Friday, May 28, 2010

Google Wi-Fi or Google Wi-Spy?

I've got some good news and some bad news for today. The good news is I don't feel forced to write about the current anti-privacy champion Facebook. The bad news is Google is vying for Facebook's throne. Yes, its a clash between two corporate behemoths - each trying to "out anti-privacy" the other.

As some of you probably already know, it turns out Google has a little bit of a "spying" problem. But before I get to that, let me give some backdrop on the company's long and sordid past when it comes to protecting user privacy. Google's "belligerence" when it comes to this issue shouldn't be understated once the size and scope of the company is taken into consideration.

Now, I've posted a lot about Google's less than stellar record on privacy in the past, from their lobbying efforts in Congress, to cloud computing to Google Buzz to Google books to its increasing usage and expansion of behavioral marketing techniques. And that's just to name a few...

In other words, Google has made a fortune from spying on what consumers do online, including what web sites they visit; creates dossiers on users’ online behavior without their prior permission; then harvests this private information to sell hundreds of millions of dollars in advertising.

But, the ante has recently been raised with the company's admission that Google’s StreetView cars were gathering private information from unaware local residents - yet again demonstrating the company’s lack of concern for privacy and the need for government inspection of the data the company is collecting and storing.

This flagrant intrusion into consumers’ privacy only came to light because of tough questions from European regulators. Late last Friday the company acknowledged gathering “payload data” from WiFi networks. Less than a month ago Google had denied accumulating the information. Google engineers attributed the discrepancy to a “mistake.”

But it get's better. Suits have been filed in Washington D.C., California, Massachusetts and Oregon by people who accuse Google of violating their privacy because the cars also collected data from open Wi-Fi networks.

The court then ordered Google to make two copies of a hard drive containing data from the United States and turn them over to the court - data that was scooped up by the company's Street View cars as they photographed neighborhoods, part of an escalating legal and public relations problem for the search engine giant.

Google has sent fleets of cars around the world for several years to take panoramic pictures of streets. People using Google's online atlas for locations and directions can often look at photographs collected by the Street View project and classified by address. Google says it uses the location of Wi-Fi networks to enhance location-based services on smartphones.

It first revealed that Street View cars were collecting wireless data in April, but said that no personal data from Wi-Fi networks was involved. But after an audit requested by Germany, Google acknowledged it had been mistakenly collecting samples of "payload data."

Even three U.S. lawmakers, concerned Google may have violated U.S. privacy laws, asked the company on Wednesday to tell them how much personal data was gathered. California Republican Representative Joe Barton, California Democrat Henry Waxman and Massachusetts Democrat Edward Markey said in a letter to Google's Chief Executive Eric Schmidt that they also wanted to know how Google planned to use that information.

John M. Simpson, consumer advocate with the nonpartisan, nonprofit group Consumer Watchdog (which has been all over Google's anti-privacy practices for the past few years now), took the argument against Google further, stating, “While the activity is likely a violation of federal laws, we believe there is a good possibility it also broke state wiretap, privacy and unfair business practices laws in many cases...We call on each attorney general to investigate the extent to which this is the case in his or her jurisdiction.”

The group's letter, addressed to James McPherson, executive director of the National Association of Attorneys General, states, Google’s claim that its intrusive behavior was by ‘mistake’ stretches all credulity. In fact, Google has demonstrated a history of pushing the envelope and then apologizing when its overreach is discovered. Given its recent record of privacy abuses, there is absolutely no reason to trust anything the Internet giant claims about its data collection policies.”

The letter continues, "the FTC has the authority and public trust necessary to get to the bottom of Google’s dubious data collection practices. The probe should reveal exactly how consumers’ privacy has been compromised and what remedies are required."

None of this should really be a surprise of course. As I stated to the PUC a few months back, with Google lobbyists in the room no doubt:

"...one Google product after another – from Google Buzz to Google Books - has been a virtual privacy train wreck. The company's refusal to make public how often information about their users is demanded by, or disclosed to the government, is all the more disconcerting."

Google’s CEO, Eric Schmidt recently stated "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

Schmidt also said:

"… the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."

So with all that said, here's a few clips from Wired magazine on this burgeoning spying scandal:

The lawsuits...allege that Google violated federal and state privacy laws in collecting fragments of data from unencrypted wireless networks as its fleet of camera-equipped cars moseyed through neighborhoods snapping pictures.

The Massachusetts lawsuit, filed Tuesday by Galaxy Internet Services, is seeking class-action status for all Wi-FI users in the state who may have been affected, and is asking for $10 million in damages....

The Oregon lawsuit is seeking class-action status for residents in Oregon and Washington state whose data may have been collected. Plaintiffs in that case seek statutory damages of $100 a day per plaintiff for each day their data was breached, or $10,000 for every instance of illegal data collection. It also seeks other unspecified punitive damages.

The California suit seeks class-action status for all U.S. residents. Plaintiffs in the suits are also seeking court orders to prevent Google from destroying the data it collected until plaintiffs can examine it in discovery.

...

The company called the inadvertent collection “a mistake”
and said it was the result of a programming error — code written for an early experimental project wound up in the Street View code, and Google says it didn’t realize the error until German privacy authorities began questioning what data Google’s cameras were collecting....

Not everyone believes the plaintiffs in the lawsuits have a winning case. One attorney noted to The Recorder that the Electronic Communications Privacy Act contains a safe harbor for breaches that involve collections of data that is already publicly accessible.The plaintiffs also may not have standing for a suit unless they can prove that their personal data specifically was among the information that was collected.

And to finish the post off,
here's a bit more from CNet's Declan Mcullaugh:

Google
's accidental interception of some Wi-Fi transmissions is, for at least a few politicians, the gift that keeps on giving. The letter comes exactly a week after Markey and Barton called on the Federal Trade Commission to investigate whether the search company's inadvertent collection of Street View Wi-Fi data violates the law. A few days earlier, Google had acknowledged that because of a programming error, its Street View cars had intercepted fragments of data from unencrypted Wi-Fi networks for periods of 200 milliseconds at a time.

...

Wi-Fi networks that aren't encrypted--that is, open wireless networks--are trivial for anyone to monitor. Some of the more popular packet-sniffing tools are even free. But just because it's technically possible to capture packets on an open Wi-Fi connection doesn't mean it's legally permitted.

A federal law called the Electronic Communications Privacy Act says that anyone who "intentionally intercepts" any electronic communication, including a wireless communication, is guilty of a crime. But accidental or inadvertent interception doesn't count.

...

The risk for Google goes beyond this single privacy flap. The bigger problem for the search company is that news of the Street View Wi-Fi interception erupted at a time when politicians, bureaucrats, and activists are paying an unusual amount of attention to tech companies' data collection and use practices.

There was Google Buzz's launch, relaunch, and re-relaunch earlier this year. There was Facebook's loss of face on privacy, culminating in a press conference with CEO Mark Zuckerberg in Palo Alto, Calif., on Wednesday to announce a set of simpler data-sharing settings. Even Apple has been accused of being Big Brother.

When you
're one of the biggest companies in an industry that has the good fortune to fall into Washington's crosshairs at the moment, you don't want even the slightest privacy misstep, let alone one that becomes an international incident. That invites new proposals for more regulation (that even liberal groups don't like very much) and other negative consequences.

Wednesday's letter to Google from Barton, Markey, and Waxman, who chairs the committee overseeing Internet regulation, asks questions like "Have all Street View vehicles documenting United States roads been engaged in the monitoring or data collection of Wi-Fi transmissions at all times during these activities?" And: "Please explain why Google chose to collect the data and how it intended to use the data."

It would be entertaining if Barton were asked why, if he cares so much about privacy, he supported efforts by the Bush administration to expand government surveillance. And if Markey is committed to civil liberties, why did he vote last week for the DNA collection of Americans who have been arrested for, but not convicted of, a crime?

Click here to read the article in its entirety.

Special thanks to Consumer Watchdog for the bulk of the information I posted today...they deserve big props for keeping on Google and exposing the company's practices...practices that conflict with the "brand" they're selling us...to put it mildly...

Thursday, May 27, 2010

Facebook and Privacy: The Opt-Out versus Opt-In Debate

When it comes to privacy, May has been the month of Facebook (tomorrow's post to tackle Google's "WiSpy" Scandal!). In just the past couple weeks we’ve seen the social networking giant taken to task for its increasingly outrageous anti-privacy policies by a growing number of interests.

Senator Chuck Schumer has initiated action in the Senate, Moveon.org and the ACLU have urged members to demand the company address their privacy concerns (more than 80,000 people have signed the ACLU's Facebook petitions), over 162,000 Facebook users have joined the group “Facebook: Respect My Privacy”, the San Francisco Chronicle wrote a blistering editorial entitled “Unfriendly Facebook”, and The Electronic Privacy Information Center (EPIC) – along with a host of other consumer and privacy groups – filed a complaint against the company with the Federal Trade Commission (FTC), demanding that Facebook cancel new features introduced in mid-April that compel users to share more information than before.

Similarly, new tools are now available, “Reclaim Your Privacy” in particular, for the sole purpose of protecting user privacy from the never-ending Facebook assault.

It wasn’t always this way. As noted by the Chronicle, Facebook initially branded itself as the "safe" choice for people who wanted to stay in touch with their friends without blaring their information all over the Internet. After an endless series of changes to its privacy policy to "encourage" users to share information, very little about Facebook seems safe at all.”

In fact, as detailed by the Electronic Frontier Foundation , Facebook has continually changed and weakened its privacy controls and policies since its inception. Privacy violation highlights include:

  • Made users' friends lists public - resulting in a complaint to the FTC and ultimately a modification.
  • Refused to allow people to permanently delete their accounts and personal information from the site.
  • Installed "Beacon" (no longer in use) - a technology that tracks user's online purchases and informed their friends without permission.
  • Released new privacy settings that are actually less private – allowing more "publicly available information" that can't be controlled, making it easier for it to collect location data on users and sell that data to third parties, including your list of friends and their information, as soon as you visit their websites—without asking your permission, recommending to users to loosen their privacy settings, default settings are all set to the LEAST private setting and remain buried behind too many layers of menus, and the new controls still fail to explain what the applications can really see.
  • Facebook reportedly receives up to 100 demands each week from government agencies seeking information about its users.
  • Even if your Facebook profile is "private," when you take a quiz or run any other application, that app can access almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. And these apps may have access to most of the info on your friends' profiles too—which means if your friend takes a quiz, they could be giving away your personal information, even if you've never used an app.
  • The company recently admitted that in some circumstances – in direct contradiction to its promise – it sent the user name of Facebook members to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends.
  • Some people report that they are able to see the public "events" that Facebook users have said they will attend – even if they person is not a "friend" on the social network.
NetworkWorld summarizes some of the FTC complaint Filed by EPIC:

Facebook violated its own privacy policy by making user information publicly available with changes introduced the week of April 18, 2010, the complaint alleges. Facebook is now making information such as a user's hometown, education, work, activities, likes and interests public, whereas previously such information could be hidden, the complaint states.

"As a result of these material changes, Facebook requires users to designate personal information as publically linkable 'Links,' ‘Pages,' or ‘Connections' or to no longer make such information available,” the complaint states. Many Facebook users previously restricted access to this profile data, which includes users' friends list, music preferences, affiliated organizations, employment information, educational institutions, film preferences, reading preferences, and other information."

When the changes went live, Facebook presented users with a pop-up screen compelling them to link their profiles to various pages selected by Facebook based upon content entered manually into the user's profile. The user could either link their profiles to all selected pages, choose pages individually, or click the "ask me later" button.

If the "ask me later "option was chosen, users were later presented the same screen with only the "link all" and "choose individually" options. If they click "choose individually", they are taken to a page with a series of pre-checked boxes, forcing them to uncheck all boxes if they don't want their profiles linked to every page.


Facebook: The Embodiment of the Opt-Out Principle

The Facebook flap represents a landmark privacy debate with broad implications. The company has been actively undermining user privacy in the name of the almighty dollar for years now. Its opt-out model embodies the current debate over privacy in the information age.

The real question that must be answered is whether the individual owns his or her private information, or do companies like Facebook? If our personal information is truly "ours", then anyone wanting to use it must come ask us for it first (Opt-In), just like when somebody wants to use something else that we own.

This growing privacy debate is all the more important because the public is entrusting increasing amounts of private information to websites and online social networks.

Yesterday, in the face of this massive public outcry, Facebook CEO Mark Zuckerberg admitted he’s made mistakes and announced a new plan for protecting user privacy.

But once again, he refuses to stop giving away users' information without first asking permission. Making privacy controls less confusing, isn’t real privacy protection, and only reinforces the very Opt-Out principle that needs to be abolished.

As the San Francisco Chronicle editorial noted,Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.”

Friday, May 21, 2010

Unfriendly Facebook Indeed...

Okay, if all goes well I won't have to do another post about Facebook for at least a few weeks...I'm begging here...

Nonetheless, I want to alert people to a short, to the point, editorial by the San Francisco Chronicle entitled "Unfriendly Facebook" that is worth a look. The most notable fact about the editorial is that it was written at all. This signifies a growing outcry against the company due to there, how shall we say it...disdain for their customer's privacy maybe? The editorial, and the amount of press and legislative attention to the issue can only be viewed as a positive development! Now we need results.

On Wednesday I wrote a detailed post on how you can both send a message to Facebook that you want your privacy back, as well as a new site that allows you to "Reclaim your Privacy" on the social network (as I also point out, it matters what your friends do as well). To read a few recent posts on the host of privacy problems associated with the social network, just click here, here, here, and here.

Before I get to the Chronicle editorial, I do in fact have yet another breaking story about yet another Facebook violation of your privacy...I kid you not. As we know, Facebook promises, specifically, that it doesn't "share your information with advertisers without your consent." Only "non-personally identifiable" data, it says, are shared.

Well, they were lying. The social networking giant confirmed late Thursday that it has, at least in some circumstances, sent the user name of a Facebook member to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends. Say it ain't so!

Elinor Mills and Declan McCullagh of C-Net have more:

News of this data sharing, which appeared in the Wall Street Journal on Thursday evening, could prove embarrassing to the social-networking site, which is already on the defensive after Washington politicians have been calling for regulatory action on privacy grounds and over a dozen advocacy groups have charged that Facebook engages in "unfair and deceptive" business practices.

Facebook's admission also may conflict with its previous statements. In a blog post last month, a company official wrote: "We don't share your information with advertisers unless you tell us to...Any assertion to the contrary is false. Period."

...

Browsers typically send a Web site, in what's called a Referer: field, the location of the page you last visited. This lets Web operators know where their visitors are coming from, and it's viewed as a perfectly normal and commonplace practice.

The rub: if you're logged into Facebook, the Referer: field can reveal your user name to advertisers.

Ben Edelman, an assistant professor at Harvard Business School who has a background in Internet advertising, described the problem in a new essay that says: "When a user views her own profile, or a page linked from her own profile, the "?ref=profile" tag is added to the URL--exactly confirming the identity of the profile owner." Facebook could eliminate any privacy concerns by configuring a different type of Referer: set-up, Edelman said.

...

Other social-networking sites also included the Referer: field, but Facebook appears to be the only one that uses it--inadvertently or intentionally--to signal the identity of who's logged on.

Its becoming clearer and clearer that Facebook is kind of like the BP and Goldman Sachs of social networking...though to be fair, Chevron and Exxon are just as despicable as BP, and Bank of American and Citigroup are pretty notorious crimials themselves. Of course, I would never imply that what Facebook is doing even REMOTELY compares to the avarice, corruption and overall destructive forces that are Big Oil and the Big Banks.

No, I'm simply making the point that it is typical big business behavior...and that means the only thing that matters is the bottom line, regardless of how that line is reached. Facebook is simply following that typical corporate creed...(without of course, the same degree of destruction in their wake)

Now to the Chronicle:

It's ironic that Facebook initially branded itself as the "safe" choice for people who wanted to stay in touch with their friends without blaring their information all over the Internet. After an endless series of changes to its privacy policy to "encourage" users to share information, very little about Facebook seems safe at all.

...

And there's no doubt that the current uproar is Facebook's fault: When it came to institute all the new policies, it did just about everything wrong. It failed to explain to users how the new privacy policies would affect them. It made it impossible to understand how to opt out of the new settings. It has presented new settings constantly, forcing people to educate themselves and change their settings over and over again.

...

In the meantime, there are a few principles Facebook needs to keep in mind for the future.

-- Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.

-- Be clear, consistent and concise. It might be a little inconvenient for its advertisers, but Facebook needs to stop forcing users to change their privacy settings every two weeks - and it needs to start explaining how any change affects users' data. And not in legalese, either.

Three cheers for the Chronicle for making the all important point regarding the distinction between Opt-Out (no!) versus Opt-In. Time and time again, that is what so much of this boils down to...who owns our information, us, or "them"? If its truly "ours", then people need to come ask us for it, just like for anything else we own and somebody wants to use.

Tuesday, May 18, 2010

Reclaim Your Privacy on Facebook (or try at least)!

I've been posting for quite sometime on Facebook's war on privacy. I suppose the good news for today is that what I'm going to post are simply ways to take action. These actions include why its important that your friends also take important privacy steps to protect your identity, how to tell Facebook to start respecting your privacy more, and finally, how to reclaim your privacy on your own through a new tool I found (I have not tried it yet myself).

Trust me, no one is being hyperbolic by calling Facebook out on their recent practices. Check out some of my recent posts that detail all the ways the company has actively and intentionally undermined user privacy...all of course for the almighty dollar. To read a few recent posts, just click here, here, here, and here.

This is all important because as we entrust more and more of our private information to websites and online social networks like Facebook. As such, we need to at least have some kind of complimentary, and understood, privacy rules of the game.

Aside from the recent changes Facebook made to its privacy policy and use of personal data on third party websites - changes that take away important control that users had over who has access to their information - there's also been a recent study demonstrating how almost just as important as what you allow people to see is what your friends do.

The downside is this new research suggests that it might be nearly impossible to protect your privacy, at least based on the current choices we as consumers are being granted.

Here's the deal, as reported in an article on Alternet: In a study conducted by Alan Mislove of Northeastern University and his colleagues at the Max Planck Institute for Software Systems, researchers tested an algorithm that could accurately infer the personal attributes of Facebook users by simply looking at their friend lists. The research culled profile information from two detailed social-network data sets: one from a sample of almost 4,000 students and alumni on Facebook at Rice University and another from more than 63,000 users in the New Orleans regional network.

Researchers developed an algorithm to see if they could accurately infer attributes like high school or college, department of study, hometown, graduation year and even dormitory by dissecting these users’ friend lists. The study cut to the core of the debate surrounding the social-networking site: Is your personal profile your own or, to paraphrase anti-Facebook crusader Leif Harmsen, is it the site’s profile about you?

....

According to the study, only about 5 percent of users in each network had changed their privacy settings to make their friend list inaccessible. (To hide it, enter your Facebook profile, click on the edit icon above your friends and unclick the blue box marked “Show Friend List to everyone.”) In the New Orleans network, personal profiles remained largely accessible to researchers. Some 58 percent of users disclosed university attended, 42 percent disclosed employers, 35 percent disclosed interests and 19 percent gave the public access to their location.

Because of this information given, Mislove explained that it was relatively easy for his algorithm to accurately pinpoint attributes such as geography (dormitory or hometown) or education background (which high school or college users attend) for a specific user.

For more on how your friends privacy settings effect your privacy, I'd suggest you check out the article by Laurie Sullivan of MediaPost. She writes:

Facebook members have begun to realize that the ramifications of not opting-in to privacy controls that lock down information in profiles may go well beyond their control. The old adage that every action has consequences appears to have surfaced in Google search engine results.

Some people who chose not to opt-in to Facebook privacy settings have found their name in search results on google.com; and listed beneath, the names of a few of their Facebook friends. There's one problem. Unfortunately, Facebook members who choose to keep their profiles public, rather than opt-in to privacy settings, take their friends who want to remain private into the open, too. They do it unknowingly and unwillingly.

...

It appears that the list of friends in search engine queries have begun to surface most recently on Google.co.uk, Stott says. Facebook acknowledged MediaPost's request for comment, but has not responded with an official statement.

A Facebook spokesperson explains that members can control the visibility of public search listing through privacy settings under the "search" section. This setting provides control over what is shared.

In an interesting portrayal of Facebook's privacy maze, The New York Times points out that anyone wanting to protect their privacy will need to navigate through 50 settings with more than 170 options. Facebook says it wants to offer precise controls for sharing on the Internet, but instead created a maze that not even the brightest want to follow.


Okay, so now its becoming a little clearer...at least in that we know, A. we should all be encouraging our friends to utilize the strictest privacy settings, and B. Facebook needs to get its shit together, and quick.

With that, let's get to the two actions I mentioned I'd also provide today. One came in the form of an action alert from Moveon.org and Senator Chuck Schumer, who has been advocating for tighter privacy regulations of social networking sites (ironically he's also been fighting for a National ID Card).

Here's some of the email, and the link to where you can send a message to Facebook:

...I'm asking you to join me in urging Facebook to stop sharing your information without your permission, by setting your status today to read:

"Facebook should stop sharing my personal info with outside companies without my permission. If you agree, set this as your status today and join this group: http://bit.ly/d1ZB6h"

Facebook provides a valuable service, but online social networks need to allow users to retain control over their own personal information.

The information that Facebook is now sharing with third-parties and with the public is very different from the spirit of the site's previous terms of service. Certain parts of your profile, including your hometown, interests and activities, and your profile picture, must be made public or deleted—even if you restricted whom they were shared with before.

Certain third-party partners now have access to all of this information, including your list of friends and their information, as soon as you visit their websites—without asking your permission.

These changes undermine the protection of your personal information on the web.

Recently, I sent a letter to the Federal Trade Commission asking them to examine the use and distribution of personal information by social networking sites like Facebook. Three other senators and I also sent a letter directly to Facebook, urging them to provide an opt-in mechanism that would seek your permission before sharing your information.

Facebook can take immediate action to remedy this situation—but before they will they need to hear from enough users who care.

Can you join me in advocating for privacy on the web?

So now you have Schumer's little pitch...which is worth sending...Facebook should at least hear from us that this just ain't right...

Now, for action number two, which I will try myself here in a minute, comes from a PC World article entitled "Test Your Facebook Privacy Settings: Here's How".

JR Raphael writes: We all know the story, right? Privacy controls are broken everyone's getting irritated, Facebook's not too concerned, blah flippidy-freakin' blah.

Don't get me wrong: That's all important information. What's been lacking all this time, though, is a simple fix -- an easy way to make sure your personal Facebook data is actually protected. Sure, you could go on a scavenger hunt to find
Facebook's 170-plus privacy options scattered throughout a dozen different pages.

But even then, you're likely to miss something in the virtual labyrinth the company's created.
Today, there's a better way. Behold: the one-stop privacy fix-up tool for your Facebook profile.

The Facebook Privacy Scanner

The tool is called ReclaimPrivacy, and its name pretty much tells you what you need to know. Using it is simple: Just surf over to ReclaimPrivacy.org and look for the link that says "Scan for Privacy." Add that link as a bookmark in your browser, either by dragging it onto a bookmark toolbar or by right-clicking it and selecting the "Bookmark" option.

Now head over to Facebook. Sign into your account, then open the bookmarked link.

This will cause ReclaimPrivacy's Facebook privacy scanner to open right at the top of your current Facebook window. Within a few seconds, ReclaimPrivacy will scan through six areas of potential privacy concern and let you know how your account stacks up.

ReclaimPrivacy analyzes everything from your personal information controls to your "instant personalization" settings. It
even checks account settings that affect what your friends could inadvertently share about you without your knowledge.

For each area, ReclaimPrivacy will give you a green ("good"), yellow ("caution"), or red ("insecure") ranking. If you hit yellow or red, it'll provide you with specific steps to fix the problem so you don't have to waste time searching for the right setting.


After seeing some of the very personal details now floating around out there
(hint: someone lost their virginity this weekend), that's one function well-worth "liking."


So there you have it...as best a breakdown I can do in 10 minutes!!! Now let's get to it...

Friday, May 14, 2010

Bruce Schneier on the Downside of "Worst Case Thinking" and the Power of Fear

This is too good! I've talked a lot on this blog about the power of fear, and how it can cause us, both individually and as a society, to adopt, allow and accept all sorts of irrational assaults on our civil liberties and privacy that vastly outweigh the threat they are supposedly "preventing."

Bruce Schneier recently spoke to this very crisis, which he calls "Worst Case Thinking" (among other things).

Before I post some significant portions of his recent article, let me go back to some of my thoughts on this subject.

As I have often said, before embracing this latest "terror or security fix", we should consider the larger context at work here: for every specific tactic we target with a new, expensive, and often burdensome security apparatus, the terrorist's tactics themselves will change.

While risks can be reduced for a given target, they can't be eliminated. If we strip searched every single passenger at every airport in the country, terrorists would try to bomb shopping malls or movie theaters.

So from a strict national security perspective, say with airlines and full body scanners, warrantless wiretapping, or the Patriot Act provisions that eviscerate the 4th Amendment, before we willfully give up our civil liberties and freedoms, support wars on countries that did nothing to us, and sign off on wasting HUGE amounts of money on ineffectual security systems, consider this: Your chances of getting hit by lightning in one year is 500,000 to 1 while the odds you'll be killed by a terrorist on a plane over 10 years is 10 million to 1.

Is there a threat, sure, a very, very minor one. Do you see us mounting a hysterical campaign against the threat of lightning? Maybe we should build covers that stretch from our homes to our cars, and from our workplace to every restaurant?

Is the loss of freedom, privacy, and quality of life a worthwhile trade-off for unproven protections from a terrorist threat that has a 1 in 10 million chance of killing someone over a ten year time period?

Let's remember, there's big money pushing fear. The Fear-Industrial-Complex is growing, from the Department of Defense to talk radio to the “the intelligence community” to conservative pundits to weapons/defense contractors to fearmongering politicians to the corporate media itself.

Certainly we should remember that one of the new driving forces in the expansion of the surveillance state, in addition to stifling dissent, monitoring "enemies" (both foreign and domestic), increasing power and control, or even ostensibly "protecting America", is the enormous sums of money that can be made from it. Could all this hype be just another way to sell more security technologies, soften us up for future wars, increased spending on the military, and the evisceration of our civil liberties?

Bruce Schneier himself recently wrote:

“…lack of privacy shifts power from people to businesses or governments that control their information. If you give an individual privacy, he gets more power…laws protecting digital data that is routinely gathered about people are needed. The only lever that works is the legal lever...Privacy is a basic human need…The real choice then is liberty versus control.”

He also said: "If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.”

Constitutional Scholar Glenn Greenwald also summarized the corrosive effect fear has on common sense and reality itself, stating, The problem is never that the U.S. Government lacks sufficient power to engage in surveillance, interceptions, intelligence-gathering and the like. Long before 9/11 -- from the Cold War -- we have vested extraordinarily broad surveillance powers in the U.S. Government to the point that we have turned ourselves into a National Security and Surveillance State.

Terrorist attacks do not happen because there are too many restrictions on the government's ability to eavesdrop and intercept communications, or because there are too many safeguards and checks. If anything, the opposite is true: the excesses of the Surveillance State -- and the steady abolition of oversights and limits -- have made detection of plots far less likely. Despite that, we have an insatiable appetite -- especially when we're frightened anew -- to vest more and more unrestricted spying and other powers in our Government, which -- like all governments -- is more than happy to accept it.”

It is this irrational fear of terrorism that seems to be at the root of our nation's current "civil liberties and privacy" crisis. It is hard to imagine that without this fear, we would so easily give up our rights, support wars on countries that did nothing to us, and accept wasting precious resources on ineffective and burdensome security systems that diminish our quality of life (think of airports)?

Glenn Greenwald sums up the irrational state of fear that increasingly grips our nation - in no small part due to the media - about as well as one can:

...demands that political leaders ensure that we can live in womb-like Absolute Safety are delusional and destructive. Yet this is what the citizenry screams out every time something threatening happens: please, take more of our privacy away; monitor more of our communications; ban more of us from flying; engage in rituals to create the illusion of Strength; imprison more people without charges; take more and more control and power so you can Keep Us Safe. This is what inevitably happens to a citizenry that is fed a steady diet of fear and terror for years. It regresses into pure childhood.

...

For a variety of reasons, nobody aids this process more than our establishment media, motivated by their own interests in ratcheting up fear and Terrorism melodrama as high as possible. The result is a citizenry far more terrorized by our own institutions than foreign Terrorists could ever dream of achieving on their own. For that reason, a risk that is completely dwarfed by numerous others -- the risk of death from Islamic Terrorism -- dominates our discourse, paralyzes us with fear, leads us to destroy our economic security and eradicate countless lives in more and more foreign wars, and causes us to beg and plead and demand that our political leaders invade more of our privacy, seize more of our freedom, and radically alter the system of government we were supposed to have. The one thing we don't do is ask whether we ourselves are doing anything to fuel this problem and whether we should stop doing it. As Adams said: fear "renders men in whose breasts it predominates so stupid and miserable."

With that, here's the latest breakdown from Schneier about what we really ought to fear...fear itself:

There's a certain blindness that comes from worst-case thinking. An extension of the precautionary principle, it involves imagining the worst possible outcome and then acting as if it were a certainty. It substitutes imagination for thinking, speculation for risk analysis, and fear for reason. It fosters powerlessness and vulnerability and magnifies social paralysis. And it makes us more vulnerable to the effects of terrorism.

Worst-case thinking means generally bad decision making for several reasons. First, it's only half of the cost-benefit equation. Every decision has costs and benefits, risks and rewards. By speculating about what can possibly go wrong, and then acting as if that is likely to happen, worst-case thinking focuses only on the extreme but improbable risks and does a poor job at assessing outcomes.

Second, it's based on flawed logic. It begs the question by assuming that a proponent of an action must prove that the nightmare scenario is impossible.

Third, it can be used to support any position or its opposite. If we build a nuclear power plant, it could melt down. If we don't build it, we will run short of power and society will collapse into anarchy. If we allow flights near Iceland's volcanic ash, planes will crash and people will die. If we don't, organs won’t arrive in time for transplant operations and people will die. If we don't invade Iraq, Saddam Hussein might use the nuclear weapons he might have. If we do, we might destabilize the Middle East, leading to widespread violence and death


...

Even worse, it can lead to hasty and dangerous acts. You can't wait for a smoking gun, so you act as if the gun is about to go off. Rather than making us safer, worst-case thinking has the potential to cause dangerous escalation.

The new undercurrent in this is that our society no longer has the ability to calculate probabilities. Risk assessment is devalued. Probabilistic thinking is repudiated in favor of "possibilistic thinking": Since we can't know what's likely to go wrong, let's speculate about what can possibly go wrong.

Worst-case thinking leads to bad decisions, bad systems design, and bad security. And we all have direct experience with its effects: airline security and the TSA, which we make fun of when we're not appalled that they're harassing 93-year-old women or keeping first graders off airplanes.

...

Even worse, it plays directly into the hands of terrorists, creating a population that is easily terrorized -- even by failed terrorist attacks like the Christmas Day underwear bomber and the Times Square SUV bomber.

When someone is proposing a change, the onus should be on them to justify it over the status quo. But worst-case thinking is a way of looking at the world that exaggerates the rare and unusual and gives the rare much more credence than it deserves.

It isn't really a principle; it's a cheap trick to justify what you already believe. It lets lazy or biased people make what seem to be cogent arguments without understanding the whole issue. And when people don't need to refute counterarguments, there's no point in listening to them.

Click here to read the article in full.

Amen!!!

Thursday, May 13, 2010

A National ID Card With Biometrics? Really?

I do find it a bit ironic that the same Senator Schumer seeking to force Facebook to change its privacy policies - rightly so I might add - is simultaneously leading the push in Congress to require all Americans to have national ID cards.

The concept for a National ID Card with biometric identifiers - like fingerprints, facial, and/or iris scans - is being proposed for inclusion in the coming immigration reform legislation. There are a number of reasons why this concerns me, most notably the fact that its part of much larger pattern of government expansion of power through increasingly intrusive assaults on our civil liberties. All of course, in the name of keeping us safe, and protecting us usually from one kind of brown person or another. Now, instead of pandering to those afraid of "terrorists" on every street corner, this seems to be pandering to those unduly afraid of the "illegal immigrant threat".

Consider, biometrics technology is the computerized matching of an individual’s personal characteristics against an image or database of images. Initially, the system captures a fingerprint, picture, or some other personal characteristic, and transforms it into a small computer file (often called a template). The next time someone interacts with the system, it creates another computer file (often called a sample), and compares it to the original template or tries to find a match in its database. Because every sample is a little different, biometrics really asks whether the sample is similar enough to the template.

So let's be real clear, creating a database with 100's of millions of facial scans and thumbprints raises a host of surveillance, tracking and security questions, and consumer hassles with the DMV - never mind the enormous cost.

Privacy expert Bruce Schneier recently pointed out some of pro's and con's of a biometric based ID:

Biometrics can vastly improve security, especially when paired with another form of authentication such as passwords. But it's important to understand their limitations as well as their strengths. On the strength side, biometrics are hard to forge. It's hard to affix a fake fingerprint to your finger or make your retina look like someone else's. Some people can mimic voices, and make-up artists can change people's faces, but these are specialized skills.

On the other hand, biometrics are easy to steal. You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they've touched, and posted them on the Internet. We haven't yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they're not secrets.

And a stolen biometric can fool some systems. It can be as easy as cutting out a signature, pasting it onto a contract, and then faxing the page to someone. The person on the other end doesn't know that the signature isn't valid because he didn't see it fixed onto the page. Remote logins by fingerprint fail in the same way. If there's no way to verify the print came from an actual reader, not from a stored computer file, the system is much less secure.

...

A more secure system is to use a fingerprint to unlock your mobile phone or computer. Because there is a trusted path from the fingerprint reader to the stored fingerprint the system uses to compare, an attacker can't inject a previously stored print as easily as he can cut and paste a signature. A photo on an ID card works the same way: the verifier can compare the face in front of him with the face on the card.

Fingerprints on ID cards are more problematic, because the attacker can try to fool the fingerprint reader. Researchers have made false fingers out of rubber or glycerin. Manufacturers have responded by building readers that also detect pores or a pulse.

The lesson is that biometrics work best if the system can verify that the biometric came from the person at the time of verification. The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system.

...

One more problem with biometrics: they don't fail well. Passwords can be changed, but if someone copies your thumbprint, you're out of luck: you can't update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you're stuck. The failures don't have to be this spectacular: a voiceprint reader might not recognize someone with a sore throat, or a fingerprint reader might fail outside in freezing weather. Biometric systems need to be analyzed in light of these possibilities.

Biometrics are easy, convenient, and when used properly, very secure; they're just not a panacea. Understanding how they work and fail is critical to understanding when they improve security and when they don't.


So, from Schneier's perspective, it does seem that requiring ALL AMERICANS to carry these, particularly with the fingerprint or the iris as the biometric identifier, doesn't make much sense, and poses a significant threat to ones identity being stolen - not protected.

The Consumer Federation of California joined with the ACLU and a host of other organizations to oppose the transition to biometric drivers licenses here in California not long ago. Some of the privacy concerns we raised during that debate include:

Right to Privacy – Personal Freedom and Security

o Whether biometric images should be collected, which images should be collected (i.e. facial v. thumbprint scan), who has access to those images, and for what purposes are the preliminary privacy questions that should addressed to protect individuals’ constitutional right to privacy.

o The Creation of Dossiers about Individuals and their Activities: Where a biometric identifier is used as a unique identifier to catalogue personal information about an individual, it would enable monitoring, tracking and surveillance of individuals. This concern applies to both the government and databrokers/private industry using the same biometric to gather information.

Threat to Anonymity and Anonymous Speech: Unless current law is changed, the biometric thumbprints and facial scans from the DMV will be used in criminal investigations, and as public and private surveillance cameras become more ubiquitous, the likelihood rises of using facial recognition to identify and surveil innocent people just walking down the street or engaged in First Amendment protected speech on political or labor issues.

The Supreme Court has found that compelling an individual to disclose his or her political ideas or affiliations to the government deters the exercise of First Amendment rights. The right to anonymous speech, protest and leafleting are critical to our democracy.

o Perceived Infallibility and Inaccuracy: The concept that each of us is unique does not always translate into accurate biometric identification. Computer “matches” must be reviewed visually by people to confirm the accuracy. And, even then, errors are made.

Brandon Mayfield, the Oregon Attorney, was erroneously linked to the 2004 Madrid train bombings after his prints were misidentified and he was held by the FBI for two weeks, though he was never charged. His prints were “identified” through the Integrated Automated Fingerprint Identification System (IAFIS). IAFIS identified a few potential matches that were then reviewed by a fingerprint examiner and an outside experienced fingerprint expert.

o What is the "bang for the buck" that California (or in this case the US) would get from undefined changes being proposed in the nature and use of these biometric databases? How much is the whole system going to cost? How much would be borne by the state, how much would be borne by individuals?

We do know that creating biometric database systems (facial image and thumbprint) will be very costly, and even more costly to do correctly (in addition to the technology, staff needs be trained, and there must be technical and due process protections in place to ensure that people’s licenses are not wrongly denied or taken away because of an error).

The Legislative Analysts Office raised their own privacy concerns, particularly regarding whether the data would be stored by a private vendor, and whether states that have experienced a 5-10 percent reduction in fraud using biometrics is necessarily relevant to state's that already have secure cards and issuance processes. In other words, the Legislature (or Congress in this case) would need to assess costs of implementing a biometrics system in light of the cost of implementing other solutions and the actual number of fraudulent IDs prevented.

EFF, in its opposition to this concept as a component of PASS ID (a slightly scaled back version of REAL ID), wrote:

Proponents seem to be blind to the systemic impotence of such an identification card scheme. Individuals originally motivated to obtain and use fake IDs will instead use fake identity documents to procure "real" drivers' licenses. PASS ID creates new risks -- it calls for the scanning and storage of copies of applicants' identity documents (birth certificates, visas, etc.). These documents will be stored in databases that will become leaky honeypots of sensitive personal data, prime targets for malicious identity thieves or otherwise accessible by individuals authorized to obtain documents from the database.

...proponents of the national ID effort seem blissfully unaware of the creepy implications of a "papers please" mentality (think Arizona) that may grow from the issuance of mandatory federal identification cards.

Do we really want to create a multibillion-dollar program - at a time of economic recession and growing deficits - that enhances opportunities for identity theft, turns state motor vehicle departments into arms of U.S. Immigration and Customs Enforcement and will almost certainly lead to harassment of immigrants, legal or otherwise?

It would also complicate efforts by some states to issue driver's licenses to illegal immigrants, because such licenses would require special markings to signal that the bearer is here illegally. Sensible measures to enforce our immigration laws is one thing, but anything that discourages undocumented immigrants from getting driver's licenses endangers all drivers on the road and raises insurance costs for everyone.

So if we put everything into that one document – make it the be-all and end-all of identification for most Americans – what might we have? An invasion of ordinary citizens' privacy and phony documentation in the hands of identity thieves and potential terrorists that we believe too readily is authentic.

Let's remember too the state reaction to REAL ID, with at least 42 states have considered anti-Real ID legislation, and another 25 states have enacted anti-real ID bills or resolutions, and fourteen of those states have passed binding legislation prohibiting participation in the Real ID program. Six more states have already passed resolutions or statutes in 2009.

Imposing a first-ever national identity card system, even if just for employment, would violate privacy by helping to consolidate data and facilitate tracking, and over time its use will almost certainly expand to cover other activities necessary to participate in society.

Here's a couple clips from an article in United Press International this week:

On a five-year timetable the biometric cards would replace Social Security cards and would be used to prove eligibility for employment. Card scanners would be issued to all U.S. employers. The cards would at least have the capability of being linked to a central data system.

Like all controversial government programs, the proposed national ID card has an innocuous name: When Senate Democratic leaders unveiled the new program last month they called it Biometric Enrollment, Locally Stored Information and Electronic Verification of Employment -- or "Believe," for short.


...

The difference would be in the biometric information and the universality of the employment requirement. However, the opportunities for abuse by unscrupulous government employees are obvious.

The proposal rang alarm bells at the American Civil Liberties Union in Washington. While criticizing several aspects of proposed immigration reform, the group is concentrating its criticism on the ID cards.

"If the biometric national ID card provision of the draft bill becomes law, every worker in America would have to be fingerprinted and a new federal bureaucracy -- one that could cost hundreds of billions of dollars -- would have to be created to issue cards," the organization said in a statement. "The ACLU strongly opposes the inclusion of a biometric national ID in this or any comprehensive immigration reform bill and urges senators to reject such an ID card."

In his own statement, Christopher Calabrese, ACLU legislative counsel, said: "Creating a biometric national ID will not only be astronomically expensive, it will usher government into the very center of our lives. Every worker in America will need a government permission slip in order to work. And all of this will come with a new federal bureaucracy -- one that combines the worst elements of the (Department of Motor Vehicles) and the (U.S. Transportation Security Administration). America's broken immigration system needs real, workable reform, but it cannot come at the expense of privacy and individual freedoms."


Click here to read more.

So my position is clear. What I particularly don't like about it is the pattern for which it is a part of...a pattern of deteriorating privacy, increasing government and corporate powers and authority, and the expanding number of ways in which "security" and "safety" are used to scare people into giving up those very things.

If nothing else, before anything remotely like this becomes law, I would like to see an open, vigorous debate, and if the public goes and the legislature truly goes for it, then a series of steps need to be taken to implement it in a way that is fair, reasonable and secure.

Tuesday, May 11, 2010

More Privacy Problems for Facebook - Federal Complaint Filed

This is starting to get surreal. With companies as awful at protecting privacy like Facebook and Google around its almost as if they're providing cover for all the violations being conducted by government, from wiretapping to a national id card (I realize that's not intentional...just amusing).

Nonetheless, I feel obligated to follow the latest revelations coming forth about Facebook due to the sheer number of users. I've posted a series of these, detailing all the ways the company has actively and intentionally undermined user privacy. To read a few recent posts, just click here, here, here, and here.

Now let's get to the latest, particularly the complaint filed by the Electronic Privacy Information Center against the company with the Federal Trade Commission, demanding that Facebook cancel new features introduced in mid-April that compel users to share more information than before.

Networkworld reports:

Facebook users were shocked to learn this week that private chats could have been viewed by their friends because of a security hole that was only recently closed, and also that new Facebook features can secretly add applications to your profile.

...

"Facebook now discloses personal information to third parties that Facebook users previously did not make available," EPIC said in its complaint. "These changes violate user expectations, diminish user privacy, and contradict Facebook's own representations. These business practices are Unfair and Deceptive Trade Practices."

...

Here's a summary of the FTC complaint against Facebook:

Facebook violated its own privacy policy by making user information publicly available with changes introduced the week of April 18, 2010, the complaint alleges. Facebook is now making information such as a user's hometown, education, work, activities, likes and interests public, whereas previously such information could be hidden, the complaint states.

"As a result of these material changes, Facebook requires users to designate personal information as publically linkable 'Links,' ‘Pages,' or ‘Connections' or to no longer make such information available,"the complaint states. Many Facebook users previously restricted access to this profile data, which includes users' friends list, music preferences, affiliated organizations, employment information, educational institutions, film preferences, reading preferences, and other information."

When the changes went live, Facebook presented users with a pop-up screen compelling them to link their profiles to various pages selected by Facebook based upon content entered manually into the user's profile. The user could either link their profiles to all selected pages, choose pages individually, or click the "ask me later" button.

If the "ask me later "option was chosen, users were later presented the same screen with only the "link all" and "choose individually" options. If they click "choose individually", they are taken to a page with a series of pre-checked boxes, forcing them to uncheck all boxes if they don't want their profiles linked to every page.

...

Facebook's privacy settings limit users' ability to browse the Web anonymously because of integration with third party site, EPIC also claims.

"Facebook uses cookies to track its users," the complaint states. "Thus, whenever a user is logged-in to Facebook and surfing the Internet, he is also transmitting information about which websites he's visited to Facebook. A user does not have to click on or interact with a social plugin for his information trail to be transmitted to Facebook."

EPIC and the other privacy groups that filed the complaint said Facebook's privacy practices are prohibited by the FTC, and asked the FTC to force Facebook to restore its previous privacy settings, restore a previous requirement that developers retain user data for no more than 24 hours, and make data collection practices easier to understand and give "Facebook users meaningful control over personal information provided by Facebook to advertisers and developers."


Click here for the complete article.

As I've said before, I think Facebook is a relatively useful tool, not just for getting in touch with old friends, but also as a political tool that can help build campaigns and spread the word about important movements or efforts. Its astonishing to me however, that a company that has so many users, and so much going for it, is so overtly hostile to their privacy and basic consumer rights.

I can only hope that this hostility and the myriad of privacy violations practiced by the company will spark a larger dialogue over what privacy is in the new information age, what rights do we as individuals have over our electronic data, and what rules must be implemented to protect them? I'd suggest people check out the ACLU'S Dotrights campaign for a better and more complete understanding where these battle lines are being drawn and what we need to do to win back control of our information.

Thursday, May 6, 2010

New Privacy Legislation on Data Retention "Orwellian"

I can't say I'm shocked, because often what starts as a reasonably good idea transforms into really bad legislation...usually due to the influence of big business donors who might be effected by the new law. I see this ALL THE TIME on legislation we (Consumer Federation of California) work on, because corporate interests do not take kindly to consumer protections...and they'll spend just about anything to ensure these protections are whittled down to almost meaningless regulations.

This appears to be the case with the recently proposed legislation by Rep. Rick Boucher that for the first time would mandate the length of time online consumer information could be kept. Now, in theory, this is a good idea. Why should our private information be stored for so long anyway? Unfortunately, as C-NET reports, the bill falls far short, and is being called Orwellian by privacy advocates.

For one, the bill would require websites to discard data collected from their users after 18 months. That's not exactly re-assuring when the information could be deleted in just days...but then, that might cut into the profits of those wanting to mine, share and sell it. This of course, is why right wing groups think the bill went too far...because remember, corporations are people, just like you and me, and their ability to maximize profit at our expense is "free speech"...rrriiighhhht....

The bill also adopts the opt-out principle, rather than opt-in, in some critical areas...this is a privacy "no - no" and often where the battle lines are drawn on privacy issues related to data sharing in particular. Why should the burden be on the individual when it comes to his/her information? I shouldn't have to go find (often hidden too) where I can opt-out of something I don't want being done in the first place.

C-NET reports:

Liberal special interest groups announced they were "disappointed" that Boucher didn't slap even more regulations on Internet businesses. Free-market think tanks panned it for going too far. And industry groups like the Interactive Advertising Bureau said it was far too broad as currently drafted."This bill is not the answer," said Michelle De Mooy, a senior associate at the pro-regulation group Consumer Action. "We don't think it effectively protects consumer information online."

...

Any company or nonprofit organization that collects personal information from at least 5,000 people, including names, e-mail addresses, or U.S. mailing addresses, would not be allowed to "use" or "disclose" the data without consent. Providing a "clear statement" about how the information is used would, however, qualify as consent in many cases.

That was enough to irk groups that lobby for more regulations targeting technology companies. So were the sections of the Boucher-Stearns bill that would prevent individuals from filing lawsuits and would preempt stricter state laws.

"We're very disappointed with the legislation, which relies on notice and opt out, which has proven to be so ineffective," said Susan Grant from the Consumer Federation of America. "It carves out a huge loophole for behavioral advertising. It prevents states from enacting and enforcing stronger privacy protection."

Click here for more.

This should be an interesting debate...I'll be watching for whether the time data can be retained is shortened and if consumers are given greater control over how their data is used - namely requiring opt-in, not opt-out.