillance, domestic and foreign agencies, tactical operations, etc. to build a complete profile of suspects or identify patterns across data sets.
  • Web scraping gathers and analyzes data from publicly available sources.
  • Anonymity hides the identity of investigators.
  • If governments are already using these tools, how long will it be before anyone can obtain them? WIll this imperil the confidence people have online?

Panel Notes from FoE 5: At What Cost? Privacy Issues in a Digital World

By
November 14, 2011

The following are some notable comments from a panel at last week’s Futures of Entertainment conference at MIT.

Panel: “At What Cost? The Privacy Issues that Must Be Considered in a Digital World”

  • If individuals release personal information to the world, they have to distinguish when they are really losing their privacy and when they are legitimately sharing information.
  • Just because we are sharing information in different patterns today, that doesn’t mean that we have to think of privacy as a whole any differently.
  • Everyone needs to know and be aware of what each service provider’s positions are regarding privacy.
  • There should be a push to track and openly comment on user privacy policies by companies.
  • There is no question that personalization requires giving one’s information. But this is only because we have not been creative enough in developing a solution that doesn’t require information sharing. Not enough thought has gone into having personalization and privacy live side by side without compromise.
  • Here are a few examples from outside the entertainment space that have been able to personalize a user experience without compromising their privacy: Using GPS information for vehicles on the road, traffic patterns can be generated. Companies extract information from each vehicle, and anonymise the information. By using the information in aggregate each driver can receive a personalized traffic report.
  • Adnostic is a system that provides targeted ads without tracking. It does the ad recommendations by pushing all the tracking to the client side, so that the centralized 3rd party service never knows what you are doing.

Speakers:
Jonathan Zittrain (Harvard University)
Helen Nissenbaum (New York University)

Vengeful Librarians: Is the CIA Monitoring Your Tweets Every Day?

By
November 7, 2011
  • In an effort to strengthen its counterterrorism and counterproliferation measures, the U.S. Central Intelligence Agency actively monitors over 5 million of the 140 million tweets posted daily.
  • The CIA monitors Twitter and Facebook daily, regularly briefing President Obama on popular posts and trends.
  • The McLean, Virginia-based monitoring team — called the “Vengeful Librarians” — tracks news and social media sources, using language to pinpoint origin.
  • “The CIA team has also used Twitter to monitor reports of real-time events, and can focus on a few Tweeters who are publishing accurate reports,” reports Digital Trends. “The team found that, in these situations, other Twitter users actively stamp out erroneous information when it is reported, which proves the usefulness of Twitter as a primary source for breaking news.”

Study Reveals One in Five Willing to Friend Strangers on Facebook

By
November 4, 2011
  • In a study conducted by the University of British Columbia Vancouver, 102 bots controlled fake Facebook accounts to send friend requests at random, showing that one in five people were willing to accept requests from strangers.
  • “If that complete stranger had a mutual friend in common, the success rate went up to about 60 percent,” reports Ars Technica.
  • Once friends, the bots had access to a large amount of personal information: “…for people directly friended by the bots, availability of e-mail went from 2.4 percent (unfriended) to 71.8 (friended) and postal addresses from 0.9 percent to 19.0 percent.” The bots also gained information about the users’ friends.
  • The study raises interesting points regarding Facebook’s efforts to create privacy and control. “The site has been criticized for making it too hard to secure personal data, and be too liberal with its default policies,” suggest the article. “In response to these criticisms, it has made the privacy and security system easier to use and with more sensible defaults. But these controls are irrelevant if people are willing to add random bots, and hence give away access to their ‘friends-only’ private information.”

Convenience vs. Security: Google Chrome Syncs Multiple Browser Profiles

By
November 4, 2011
  • Google announced this week the beta release of Chrome, which “enables users to sync different accounts across multiple computers,” reports ReadWriteWeb. “This allows more than one person to sign into Chrome on a shared computer and have access to all their browser data. It also enables one person to have different Chrome profiles with different email addresses, e.g. work and personal, that can all be accessed from any computer by logging in.”
  • Chrome already syncs personal settings such as bookmarks, extensions and passwords to a user’s account, but the new beta “makes it possible to use multiple Chrome accounts on any copy of the browser.”
  • Google acknowledges this feature provides convenience at the cost of privacy.
  • The Google blog notes that it “isn’t intended to secure your data against other people using your computer,” since “all it takes is a couple of clicks to switch between users.”

Facebook: Is Frictionless Sharing the Future of Social Networking?

By
October 4, 2011
  • In a recent GigaOM article, Matthew Ingram provides a compelling alternative viewpoint to the recently publicized complaints regarding Facebook’s philosophy of “frictionless sharing.”
  • The concept — which essentially allows apps and online publishers to post a user’s activity to their wall without permission — has raised a legitimate concern in terms of whether the feature is a worthwhile addition or an invasion of privacy.
  • “Consumer advocacy groups such as the Electronic Privacy Information Center are arguing the latter, and have even asked the government to step in, while some users have deleted their Facebook accounts in protest,” reports Ingram. “But there’s an argument to be made that Facebook isn’t forcing anyone to share; it’s simply adapting to the increasingly social way that we are living our lives online.”
  • While it’s easy to see the concerns regarding privacy, there are clear benefits to this type of sharing. Ticker, for example, can often provide “serendipitous experiences” such as finding interesting music, video clips, or articles based on the activity of friends. “It also fits right in with the concept that underlies Facebook and most social networking,” suggests the article, “which is what user-interface designer Leisa Reichelt has called ‘ambient intimacy’: the idea that there’s something to be gained by having transient and lightweight connections to people in your life.”
  • The article points out that the news feed was also originally heavily criticized when it launched in 2006, but eventually became immensely popular.
  • Zuckerberg’s “law of social sharing,” which notes that the amount of data people share doubles each year, is a “good predictor of what people will do, regardless of what they say they will do or how much they criticize features like frictionless sharing from social apps.”
  • “And soon, the idea that apps are sharing a continuous stream of our activity will seem just as commonplace and uncontroversial as the original news feed,” contends Ingram.
  • The article argues that “social sharing online isn’t going away any time soon; it’s not just the core of Facebook, but the organizing principle of the modern Web — Facebook is just a symptom of that change, not the cause.”

Privacy Watchdog Groups Ask the FTC to Investigate Facebook Features

By
October 3, 2011
  • An association of privacy groups, led by the Washington-based Electronic Privacy Information Center, has asked for a federal investigation into Facebook features that broadcast new information about users. The new partnerships with media platforms allow Facebook to acquire extensive data about user behavior.
  • “That information could also be made available to marketing companies for use in focusing advertisements, and potentially to government agencies interested in tracking people’s behavior,” suggests The New York Times.
  • In a letter to the Federal Trade Commission, privacy advocates wrote, “frictionless sharing creates several privacy and security problems for users.”
  • Facebook responded by explaining its users have more control than what is being suggested. “Some groups believe people shouldn’t have the option to easily share the songs they are listening to or other content with their friends,” company spokesman Andrew Noyes communicated via e-mail. “We couldn’t disagree more and have built a system that people can choose to use, and we hope people will give it a try. If not, they can simply continue listening and reading as they always have.”
  • According to the article, “the FTC does not comment on whether it is investigating any company unless it has some results to release.”

Justice Department Memo Tells Which Telecoms Store Data the Longest

By
September 30, 2011
  • “People who are upset that Facebook is storing all their information should be really concerned that their cell phone is tracking them everywhere they’ve been… The government has this information because it wants to engage in surveillance,” an ACLU staff attorney said.
  • A newly released Justice Department internal memo reveals the retention policies of Verizon, T-Mobile, AT&T, and Sprint.
  • Verizon seems the most privacy-friendly, but is the only company that retains text message content. Messages are stored for 5 days; other companies don’t retain message content at all.
  • The retention of “cell-site data” (information of a phone’s movement history based on phone tower usage) varied the most among the four providers.
  • “Verizon keeps that data on a one-year rolling basis; T-Mobile for ‘a year or more;’ Sprint up to two years, and AT&T indefinitely, from July 2008,” reports Gizmodo.
  • Senator Patrick Leahy proposed to alter the Electronic Privacy Communications Act to “protect Americans from warrantless intrusions.”
  • To see your provider’s retention policy, check out the graphic featured in the Gizmodo post.

Online Privacy Protection Act Applies to Mobile App for First Time

By
August 17, 2011
  • The Federal Trade Commission ruled Monday that W3 Innovations, the company behind popular mobile applications for kids, including “Emily’s Girl World” and “Emily’s Dress Up,” should pay a $50,000 penalty for collecting personal information from kids without parental permission.
  • The commission found the company in violation of the Children’s Online Privacy Protection Act, marking the first time that law has been applied to a mobile application.
  • “The F.T.C.’s COPPA Rule requires parental notice and consent before collecting children’s personal information online, whether through a Web site or a mobile app,” explained Jon Leibowitz, chairman of the commission. “Companies must give parents the opportunity to make smart choices when it comes to their children’s sharing of information on smart phones.”
  • The decision coincides with a period of increased concern about privacy and mobile technology, as the industry considers new privacy protections to fend off potential federal regulation.

Top Stories
More News