Tuesday, November 27, 2007

More on Facebook Violations of Privacy

See the post below for the full story (earlier today), but I had to add these new revelations supplied by MoveOn.org as to how, specifically, member privacy is being violated by Facebook:

"Like our work together for Net Neutrality, this is fundamentally about the future of the Internet as a public space.

Here's what some people wrote on the public Wall of our Facebook group:

"I made a purchase yesterday for my wife for Christmas...When my wife logged onto Facebook, there was an entry in her news feed that I had bought a ring from Overstock. It had a link to the ring and everything. Christmas ruined."

—Sean L. from Massachusetts

"I saw my girlfriend bought an item i had been saying i wanted...so now part of my christmas gift has been ruined. Facebook is ruining christmas!"

—Matthew H. from New York

"Facebook, are you kidding me? This is way out of bounds for a program I never opted into."

—Matthew F. from Georgia3

For these reasons, I will include the rest of MoveOn's request for action:

Dear MoveOn member,

When you buy a book, movie, or gift online, do you want that information automatically shared with everyone you know?

Last week, the social networking site Facebook began doing just that. Private purchases made by Facebook users on other sites were posted on Facebook for people's co-workers, friends, and random acquaintances to see.1 Why? To benefit corporate advertisers.

Other sites are looking at Facebook's example to see if they can get away with similar privacy breaches. We need to draw a line in the sand—making clear that the wish lists of corporate advertisers must not come before the basic privacy rights of Internet users.

Can you urge Facebook to stop violating privacy rights? If you're on Facebook, join our Facebook group and invite your Facebook friends. If you're not on Facebook, you can sign our petition to Facebook.

You can join the Facebook group "Facebook, stop invading my privacy!" here:

http://www.moveon.org/r?r=3202&id=11708-1187820-11hUe8&t=5

Click here to sign the petition (see box at right for petition text):

http://civ.moveon.org/facebookprivacy/?rc=fb_air&id=11708-1187820-11hUe8&t=6

Facebook, Privacy, and MoveON

Note: I will be in DC until next Monday...then back to posting here...

Before I leave however, I suppose its encumbent on me to post something about Facebook - the hot new "online community" site - and the virtual rash of privacy violations currently being associated with it.

Let's first start with the company's deal with advertisers. This from The Independent:

The new technology will also allow businesses to build custom-designed "pages" on the social networking site. Users can become "fans" of a company's page, which means any interaction with that brand will be broadcast to their Facebook friends.

Privacy campaigners are up in arms about Facebook's move, lambasting the company for selling out its users to the highest bidders - companies such as Coca-Cola, Sony, Verizon and Blockbuster.

Jeff Chester, executive director of the Centre for Digital Democracy in Washington, warned yesterday that Facebook has mounted a "massive invasion of user privacy". He added: "The authorities need to crack down on Facebook and MySpace to stop data collection and make sure people's privacy is respected." He wants regulators, including the European Commission's Privacy Authority, to investigate.

Deborah Pierce, who heads the lobby group Privacy Activism, said: "Users should be concerned. They have no idea who has access to information about them from the site."

In the US, legal experts, such as the University of Minnesota law professor William McGeveran, have queried whether Facebook's ad strategy is even legal. He believes that under a 100-year-old New York privacy law users may be able to sue for damages if their photos are used for advertising purposes without their consent.

But that's not all. Now MoveOn.org, the liberal civic and political action group, is sounding the privacy invasion alarms in a campaign against Facebook, demanding they respect the privacy of its users.

CNet details the clash:

Last week, a feud began to brew between leftist activist group MoveOn.org and social-networking site Facebook concerning its "Beacon" advertisements, which broadcast information about users' activity on third-party partner sites to their friends' Facebook newsfeeds. According to MoveOn, it's a violation of user privacy because there's no way to universally opt out of Beacon ads. Facebook retorted, and the argument has turned into a legitimate debate over how far is really too far when it comes to sharing information about members' activity.

...

"Facebook should explain why they chose at the last minute to put the wish lists of corporate advertisers ahead of the privacy interests of their users," MoveOn spokesman Adam Green said in a statement from the organization. "Facebook has the potential to revolutionize how we communicate with each other and organize around issues together in a 21st century democracy. But to succeed, they need the trust of their users. The fact that Facebook proactively chose to make it harder for their users to keep private information from being made public will rub a lot of Facebook users the wrong way. The ultimate act of good faith would be to switch to an opt-in policy."

The magazine Techworld has more on the specific areas of disagreement:

MoveOn's disdain is aimed mainly at Facebook's new advertising program, known as "Beacon," which automatically posts information to a user's Facebook profile about their online purchases and other activities.

Facebook gives users the choice of opting out of the Beacon program through its privacy policy, but MoveOn believes the nature of the ad program demands a tougher policy, one that requires that users opt in before having their information tracked and posted in the program.


...

Facebook's Beacon program funnels information about a user's Web activities back to their profiles, where it can be viewed by their network of friends. For instance, if a user buys something on an e-commerce site, a note describing what and where was purchased is added to the user's profile. Or if a user posts a review of a restaurant or hotel on some sites, that information can also be pulled into the profile.

...

"The obvious solution is to switch to an 'opt in' policy, like most other applications on Facebook," MoveOn wrote on its Facebook page.

MoveOn is not the only entity that has raised concerns about the new program. Earlier this month, The New York Times reported that the social ads may violate New York state law. In addition, the Federal Trade Commission (FTC) has been pressured by privacy groups and others to create a do-not-track list that would enable Web users to opt out of a range of marketing-focused tracking programs at once.

For more of the article click here. In my opinion the answer is simple: In today's world in which ones most personal information can be shared around the world in seconds, "OPT-IN" is always the superior option than "opt-out". Period!

Monday, November 26, 2007

Cellphone Tracking Powers on Request

My apologies for the long absence, I've been battling the cold of the century!

Now, back to the world of Big Brother!

This story immediately caught my eye...sending chills down my spine in the process. I first heard of cell phone tracking a few tears back...in fact, it wasn't just tracking, it was the government actually listening in on people through THEIR cell phones. Granted, the people they were doing it to were mobsters, but it doesn't take a brain surgeon to realize this "ability" to not only track but listen in on people, by the government, through our cell phones, is something that could be grossly abused.

Apparently, the government has been tracking cell phone users...A LOT...and without probable cause!

This from the Washington Post:

Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers.

In some cases, judges have granted the requests without requiring the government to demonstrate that there is probable cause to believe that a crime is taking place or that the inquiry will yield evidence of a crime. Privacy advocates fear such a practice may expose average Americans to a new level of government scrutiny of their daily lives.

...

"Most people don't realize it, but they're carrying a tracking device in their pocket," said Kevin Bankston of the privacy advocacy group Electronic Frontier Foundation. "Cellphones can reveal very precise information about your location, and yet legal protections are very much up in the air."

...

"Permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns especially when the phone is in a house or other place where privacy is reasonably expected," said Judge Stephen William Smith of the Southern District of Texas, whose 2005 opinion on the matter was among the first published.

...

The trend's secrecy is troubling, privacy advocates said. No government body tracks the number of cellphone location orders sought or obtained. Congressional oversight in this area is lacking, they said. And precise location data will be easier to get if the Federal Communication Commission adopts a Justice Department proposal to make the most detailed GPS data available automatically.

Click here to read the article in its entirety...

Friday, November 16, 2007

Panel Drops Immunity From Eavesdropping Bill

Well here's a bit of good news. The Senate Judiciary Committee dropped language giving telecom companies immunity from a bill to overhaul the Foreign Intelligence Surveillance Act. But, we should be clear, that issue has not nearly been resolved...the buck has simply been passed. However, just a week ago it was looking pretty likely that such immunity was going to be included...so I think its worth mentioning here.

Similarly, last night "the House voted 227 to 189, generally along party lines, to approve its own version of the FISA bill, which also does not include immunity."

More from the New York Times:

By a 10 to 9 vote, the committee...dropped a key provision for immunity for telecommunications companies that another committee had already approved. The Senate leadership will have to decide how to deal with the immunity question on the Senate floor.

...

But the administration has made clear that President Bush will veto any bill that does not include what it considers necessary tools for government eavesdropping, including the retroactive immunity for phone carriers...

It should also be noted that Senator Russ Feingold proposed an amendment that would have deleted the liability shield, and therefore banned any telecom immunity, but it failed by a 12-7 vote (with Democrats Feinstein and Whitehouse siding with all the Republicans). Feingold said through a spokesman that he plans to offer his amendment again when the bill goes to the Senate floor.

And Sen. Christopher Dodd has vowed to prevent the bill from going to a vote, as long as it cloaks corporations with legal protections.

So this fight is far from over. For the full article click here.

Study: Half of retailers' wireless data easy to Hack

This study really highlights why it was such a disappointment to privacy protection advocates that the Governor bowed to money and pressure from the retail industry and vetoed
Assemblyman Dave Jones data security bill, AB 779 last month.

These new findings, in addition to the fact that the bill sailed through the legislature this year with near unanimous support (which is almost unheard of!), signifies this issue if far from dead...and AB 779, or a version of it, will be back in 2008.

The Washington Post reports:

"AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found about 25 percent of the stores' 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers. Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools."

...

"You can drive down a street with a laptop and easily find wireless access points, and it does not require a great degree of sophistication," said Avivah Litan, a security analyst with Gartner Inc. "In technical circles, people talk about this all the time, but nobody ever puts it together broadly like this survey."

...

TJX said in March that at least 45.7 million cards were exposed, although recent court filings by banks suing TJX estimate than 100 million were. Canadian investigators concluded in September that TJX had failed to upgrade its encryption from the older WEP method by the time the eavesdropping began in July 2005.

...

AirDefense privately notified retailers when it found major security flaws, Rushing said. It is not disclosing the names of individual retailers to avoid drawing hackers' attention. Representatives for the National Retail Federation and credit card associations Visa and MasterCard declined comment.

Read the full Washington Post article here - and don't be surprised when this study re-emerges next year as more proof positive that Californians deserve increased protections of their private personal data - and greater accountability for those that are responsible for it being compromised.

Thursday, November 15, 2007

Redefine Privacy...Umm...No Thanks

I just couldn't let this one lie (see last post for more)...so I'm including one more write up on this week's mind blowing suggestion by Donald Kerr - the principal deputy director of national intelligence in testimony before the Senate Intelligence Committee - that we as a nation should "redefine" the meaning of privacy (to let's just say something far less "private").

My initial response to the latest example of a Bush administration official saying something so ludicrous and scary that it forces us to take multiple "double takes" was: "But if our current privacy protection rights are being so thoroughly eviscerated and stomped on, why would I want to weaken them?"

I thought this article in The Progressive Daily Beacon sums up well why all Americans should take to the streets if this new "definition" is EVER adopted:

Why exactly does the government need to listen to an absent father's phone call to his daughter on her birthday? Under what possible circumstance is it vital that the CEO of RJ Reynolds be made privy to a mother's email sent to her son away at university? Mister Kerr's concept grows creepier by the moment. His understanding of privacy is really quite perverted.

...

The point Mister Kerr needs to understand is that there has never been, in all of human history, a government or business that was capable of protecting, honoring and respecting the sanctity of any individuals privacy. And, frankly, nothing about the current government or today's corporate leadership inspires confidence that anything in that area has changed over time. So, in closing, we've considered Mister Kerr's kind suggestion that we redefine our understanding of privacy and we've decided not to invite him, the government and business into our very personal lives.

I realize the Orwell analogy can seem like its being over used when describing the current government and corporate assault on the principles of privacy and liberty, but its hard to find a better fit. From RFID's to "enhanced drivers licenses" to REAL ID to wiretapping to surveillance, we truly are entering a "Brave New World" of Big Brother at every street corner, running through every phone and Internet line, and always tracking, always listening.

For the rest of the article click here...and if you want to find out a whole lot more on multitude of attacks on our privacy, all being driven what I call the "Big Three" - Fear, Money, and Power (I'll discuss these more in future posts) - please check out the sites of some of the groups we have linked on the sidebar of this blog.

Tuesday, November 13, 2007

Definition Changing for People's Privacy

This is one of those moments of "clarity". When I say "clarity" I suppose the better word is one of those "honesty slip ups" by this government. I'm referring to the recent testimony, covered here by the Associated Press, of Donald Kerr before a Senate Intelligence Committee on Capitol Hill on his nomination to become Deputy Director of National Intelligence.

Here's the scary, or uh, honest part of his testimony. In referring to privacy, he said, basically, its time to change our collective definition of the word itself!

Before I post some clips from the article, watch this clip of Jack Cafferty on CNN, perfectly framing the issue. As in, "why change something (privacy) that's worked so well for over 200 years in this country?"

From the article:

As Congress debates new rules for government eavesdropping, a top intelligence official says it is time that people in the United States changed their definition of privacy. Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguard people's private communications and financial information.

...

"Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that...Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety," Kerr said. "I think all of us have to really take stock of what we already are willing to give up, in terms of anonymity, but (also) what safeguards we want in place to be sure that giving that doesn't empty our bank account or do something equally bad elsewhere."

...

"Anonymity has been important since the Federalist Papers were written under pseudonyms," Opsahl (a senior staff lawyer with the Electronic Frontier Foundation) said. "The government has tremendous power: the police power, the ability to arrest, to detain, to take away rights. Tying together that someone has spoken out on an issue with their identity is a far more dangerous thing if it is the government that is trying to tie it together."

Opsahl also said Kerr ignores the distinction between sacrificing protection from an intrusive government and voluntarily disclosing information in exchange for a service.

"There is something fundamentally different from the government having information about you than private parties," he said. "We shouldn't have to give people the choice between taking advantage of modern communication tools and sacrificing their privacy....It's just another 'trust us, we're the government,'" he said.

Friday, November 9, 2007

Big Brother Is Listening to Your Cell Phone Calls

I don't know about you all, but I'm starting to think someone is going to jump out from behind my desk and say "Surprise, you're on candid camera!!" Since we started this blog revelation after revelation indicates that literally, NOTHING, we say or write, isn't somehow being traced or listened in on (or potentially anyway) by our government or corporate overseers.

Even more disturbing, is the fact that representatives in Congress are actually debating whether telecommunication companies should be granted legal immunity for their participation in the administration's warrantless wiretapping program...even as we hear new testimony that a secret room in San Francisco - used by AT&T and our government - allows them to track and monitor nearly all phone or internet traffic in the country!

But wait, there's more! According to an article in the Rutherford Institute, our cell phone conversations are also being listened in on and our positions tracked in new and creative ways.

John W. Whitehead writes:

In an information age where we’re required to hand over confidential information in order to make a purchase, drive a car or visit a doctor’s office, our privacy is being relegated to the junk heap of antiquated, obsolete ideas. Nowhere is this more evident than in the telecommunications industry, where technological breakthroughs that add convenience to our lives are simultaneously giving corporations and government agencies almost unlimited access to our most private moments.

...

But there’s more. Global Positioning System (GPS) chips, the same technology used in many new cars to help drivers navigate unknown territory, track a cell phone’s every movement in real time. Such technology is marketed to parents as a tool for keeping tabs on their children, to employers as a means of monitoring their employees’ whereabouts, and to young people for social networking so they can track each other down.

Yet despite the sales pitch, not all uses of this technology are benevolent. As journalist Laura Holson explains, “If G.P.S. made it harder to get lost, new cellphone services are now making it harder to hide.” Although this tracking function can be turned off in cell phones, Holson notes that “G.P.S. service embedded in the phone means that your whereabouts are not a complete mystery.”

Attorney Kevin Bankston, with the Electronic Frontier Foundation, sees this as a serious breach of privacy. “We seem to be getting into a period where people are closely watching each other. There are privacy risks we haven’t begun to grapple with.” Charles S. Golvin, a wireless analyst at Forrester Research, admits that there is a Big Brother component to the use of GPS in wireless phones. “The thinking goes,” he explains, “that if my friends can find me, the telephone company knows my location all the time, too.”

However, if the phone company knows where you are, it stands to reason that the government does as well. Indeed, the rate at which corporations, from banks to retail stores to phone companies, are turning over their customers’ private information to government agents for tracking and spying purposes is staggering. As an ACLU report details, “Many companies are willing to hand over the details of their customers’ purchases or activities based on a simple request from the FBI or other authorities.”

In 2002 alone, Bell South received 16,000 subpoenas from government agents and 636 court orders for customer information. And it’s not just that the requests for customer information are becoming more frequent—they’re also getting broader and have been characterized as “shotgun approaches” or fishing expeditions.

Moreover, the FBI and other government agencies are demanding greater legal authority to be able to force companies—especially cell phone companies—to turn over customer information. “They have pushed for an aggressive interpretation of the statute that would allow it to monitor certain Internet content without a warrant and to collect tracking information about the physical locations of cell phone users,” the ACLU reports, “turning cell phones into what, for all practical purposes, are location tracking bugs.”

Now the Bush Administration is prodding Congress to grant retroactive legal immunity to the telecommunications companies that have allowed government agents access to their customers’ private phone call data. If Congress passes such a law, it would put an end to the dozens of lawsuits that have already been filed against phone companies alleged to have violated federal privacy laws by handing over customer data to the government. It would also put an end to any pretense that our government has our best interests at heart.

Read the entire article here...

Thursday, November 8, 2007

AT&T Whistleblower Speaks Out Against Immunity For Telcoms

If this doesn't finally dispel, and in fact crush, the BIG LIE being perpetuated by the Bush Administration I don't know what will. The lie I speak of is that the warrantless wiretapping program, done without congressional approval or the knowledge of the American people, is in fact, just a way to eavesdrop on the calls of "terrorists". Now, I realize few critically thinking Americans believe this lie, but now we've got even more hard proof that the program, or I should say "illegal program", was actually being used to monitor and eavesdrop on ALL calls being made, inside and outside this country....as well as emails!

Before I get to the two video clips of whistleblower Mark Klein's mind blowing revelations, and pleas to the Congress to NOT give telecom companies immunity, check out the article by the New York Times.

And thankfully too, we have television journalists like Keith Olbermann on the story, as well as the courageous whistle blower Mark Klein, a former AT&T employee with direct knowledge of that "secret room" in San Francisco used by the government and AT&T to monitor our conversations and emails.

First, watch the interview of Klein by Olbermann:

And here's a more detailed description of what's uncovered in the piece from "Crooks and Liars":

If you have any reservations about Congress granting immunity to telecommunications companies like AT&T for illegally spying on Americans, this segment from last night’s Countdown should leave little room for doubt — they have, and continue to betray us and should be held accountable for their crimes.

Likening himself to a character from Orwell’s 1984, retired AT&T technician and whistle blower, Mark Klein, tells Keith Olbermann about his testimony before the Senate Judiciary Committee during which he pleaded with them not to grant immunity to the telcom companies. Klein contends that his former employer is lying to the American people and that they were not only spying on overseas communications, but virtually ALL domestic internet and phone traffic — and they have been doing it for years.

Olbermann: “In talking to Congress today what did you hear? Did you get the sense that anybody is ready to go after not just the telecom execs, but the government officials who ordered this?”

Klein: “I couldn’t tell, I’m not a politician and they play their cards close to the vest. All I can do is emphasize again, that they’re copying everything, this is a violation of the Constitution, it’s domestic traffic, it’s phone calls as well as e-mail and something should be done to stop it and Congress should not kill the judicial process.”

Update: In yesterday’s New York Times, Senator Russ Feingold points out the obvious: “Telecom companies that cooperate with a government wiretap request are already immune from lawsuits, as long as they get a court order or a certification from the attorney general that the wiretap follows all applicable statutes.”

But that's not all, watch Klein here, in his own words, speak about just how intricate and all encompassing this program really is...to use the terms "Orwellian" or "Big Brother" to describe our present day predicament is no longer just hyperbole.

Klein states, "They're tapping into the entire Internet."

And Talking Points Memo writes:

Earlier today we flagged that Mark Klein, who uncovered a secret surveillance room run by the NSA while employed as a San Francisco-based technician for AT&T, is in Washington to lobby against granting retroactive legal immunity to telecommunications companies. In an interview this afternoon, Klein explained why he traveled all the way from San Francisco to lobby Senators about the issue: if the immunity provision passes, Americans may never know how extensive the surveillance program was -- or how deeply their privacy may have been invaded.

"The president has not presented this truthfully," said Klein, a 62-year old retiree. "He said it was about a few people making calls to the Mideast. But I know this physical equipment. It copies everything. There's no selection of anything, at all -- the splitter copies entire data streams from the internet, phone conversations, e-mail, web-browsing. Everything."

If these revelations don't give the Democrats the impetus to reject giving these telecomm companies immunity I just don't know what will.

Wednesday, November 7, 2007

FBI Hoped to Follow Falafel Trail to Iranian Terrorists in San Francisco

Yes, you read the headline correct. It turns out our crack squad of FBI agents were "data mining" for Iranian terrorists at San Francisco grocery stores. What you ask was the secret trail that they thought might lead them to the "evil doers"? Why, falafel purchases of course!

On one hand, this is so ludicrous its difficult not to get a chuckle from. Yet, it simultanerously gives creedence to every fear privacy protection advocates could possibly dream up! If the FBI is tracking falafel purchases of San Francisco residents, what else might they be up to? To call this "profiling" is an understatement.

Congressional Quarterly covers the story:

Like Hansel and Gretel hoping to follow their bread crumbs out of the forest, the FBI sifted through customer data collected by San Francisco-area grocery stores in 2005 and 2006, hoping that sales records of Middle Eastern food would lead to Iranian terrorists. The idea was that a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents in the south San Francisco-San Jose area.

...

As ridiculous as it sounds, the groceries counting scheme is a measure of how desperate the FBI is to disrupt domestic terrorism plots. The possibility of Iranian-sponsored terrorism in the United States has drawn major attention from the FBI because of rising tensions between Washington and Tehran over Iran’s nuclear program.

“Because of the heightened difficulties surrounding U.S.-Iranian relations, the FBI has increased its focus on Hezbollah,” Bresson said 16 months ago. “Those investigations relate particularly to the potential presence of Hezbollah members on U.S. soil.”

...

Last July’s National Intelligence Estimate (NIE) on terrorism trends addressed the potential for Iranian subversion here in such cautionary terms that it was rendered useless. “We assess [Iran-backed] Lebanese Hezbollah, which has conducted anti-U.S. attacks outside the United States in the past, may be more likely to consider attacking the Homeland over the next three years if it perceives the United States as posing a direct threat to the group or Iran,” the [NIE] said. (Italics added.)

In other words, who knows? Nobody.

...

Only about a dozen Iranians in the United States have been arrested over the years, mostly in connection with small-time fund raising scams on behalf of Hamas, which included drug peddling, scalping cheap North Carolina cigarettes in New York and counterfeiting Viagra.

...

Community leaders have frequently complained that, since 9/11, any Muslim is considered a terrorist suspect. Some Iranians have complained of heavy-handed efforts by the FBI to turn them into informants. They say they constantly have to “prove” their loyalty to their adopted country to authorities and their neighbors.

I hope everyone feels as safe now as I do....

Tuesday, November 6, 2007

Why states are resisting U.S. on plan for REAL I.D.

Before I get to the article in the Christian Science Monitor detailing the rising state opposition to the REAL ID Act, let's begin with a little background.

On May 1st, 2007 the Department of Homeland Security held a national town hall meeting at the University of California at Davis to discuss implementation of the REAL ID Act. The Consumer Federation of California (CFC) testified in opposition to the ACT because we believe it would represent a gross violation of personal privacy rights and actually increase the potential for identity theft.

REAL ID Overview: The Real ID Act of 2005 would turn our state driver’s licenses into a genuine national identity card and impose numerous new burdens on taxpayers, citizens, immigrants, and state governments – while doing nothing to protect against terrorism. This new federal identity document would be required of every American in order to fly on commercial airlines, enter government buildings, open a bank account, and more.

Richard Holober, CFC's Executive Director, summed up our opposition thusly:

"This proposal will create a potential one-stop shop for identity thieves. The regulations are silent on the question of certain data, but we believe it is likely that most states will scan and save electronically all source documents, birth certificates, proof of address, et cetera, making this information part of state databases as well. The creation of a massive national database loaded with American's personal information would be a dream come true for identity thieves.

...

We're extremely worried that rather than safeguarding security, the more identity thieves can get their hands on aggregated records, the more there will be identity theft and that will be by not only common variety criminals, but by terrorists as well. We're opposed to these regulations."

The good news is states across the country are opposing this federal power grab, on the basis of both privacy and cost concerns.

The Christian Science Monitor reports:

The federal government's efforts to create a standardized, secure driver's license that would also serve as a national ID card have hit some significant stumbling blocks. Chief among them: Eight states have voted in the past year not to participate in the program. Nine others are on the record opposing the proposal. In total, legislation opposing the plan has been introduced in 38 states.

...

The objections raised by states have already prompted DHS to extend the deadline for implementation from the spring of 2008 to 2013. Last week, Guest and the American Civil Liberties Union (ACLU) sparked more consternation at DHS by claiming it watered down REAL ID requirements so much that it negated the original intent of the program. In a conference call with state officials, including Guest, DHS reportedly said it is considering further extensions. DHS also made it clear that if states don't comply, their citizens could still use passports or go through extended screening to board planes.

For the full article click here...

Friday, November 2, 2007

Most consumers clueless about online tracking, behavior profiling

I suppose this shouldn't be a surprise to anyone, but a new poll released this week by the Samuelson Clinic at the University of California, Berkeley, and the Annenberg Public Policy Center at the University of Pennsylvania, shows that consumers are grossly unaware of just how much of their personal information is being shared and sold online.

The good news is a coalition of privacy advocacy groups are asking the Federal Trade Commission to consider creating a "Do Not Track" list...similar to the popular "Do Not Call" lists. The coalition includes the Center for Democracy and Technology, Consumer Action, the Consumer Federation of America, the Electronic Frontier Foundation, Privacy Activism, Public Information Research Inc., Privacy Journal, the Privacy Rights Clearinghouse and the World Privacy Forum.

Jaikumar Vijayan of Computerworld writes about the new poll's findings:

One example of that disconnect is that more than half -- about 55% -- of those surveyed falsely assumed that a company's privacy polices prohibited it from sharing their addresses and purchases with affiliated companies. Similarly, nearly four out of 10 online shoppers falsely believed that a company's privacy policy prohibits it from using information to analyze an individuals' activities online; in fact, this is a common practice. A similar number also assumed that an online privacy policy meant that a company they're doing business with wouldn't collect data on their online activities and combine it with other information to create a behavioral profile.

Still, when survey respondents were offered a clear explanation of an online advertising model, about 85% rejected the idea that a site they value and trust should be allowed to serve up click stream advertisements based on data from their visits to various other sites.

...

Compounding user ignorance is the fact that many companies say they respect a user's choice not to be tracked, yet still find ways of circumventing that commitment, Hoofnagle said. For instance, some Web sites that promise not to allow third-party tracking cookies to be installed on a user's system do so anyway in a roundabout fashion via so-called first-party sub-domain cookies, he said. Similarly, some companies install flash cookies to uniquely track users across sites, he said.

Even companies that pledge not to share online consumer information with an outside party often store more data, and for longer periods of time, than most consumers realize, or would agree to if they knew, Hoofnagle said.

"From the consumer perspective, many, many thousands of companies track everything they do online and offline, maintain profiles of them and sell them to whoever will pay the most for it," said Steven Gal, CEO of ProQuo, a La Jolla, Calif.-based start-up that allows users to choose which paper junk mail to stop receiving from different sources. Such companies don't let consumers see their profiles, or interact with these profiles, resulting in a lot of junk mail and spam, he said.

Jaikimar Vijayan also writes on the upcoming FTC hearings regarding the creation of a Do Not Track list:

A group of nine privacy advocacy organizations today submitted a proposal to the Federal Trade Commission asking it to consider implementing a Do Not Track list to protect people from having their online activities unknowingly tracked and used by marketers. The group also wants the formal definition of the term "personally identifiable information" updated, and it said Internet advertisers should be forced to provide more robust disclosures on any behavioral tracking they are doing.

...

Basically, a Do Not Track list would require companies that undertake consumer behavioral tracking for advertising purposes to register their tracking servers with the FTC. Consumers could then download that information and use it to block servers on the FTC list from planting persistent tracking tools on their systems.

...

The proposed plan is designed to make it as easy for consumers to opt out of online tracking as it was for those on the Do Not Call list to opt out of unwanted telephone calls, Mark Cooper, director of research at the Consumer Federation of America, said at this morning's news conference.

Thursday, November 1, 2007

Senate Panel Balks at Telecom Immunity

What has begun to resemble a privacy protection roller coaster ride continues in the nation's capitol where the Senate Judiciary Committee debates whether to grant telecommunication companies legal immunity for their participation in the Bush Administration's warrantless wiretapping program.

At this point it remains extremely difficult to tell which way the Committee is going go: stand up for the constitution or betray the privacy rights of American citizens? I find it hard to believe that without the option of the courts, and the threat of public lawsuits, we'll ever get to the bottom of just how widespread this program was...and who exactly was being monitored.

The Associated Press reports on the latest developments:

Telecommunications companies face about 40 civil lawsuits nationwide for alleged violations of wiretapping and surveillance laws at the Bush administration's request. Another five lawsuits have been filed against the U.S. government.

At issue is the interception of American e-mails and phone calls from 2001 to 2007. The so-called Terrorist Surveillance Program was conducted without the consent of the secret Foreign Intelligence Surveillance Court, which oversees intelligence agencies' eavesdropping inside the United States.

The Senate Intelligence Committee provided immunity in its version of a new eavesdropping bill. It bars civil lawsuits against telecommunication companies if the attorney general and national intelligence director certify that the companies acted on written orders approved by the president. The Judiciary panel still needs to act on the bill before it goes before the full Senate.

Also reporting on the story, is CNET News:

Leahy grilled Wainstein at length on why retroactive immunity is necessary at all. A report accompanying the Senate Intelligence Committee's approved bill says that at regular intervals between 2001 and early 2007, the Bush administration presented electronic communications providers with letters saying the president or the attorney general had certified the various wiretapping requests as lawful.

Given those letters, "if you feel secure in what you did, why ask for further legislation?" Leahy asked Wainstein. "Why not let the courts deal with the certifications that the president said it was legal?"

...

All Democrats present at the hearing questioned the idea of granting immunity, with Sens. Dick Durbin (D-Ill.) and Russ Feingold (D-Wisc.) growing particularly animated.

"Isn't it reasonable to say the company has a statutory obligation to protect my identity and to only give it up for a legitimate, statutorily-recognized purpose?" Durbin asked Wainstein, who responded that he thought all of the companies who have assisted the government "acted out of patriotic duty."

With the exception of Specter, most Republicans on the committee defended the Bush administration's position, asking Wainstein questions intended to tout the importance of surveilling the enemies of the United States at wartime.