Tuesday, June 29, 2010

Locational Tracking and Privacy

The fact that Americans are losing their privacy as they travel through public space due to location-based technologies isn't debatable. The question, as is so often the case when it comes to issues at the intersection of privacy and technology, is what kind of say do we have in the matter and what kind of rules are in place protecting our privacy rights.

The issue of locational privacy has once again resurfaced in a big way of late. Services such as EZ Pass (allows you to bypass stopping to pay the bridge toll), Google Latitude, the GPS tracking of cellphones, the right of police and government to track our whereabouts (both by phone and car), transit cards, social networking sites, WiFi networks, and more, all are opening up a brave new world of real time, locational tracking of Americans.

Before I get to the recently breaking news regarding this issue, on numerous fronts in fact, I'd point everybody to check out last year's report from the Electronic Frontier Foundation (EFF) on the issue of "locational privacy". The report warns that Americans are losing their privacy as they travel through public space due to location-based technologies and services.

As the report details, "Location-based services that transmit, record, and store where a person is—such as EZ Pass, WiFi networks, transit cards, Google Latitude—can be exploited by government, business, or prying ex-lovers to track and reconstruct where people have been as they go about their daily life."

And what of the common response to worries about locational privacy, or other privacy issues in fact, that posits "I'm not doing anything wrong, why should I care?"

EFF lays out the folly of such a knee jerk defense of our ever expanding surveillance state...one that goes beyond the usual concerns of big government or law enforcement overreach:

One answer to this concern is a reminder that there are more subtle reasons for needing privacy. It’s not just the government, or law enforcement, or political enemies you might want to be protected from.

• Your employer doesn’t need to know things about whether, when, and where you went to church.
Your co-workers don’t need to know how late you work or where you shop.
Your sister’s ex-boyfriend doesn’t need know how often she spends the night at her new boyfriend’s apartment.
Your corporate competitors don’t need to know who your salespeople are talking to.

But let me get to the three stories over the past few days that moved me to write on this topic today.

First, was a study released by the Worcester Polytechnic Institute (WPI) in Massachusetts that found that mobile social networks are giving data about users' physical locations to tracking sites and other social networking services. Researchers reported that all 20 sites that were studied leaked some kind of private information to third-party tracking sites.

In the study, the researchers looked at the practices of 13 mobile online social networks, including Brightkite, Flickr, Foursquare, Gowalla and Urbanspoon. They also studied seven traditional online social networks, such as Facebook, LinkedIn, MySpace and Twitter, which allow users to access their sites using mobile devices.

In many cases, the data given out contained the user's unique social networking identifier, which could allow third-party sites to connect the records they keep of users' browsing behavior with the their profiles on the social networking sites.

As the report notes, "The combination of location information, unique identifiers of devices, and traditional leakage of other personally identifiable information all conspire against protection of users' privacy."

Okay, that study struck me as a bit disconcerting. And then I saw this headline, "ACLU: FBI used 'dragnet'-style warrantless cell tracking..."

Now, a lot of what the ACLU asserts in the article I have covered on this blog in the past. Still, there are important reasons why this is all making the news now (though not the big time news...which it should): there are more and more ways, through more and more devices, that can track and store our location, and that data is worth more and more money. In addition, there's a hugely critical court case, being argued as we speak, that could establish whether a warrant is needed BEFORE police or the government decides to track your location through your phone (or car).

As detailed in the article:

To nab a pair of men accused of robbing banks in Connecticut, court documents show the FBI turned to a novel investigative technique last year: warrantless monitoring of the locations of about 180 different cell phones, court documents show.


The FBI obtained a secret order--it has not been made public--commanding nine different telephone companies to provide federal police "with all cell site tracking data and cell site locator information for all incoming and outgoing calls to and from the target numbers."

But because the U.S. Justice Department did not obtain a warrant by proving to a judge that there was probable cause to suspect criminal activity, there's now a risk that the evidence from the location surveillance may be tossed out of court as illegally obtained.

On Friday, the ACLU and the Electronic Frontier Foundation submitted a friend-of-the-court brief (PDF) agreeing with the defense. It says: "Because cell site location information implicates an expectation of privacy that society is prepared to recognize as reasonable, the Fourth Amendment requires that the government obtain a warrant based on probable cause prior to collecting this information."

This amounts to "dragnet" surveillance of the whereabouts of American citizens not suspected of crimes, says Catherine Crump, an attorney with the ACLU's speech, privacy, and technology program.

The Obama administration has argued that no search warrants are needed; it says what's needed is only a 2703(d) order, which requires law enforcement to show that the records are "relevant and material to an ongoing criminal investigation." Because that standard is easier to meet than that of a search warrant, it's less privacy-protective.

...the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no "reasonable expectation of privacy" in their--or at least their cell phones'--whereabouts. U.S. Department of Justice lawyers say that "a customer's Fourth Amendment rights are not violated when the phone company reveals to the government its own records" that show where a mobile device placed and received calls.

Even though police are tapping into the locations of mobile phones thousands of times a year, the legal ground rules remain unclear, and federal privacy laws written a generation ago are ambiguous at best. The first federal appeals court to consider the topic heard oral arguments in February in a case that could establish new standards for locating wireless devices, but it has not yet ruled.

Not only civil liberties groups insist that warrants to track the whereabouts of Americans--or at least their cell phones--are necessary. A coalition that formed in March includes Google, Microsoft, AOL, eBay, Intel, Qwest, AT&T, and conservative and libertarian groups including Americans for Tax Reform and the Progress and Freedom Foundation.

And then I found this article, one that effectively summarizes the larger issue of location tracking in specific terms entitled "Location-Tracking Services: Why You Should Think Twice"

Author Dan Tynan writes:

Location, location, location. The three most important keys to retail success are also the most important ones to your privacy in the 21st century. Which is why you should be keeping a watchful eye on all those big corporations that are keeping a watchful eye on you -- like Google, Twitter, Facebook, AT&T, Verizon, and Apple, to name a few.

All of these companies have recently added (or are on the verge of adding) location-centric services. Twitter can now not only tell what city I'm in, but what neighborhood (and I don't live in a very big place). Apple just made headlines thanks to its new iPhone privacy policy, which as the Los Angeles Times notes, lets it collect

"...the "precise," "real-time geographic location" of its users' iPhones, iPads and computers.


The problem with data collection like this is almost always the secondary, unanticipated uses of the data. One example is what happens when a company that collects your location data goes out of business or is acquired. Any agreement it might have had with you vis-a-vis privacy is essentially moot. And when Internet companies go out of business, their data is often their only tangible, valuable asset.

So, conceivably, the company that tracks how often you go to Mickey D's might end up selling that information to your health insurance company. Expect your rates to rise accordingly.

Still, that's nothing compared to what happens when the authorities or a particularly aggressive divorce attorney gets ahold of this information. That's when the fecal material hits the rotating blades.


I asked how many times the DOT had received legal orders requesting E-ZPass location data. The woman I spoke to told me it had happened about 250 times in 2003 -- twice as many as the previous year -- and the DOT provided that information in roughly half those cases. This only came to light because I found a news report about four NYC cops who got fired for being clocked in at work in Manhattan when they were actually at home in New Jersey. The E-ZPass data was how they got caught.

This was one state, back in 2003. Imagine the wealth of location data available to legal authorities now. At this moment a Federal Appeals court is determining how much location data cops can request from wireless companies, and if they even need a subpoena to get it. Congress is mulling new location privacy protection laws (though if past laws are any indication, don't expect much protection from them).

Click here read the complete article.

Now, let me first address the issue of EZ Passes. I use FastTrack here in the Bay Area, and we (The Consumer Federation of California) are active supporters of legislation authored by State Senator Joe Simitian that would address the privacy concerns outlined in the above article, so I can speak to this issue in greater detail.

The bill (SB 1268), which recently passed the Senate floor (now moves to the Assembly) by a vote of 24 to 10, would provide important privacy protections for users of electronic toll collection systems in California. The following is directly from our letter of support for the bill:

Since the inception of FasTrak in the late 1990’s, California has witnessed a growing trend of attorneys, law enforcement agencies, and other entities requesting and obtaining data on FasTrak subscribers and their travel patterns – often simply by presenting the transit agencies with a subpoena. Additionally, subscribers are often not informed that their data is being handed over to a third-party by the various transit entities in these situations.

SB 1268 puts in place a number of protections for personally identifiable information of electronic toll collection subscribers, including, but not limited to: travel pattern data, address, telephone number, bank account information, and credit card information.

The bill would restrict transportation agencies from handing over subscriber information unless a law enforcement agency provides a search warrant, or, in cases in which the delay required in seeking a search warrant would result in an imminent danger to the health or safety of a member of the public, a written statement by the law enforcement agency explaining the nature of the situation. In addition, it would provide that in each instance where a subscriber’s personally identifiable information is handed over to a law enforcement agency, the subscriber him or herself must be notified within a reasonable timeframe.

Subscriber privacy has further been put in jeopardy due to storage of subscriber information, including travel pattern data and toll transactions, for indefinite periods of time by transportation agencies.

The stored data include information on accounts that have closed and tickets that have been resolved for years. This creates data-rich files on all subscribers, which could then be accessed by third-parties without the permission of the subscriber. SB 1268 would remedy this unnecessary amassing of subscriber data by creating clear guidelines for data retention and data destruction.

As I keep saying over and over on this blog, there's an urgent need for public policy to catch up with technology, namely in the area of privacy, particularly in the establishment of the consumers ownership over his/her data, strict rules on data storage, and the opt-in principle as the new rule of thumb (rather than opt-out).

These "Big Brother" fears are no longer hypothetical. Let's not forget, Sprint received 8 million law enforcement requests for GPS location data in just one year.

Then, there's the recent moves towards installing GPS tracking devices in vehicles for auto insurance purposes. I have written extensively about this little privacy invasion in past posts, as there was legislation in California that sought to expand such an idea that the Consumer Federation of California, as well as the Consumer Watchdog, ACLU, Privacy Rights Clearinghouse, and the Electronic Frontier Foundation all opposed.

As today's articles have mentioned, there's also the continuing legal battle over whether law enforcement has the right to install GPS tracking devices in suspects vehicles.

As today's articles have detailed, we are witnessing a landmark privacy rights legal battle underway over what the proper legal standard should be when prosecutors demand cell phone location data.

Once again, I would point people to EFF, who has honed in on the dangerous level of secrecy surrounds law enforcement's communications surveillance practices, and their calling for laws requiring detailed reporting about how the government is using its surveillance powers, the lack of accountability when it comes to the government's access to information through third-party phone and Internet service providers will necessarily breed abuse

I guess its clear where I stand: tracking citizens without probable cause or a warrant seems unconstitutional on its face. We know these GPS chips can locate a person to within about 30 feet. They're also able to gather less exact location data by tracing mobile phone signals as they ping off cell towers.

Documents released not too long ago by the ACLU showed that of the states randomly sampled, New Jersey and Florida used GPS tracking without obtaining probable cause or warrants. Four other states, California, Louisiana, Indiana, Nevada and the District of Columbia reported having obtained GPS data only after showing probable cause.

But to summarize the big picture framing of this issue, and what we citizens should rightfully demand and expect, let me source EFF's report "On Locational Privacy, and How to Avoid Losing it Forever". It pretty much nails it on the head:

The EFF concedes that people forfeit some privacy when they go into public. However, the ability to track people as they went about their lives before the rise of such technology was extraordinarily difficult and generally quite expensive: people hired private investigators to do that work. Besides, the person being monitored had a decent shot at detecting the surveillance.

Preserving locational privacy is about maintaining dignity and confidence as you move through the world. Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts.

Suppose that an insurance company manages to obtain a record of Alice’s movements over the past year, and decides that there is some aspect of that record which is grounds for raising her premiums or denying her coverage. The problem with that decision is not just that it is unfair, but that Alice may have no ability to dispute it. If the insurance company’s reasoning is misinformed, will Alice have a practical way of knowing that and disputing it?

In the long run, the decision about when we retain our location privacy (and the limited circumstances under which we will surrender it) should be set by democratic action and lawmaking. Now is a key moment for organizations that are building and deploying location data infrastructure to show leadership and select designs that are responsible and do not surrender the locational privacy of users simply for expediency.

Amen! And stay tuned...I'll be following this issue as it develops...

Thursday, June 24, 2010

Privacy Advocates Release Social Networking Bill of Rights

Here's some proactive privacy protection news I can get behind. At last week's annual Computers, Freedom, and Privacy (CFP) conference a 14 point Users' Bill of Rights was agreed upon by privacy advocates and is now available for public consumption, feedback, and approval.

I probably don't need to provide the context for these 14 points, but just in case you've been living under a rock these past few months, you know that there's been a series of high profile confronations with company's like Google and Facebook over a growing number of privacy breaches, some clearly intentional, others claimed as accidental.

One thing nearly everybody that cares about privacy can agree on is that we're in desperate need of some "rules of the road" when it comes to privacy on the net. And that's why this is good news.

I'll get to this in greater detail in future posts, but for today's purposes, here's the CFP's 14 "Rights":

1. Honesty: Honor your privacy policy and terms of service.

2. Clarity: Make sure that policies, terms of service, and settings are easy to find and understand.

3. Freedom of speech: Do not delete or modify my data without a clear policy and justification.

4. Empowerment: Support assistive technologies and universal accessibility.

5. Self-protection: Support privacy-enhancing technologies.

6. Data minimization: Minimize the information I am required to provide and share with others.

7. Control: Let me control my data, and don't facilitate sharing it unless I agree first.

8. Predictability: Obtain my prior consent before significantly changing who can see my data.

9. Data portability: Make it easy for me to obtain a copy of my data.

10. Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised.

11. Right to know: Show me how you are using my data and allow me to see who and what has access to it.

12. Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.

13. Right to appeal: Allow me to appeal punitive actions.

14. Right to withdraw: Allow me to delete my account, and remove my data.

As reported on Information Week, "Facebook, which recently rebutted an open letter seeking further protection of users' personal information, said that although it wants to provide a safe and trusted environment for users, "we don't agree with all of the proposed elements of the Bill of Rights for social-network users."


Tuesday, June 22, 2010

Napolitano Seeks Expanded Wiretapping Program and Increased Use of Body Scanners

Wow…it’s been a bad few days on the privacy front. And no, today I’m not talking about Facebook OR Google. The bad news I speak of is coming straight out of the White House and Congress (though I’ll leave Joe Lieberman’s “President should have dictatorial, China like control over the Internet" bill for another time).

Before I get to Homeland Security Secretary Janet Napolitano’s full throated endorsement of Whole Body Imaging machines (“digital strip search), I want to first hone in on her advocacy for expanding the government's wiretapping and internet monitoring capabilities.

Since I’m going to provide a lot of my own analysis on the “digital strip search” issue, I’m going to leave the heavy lifting on this latest Obama Administration betrayal to Elliot D. Cohen, who’s op-ed on Buzzflash entitled Are Napolitano's Mass Spying Powers a Greater Threat to Civil Liberties Than Under Bush?” is particularly frightening…and enlightening.

Cohen writes:

According to a June 18 AP article, Homeland Security Chief Janet Napolitano has defended monitoring Internet communications as a “civil liberties trade-off the US must make to beef up national security.” In addition, she said “it is wrong to believe that if security is embraced, liberty is sacrificed.” Unfortunately, it is incomprehensible how “beefing up” national security can be both a civil liberties trade-off and not a sacrifice of liberty. This contradiction betrays the sad reality that the Obama administration has followed the lead of the Bush administration in escalating the abridgment of civil liberties in the US to protect “national security.”

It should be emphasized that the Internet monitoring that Napolitano is defending is mass warrantless surveillance of millions of Americans. This is significantly different from the FBI’s obtaining a warrant to spy on the conversations of specific individuals where probable cause exists to suggest that they are planning a terrorist attack.

During the Bush administration, the justification for such mass warrantless surveillance had been to gather foreign intelligence. This meant that the government would not intentionally attempt to spy on American citizens. In fact, so-called minimization standards of the FISA Act, including the amendments to it passed in 2008 require the government to make all reasonable accommodations so as not to target American citizens. What Napolitano is saying is therefore illegal because it directly advocates mass surveillance sweeps for the specific purpose of targeting American citizens who may be involved or contemplating involvement in terrorist activities.

This is a chilling expansion of the Bush warrantless surveillance program that was exposed in 2005. It suggests that the Obama administration, far from being more interested than the Bush administration in preserving the civil liberties of Americans, is actually more vigilant in undermining these rights.

For the entire article click here.

Its astonishing how little people on the left have come to grips with the fact that on issues ranging from indefinite detention to rendition to wiretapping to ASSASSINATION OF AMERICAN citizens to use of state secrets to defend Bush Administration civil liberties assaults (something Obama rightly criticized as a candidate) to now OPPOSING whistleblower protections (which he advocated in support of as candidate) to his embrace of all the key Patriot Act provisions he so adamantly criticized as a candidate (and recently even fought behind the scenes to ensure NO REFORMS were added that might protect civil liberties).

Yes, that's right...the DEMOCRATIC Senate, with the impassioned backing of the President (certainly more than he ever was for say a public option), not only voted to renew one of the most egregious legislative assaults (i.e. Patriot Act) on the Constitution ever enacted - a law Democrats promised to reform if not outright end - but what few privacy protections that had recently been added were stripped at the last minute.

Instead, the Senate voted to reauthorize three expiring provisions of the Patriot Act adopted just after the September 11th attacks.

It approved allowing broad warrants to be issued by a secretive court for any type of record, from financial to medical, without the government having to declare that the information sought is connected to a terrorism or espionage investigation.

The Senate also renewed the so-called “roving wiretap” provision, allowing the FBI to obtain wiretaps from the secret court, known as the FISA court, without identifying the target or what method of communication is to be tapped.

Finally, the so-called “lone wolf” measure that allows FISA court warrants for the electronic monitoring of a person for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist was also approved.

Whole Body Imaging

Now that we’ve had that little stroll down nightmare lane, let’s get to Janet Napolitano’s claim that whole-body imaging technology is necessary to combat terrorists who continue to target airliners. She stated:

"The reality is simple: Al-Qaida and other terrorist groups continue to target commercial aviation," Napolitano said in a speech to the American Constitution Society. She added that the groups have sought to use explosives that do not contain metal and, therefore, do not set off alarms at metal detectors. Weapons and explosives have become harder to detect."

Now let me give a little rebuttal. As I wrote in my article "The Politics of Fear and "Whole-Body-Imaging", these full-body scanners use one of two technologies - millimeter wave sensors or backscatter x-rays - to see through clothing, producing images of naked passengers.

As I also lay out in detail, there are MANY reasons to oppose the widespread use of these scanners, from the obvious, privacy, to the less so, they won't make us any safer. In fact, if you define the word "safe" as also including the concept of "safe" from government intrusiveness and corporate profiteering off fear peddling, than I would argue these machines make us less safe, not more.

A Review: Why Airport Body Scanners Should be Opposed

Before embracing this latest "terror fix", we should consider the larger context at work here: for every specific tactic we target with a new, expensive, and often burdensome security apparatus, the terrorist's tactics themselves will change.

Risks can be reduced for a given target, but not eliminated. If we strip searched every single passenger at every airport in the country, terrorists would try to bomb shopping malls or movie theaters.

Before we willfully give up our civil liberties and freedoms, support wars on countries that did nothing to us, and sign off on wasting HUGE amounts of money on ineffectual security systems, consider this: Your chances of getting hit by lightning in one year is 500,000 to 1 while the odds you'll be killed by a terrorist on a plane over 10 years is 10 million to 1.

Does this sound like a threat worthy of increasing the already long list of airline passenger indignities? Isn't suffering through long lines while being shoeless, beltless, waterless, and nail clipper-less enough? Now we've got to be digitally strip searched too?

Then there are the privacy concerns regarding how images could be stored...and just the basic guttural reaction of "screw you I'm not letting you see me naked for no reason!" argument.

The Electronic Privacy Information Center, a public interest research group, published documents in January revealing that the machines can record, store and transmit passenger scans.

Are we really to believe the government won't allow these devices to record any data when the easy "go to" excuse for doing so will be the need to gather and store evidence? What about the ability of some hacker in an airport lounge capturing the data using his wi-fi capable PC - and then filing it to a Flickr album, and then telling of its whereabouts on Twitter?

For these reasons, privacy advocates continue to argue for increased oversight, full disclosure for air travelers, and legal language to protect passengers and keep the TSA from changing policy down the road. Again, what's to stop the TSA from using clearer images or different technology later?

As the ACLU pointed out, "A choice between being groped and being stripped, I don't think we should pretend those are the only choices. People shouldn't be humiliated by their government" in the name of security, nor should they trust that the images will always be kept private. Screeners at LAX (Los Angeles International Airport) could make a fortune off naked virtual images of celebrities...The Bill of Rights extends beyond curbside check-in and if the government insists on using these invasive search techniques, it is imperative that there be vigorous oversight and regulation to protect our privacy. Before these body scanners become the status quo at America's airports, we need to ensure new security technologies are genuinely effective, rather than merely creating a false sense of security."

Number of Airports Using Scanners Increases as Customer Complaints Rise

These Advanced Imaging Technologies will be installed in 18 more airports sometime this year. The machines are already in place in 32 other airports. The TSA plans to install close to 900 body scanners at airports around the U.S. by 2014. About 200 AIT scanners are expected to be deployed by the end of this year at a cost of $130,000 to $170,000 per device.

Is the loss of freedom, privacy, and quality of life a worthwhile trade-off for unproven protections from a terrorist threat that has a 1 in 10 million chance of killing someone over a ten year time period? To me this represents a line that I'd prefer not to cross. What's next? Cavity searches?

Could all this hype be just another way to sell more security technologies? Whether its the BP oil disaster, the Wall Street meltdown, the killing off of the public option, or the mining collapse, there remains a constant in each case: corporate money subverting the public interest. Could that be at play here too? Of course. Though I think overriding even the profit motive in this case is the fear motive (though they fit nicely together)...and the control that gives to those in power.

Walking through a whole-body scanner or taking a pat-down shouldn't be the only two options for citizens living in a free society to travel.

Thursday, June 17, 2010

Advocacy Coalition Urges Facebook to Improve Privacy Protections

In an open letter yesterday, a coalition that included the Electronic Frontier Foundation, the ACLU of Northern California, and the Center for Democracy and Technology, Center for Digital Democracy, Consumer Action, Consumer Watchdog, Electronic Privacy Information Center Privacy Activism, Privacy Lives and the Privacy Rights Clearinghouse urged Facebook to make a host of important privacy improvements that would better protect users.

Before I get to the letter it should be noted that just over two weeks ago Facebook did make some significant improvements to its privacy settings, at least in terms of simplification. Yet, some of the fundamental concerns remain, including the more general the opt-in versus opt-out principle and the default privacy settings...among others.

But don't take it from me, here's some significant clips from the letter itself:

...we are writing to urge you to continue to demonstrate your commitment to the principle of giving users control over how and with whom they share by taking these additional steps:

1) Fix the “app gap” by empowering users to decide exactly which applications can access their personal information.
2) Make “instant personalization” opt-in by default.
3) Do not retain data about specific visitors to third party sites that incorporate “social plugins” or the “like” button unless the site visitor chooses to interact with those tools.
4) Provide users with control over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks.
5) Protect Facebook users from other threats by using an HTTPS connection for all interactions by default.
6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook’s policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends.


The “App Gap”
One issue that must be resolved is the “app gap”: the fact that applications and web sites that use the Facebook Platform can access a user's information if that user's friend—and not the user herself—runs the app or connects with the site. Facebook's latest changes allow users a “nuclear option” to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications.


“Social Plugins
Facebook has recently released a series of “social plugins,” including a “like” button, that allow visitors to an external site to see how other Facebook users have interacted with that site. What has gone largely unannounced is that these plugins provide Facebook with information about every visit to the site by anyone who is logged in to Facebook, whether or not the visitor ever interacts with the plugins or clicks on the “like” button at all.

While we understand that Facebook is anonymizing this data after 90 days, Facebook should not retain any identifiable information for any period of time unless the site visitor actually interacts with Facebook's plugins or buttons. If Facebook wishes to retain aggregate or anonymized information for other purposes, as it states, it needs to make its anonymization procedure public so that its effectiveness can be evaluated. Facebook should also restore the button for logging out of Facebook to a prominent position in the main navigation bar, rather than placing it in a drop-down menu.

Full Control
According to one of Facebook’s earliest privacy policies, none of your personal information was available to anyone who did not belong to at least one of the groups specified by you in your privacy settings. In past months, however, the idea of full control has eroded and been replaced with the concept of “publicly available information.” Facebook has recently removed friend lists and connections from this category by restoring privacy controls for these fields—but other fields remain outside of the user’s control.

We urge Facebook to give users full control over who (or what) can see every piece of their information, including the fields that remain “publicly available,” in keeping with its principle that “People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.” We also encourage Facebook to continue to streamline its privacy settings so that users can easily configure the settings for their personal information. June 16, 2010 Open Letter to Mark Zuckerberg 2


Privacy” and “social” go hand in hand: Users are much more social with people they know and choose, and much less social when their actions and beliefs and connections are disclosed without their control or consent. We are committed to continuing this dialogue with you and ensuring that users can continue to be both social and private on Facebook. We hope you continue to engage with us and your users to make Facebook a trusted place for both public and private sharing. Please make the default “social—and private.”

Click here to read the letter in its entirety.

Wednesday, June 16, 2010

Google Defends Anti-Privacy Actions, Silicon Valley Prepares for a Fight

In case you were thinking Google might admit to wrongdoing and come clean on their latest anti-privacy debacle - the Wi-Spy scandal - you'd be wrong.

Remember what's still at stake for the Google's and Facebook's of the world: Pending internet privacy legislation that MIGHT significantly cut into their ability to make big bucks off user information.

So its in these corporate giant interests to continue to deny, obfuscate, and misdirect.

And let's face it, Google is becoming a champion at all of the above, ala other big time DC players BP, Goldman Sachs, and Merck.

Check out my last post for more details on the Wi-Spy scandal (and many other posts before it for that matter). For now though, here's Google's general response to the questions they have been ordered to answer:

Yes, its Street View cars collected Wi-Fi data in late 2007 and they were fitted on all of Google's Street View cars by early 2008. And yes, the collected Wi-Fi data included MAC addresses, SSID, signal strength, data rate, channel of broadcast and encryption method. But, it says it was only done to improve the accuracy of location-based services. Google stressed again that the collection of payload data was a mistake and that because the system changed channels five times a second, and the car was moving, it was unlikely to have collected more than small fragments.

But Google said it had not conducted any analysis to find out if this was true. In fact the payload data has only been accessed twice - once by the engineer who wrote the code and once as part of the investigation by Google.

The letter said Google had already deleted data collected in Ireland, Denmark and Austria at the request of data protection authorities in those countries, but it has kept the data in the US because of pending legal action.

Google said it did not believe it had broken any laws by accessing open networks. But the letter said: "We emphasize that being lawful and being the right thing to do are two different things, and that collecting payload data was a mistake for which we are profoundly sorry."

It said it was reviewing data collection for all its services to stop similar problems happening again. In total Google collected some 600GB of network data from 30 countries.

So, there you have Google's response...one that I believe about as much as I believe that BP is going to be held adequately responsible for their wholesale destruction of the Gulf Coast.

In the meantime, I want to direct everybody to a good piece in the San Jose Mercury News the other day laying out Silicon Valley's preparation for the coming fight against privacy advocates and (hopefully) the government on issues that have been raised by the WATERFALL of recent revelations spurred by companies like Google and Facebook (which I have been reporting here for a long time now).

As I have said, the backdrop to all this is the major online privacy legislation being debated in Congress to curtail and regulate the myriad of ways consumer rights are being violated for profit every single day on the net by companies like these two. Let's face it, personal data is an industry of its own now, and the ability of these companies to mine it, share it and sell it, without our permission or knowledge, is worth BILLIONS in profits.

The Mercury News reports:

"While privacy concerns have ebbed and flowed, I think it is fair to say that they are at an all-time high now," said Jim Dempsey, vice president for public policy for the Center for Democracy & Technology, a Washington-based nonprofit that works to protect both Internet innovation and privacy.

The conflict only intensified Friday after Google delivered a detailed response to the House Commerce Committee, denying that the company broke U.S. law when it inadvertently scooped up data from unsecured Wi-Fi networks as its Street View cars drove past private homes and businesses. That did not satisfy U.S. Rep. Joe Barton, R-Texas, co-chairman of the House Privacy Caucus, who called for hearings.

With the chairman of the House Judiciary Committee, Rep. John Conyers, D-Mich., asking both Google and Facebook for a broader explanation of their privacy practices, the Federal Communications Commission in a post Friday on its official blog highlighted the security loophole that allowed the e-mail addresses of 114,000 users of Apple's new iPad to become accessible.

"Google's behavior also raises important concerns," wrote Joel Gurin, who heads FCC's Consumer and Governmental Affairs Bureau. "Whether intentional or not, collecting information sent over Wi-Fi networks clearly infringes on consumer privacy."

The bill before Congress now would determine how Internet companies could collect personal data, and what warnings they would have to give to consumers.


In 2009, Google spent about $4 million on its lobbying efforts, up from $260,000 in 2005, according to U.S. Senate records. By the end of the first quarter of 2010, Google had already spent $182,800, nearly two-thirds of what it spent during the entire 2008 election cycle, in contributions to congressional candidates, according to federal data collected by OpenSecrets.org.


Privacy advocates say Silicon Valley, by using people's demographic data and online histories as the currency that pays for online services through targeted advertising, is causing the conflict with Washington.

"I think it is part of the shifting directions of Facebook and Google," said Marc Rotenberg, of the Electronic Privacy Information Center. "Silicon Valley has now gotten itself mired deeply in privacy-related business models. I think that's what Washington is reacting to."

But even members of Congress who represent Silicon Valley and say the ability of Internet companies to innovate must be protected, including Rep. Zoe Lofgren, D-San Jose, and Rep. Anna Eshoo, D-Palo Alto, also say their constituents are concerned about their online privacy, and that hearings and privacy legislation may be necessary.

According to a joint poll by UC Berkeley and the University of Pennsylvania, 55 percent of adults were more concerned about online privacy than they were five years ago and just 6 percent were less concerned. "People are very concerned about their data," said Joseph Turow, a professor at Penn's Annenberg School for Communication who worked on the poll, "but the way the world is today, you have to go online."

Once again, we've got a clear conflict between the public interest (as with Wall St, Big Oil, Big Pharma, Chemical, etc.) and corporate interests. It is these competing interests that continue to lock horns in DC and in state capitols across the country...with corporate interests and the almighty dollar nearly ALWAYS getting the upper hand...regardless of public opinion or verifiable fact.

Don't get me wrong, in no way am I saying that companies like Google do the kind of damage as do those other industries I listed (or Facebook for that matter) that would be absurd (Goldman Sachs and BP's of world are in their own universe). What I am saying is the corporate ethos is clear: maximize profit for shareholders...by law...so when billions of dollars are at stake, the public interest is what gets left behind...

This internet privacy legislation epitomizes this conflict, and will far in determining which direction our country as it relates to this new, information and data industry versus the privacy rights of Americans.

Monday, June 14, 2010

Google Wi-Spy Scandal Update: Company Had "Criminal Intent"

The Google Wi-Spy scandal is looking more and more like the makings of a great screen play for the next dystopian techno-future thriller...coming to theaters near you.

Of course, there's always the far out possibility that Google is telling the truth and they just happened to be sucking up all this user data on accident, but I find that just a tad hard to believe.

For those unaware, here's the backdrop: A few weeks ago the corporate giant admitted (after lying at first) that its StreetView cars were gathering private information from unaware local residents as they photographed neighborhoods - yet again demonstrating the company’s lack of concern for privacy and the need for government inspection of the data the company is collecting and storing.

Google first revealed that Street View cars were collecting wireless data in April, but said that no personal data from Wi-Fi networks was involved. But an audit requested by German regulators forced the company to admit, or "discover", that it indeed HAD been collecting and storing everything from email addresses to web searches.

As a result, a host of suits have been filed by people accusing Google of violating their privacy and breaking the law. Since then Google has been ordered to make two copies of a hard drive containing data from the United States and turn them over to the court.

Three U.S. lawmakers, concerned Google may have violated U.S. privacy laws, also took action, asking the company to tell them how much personal data was gathered. California Republican Representative Joe Barton, California Democrat Henry Waxman and Massachusetts Democrat Edward Markey said in a letter to Google's Chief Executive Eric Schmidt that they also wanted to know how Google planned to use that information.

Lawyers suing Google have asserted that the company deliberately programmed its Street View cars to collect private data from open Wi-Fi networks, despite claims to the contrary. This assertion has been backed up by an independent report by Privacy International (PI) that details what kind of data Google's code did and did not collect, as well as how it was processed and stored.

The program, called "gslite", sniffed packets from unprotected WiFi networks as Google's Street View cars rolled down the street, separating out encrypted and unencrypted content. The encrypted data was dumped while the unencrypted data was then written to the car's hard drive.

Because of this specific behavior of the program, PI says it's clear that Google made no mistake at all—"It is a criminal act commissioned with intent to breach the privacy of communications," wrote PI. The group says that some jurisdictions allow for accidental interception of data, but that Google clearly had "intent to intercept" and therefore is in violation of criminal law.

Also indicating "intent" on Google's part was the discovery of a patent application describing a method to increase the accuracy of location-based services — services that would allow advertisers or others to know almost the exact location of a mobile phone or other computing device. The patent application involves intercepting data and analyzing the timing of transmission as part of the method for pinpointing user locations.

The so-called “776″ patent application, published by the U.S. Patent and Trademark Office in January, describes “one or more of the methods” by which Google collects information for its Street View program.

According to former prosecutor Paul Ohm, Google “likely” breached a U.S. federal criminal statute — but not for siphoning private data from internet surfers using unsecured networks. Ohm believes Google didn't violate wiretap regulations, but instead might have breached the Pen Register and Trap and Traces Device Act for intercepting the metadata and address information alongside the content.

“I think it’s likely they committed a criminal misdemeanor of the Pen Register and Trap and Traces Device Act,” said Ohm, a prosecutor from 2001 to 2005 in the Justice Department’s Computer Crime and Intellectual Property Section. “For every packet they intercepted, not only did they get the content, they also have your IP address and destination IP address that they intercepted. The e-mail message from you to somebody else, the ‘to’ and ‘from’ line is also intercepted.”


Ohm and other privacy scholars suggest that loopholes would make it difficult for the government to bring a wiretapping case. Wiretap Act violations are felonies, and the act can be invoked in civil court.

As far as a criminal court goes, it is not considered wiretapping “to intercept or access an electronic communication made through an electronic communication system that is configured to that such electronic communication is readily accessible to the general public.”

It is not known how many non-password-protected Wi-Fi networks there are in the United States.

If this isn’t illegal to do this, then it could be OK for the government,” said Kevin Bankston, an Electronic Frontier Foundation attorney.

Click here to read more.

In other words...this is getting good.

Friday, June 11, 2010

Top 8 Things You Shouldn't Give Social Networking Sites

For the purposes of today, I'm going to simply reprint in full the press release recently sent out by my friends at the Privacy Rights Clearinghouse (PRC) on the top 8 things you shouldn't give social netorking sites. I can say honestly that I was not aware of all of these myself, so I think these are some especially useful suggestions.

From PRC: While websites like Facebook and MySpace make it easy to share vacation photos with old classmates, the personal information on social networks is also attracting people besides friends and family members. Scam artists, identity thieves, debt collectors, stalkers, hiring managers, and companies looking for a marketing advantage are turning to social networking sites to gather valuable information. Before you publish your next status update, take care that you aren’t risking your identity, security or reputation.

Below are eight things you shouldn’t give to a social network -- when signing up for an account, posting content or interacting with your contacts through the network.

1. Access to your email account. During the registration process, social networks often solicit a new user to provide an email address and account password so they can access the user’s email address book. To be safe, don’t provide this information at all. There are some social networks that capture a user’s email contacts and then solicit them - often repeatedly - to join. If you consider providing an email address and account password to a social network, read all agreements (including the privacy policy) very carefully before clicking on them.

2. An email address associated with your professional life. Never provide a work-associated email to a social network, especially when signing up. Consider creating a new email address strictly to connect with your social networking profile(s). Jobseekers should take special care to keep professional and personal lives separate.

3. Your exact date of birth, especially in combination with your place of birth. Your exact date of birth may be useful to an identity thief. A 2009 study published by researchers at Carnegie Mellon showed that a date and place of birth could be used to predict most, and sometimes all, of the nine digits of one’s Social Security number. If you do decide to post your birthday, use privacy settings to restrict the visibility of this information and don’t provide the year.

4. Your browsing history. Delete cookies, including flash cookies, every time you leave a social networking site. Also consider using a proxy server to mask your IP address, such as Tor. See PRC Fact Sheet 18: Privacy and the Internet

5. Vacation Plans. Don’t publicize vacation plans, especially the dates you’ll be traveling. Remember, no matter how carefully you construct your privacy settings, there’s no guarantee that what you post won’t become known to unauthorized viewers.

6. Public posts with your address, phone number or email address. Don’t post your address, phone number or email address on a social network profile or status update. Scam artists as well as marketing companies may be looking for this kind of information. If you do choose to post any portion of this, use privacy settings to restrict it to approved contacts. Be especially wary of providing a GPS location of your home. If you use a location-aware social network, use extra caution! Don’t publicize the location of your home because people will know when you are not there. (See Please Rob Me - Raising Awareness about Oversharing)

7. Compromising, sensitive, embarrassing or inflammatory pictures or posts. Remember that whatever goes on a network might eventually be seen by people not in the intended audience. Think about whether you would want a stranger, an insurance company, the government, your mother or a potential boss to see certain information or pictures. Don’t be afraid to ask to have content removed. Read more about what information is public on social networks.

8. Money. Be wary of requests for money, even if they are from contacts you know and trust. If a contact’s account is compromised, a scam artist may use his or her name and account to attempt to defraud others through bogus money requests.

Any individual who participates in social networking sacrifices a certain amount of privacy, but a savvy user can limit what they share. Remember, the strongest tools users have to defend their personal privacy on social networking sites are common sense, caution and skepticism.

Read more about social networking privacy - including 18 more vital tips for protecting personal privacy- by reading PRC’s newest fact sheet Social Networking Privacy: How to be Safe, Secure and Social

Tuesday, June 8, 2010

Facebook and Google Update: Who's Worse on Privacy?

I of course can't answer this question...as each corporate goliath seems to want to out "anti-privacy" the other. For more of a backdrop on the long lists of privacy outrages perpetrated by these two companies just take a look at any number of my past posts.

For today, I just want to give a quick update on the latest...as Google tries to defend its lifting of peoples internet usage details through its Wi-Fy technology, and Facebook's attempt to improve its grossly confusing and deeply flawed privacy settings (and the lawsuits against it).

As for Facebook, its been sued by a user for allegedly sharing his personal information with advertisers. The complaint alleges that Facebook violated its own privacy policy by disclosing to advertisers a host of information about users who click on ads, including their real names, current cities, schools attended and friend lists.

More specifically, Facebook sends "referrer headers" to advertisers whenever people click on ads. Once marketers have those headers, advertisers "can simply navigate back to the specific user's profile and obtain any personal information the user has made publicly available," Gould alleges in his lawsuit. "And remember," he adds, "the default privacy settings that many users never change make the user's name, photo and more available."

Researchers have recently concluded that many social networking sites "leak" personally identifiable information by including it in the HTTP header information that is automatically sent to ad networks. Harvard professor Ben Edelman said last month that Facebook automatically embeds a profile tag in referring URLs when users view their own profile pages.

Meanwhile, as reported in the National Post, Facebook's CEO Mark Zuckerberg continues to stumble and bumble his way around the issue of privacy. Listening to Google's Eric Schmidt and Zuckerberg try and discuss privacy all I keep thinking is "these guys can't be trusted to protect any of our information from anyone!".

According to multiple reports from bloggers, journalists and Twitterers, Facebook's CEO sidestepped questions about facebook privacy rather than giving the conference audience real, thoughtful answers. Here are a few gems:

"Zuckerberg doesn't seem to be helping Facebook with his latest statements concerning privacy....while some of the recent Facebook changes have helped users find and better control their data, Facebook's default settings tend to give users less, rather than more, privacy. When asked about this, he didn't directly address the policy. I took his answer to mean that he thinks the Facebook model works best when people share more. While this is certainly true for Facebook, it ain't necessarily the case for users who want to keep their private data, well, private."

"OK, I'm not sure what button I hit on Facebook's privacy settings, but I just found Mark Zuckerberg in my home going through my photo albums," wrote timcarvell. And Jason tweeted: "Zuckerberg had a Nixon moment tonight. People at conference are talking about the most insane meltdown ever."

Ezra Gottheil, an analyst with Technology Business Research, said he's surprised that Zuckerberg went to the conference apparently unprepared for predictably tough questions about privacy.

"The issue is one of trust," said Gottheil. "If users' concerns are heightened, and they don't trust that the company understands their concerns, that increases their worries. I think [Zuckerberg] could have handled it better, but he was in a difficult position. First, his company has not done well in the past. Second, he has an embarrassing back story. And third, there's a real trade-off between protecting and monetizing people's information."

Gottheil also said Zuckerberg's presentation came off as though the company is simply waiting for this privacy brouhaha to pass.

"I don't think they've quite come to terms with the need for strong privacy defaults and opt-outs," added Gottheil. "They're hoping this kerfuffle will pass, and they can continue their old pattern of passively encouraging users to keep their privacy settings weak."
Facebook has been knocked about recently because of user concerns that the social networking firm is playing fast and loose with user information. Criticism mounted significantly last month after Facebook unveiled a bevy of tools that allow user information to be shared with other Web sites.

More from Matt Hartley of National Post:

...Mark Zuckerberg is the one with the vision of a world where the Internet is no longer a private and anonymous experience, but rather a social tapestry, where people share their daily digital travels with not only their friends, but the rest of the world.

He’s the one who wanted to make it so that Facebook’s nearly 500 million users would be forced to share more of themselves with the outside world. He’s the one who believes that social norms are changing, that privacy is no longer the default setting coveted by Web users and that “a world that’s more open and connected is a better world.”

...Never before has the world seen something like Facebook. Not since the birth of the Internet itself has such a disruptive technology changed the way we interact and experience the world around us. Average users and privacy watchdogs have only recently begun to understand the intricacies of the House that Zuck Built.

For many Web users...Facebook is their base of operations on the Web. Facebook is literally the public face they present to the world, it is their social circle and it is a perpetually updated yearbook all rolled into one. It’s the little piece of online real estate they can call home.


Over the past six months, Facebook has unleashed a number of alterations to its privacy controls that not only made more of its users’ personal data public by default, but also swelled the company’s privacy options to 50 buttons, 170 choices and a word count that surpassed even the United States Constitution.

This week, Facebook bowed to public pressure and simplified its privacy settings, creating one single page where users can control whether their information can be seen by their friends, friends of friends or everyone on the Web. Facebook also enabled users to block outside software developers -- the makers of the addictive games and quiz features that have become a staple of the service -- from accessing their personal information.

Facebook’s citizens are angry. Many feel betrayed by a site which started out by offering them a chance to reconnect with long lost friends, organize parties and share photos in what felt like a closed, personal -- even private -- setting.

It’s as though Facebook has broken an unwritten social networking contract with its users...With Facebook, users were willing to enter into the social networking contract offered by the company. In exchange for a personal homepage, a mechanism for connecting with friends, users were willing to let Facebook make money by helping marketers advertise to them based on the information in their profiles.

As Facebook’s audience grew, so did the company’s value to marketers. Based on the information at Facebook’s disposal, advertisers could tailor their marketing to smaller and more targeted groups. Instead of advertising on car Websites outside Facebook, marketers could have their messages appear beside only the Facebook profiles belonging to users who said they liked Honda Civics or Ford Mustangs, thereby maximizing the return on their investment.

The problem is, Facebook kept changing the terms of the user contract. Information that wasn’t meant to be public became widely available. Default settings were changed so that more information could be shared with the wider Web.

Of course, this was all part of Mr. Zuckerberg’s plan to gradually spread Facebook’s tentacles across the Web, through new social features and open graphs. The idea was that Facebook would become the default social standard that would blanket the Web.

Mr. Zuckerberg’s vision is a world where newspaper Websites can show you stories recommended by your Facebook friends, where retailers can suggest items you might like based on your Facebook interests and where Internet radio stations customize playlists based on your favourite bands and the songs your friends say they like.

Just as newspapers and magazines are only as valuable to advertisers as their reader base, Facebook’s value lies in its collection of members. Mr. Zuckerberg knows this. Without its captive user base sharing their lives with each other and with Facebook, the company wouldn’t be worth an estimated US$15-billion.

Facebook’s challenge lies in finding ways to encourage its users to open up about themselves, to share more information publicly, safe in the knowledge that it’s not just good for Facebook, but it’s good for them too. But after this recent user backlash, questions are now being raised about just how social we’re willing to be online. In an op-ed piece in the Washington Post this week, Mr. Zuckerberg admitted that perhaps Facebook moved too quickly in its quest to find new ways to “connect with the social Web and each other.”

Mr. Zuckerberg believes that the social norm has evolved over time and that people are less concerned about privacy and more willing to share today than ever before. Maybe he’s right. How else do we explain our obsession with Facebook, reality television, blogging and services like Twitter?

Of course, the mere existence of Facebook as a central tenet of Western culture will continue to alter our notions of privacy. Things we consider private today may seem inconsequential in five years time.

Lawyers Claim Google Wi-Fi Sniffing ‘Is Not an Accident’

Now to Google and its Wi-Fi networks scandal. Lawyers suing Google are now claiming they have discovered evidence in a patent application that Google deliberately programmed its Street View cars to collect private data from open Wi-Fi networks, despite claims to the contrary.

“At this point, it is our belief that it is not an accident,” said Brooks Cooper, an Oregon attorney suing Google in one of several class actions lawsuits around the country arising from Google’s disclosure that its Street View cars intercepted Wi-Fi traffic around the world. Google has described the sniffing as a coding error.

The evidence is a 2008 Google patent application describing a method to increase the accuracy of location-based services — services that would allow advertisers or others to know almost the exact location of a mobile phone or other computing device. The patent application involves intercepting data and analyzing the timing of transmission as part of the method for pinpointing user locations.

The so-called “776″ patent application, published by the U.S. Patent and Trademark Office in January, describes “one or more of the methods” by which Google collects information for its Street View program.

More from the article: Whether Google willfully sniffed out internet traffic on unsecured Wi-Fi hotspots in dozens of countries is an enormous public relations headache. It also carries huge legal and monetary ramifications in the United States, where the Mountain View, California, internet giant is being sued for privacy violations in multiple federal courthouses.

Among other reasons, Google might escape liability if it accidentally collected and never divulged the data, which includes web pages users visited or pieces of e-mail, video, audio and document files.


Street View is part of Google Maps and Google Earth, and provides panoramic pictures of streets and their surroundings across the globe. The internet giant has maintained the collection of data was inadvertent –- the result of a programming error with code written for an early experimental project that wound up on the Street View code. Google said it didn’t realize it was sniffing packets of data on unsecured Wi-Fi networks in dozens of countries for the last three years, until German privacy authorities began questioning what data Google’s Street View cameras were collecting.

Interestingly enough, Google is attempting to patent the very same Wi-Fi technology it has used to snoop on users in more than 30 countries.

A patent application describes a method devised by Google for gathering and analyzing data sent via wireless access points. The application says the device "may be placed in a vehicle and data may be obtained continuously or at predetermined time increments" and that the speed of the vehicle "may be factored into the analysis,".

Corporate crime (look at BP and Goldman Sachs), and outright deceit, are rapidly becoming the accepted norm in this country. What about Google's previous assurances that its Street View cars catalogued SSID and MAC addresses of wireless access points but didn't examine the actual payloads that traveled between them and users connected to them?

When do we say enough is enough?

Click here to read more.

Wednesday, June 2, 2010

California Bill Protecting Electronic Toll User Privacy Passes Senate

Some good news on the state privacy front. A bill that we (CFC) have endorsed by Senator Joe Simitian (a privacy stalwart) that would bar California transportation agencies from selling details about travelers' commuting habits and other personal information passed the Senate by a vote of 24 to 10 on Tuesday. It still boggles my mind that 10 senators thought even this is asking too much. The bill now moves to the Assembly.

To be sure, these are important privacy protections for users of electronic toll collection systems, like California's FasTrak. Since the inception of FasTrak in the late 1990’s, California has witnessed a growing trend of attorneys, law enforcement agencies, and other entities requesting and obtaining data on FasTrak subscribers and their travel patterns – often simply by presenting the transit agencies with a subpoena. Additionally, subscribers are often not informed that their data is being handed over to a third-party by the various transit entities in these situations.

SB 1268 puts in place a number of protections for personally identifiable information of electronic toll collection subscribers, including, but not limited to: travel pattern data, address, telephone number, bank account information, and credit card information.

SB 1268 would restrict transportation agencies from handing over subscriber information unless a law enforcement agency provides a search warrant, or, in cases in which the delay required in seeking a search warrant would result in an imminent danger to the health or safety of a member of the public, a written statement by the law enforcement agency explaining the nature of the situation. In addition, SB 1268 would provide that in each instance where a subscriber’s personally identifiable information is handed over to a law enforcement agency, the subscriber him or herself must be notified within a reasonable timeframe.

Subscriber privacy has further been put in jeopardy due to storage of subscriber information, including travel pattern data and toll transactions, for indefinite periods of time by transportation agencies. The stored data include information on accounts that have closed and tickets that have been resolved for years. This creates data-rich files on all subscribers, which could then be accessed by third-parties without the permission of the subscriber. SB 1268 would remedy this unnecessary amassing of subscriber data by creating clear guidelines for data retention and data destruction.

Action on the part of the legislature is necessary to ensure consumer privacy is respected, and transit agencies employing electronic toll collection systems are held responsible for their use of subscriber information. Passing the Senate was an important step, and my money is on it passing the Assembly too.

But counting on the Governor to protect privacy is not a comfortable position to be in...probably the most telling indicator of which way Schwarzenegger will lean if the bill does get to his desk is the amount of money he has received from the interests opposing this legislation. I'll look into that in a future post...