tag:blogger.com,1999:blog-89944868879851271672024-02-20T13:43:17.138-08:00Privacy Revolt!a project of the Consumer Federation of CaliforniaCFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.comBlogger596125tag:blogger.com,1999:blog-8994486887985127167.post-82324120156135969662012-03-27T13:53:00.001-07:002012-03-27T13:55:39.411-07:00Banning Employers from Requesting Employee Social Media User Names/PasswordsYes, you read that headline correctly,<b> employers are now asking, in increasing numbers</b>, for employee social media (like Facebook) user names and passwords. If that doesn't send chills down the spine of every American who proclaims to believe in a free country, or even the concept of privacy, I don't know what will.<br />
<br />
Let's begin with what we already know about increasing intrusiveness from both government and corporate/employer interests: As of two years ago, <b>Facebook reportedly receives up to 100 demands from the government each week for information</b> about its users. AOL reportedly receives 1,000 demands a month. In 2006, a U.S. Attorney demanded book purchase records of 24,000 Amazon.com customers. Sprint recently disclosed that law enforcement made 8 million requests in 2008 alone for its customer’s cell phone GPS data for purposes of locational tracking. <br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now let's get to the corporate side of this privacy creep. It was Facebook itself no less - a known enemy of privacy and the world’s biggest social networking site - that came out just a few days ago with a statement claiming it was alarmed by reports<b> that some businesses ask potential employees for passwords in order to view private posts</b> and pictures as part of the job-application process. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Before I get to California State Senator Leland Yee's bill, proposed this week to ban this practice, l<b>et me continue with the initial reaction from two US Senators</b> - New York Senator Charles Schumer and Senator Richard Blumenthal - to this hair raising practice. They have asserted the practice could violate federal anti-hacking statutes and have also, thankfully, asked the U.S. Equal Employment Opportunity Commission to examine the practice as well. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.bloomberg.com/news/2012-03-25/lawmakers-call-for-investigation-of-facebook-password-requests.html">As Bloomberg news lays out</a>:</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Blumenthal said that by requiring job applicants to provide login credentials, <b>employers could gain access to protected information that would be impermissible</b> for them to consider when making hiring decisions. Those include religious affiliation and sexual orientation, which are protected categories under federal law.<br /><br />Facebook said on March 23 that <b>accessing such information also could expose businesses</b> to discrimination lawsuits. The company said it might ask policy makers to take action to stop the practice.</i></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br />
...</div>
<div class="MsoNormal">
<br />
<i><b>Facebook and other sites are already used by some potential employers seeking additional background</b> on job applicants because of the personal information posted there. As Facebook has given users additional ways to protect that information from public view, reports have surfaced of employers asking job applicants to voluntarily give them access by providing personal login credentials.</i><br />
...</div>
<div class="MsoNormal">
<i><br />The lawmakers also asked the department to investigate whether<b> the practice violates the Stored Communications Act,</b> which prohibits intentional access to electronic information without authorization or in excess of authorization.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
This reminds me a lot of the legislation that we (the Consumer Federation of California) supported last year - and was signed into law by Governor Brown -<b> that banned the practices of employers checking prospective employees credit reports</b>. Before I remind people a little more about why that was such a HUGE victory for both privacy and economic fairness, let me get to Senator Leland Yee's legislation here in California.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
His legislation would <b>stop employers from formally
requesting or demanding</b> employees or job applicants provide their social media
usernames and passwords.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b style="color: #660000;">As the Yee rightly states,</b> “<i>It is completely unacceptable for an employer to invade
someone’s personal social media accounts.<b> Not only is it
entirely unnecessary, it is an invasion of privacy and unrelated to one’s work
performance or abilities.</b> These outlets are often for the purpose of individuals to
share private information with their closest friends and family. Family photos and non-work social calendars have no bearing on a person’s
ability to do their job and therefore employers have no right to demand to
review it.”</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Rather than formally requesting passwords and usernames,
some employers have demanded applicants and employees to <b>sit down with managers
to review their social media content</b> or fully print out their social media
pages. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: #660000;">
<b>Yee's bill will also prohibit this practice. </b> </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>As I argued in defense of AB 22 (Mendoza) regarding so called "requests",</b> and thus an employee's "choice" to say yes or no, when you're trying to get a job, especially in this economy, its not exactly "voluntary" when coerced by an employer that can fire you, or choose not to hire you. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
As I pointed out last year, and it appears the same is beginning to happen with these kinds of employer requests, a person's
credit rating (which have suffered due to the Great Recession) - also NOT a good indicator of a
person's trustworthiness or work
ethic - were being increasingly demanded by employers (in fact,<b> a whopping 40% of the time!</b>!).
<br />
<br />
E<b>vidence also suggested
that some supervisors factor credit scores </b>into decisions regarding promotion
and evaluation of current workers. Could the same be said for Facebook account content?<br />
<br />
In the case of credit ratings, there was also the consideration of the role<b> credit agency fraud played in the housing bubble
burst</b>, subsequent economic crisis and the reduced credit scores suffered by so
many Americans. In that context, for an employer to discriminate against
someone with a less than stellar credit record is unconscionable. Wall Street excesses and Congress’ weak response have built plenty of barriers
between the jobless and their prospects for future employment. Allowing
employers to use credit checks to deny employment only serves as another
obstacle to getting Californians back to work.</div>
<div class="MsoNormal">
<br />
And to top it all off, <b>credit reports are often inaccurate,</b> and <i>correcting mistaken information is a tedious, time consuming
process,</i> and in the meantime, the job applicant is harmed due to errors by
credit reporting entities.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
That was a great victory for California privacy and basic economic fairness...and so should this latest legislation from Leland Yee and <b>his efforts to end the practice of employers demanding</b> and/or requesting access to employee Facebook pages.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If interested, here's an interview I did on the Rick Smith Show last year regarding AB 22:</div>
<div class="MsoNormal">
<br /></div>
<iframe allowfullscreen="" frameborder="0" height="300" src="http://www.youtube.com/embed/aN43qvUxHKI" width="520"></iframe>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-82761636048105715982012-03-21T16:06:00.004-07:002012-03-21T16:07:58.251-07:00Update: Secret Patriot Act Provision and Domestic Spy DronesThere are two articles I want to alert readers to that directly touch upon two topics I've written about at length on this blog in the past: The Patriot Act and domestic spy drones.<br />
<br />
It was June of last year that I wrote an op-ed for the California Progress Report entitled "<a href="http://www.californiaprogressreport.com/site/patriot-act-and-quiet-death-us-bill-rights">The Patriot Act and the Quiet Death of the US Bill of Rights</a>" (piece was also picked up by Alternet, Common Dreams, and other outlets) in which I touched on concerns being raised by a few Senators regarding a "secret Patriot Act provision".<b> I wrote:</b> <br />
<br />
"<b>Of equal concern is what we still don’t know about how the government might be using the Act, </b>highlighted by recent statements made by US Senators regarding what they termed “secret Patriot Act provisions”. Senator Ron Wyden (D-OR), an outspoken critic of the recent reauthorization, stated, "When the American people find out how their government has secretly interpreted the Patriot Act they will be stunned and they will be angry." As a member of the Senate Intelligence Committee Wyden is in a position to know, as he receives classified briefings from the executive branch.<br />
<br />
In recent years, three other current and former members of the US Senate - Mark Udall (D-CO), Dick Durbin (D-IL), and Russ Feingold (D-WI) - have provided similar warnings. We can't be sure what these senators are referring to, but the evidence suggests, and some assert, that <b>the current administration is using Section 215 of the Patriot Act</b> - a provision that gives the government access to "business records" - as the legal basis for the large-scale collection of cell phone location records.<br />
<br />
The fact that in 2009 Sprint disclosed that <b>law enforcement made 8 million requests in 2008 alon</b>e for its customer’s cell phone GPS data for purposes of locational tracking should only add to these legitimate privacy concerns."<br />
<br />
I bring this up today because<b> two of those Senators are back again</b>, raising those SAME concerns, over that same provision (Section 215), to the Justice Department and the Administration.<br />
<br />
<b>The New York times reports:</b><i> </i><br />
<br />
<i>For more than two years, a handful of Democrats on the Senate intelligence committee<b> have warned that the government is secretly interpreting its surveillance powers</b> under the Patriot Act in a way that would be alarming if the public — or even others in Congress — knew about it.<br /><br />On Thursday, two of those senators — Ron Wyden of Oregon and Mark Udall of Colorado — went further. <b>They said a top-secret intelligence operation that is based on that secret legal theory</b> is not as crucial to national security as executive branch officials have maintained.<br /><br />The senators, <b>who also said that Americans would be “stunned”</b> to know what the government thought the Patriot Act allowed it to do, made their remarks in a letter to Attorney General Eric H. Holder Jr. after a Justice Department official last month told a judge that disclosing anything about the program “could be expected to cause exceptionally grave damage to the national security of the United States.”<br /><br /><b>The Justice Department has argued that disclosing information about its interpretation </b>of the Patriot Act could alert adversaries to how the government collects certain intelligence. <b>It is seeking the dismissal of two Freedom of Information Act lawsuits</b> — by The New York Times and by the American Civil Liberties Union — related to how the Patriot Act has been interpreted.<br /><br />The senators wrote that it was appropriate to keep specific operations secret. But, they said, the <b>government in a democracy must act within publicly understood law </b>so that voters “can ratify or reject decisions made on their behalf” — even if that “obligation to be transparent with the public” creates other challenges.<br /><br />“We would also note that in recent months<b> we have grown increasingly skeptical about the actual value of the ‘intelligence collection operation,’</b> ” they added. “This has come as a surprise to us, as we were initially inclined to take the executive branch’s assertions about the importance of this ‘operation’ at face value.”</i><b> </b><br />
<br />
<b>What we have here is a dual interpretation debate over this provision.</b> We know for instance, that it allows a secret national security court to issue an order allowing the F.B.I. to obtain “any tangible things” in connection with a national security investigation - which include what is referred to as the “business records” like say hotel or credit card records.<br />
<br />
But in addition to that kind of collection, what these Senators appear to be contending is that the government has also interpreted - secretly - that this provision allows some other kind of activity to obtain private <b>information about people who have no link to a terrorism or espionage case.</b><br />
<br />
<b> </b>This is disturbing...to say the least. <b>As I thoroughly documented in my original op-ed,</b> "The Patriot Act was sold as an indispensable weapon in the government’s arsenal to fight and “win” the “War on Terror”. We were assured that the sole purpose of these unprecedented powers granted government were to locate and catch terrorists - not raid the homes of pot dealers and wiretap peace activists. Monitoring political groups and activities deemed “threatening” (i.e. environmentalists, peace activists), expanding the already disastrous and wasteful war on drugs, and spying on journalists isn’t about fighting terrorism, it’s about stifling dissent and consolidating power – at the expense of civil liberties.<br />
<br />
<b>How ironic that the very “tool” hailed as our nation’s protector has instead been used </b>to violate the very Constitutional protections we are allegedly defending from “attack” by outside threats. What was promised as a “temporary”, targeted law to keep us safe from terror has morphed into a rewriting of the Bill of Rights.<br />
<br />
John Whitehead explains: <b>“</b><i><b>The Patriot Act drove a stake through the heart of the Bill of Rights, </b>violating at least six of the ten original amendments–the First, Fourth, Fifth, Sixth, Seventh and Eighth Amendments–and possibly the Thirteenth and Fourteenth Amendments, as well. The Patriot Act also redefined terrorism so broadly that many non-terrorist political activities such as protest marches, demonstrations and civil disobedience were considered potential terrorist acts, thereby rendering anyone desiring to engage in protected First Amendment expressive activities as suspects of the surveillance state.”</i><br />
<br />
<b>I would urge EVERYONE to not just continue to demand this Act be repealed</b>, but also to demand what in fact this secret interpretation is, and for what purposes is it being used. <br />
<br />
With that said<b>, let's move on to another disturbing new development </b>in the dismantling of our civil liberties: the now LEGAL use of domestic drones to spy on innocent American citizens. I recently documented this story in a blog post entitled "<a href="http://consumercal.blogspot.com/2012/02/domestic-spy-drones-approved-by.html">Domestic Spy Drones Approved by Congress".</a><br />
<br />
<b>I want to update you on this story because a fellow privacy advocate - Ryan Calo </b>- recently penned an op-ed on this topic, making some important additional points to those I have, in particular, citing the precedent set by the historic GPS tracking case (which I have also covered in detail here) United States v. Jones.<br />
<br />
<a href="http://www.wired.com/threatlevel/2012/03/opinion-calo-drones-dogs-privacy/">In Wired magazine, he writes</a>, "T<i>he Electronic Frontier Foundation is <b>suing the FAA to release records of who has asked for permission to use drones</b>. The ACLU recently issued a report on drones and privacy. The D.C.-based Electronic Privacy Information Center filed a petition asking the FAA to consider privacy as the agency opens American skies to unmanned flight.<br /><br />It is easy to see why these and other groups are concerned: It turns out that there is very little in American privacy law that would prohibit drone surveillance within our borders.</i><br />
<br />
...<br />
<br />
<i>The prospect of excessive surveillance through technology was recently front and center in United States v. Jones — a case before the Supreme Court involving global position systems. Every one of <b>the nine justices agreed that the police need a warrant before affixing a GPS device</b> to a car and following a suspect for a prolonged period, even where the defendant’s movements take place entirely in public.</i><br />
<br />
<i><b>And yet for the majority, it was ultimately the act of physically attaching</b> the device to the car that triggered the warrant requirement. Drones can follow a car without the need to attach anything.<br /><br />Jones is getting a lot of attention.<b> The FBI reportedly turned off thousands of GPS devices</b> in response to the ruling. There is a second case before the Supreme Court right now, however, that has yet to raise red flags in privacy and technology circles.</i><br />
<br />
<i>In Florida v. Jardines, the nation’s highest court <b>will consider whether the police need a warrant before a dog can sniff your house</b>. Dogs can already sniff your bags at the airport or your car at a checkpoint on the theory that no human searches through your belongings unless and until the dog detects contraband — at which point your expectation of privacy is no longer considered reasonable.</i><br />
<i><br />The question before the Court in Jardines is <b>whether officers suddenly need a warrant</b> because the container being sniffed happens to be your house.<br /><br /><b>The conceptual leap from dogs to drones is shorter than you might think</b>. As Burkhard Bilger recently wrote in a New Yorker piece about the NYPD’s K9 unit: “Canine police tend to talk about their dogs as if they were mechanical devices. They describe them as tools or technology.”<br /><br />Police may not peer into the interior of a house using thermal imaging. <b>But perhaps they could equip a drone with thermal or chemical sensors </b>and let it loose to roam a neighborhood in search of invisible infractions such as indoor marijuana. No human would have to see the data unless or until the drone spotted a violation.<br /><br />The wrong decision in Jardines makes this and similar surveillance scenarios uncomfortably plausible. Drones are a versatile technology. They have great potential to assist in investigations, scientific research, disaster relief and countless other human pursuits. B<b>ut the FAA needs to take seriously the legitimate concerns of civil-liberties group</b>s, lest our privacy go to the dogs.</i><br />
<br />
<b>As I wrote in my blog</b>, the "GREAT Jim Hightower frames this attack on privacy the best when he wrote: <br />
<br />
<i>"Look, up in the sky! Neither a bird nor Superman, the next must-have toy for assorted police agencies is the unmanned aerial vehicle, better known as drones. Yes, the same miniaturized aircraft that lets the military wage war with a remote-controlled, error-prone death machine is headed to your sky, if the authorities have their way. Already,<b> Homeland Security officials have deployed one to a Texas sheriff's office to demonstrate its crime-fighting efficacy, </b>and federal aviation officials are presently proposing new airspace rules to help eager departments throughout the country get their drones.<br /><br />But airspace problems are nothing compared to the <b>as-yet-unaddressed Fourth Amendment problems that come with putting cheap</b>, flying-surveillance cameras in the air. As usual, this techno-whiz gadget is being rationalized as nothing more than an enhanced eye on crime. But the drone doesn't just monitor a particular person or criminal activity, it can continuously spy on an entire city, with no warrant to restrict its inevitable invasion of innocent people's privacy. Drones will collect video images of identifiable people. Who will see that information? How will it be used? Will it be retained? By its nature, this is an invasive, all-encompassing spy eye that will tempt authorities to go on fishing expeditions. The biggest question is the one that is not even being asked: Who will watch the watchers?."</i><br />
<br />
We would do well to - sooner rather than later - to recognize the inherent and fundamental value that privacy provides ANY claimed democracy. Without one there can not be the other..<br />
<br />
Stay tuned...CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-69737519289668555732012-03-20T13:50:00.001-07:002012-03-26T10:02:29.633-07:00California Legislation to Address Police Tracking/Storing License Plate Info and Driver LocationsCalifornia privacy stalwart - State Senator Joe Simitian - is back again with another critically important bill. SB 1330 will address what has become <b>one of the fastest-growing trends in law enforcement</b> - including private industry: <b>monitoring and compiling license-plate records</b> (<span style="font-family: "Palatino Linotype"; font-size: 12pt;">license plate recognition technology, or LPR) </span>on both innocent and criminal drivers which that can then be searched by police.<br />
<br />
It goes without saying that this locational tracking of potentially every driver on the road is a threat to privacy. To date, the courts have only begun to address whether investigators can secretly attach a GPS monitoring device to cars without a warrant (the Supreme just ruled they can't).<br />
<br />
This ruling hasn't however deterred police from across the country - and companies like Vigilant Video - from utilizing these high-tech
scanners on the exterior of their cars <b>to take a picture of
every passing license plate and automatically compare them</b> to
databases of outstanding warrants, stolen cars and wanted bank robbers.<br />
<br />
As alluded to, these scanners are employed by a variety of law enforcement agencies,
asset recovery companies and financial institutions, among other
organizations. While they are admittedly a valuable resource for law
enforcement, <b>they are also valuable to private entities wishing to
acquire or sell data about people’s movements and habits. </b><br />
<br />
In fact,<b> we have learned that some private entities utilize “scout cars”</b>
whose sole purpose is to acquire LPR data; such entities possess
millions of LPR data points, and claim to scan 40 percent of vehicles in
the country on an annual basis. <br />
<br />
<b>This volume of LPR data can provide a roadmap to an individual’s
personal life </b>including his or her movements, activities, medical
conditions, friendships, religious practices, vocation, political
beliefs, etc. This poses a serious risk to Californians’ constitutional
right to privacy, especially since LPR data is acquired <b>without an
individual’s knowledge or consent. </b><br />
<br />
Senator Simitian's bill offers a critical safeguard to Californians’ constitutional right to privacy by modeling itself on existing state law governing 1) the use of LPR scanners and data by the California Highway Patrol, and 2) the disclosure of information acquired by transportation agencies through electronic toll collection systems (another bill Senator Simitian recently authored). Most importantly,<b> the law would limit the time enforcement agencies in California can retain such data</b> captured by these license-plate scanners to 60 days, except when the information is being used in felony investigations.<br />
<br />
<b><a href="http://consumercal.org/article.php?id=1936">As reported in California Watch</a>:</b><br />
<br />
<i>Simitian said in an interview that <b>there’s a critical distinction between consumers who voluntarily choose</b> to turn over private information to Internet companies like Facebook and technologies that quietly collect information on drivers.<br /><br />He helped hammer out the guidelines in place for the highway patrol and said balancing privacy protections enshrined in the state’s constitution with the tools police need to improve public safety is part of the legislative process. “I don’t think the two are mutually exclusive,” Simitian said.<br /><br /><b>Lee Tien of the Electronic Frontier Foundation</b>, a digital and privacy rights group based in San Francisco, said it’s “a good attempt at beginning to address the issue.” The foundation so far plans to support the legislation, Tien said.<br /><br />The bill also would<b> prohibit police from turning the data over to entities that are not engaged in law enforcement, such as private companies.</b><br /><br />Simitian’s proposal comes after California Watch<b> </b>reported in January that a Livermore-based company called <b>Vigilant Video had amassed more than a half-billion bits </b>of information on drivers from license-plate scanners. <b>The data come both from police who agree to turn it over for nationwide </b>searches and <b>auto-repossession companies that help banks track down debtors </b>who are delinquent on their car payments.<br /><br />A company sales manager previously told California Watch that about<b> 1,200 new law enforcement users are signed up every month to search the database, </b>known as the National Vehicle Location Service. While using the devices to nab wanted suspects in real time has a clear value for police, storing historical data from the units is equally alluring to police who are aware of its powerful intelligence value.<br /><br /><b>Simitian’s bill also would restrict companies like Vigilant, limiting the amount of time data can be held to 60 days</b>, barring them from selling it or giving the data to anyone who is not a law enforcement officer, and making data available to police only when a search warrant has established probable cause. Vigilant says only approved law enforcement officials can sign up to search the National Vehicle Location Service. </i><br />
<br />
Senator Simitian's legislation will be AGGRESSIVELY supported by a broad coalition of privacy and consumer advocates as it strikes a balance between law enforcement’s legitimate use of LPR scanners for public safety purposes, and Californians’ right to privacy.CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-57717788163051193772012-03-14T15:11:00.003-07:002012-03-15T07:00:36.018-07:005 Ways To Protect Online PrivacyDue to serious time constraints I'm going to refrain from much personal pontificating today and go straight to a great piece by Alternet's David Rosen entitled "<b><a href="http://www.alternet.org/story/154419/you_are_being_tracked_online_here_are_5_ways_to_protect_your_privacy">Your Are Being Tracked Online: Here Are 5 Ways to Protect Your Privacy</a></b>". Suffice to say, he lays out a number of the issues I've been covering on this blog, including ways that you can protect your own privacy, but more importantly, as I often argue, what kinds of rules and protections are needed to make this task easier - <b>and give people more power over their data and what's done with it.</b><br />
<br />
I think his general analysis of the President's Consumer Privacy Bill of Rights is on point too...namely, that <b>while conceptually its got a lot of good stuff, there's not a lot of reason</b> to be optimistic that it will end up being very strong, due to deference to the Congress and/or appeasement of big business interests when the time comes to fight for what's most important.<br />
<br />
<b>He also delves into the detrimental effects to privacy of media consolidation</b> as well as the shift from paper based media to digitally based....which forces these companies to find new ways (like behavioral tracking) to raise revenue to stay afloat.<br />
<br />
With that said<b>, <span style="color: #990000;">here's a few of the most important passages of his piece in case you don't have the time to read the whole thing:</span></b><br />
<br />
<i>Overlooked by the media, the Federal Trade Commission issued a warning earlier in February over <b>apparent violations of children’s privacy rights involving the operating systems of the Apple iPhone</b> and iPad as well as Google’s Android and their respective apps developers. Its report, "Mobile Apps for Kids," examined 8,000 mobile apps designed for children and found that parents couldn’t safeguard the personal information the app maker collected.<br /><br />To illustrate how pernicious this practice is, one iPhone app, Path, offered by a Singapore developer, <b>downloaded an iPhone users' entire address book without alerting them.</b> Prodded by a letter from Congressmen Henry Waxman (D-CA) and G.K. Butterfield (D-NC), Apple’s CEO Tim Cook said the company will ensure that app developers get permission before downloading a user's address book.<br /><b><br />The battle over your personal data is principally about ad spending.</b> The mass media is witnessing a shift from “broadcast” media like newspapers, radio and TV to “targeted” media like website ads, search capabilities and social networks. The consequences for newspapers and magazines are clear; TV is fighting to hold onto every ad dollar with a new “social TV” initiative. <b>And your personal information is what enables targeted advertising. </b><br />...<br /><br /><b>Two industries, advertising and data brokers, principally drive the colonization of digital personal information.</b> Traditional online usage practices such as monitoring of sites visited, ad click-throughs and email keywords are the bread and butter of information capture.<br /><br />At a Senate hearing in September 2007 reviewing Google’s acquisition of DoubleClick, Sen. Herb Kohl warned, "<b>The antitrust laws were written more than a century ago </b>out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers’ pocketbooks. <b>No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests</b> of our ciitzens so essential to our democracy."<br /><br /><b>The merger of these two ad-serving businesses</b> set the stage of greater integration of personal information gathering and the online ad industry.<br /><br />According to Forrester Research, <b>total online advertising will more than double over the next five years,</b> jumping from the 2011 estimate of $34.5 billion to $76.6 billion by 2016. Giving some texture to these numbers, eMarketing estimates that the top five online services control more than 70 percent of all monies spent. These five (and their relative market share) are: Google (43.5%), Yahoo! (11.9%), Facebook (7.7%), Microsoft (5.4%) and AOL (2.8%)<br /><br /><b>Facebook collects two types of information</b>: (i) personal details provided by a user and (ii) usage data collected automatically as the user spends time at the site clicking around. When joining Facebook, a user discloses such information as name, email address, telephone number, address, gender and schools attended. In addition, it records a user’s online usage patterns, including the browser they use, the user's IP address and how long they spend logged into the site.<br /><br />...<br /><br /><b>More pernicious, your personal Social Security number, phone numbers, credit card numbers,</b> medical prescriptions, shopping habits, political affiliations and sexual orientation are now fodder for both corporate and government exploitation.<br /><br />Both the <b>ad agencies and data brokers have information capture down to a bad science</b>. They track your every keystroke, your every order and bill payment, words and phrases in your emails and your every mobile movement.<br /><br /><b>And your personal information is pretty cheap as the following examples illustrate</b>: address - $0.50; phone number - $0.25; unpublished phone number - $17.50; cell phone number - $10; Social Security number - $8; drivers license - $3; marriage/divorce - $7.95; education background - $12; employment history - $13; credit history - $9; bankruptcy information - $26.50; shareholder information - $1.50; lawsuit history – $2.95; felony record - $16; sex offender status - $13; and voter registration - $0.25. [Source: www.turbulence.org]<br /><br />...<br /><br /><b>1. Privacy needs to be made a right.</b><br /><br />“Privacy” is an implied – as distinguished from an explicit – right guaranteed by the Constitution. For all the rights suggested in the White House’s white paper, no new real right to privacy is proposed.<br /><br />...<br /><br /><b>2. Regulation should replace voluntary compliance.</b><br /><br />The White House program is based on the various interested parties, particularly online advertising companies, adopting a voluntary compliance commitment to safeguard people’s online privacy. But will self-regulation work?<br /><br />...<br /><b><br />3. Data vendors should be held accountable.</b><br /><br />The White House document calls for data brokers to permit consumer reasonable access to the data they collect. It encourages the collectors to provide a mechanism for review, revision and limits to its use.<br /><br />...<br /><b><br />4. Bar federal agencies from buying private data.</b><br /><br />The white paper fails to address the federal government’s growing reliance on information gathered by private data collectors, whether the information is accurate or not.<br /><br />...<br /><br /><b>5. There’s a need for a global personal privacy standard.</b><br /><br /><b>The U.S. and Europe are moving in two opposing directions with regard to data privacy rules.</b> The White House plan emphasizes mutual recognition of privacy approaches, an international role for codes of conduct and enforcement cooperation to safeguard personal privacy. Yet, the U.S. model is in keeping with its long tradition of putting the interest of business before its citizens; the Europeans are developing an online privacy program that places the interests of citizens first.</i><br />
<br />
<b><a href="http://www.alternet.org/story/154419/you_are_being_tracked_online_here_are_5_ways_to_protect_your_privacy">Click here to read the article in its entirety.</a></b>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-31006388218025466672012-03-07T14:19:00.000-08:002012-03-13T07:16:30.510-07:00Blogger Exposes Hole in Body Scanner TechnologyI've written about this issue extensively on this blog, in fact, you can check out an op-ed I penned over a year ago entitled "<a href="http://www.californiaprogressreport.com/site/hobson%E2%80%99s-holiday-travel-choice-digital-strip-search-or-get-groped">A Hobson's Holiday Travel Choice: Digital Strip Search or Get Groped?"</a> if you want to get a real good feel of what I think about these airport body scanning machines.<br />
<br />
For today's purposes, I'm just going to take you straight to a video posted by a blogger demonstrating yet another hole in the "security" these machines provide.<br />
<br />
<b>Before I post the video, here's a clip from the post:</b> A blogger on Tuesday published a video showing how he had snuck a small metal case through the Transportation and Security Administration's (TSA) "billion dollar fleet" of so-called nude body scanners.<br />
<br />
Engineer Jonathan Corbett, who runs the blog TSA Out of Our Pants, explained that the problem lies in how the scanner uses dark colors to highlight potential threats like weapons or explosives.<br />
<br />
<i>"Again that’s light figure, black background, and BLACK threat items," he explained. "Yes that’s right, if you have a metallic object on your side, it will be the same color as the background and therefore completely invisible to both visual and automated inspection."<br /><br />"To put it to the test, I bought a sewing kit from the dollar store, broke out my 8th grade home ec skills, and sewed a pocket directly on the side of a shirt. Then I took a random metallic object, in this case a heavy metal carrying case that would easily alarm any of the 'old' metal detectors, and walked through a backscatter x-ray at Fort Lauderdale-Hollywood International Airport."</i><br />
<br />
Again at Cleveland-Hopkins International Airport, Corbett successfully carried his small, empty metal case through the scanners.<br />
<br />
<i>"While I carried the metal case empty, by one with mal-intent, it could easily have been filled with razor blades, explosives, or one of Charlie Sheen’s infamous 7 gram rocks of cocaine," he warned. "With a bigger pocket, perhaps sewn on the inside of the shirt, even a firearm could get through."</i><br />
<br />
<br />
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab" height="262" id="+id+" width="400"><param name="movie" value="http://embed.crooksandliars.com/v/MjM2ODEtNTUzNzM?color=C93033">
<param name="allowFullScreen" value="true">
<param name="quality" value="high">
<param name="wmode" value="transparent">
<param name="allowScriptAccess" value="always">
<p>
<iframe allowfullscreen="" src="http://www.youtube.com/embed/olEoc_1ZkfA" frameborder="0" height="315" width="560"></iframe></p>
</object>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-80269322490736039612012-02-29T12:40:00.003-08:002012-02-29T14:44:03.100-08:00New Google Privacy Policy and "Do Not Track"Being that its been such a disastrous few weeks for Google in the privacy violation department I thought I'd go back to the topic of its new privacy rules as well as get into some of the important technicalities associated with Do Not Track protections in light of the President's proposed Privacy Bill of Rights.<br />
<br />
First, let's go to reigning anti-privacy global champion Google, who is changing its privacy policies this week, placing 60 of its 70 existing product privacy policies under
one blanket policy and breaking down the identity barriers between (to
accommodate its new Google+ social network software) them as well. In other words, <b>Google will combine data from all its services,</b> so when users are signed in, Google may
combine identity information users provided from one service with information
from other services. The goal is to treat each user as one individual across
all Google products, such as Gmail, Google Docs, YouTube and other Web
services.<a href="http://www.blogger.com/goog_490685910"> <b>You can read more about this policy in a recent post of mine.</b></a><br />
<br />
<b><a href="http://consumercal.blogspot.com/2012/02/google-secretly-tracking-bypassing.html">Then we find out that Google has been bypassing</a></b> the privacy settings in Apple's Safari browser. This is of particular concern and importance because that system, and those users, are specifically INTENDING that such monitoring be BLOCKED.<br />
<br />
So that was the "Google" backdrop for a few other related stories. First,<b> t<a href="http://consumercal.blogspot.com/2012/02/obama-administrations-consumer-privacy.html">he President proposed a Consumer Privacy Bill of Rights</a></b> that has some potential, though numerous pitfalls (I'll get to that later). And second, while Google has agreed to offer a kind of "Do Not Track" mechanism on Chrome, <b>this didn't stop The Electronic Privacy Information Center (EPIC) from attempting to make Google obtain</b> its users permission BEFORE sharing their private information as a result of its new privacy policy.<br />
<br />
Unfortunately, U.S. District Judge Amy Berman
Jackson said the court had no authority to force the FTC to keep Google in
check. As detailed by Courthouse News, this isn't Google's first brush with the law: <i>In June 2011<b>, a federal judge approved an $8.5
million class action <a href="http://www.courthousenews.com/2011/06/03/37088.htm">settlement</a>
brought by 31 million Gmail users </b>who sued Google for exposing their personal
information through its recently discontinued email feature, Google Buzz. In
their lawsuit, users called the feature, which automatically shared their
information with their email contacts, an "indiscriminate bludgeon"
that could reveal the names of doctors'
patients or lawyers' clients, or
even the contacts of a gay person "who was struggling to come out of the
closet and had contacted a gay support group."</i><br />
<table border="0" cellpadding="0" class="MsoNormalTable" style="mso-cellspacing: 1.5pt;"><tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0; mso-yfti-lastrow: yes;"><td style="padding: .75pt .75pt .75pt .75pt;"><i><br /></i></td><td style="padding: .75pt .75pt .75pt .75pt;"><i><br /></i></td><td style="padding: .75pt .75pt .75pt .75pt;"><i><br /></i></td><td style="padding: .75pt .75pt .75pt .75pt;"><i><br /></i></td><td style="padding: .75pt .75pt .75pt .75pt;"><br /></td></tr>
</tbody></table>
<div class="MsoNormal">
The judge also made it clear that her <b>ruling should not be taken as
an endorsement </b>of Google's privacy
policies or her opinion on whether they violate the consent order.</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br />
So what does Google's new policy mean to you and <b>what are some ways to better protect your privacy?</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
CNN.com suggests - in an article entitled <b>"<a href="http://www.cnn.com/2012/02/29/tech/web/protect-privacy-google/?hpt=hp_bn6">How to prepare for Google's privacy changes</a>"- the following</b>:</div>
<div class="MsoNormal">
<b><br /></b></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>Don't sign in</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>This is the easiest and most effective tip.Many of Google's
services -- most notably search, YouTube and Maps -- don't
require you to sign in to use them. If you're
not logged in, via Gmail or Google+, for example, Google doesn't know who you are and can't
add data to your profile.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>But to take a little more direct action ...</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Removing your Google search history</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Eva Galperin of the Electronic Frontier Foundation has <a href="https://www.eff.org/deeplinks/2012/02/how-remove-your-google-search-history-googles-new-privacy-policy-takes-effect" target="_blank">compiled a step-by-step guide </a>to deleting and disabling
your Web History, which includes the searches you've
done and sites you've visited.</i></div>
<div class="MsoNormal">
<i>It's pretty quick
and easy:</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>-- Sign in to your Google account</i></div>
<div class="MsoNormal">
<i>-- Go to www.google.com/history</i></div>
<div class="MsoNormal">
<i>-- Click "Remove all Web History"</i></div>
<div class="MsoNormal">
<i>-- Click "OK"</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>As the EFF notes,<b> deleting your history will not prevent
Google from using the information internally.</b> But it will limit the amount of
time that it's fully accessible.
After 18 months, the data will become anonymous again and won't be used as part of your profile.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="https://www.eff.org/wp/six-tips-protect-your-search-privacy" target="_blank">Six tips to protect your search privacy (from the EFF)</a></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Clearing your YouTube history</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
S<i>imilarly, users may want to remove their history on
YouTube. That's also pretty quick
and easy.</i></div>
<div class="MsoNormal">
<i>-- Sign in on Google's
main page</i></div>
<div class="MsoNormal">
<i>-- Click on "YouTube" in the toolbar at the top of
the page</i></div>
<div class="MsoNormal">
<i>-- On the right of the page, click your user name and select
"Video Manager"</i></div>
<div class="MsoNormal">
<i>-- Click "History" on the left of the page and
then "Clear Viewing History"</i></div>
<div class="MsoNormal">
<i>-- Refresh the page and then click "Pause Viewing
History"</i></div>
<div class="MsoNormal">
<i>-- You can clear your searches on YouTube by going back and
choosing "Clear Search History" and doing the same steps.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.cnn.com/2012/02/29/tech/web/protect-privacy-google/?hpt=hp_bn6">Click here to read more. </a></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Interestingly, just as the White House pushes a privacy bill of rights its new online privacy legislation for Congress to consider, <a href="http://www.computerworld.com/s/article/9224543/Google_commits_Chrome_to_support_Do_Not_Track_">Google
(in the wake of its privacy invasions) decided to get behind "Do Not Track,"</a> for Google Chrome.<b> As Computerworld defines it,</b> and how such a mechanism is eventually defined and operated is critical to its usefulness, "Do Not Track" is a "<i>technology that relies on information in the HTTP header, part of the requests and responses sent and received by a browser as it communicates with a website,<b> to signal that the user does not want to be tracked by online advertisers and sites.</b><br /><br />In the browsers that now support the Do Not Track header<b>, a user tells sites he or she does not want to be tracked by setting a single option</b>. In Mozilla's Firefox, for instance, that's done through the Options (on Windows) or Preferences (Mac) pane by checking a box marked, "Tell web sites I do not want to be tracked."." That of course...just how well it does that and how is the million dollar question."</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>So what did Google just agree to</b> by adding its
support for Do Not Track to its Chrome browser? <b><a href="http://www.computerworld.com/s/article/9224583/FAQ_What_Google_s_Do_Not_Track_move_means">Computerworld has more</a>:</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>So, when I tell my browser to send the Do Not Track request,
no one will monitor my movements? </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Hold on there, pardner. Thursday's commitment by Google to support Do Not Track in
Chrome may have been a clear win for the specific way that request is communicated,
but there's no such clarity on what
websites do -- or don't do -- when
they receive that signal.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>"On the technology side, this is an unambiguous win,
but on the policy side there is still a lot of work to be done," Mayer
said yesterday. The Electronic Frontier Foundation (EFF), an online privacy
advocacy organization, said much the same. "While today was a great
advancement on the Do Not Track technology,<b> it did not meaningfully move the
ball forward on the Do Not Track policy," s</b>aid Rainey Reitman, the EFF's activism director, in a <a href="https://www.eff.org/deeplinks/2012/02/white-house-google-and-other-advertising-companies-commit-supporting-do-not-track" target="new">Thursday blog</a>.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>What have sites agreed to do with Do Not Track? </b><i> </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>They'll stop using cookies to craft targeted ads, the
kind pointed at you based on your past surfing and other online behavior. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>But the companies that lined up Thursday to support Do Not
Track</b> -- the ad networks, websites and corporations who belong to the latest
online ad industry trade group, the Digital Advertising Association (DAA) --
<b>haven't promised to actually stop tracking
users' Web movements. Instead, they've pledged to not use tracking data to serve
targeted ads -- which the DAA calls "behavioral advertising" </b>--
or use that tracking information "for the purpose of any adverse
determination concerning employment, credit, health treatment or insurance
eligibility, as well as specific protections for sensitive data concerning
children." (IDG, the parent company of Computerworld, is a member of
DAA, according to the <a href="http://www.aboutads.info/participating" target="new">association's list</a> of participating companies and ad networks.
Other media firms that will hew to the DAA's
behavioral ad guidelines around Do No Track include Conde Nast, ESPN, Forbes
and Time.)</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>What? So Do Not Track doesn't
mean just that?</b> </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Right, which is why<b> privacy groups are pushing for a stricter
interpretation</b></i><i>. The EFF, for one, is leery of the advertising industry's sincerity.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>"Historically, the DAA has eschewed providing users
with powerful mechanisms for choices when it comes to online tracking,"
said EFF's Reitman. "The
self-regulatory standards for behavioral advertising <b>have offered consumers a
way to opt out of viewing behaviorally targeted ads without actually stopping
the online tracking, which is the root of the privacy concern."</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Reitman worried that the DAA would mess with the simplicity
of Do Not Track</b>, and try to turn it into "slippery legalese that doesn't promise to do much of anything about
tracking."</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>Anything else about the Do Not Track promises made by the
advertising industry I should know? </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Yep, one interesting aspect: The DAA said
it would not honor the setting if "any entity or software or technology
provider other than the user exercises such a choice." <b>EFF's Reitman
interpreted that as a pre-emptive strike against browser makers </b>that may want
to turn on Do Not Track by default. (None do at this point.... It's off in Firefox, IE9 and Safari until the user
manually changes the setting.)</i></div>
<div class="MsoNormal">
<br /></div>
<b><a href="http://www.computerworld.com/s/article/9224583/FAQ_What_Google_s_Do_Not_Track_move_means">Click here for more.</a></b><br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
With that,<b> <a href="http://www.nytimes.com/2012/02/27/technology/opt-out-provision-would-halt-some-but-not-all-web-tracking.html?_r=2&pagewanted=print">let me take you to the New York Times article</a></b> that<b> delves deeply into the Do Not Track concept</b> and where the battle lines will likely be drawn: separating those that want privacy, and more control over their own data, versus those that want to profit off violating that privacy, and selling that data.</div>
<br /><div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>The issue of digital privacy, especially how users’ data is
collected online</b> and then employed to show those users ads tailored to them,
has been hotly debated for years. The announcements represent the attempt to satisfy consumer
privacy concerns while not stifling the growth of online advertising, which is
seen as the savior of media and publishing companies as well as the advertising
industry. According to the Interactive Advertising Bureau<b>, digital advertising
revenues in the United States
were $7.88 billion</b> for the third quarter of 2011, a 22 percent increase over
the same period in 2010. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>The industry’s compromise on a “Do Not Track” mechanism is
one result </b>of continuing negotiations among members of the Federal Trade
Commission, which first called for such a mechanism in its initial privacy
report; the Commerce Department; the White House; the Digital Advertising
Alliance; and consumer privacy advocates. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Until now, methods for opting out of custom advertising
varied depending on the privacy settings </b>of a user’s browser or whether a user
clicked on the blue triangle icons in the corners of some digital ads. Under
the new system, browser vendors will build an option into their browser
settings that, when selected, will send a signal to companies collecting data
that the user does not want to be tracked. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>The agreement covers all the advertising alliance’s members,
including Google, Yahoo, AOL, Time Warner and NBCUniversal. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Privacy advocates complain that the mechanism does not go
nearly far enough in part because it affects only certain marketers</b>. Many
publishers and search engines, like Google, Amazon or The New York Times, are
considered “first-party sites,” which means that the consumer goes to these Web
pages directly. First-party sites can still collect data on visitors and serve
them ads based on what is collected. </i></div>
<div class="MsoNormal">
<br /></div>
...<br />
<br />
<div class="MsoNormal">
<i><b>Some consumer privacy advocates, while offering measured
praise for the new privacy option, saw the move as an attempt to thwart a more
restrictive stance on data collection</b>. Jeffrey Chester, the head of the Center
for Digital Democracy, which is pushing for more restrictions on data
collection, called the move a win for the advertising lobby. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>In a statement, Mr. Chester said: “<b>We cannot accept any
‘deal’ that doesn’t really protect consumers, and merely allows the
data-profiling status quo to remain</b>. Instead of negotiations, C.D.D. would have
preferred the White House to introduce new legislation that clearly protected
consumers online.” </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>But advertisers have plenty to fear if consumers use Do Not
Track in large number</b>s. “If there’s a high rate of opt-out, it’s an issue,”
said George Pappachen, the chief privacy officer of the Kantar Group, the
research and consultant unit of WPP. “Our position is data should flow,” Mr.
Pappachen said, adding that data helps drive innovation and newer commercial
models. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
...</div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>And there are still unresolved technical issues regarding Do
Not Track, including what defines tracking and how that would apply to
first-party and third-party Web sites.</b> Over the last few months the World Wide
Web Consortium, an international group that sets voluntary technical standards
for the Web, has been working with representatives from companies like
Microsoft, Google and Nielsen, along with academics, privacy advocates,
legislators and digital advertising groups, to define the technical standard of
Do Not Track. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>The consortium is also considering whether sites like
Facebook, whose “like” button is used across multiple Web sites<b>, would be
considered first-party or third-party sites</b>.“I do think you will see a lot of contention going forward
about what Do Not Track means,” said Thomas Roessler, the technology and
society domain leader at the consortium. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Whether any companies should be allowed to collect data and
follow users online, regardless of who they are, remains “the million-dollar
question,” said Alex Fowler, the global privacy leader at Mozilla, the
nonprofit organization that created the Firefox browser. Firefox was one of the
first to include a Do Not Track option.“<b>When you look at user testing, the expectation for the user
for Do Not Track means, don’t behaviorally target me and also don’t collect
information on me,</b>” Mr. Fowler said. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.nytimes.com/2012/02/27/technology/opt-out-provision-would-halt-some-but-not-all-web-tracking.html?_r=2&pagewanted=print">Click here to read more. </a></b><i></i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
Stay tuned...<i><br /></i></div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-59223748860052387332012-02-27T12:06:00.000-08:002012-02-27T15:18:31.932-08:00Obama Administration's Consumer Privacy Bill of RightsBy now most anyone that has come to this blog knows, at least in general terms, what is called behavioral targeting. <b>This massive, growing multi-billion dollar industry is built</b> on the tracking of you on the internet - and EVERYTHING you do on it...and then compiling, storing and selling that data to third party advertisers (while being accessed by government when requested...which we know is a lot)
<br />
<div class="MsoNormal">
<br />
<b>This rise in behavioral tracking has made it possible for consumer information</b> to be potentially misused, increases the threat of identity theft, and is a fundamental violation of privacy. Often times, such behavioral tracking is particularly targeted at vulnerable
consumers for high-price loans, bogus health cures and other potentially
harmful products and services. To date, to what extent "Do Not Track" rights exist, it has been a voluntary request from industry - which borders on pointless.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now to my cautious optimism regarding the Obama Administration's announcement last week that it supported a Consumer Privacy Bill of Rights. The proposal lays out <b>seven principles of privacy protections, including the right to exercise control over the dissemination </b>of one’s data and the right to transparent privacy policies. The bill of rights is not legislation, acting more as a framework and statement of principles, but it does at least sound like the Administration "gets it" in a way we haven't heard before.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Consumers deserve the kinds of broad rights to protect their own information online the President is advocating</b> - particularly that fundamental right to control how how personal data is used and that we deserve the right to avoid having our information collected and used for multiple unknown purposes. We also DESERVE the right to make sure our information is held securely, and not KEPT for long periods of time. And of course, we must have the right to hold those who are handling or misusing their personal data accountable when things go wrong.</div>
<div class="MsoNormal">
To be sure, its an outline,<b> and it still needs to make it through the legislative process</b> (though the administration has threatened to bypass them...which is also a good sign) - meaning a GOP controlled House will have an opportunity to destroy, as it does with all public policy, anything it gets its hands on if it serves the profit motives of big business. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Clearly, <b>when you talk about companies like Google, Apple, Facebook and Microsoft..</b>.we're talking some big time heavy hitters with LARGE check books and hordes of high priced lobbyists. In other words, the devil will be in the details...and what will matter most might just be whether there are real, enforceable rules that punish these giants for breaking them.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
But before I go into more of why tough legislation is needed - and privacy on the web is better protected, let's get to some of the details released.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.nytimes.com/2012/02/23/business/white-house-outlines-online-privacy-guidelines.html?_r=1">From the New York Times:</a></b></div>
<div class="MsoNormal">
<b><br /></b></div>
<div class="MsoNormal">
<i><b>Companies responsible for the delivery of nearly 90 percent of online behavioral advertisements</b> — ads that appear on a user’s screen based on browsing and buying habits — have agreed to comply when consumers choose to control online tracking, the consortium said on Wednesday.<br /><br />But even if a click of a mouse or a touch of a button can thwart Internet tracking devices,<b> there is no guarantee that companies won’t still manage to gather data </b>on Web behavior. Compliance is voluntary on the part of consumers, Internet advertisers and commerce sites.<br /><br />"<b>The real question is how much influence companies like Google, Microsoft, Yahoo and Facebook </b>will have in their inevitable attempt to water down the rules that are implemented and render them essentially meaningless,” John M. Simpson, privacy project director for Consumer Watchdog, said in response to the administration’s plan. "A concern is that the administration’s privacy effort is being run out of the Commerce Department.” </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>It’s critical that government enact strong privacy regulations whose
protections will remain with consumers as they interact on their home computer,
cell phones, PDAs or even at the store down the street. Clear rules will help
consumers understand how their information is used, obtained and tracked,” said
Amina Fazlullah of U.S. Public Interest Research Group. “In the event of abuse
of consumer information,<b> this legislation could provide consumers a clear
pathway for assistance from government agencies or redress in the courts.”</b></i><br />
<br />
...</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>The new privacy outline brings together several efforts to develop and enforce privacy standards </b>that have been progressing for the last couple of years on parallel tracks, under the direction of advertisers, Internet commerce sites and software companies.<br /><br /><b>The next step will be for the Commerce Department to gather Internet companies</b> and consumer advocates to develop enforceable codes of conduct aligned with a “Consumer Privacy Bill of Rights” released as part of the administration’s plan on Wednesday. The bill of rights sets standards for the use of personal data, including individual control, transparency, security, access, accuracy and accountability. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.nytimes.com/2012/02/23/business/white-house-outlines-online-privacy-guidelines.html?_r=1">Read more here</a><i>. </i></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
I'm a big supporter of limiting commercial tracking of our online activities, not just in the commercial sphere, but protecting it from government that increasingly demands this information from private companies.Similarly, there's a long, clear record that self regulation doesn't work - so creating rules and laws to protect people's privacy on the internet is critical, and now possible.</div>
<div class="MsoNormal">
<br />
In principle, the proposal does look good...so what I'll be watching for is just how watered down this legislation becomes over time...and that we don't forget some of the key protections necessary, a<b>s recently outlined by a coalition of consumer groups, including:</b> </div>
<div class="MsoNormal">
<br />
<b>· Sensitive information should not be collected</b> or used for behavioral tracking
or targeting.<br />
<b>· No behavioral data should be collected or used from anyone</b> under age 18 to
the extent that age can be inferred.<br />
<b>· Web sites and ad networks shouldn’t be able to collect or use behavioral data
</b>for more than 24 hours without getting the individual’s affirmative consent.<br />
<i>· Behavioral data shouldn’t be used to unfairly discriminate against people </i>or
in any way that would affect an individual's credit, education, employment,
insurance, or access to government benefits.<br />
<br />
This would also include<b>: No sensitive information (like health or
financial information) should be used </b>for behavioral tracking, no one under 18
should be behaviorally tracked, Web sites and ad networks shouldn’t be able to
keep behavioral data for more than a day without getting an OK from the
individual they’re tracking, and behavioral data can’t be used for
discriminatory purposes.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Here are a couple responses from privacy advocates to the Administration's proposal worth noting here:</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>“The devil is going to be in the details,” acknowledges Paul Stephens, director of policy and advocacy for the nonprofit group <b>Privacy Rights Clearinghouse</b>. “<b><a href="http://www.mainstreet.com/print/26125">It is a framework that certainly represents a decent start</a>,</b> but the key is going to be in three components,” he says, which include the legislation and regulations that grow out of it, and the enforcement thereof.<br /><br />On paper, then, it looks fine as a work in progress, though Stephens does acknowledge that at least one provision – the “Respect for Context” clause, which says companies “will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data” – seems somewhat subjective and open for interpretation. As such<b>, consumers concerned about their privacy will have to wait and see how this vague language of the bill </b>of rights will translate into actionable regulation.<br /><b></b></i></div>
<br />
<div class="MsoNormal">
...</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>“<a href="http://www.mainstreet.com/print/26125">Anybody can stand behind some broad principles about respecting privacy rights</a></b>,” Reitman says. “Whether it’s enforceable is still a far-off issue....even without legislation, the administration will convene multistakeholder processes that use these rights as a template for codes of conduct that are enforceable by the Federal Trade Commission.”</i><br />
...<br />
<br />
<i><b>“The way it is right now … it’s historically been self-enforcing,” </b>says Rainey Reitman, activism director for the digital rights advocacy group the Electronic Frontier Foundation. “The White House statement today changes that, so it will be under the umbrella of FTC enforcement.”</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://news.cnet.com/8301-30686_3-57383762-266/consumer-groups-encouraged-by-consumer-bill-of-rights/?tag=txt;title">And this one:</a></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Ellen Bloom, a senior director of policy for Consumers Union, was at the press conference today in Washington, D.C., where the "Consumer Privacy Bill of Rights" was unveiled. She said consumers <b>are very concerned about Internet companies passing along their private information</b> to third parties. And she is happy that the administration is taking steps with the "Consumer Privacy Bill of Rights" to protect consumers. But she said the group will continue to educate and advocate to make sure privacy protections are strong enough to do the job.<br /><br />"We are glad that the FTC and the advertising industry will breathe new life into the Do Not Track rules," she said. "<b>This is a welcome first step toward providing a single simple tool to opt out</b> of being tracked online. We are encouraged that we're on the right track. But we are not ready to rest."</i></div>
<b><br style="color: #990000;" /></b><br />
<div class="MsoNormal" style="color: #990000;">
<b>More Backdrop on Behavioral Tracking</b></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>To get an even better understanding of why this matters,</b> and what's happening to you and your information every time you get on the net check out this<a href="http://www.democraticmedia.org/release/cdd-testimony-20090618"> <b>congressional testimony from a year or two ago from Jeff Chester</b></a><b> </b>of the Center for Digital Democracy...most of this is from the testimony and the groups press release...and it should clarify some of this obviously complicated issue.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
“As with our financial system, <b>privacy and consumer
protection regulators have failed to keep abreast of developments i</b>n the area
they are supposed to oversee,” he explained. “In order to ensure adequate trust
in online marketing—an important and growing sector of our economy—Congress
must enact sensible policies to protect consumers.” <br />
<br />
“Whether using a search engine, watching an online video, creating content on a
social network, receiving an email, or playing an interactive video game, we
are being digitally shadowed online....Our travels through the digital media<b> are being monitored, and digital
dossiers on us are being created—and even bought and sold.”</b> </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Singling out
behavioral and “predictive” targeting for their violations of user privacy,
Chester noted that the <b>“consumer profiling and targeted advertising take place
largely without our knowledge or consent, </b>and affects such sensitive areas as
financial transactions and health-related inquiries. Children and youth, among
the most active users of the Internet and mobile devices, are especially at
risk in this new media-marketing ecosystem.” <br />
<br />
<b>“Americans shouldn’t have to trade away their privacy and accept online
profiling and tracking</b> as the price they must pay in order to access the
Internet and other digital media,” Chester declared, adding that far from being
an impediment to continued growth in the online sector, meaningful privacy
safeguards will actually stimulate the digital economy.<br />
<br />
“The uncertainty over the loss of privacy and other consumer harms will
continue to undermine confidence in the online advertising business,” he
explained. “That’s why the online ad industry will actually greatly benefit
from privacy regulation. <b>Given a new regulatory regime protecting privacy,</b>
industry leaders and entrepreneurs will develop new forms of marketing services
where data collection and profiling are done in an above-board,
consumer-friendly fashion.”</div>
<div class="MsoNormal">
<br />
Privacy is a fundamental right in the United States. For four decades, the
foundation of U.S. privacy policies has been based on<b> Fair Information
Practices</b>: collection limitation, data quality, purpose specification, use
limitation, security safeguards, openness, individual participation, and
accountability. <br />
<b><br />
Those principles ensure that individuals are able to control their personal
information</b>, help to protect human dignity, hold accountable organizations that
collect personal data, promote good business practices, and limit the risk of
identity theft. Developments in the digital age urgently require the
application of Fair Information Practices to new business practices. Today,
electronic information from consumers is collected, compiled, and sold; all
done without reasonable safeguards. <br />
<br />
<b>Consumers are increasingly relying on the Internet and other digital services</b>
for a wide range of transactions and services, many of which involve their most
sensitive affairs, including health, financial, and other personal matters. At
the same time many companies are now engaging in behavioral advertising, which
involves the surreptitious tracking and targeting of consumers. <br />
<br />
<b>Click by click, consumers’ online activities – the searches they make, the Web
pages they visit, the content they view, the videos they watch</b> and their other
interactions on social networking sites, the content of emails they send and
receive, how they spend money online, their physical locations using mobile Web
devices, and other data – a<b>re logged into an expanding profile and analyzed in
order to target them with more "relevant" advertising. </b><br />
<br />
This is different from the "targeting" used in contextual
advertising, in which ads are generated by a search that someone is conducting
or a page the person is viewing at that moment<b>. Behavioral tracking and
targeting can combine a history of online activity across the Web with data
derived offline to create even more detailed profiles</b>. The data that is
collected through behavioral tracking can, in some cases, reveal the identity
of the person, but even when it does not, the tracking of individuals and the
trade of personal or behavioral data raise many concerns. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let's hope this Administration's actions match its words, that industry power won't weaken these principles beyond their usefulness, and of course, let's hope Congress is bypassed, as they serve NO PURPOSE (esp. the House) except to protect corporations and undermine people.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
More to come.... </div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-22725729873200285482012-02-21T17:20:00.000-08:002012-02-21T20:01:01.459-08:00Google Secretly Bypassing Safari Privacy SettingsThe global tech giant Google, a company becoming an increasingly giant information control monopoly, has done it again. I speak of course of its<b> long, sordid, and adversarial relationship with privacy, </b>and this weekends news that it, and several other advertising companies have been <b>bypassing the privacy settings in Apple's Safari browse</b>r. This is of particular concern and importance because that system, and those users, are specifically INTENDING that such monitoring to be BLOCKED.<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let's remember, it was just two weeks ago that a bit of a firestorm was sparked by Google changing its
privacy policies rather abruptly, while making opt-ing out of the massive
amount of data sharing that will take place if their proposed folding 60 of its
70 existing product privacy policies under one blanket policy and breaking down
the identity barriers between (to accommodate its new Google+ social network
software) nearly impossible.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let us also remember that we know for
instance, and they have been sued for it, companies like Google, Yahoo,
Microsoft and other Internet companies <b>track and profile users and then auction
off ads targeted at individual consumers </b>in the fractions of a second before a
Web page loads.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>We should also consider that sordid history of privacy and Google </b>I mentioned at the start from <a href="http://consumercal.blogspot.com/2009/10/letter-to-google-take-time-to-add.html" target="_blank">Google Books </a>to <a href="http://consumercal.blogspot.com/2009/09/ny-times-casualty-of-technology.html" target="_blank">the loss of "Locational Privacy</a>" to the company's
<a href="http://consumercal.blogspot.com/2009/03/google-and-privacy-growing-concerns.html" target="_blank">lobbying efforts in Congress</a>, to <a href="http://consumercal.blogspot.com/2009/03/more-flaws-in-google-cloud.html" target="_blank">its cloud computing</a>, to its <a href="http://consumercal.blogspot.com/2009/03/googles-targeted-behavioral-advertising.html" target="_blank">increasing usage and expansion of behavioral marketing
techniques,</a> to Google StreetView cars gathering private information from
unaware local residents, to the company teaming with the National Security
Agency (the agency responsible for such privacy violation greatest hits as
warrantless wiretapping) "for technical assistance" to the infamous
Google Buzz to the company's recent admittance that it gets THOUSANDS of
requests from the government for information about its users to claims that the
company manipulates its search results to favor its own products.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Before I get to some obvious solutions and responses to this latest Google controversy (like data retention limits and Do Not Track options)<b>,<a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/02/17/BUSO1N9ASP.DTL"> let me get to the story:</a> </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i>The Stanford study was written by Jonathan Mayer, a graduate
student in law and computer science who has cranked out a growing body of
headline-generating literature on online privacy. In his paper, he noted that
unlike every other browser vendor,<b> Apple's Safari automatically blocks tracking
cookies </b>generated by websites that users visit. Apple's Safari is one of the
most popular browsers for mobile devices, and the default browser on Macs.</i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><br />
<div class="MsoNormal">
<i><b>These cookies can collect information about where users go
online and what they do</b> - data that advertisers treasure.There are exceptions to Safari's cookie blocking, however.
For instance, it allows what are known as "first-party cookies,"
those that sites like Facebook or Google drop onto devices so users don't have
to sign in every time they visit. Certain carve-outs also allow Facebook users
to "like" things on third-party sites.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i>Unlike Facebook, the problem for Google was that its social
and ad networks run on different domains from its main one, Google.com. That
prevents it from allowing a user of the Google+ social network to give a
virtual thumbs up (or "+1") to an ad on another site, a step that
makes such ads more valuable. <b>That would require a "third-party
cookie" that is blocked by Safari.</b></i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><br />
<div class="MsoNormal">
<i>But it turns out there are a few ways for companies to get
around these limitations. The one that Mayer's paper focused on involved
<b>inserting code to place tracking cookies within Safari</b>. He found four companies
doing this: Google, Vibrant Media, Media Innovation Group and PointRoll.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>But in an interview,<b> Mayer said Google had unilaterally
decided that privacy permissions for its products superseded the privacy
restrictions </b>those users had enacted - implicitly or explicitly - by choosing
to use Safari."The user is giving up some privacy in exchange for
lining Google's pockets," he said.</i></div>
<div class="MsoNormal">
<br />
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>Meanwhile,<b> an even bigger problem occurred. Once Google
tweaked the way Safari functions, other Google advertising cookies could be
installed on the devices. </b>"We didn't anticipate that this would happen, and we
have now started removing these advertising cookies from Safari browsers,"
Whetstone said. W<b>hy this problem was spotted by a Stanford graduate student
and not by a major corporation </b>that's been under continual privacy scrutiny is
a fair question that Google has yet to answer.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>"I think that's a pretty big 'oops,' and it raises
pretty big questions," Mayer said. Chris Hoofnagle, a digital privacy expert at UC Berkeley's
law school, said<b> there's a corporate tone-deafness within the
engineering-centric culture of Google that leads to these sorts of mistake</b>s. "To the engineer, cookie blocking appears to be a
technical error that they should try to solve," he said. "It's very
difficult for them to accept the frame that some people do not want this
tracking."</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2012/02/17/BUSO1N9ASP.DTL">Click here to read more</a>. </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let me say<b>, I don't know whether Google is telling the truth or not - my instincts say they aren't </b>because of their track record on this issue. Regardless, this latest privacy breach, and violation of consumer desires and expectations proves yet again our regulations and rights have not caught up with technological advancements in the digital realm. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
As I have often written here, once again, an issue like this raises some particularly important questions: <b>What kind of control should we have over our own data?</b>
And, what kind of tools should be available for us to protect it? What about
ownership of our data? Should we be compensated for the billions of dollars
being made bycorporations from their tracking of us? And of course, what of
the government's access to this new world of data storage?<br />
<br />
The argument from privacy advocates has largely been that this massive and
stealth data collection apparatus threatens user privacy and regulators should
compel (not hope that) companies to obtain express consent from consumers
before serving up "behavioral" ads based on their online history.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
More to the point is the simple, unavoidable fact that
consumers should have MORE control, not less, over what information of ours is
used, shared, and profited off. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Again, for first time, or rare readers of this blog, I would also point to the<b> consistent dichotomy between the now proven HIGH LEVEL of concern about privacy</b> on the internet among users with the fact they tend to do
very little to actually protect it (which of course is related to how hard and complicated it can be to do so). Which in my mind, makes easy to use, clear
options to protect privacy so paramount. Once people are given such a choice,
not only will more people choose to "not be tracked", I think more
people will become more AWARE of just how all pervasive such monitoring of
nearly everything we do has become.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So, let's get to some OBVIOUS solutions to this growing online tracking problem, magnified by Google's latest violation of consumer trust. We CLEARLY have next to no privacy standards as related to
these technological innovations and trends is disturbing, and more than enough
of a reason for legislation like <b>California's SB 761 (Do Not Track). </b><br />
<br />
<b>The Do Not Track flag is a rather simple concept</b> that's already been built into
Firefox and IE9. If users choose to turn on the option, every time they visit a
web page the browser will send a message to the site, saying “do not track.”</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>SB 761 (Lowenthal) would offer consumers such a mechanism</b>, something
the bill's sponsor describe as "one of the most powerful tools available
to protect consumers' privacy." The mechanism will allow anyone online to
send Websites the message that they do not want their online activity
monitored. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Obviously, this legislation happens to be something I'll be working on here in Sacramento this year - but a federal version would be most useful. </div>
<div class="MsoNormal">
<br />
To be sure, there is no magic bullet when it comes to digital tracking protecting privacy. Another solution advocated by such privacy experts as Chris Hoofnagle, is data-retention
limits. As he recently stated in an interview in the San Francisco Chronicle, "<i>We know from behavioral economics that most people won't turn on
do-not-track features, so if you're serious about protecting privacy, if you
think there's a value here, you should protect it by default. It would require
no user intervention. <b>You would impair the ability of companies and law
enforcement to create long-term profiles about people."</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Similarly,<b> as Hoofnagle points out, there are limitations to the "opt out" option alone,</b> stating,<i> "Under self-regulatory programs, they allowed people to opt out of targeted
advertising if they wanted. But people figured out that what that meant is
these companies could still track you, they just couldn't show you online
behavioral advertising.
They could still choose to target you in another channel (like direct-mail
marketing or telemarketing.) And if you look at all the tracking they do, they
can identify you in a fairly trivial way. <b>
Our study also found over 600 third-party hosts of cookies, most of which are
not members of any self-regulatory organization (</b>and thus aren't bound to the
rules of opt-out programs). They're not even necessarily advertisers, they
could be governments. We really don't know who they are."</i>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The need for such consumer friendly and empowering solutions to this exploding data mining industry and tracking capabilities is clear because we KNOW marketers will stop at NOTHING to ensure they can monitor online behavior...so we can be better profiled by the government and marketed to by advertisers.<br />
<br />
As a recent Berkeley study found, "Seven of the top 100 sites appeared to be using what's known as HTML5 local
storage to back up standard cookies, and two were found to be respawning cookies...<b>.Third-party
advertisers on the site were still employing the flash cookies,</b> along with
another type that takes advantage of the browser's cache, where online data is
stored on the computer so it can be delivered faster. This ETag tracking allows
advertisers to monitor users, even when they block all cookies and use a
private browsing mode."</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In other words,<b> its time consumers regain control of our privacy and our personal information, </b>through law, not through hope and polite requests to industries that don't care about you or your privacy - only their bottom line. </div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-46101602089816262012012-02-14T14:33:00.000-08:002012-02-14T15:00:07.051-08:00Domestic Spy Drones Approved by CongressAs if I planned it myself, just the day after I wrote a major blog (see the last one) about 7 privacy threats that the Constitution can't protect you from, Congress goes ahead and APPROVES two of them for widespread use. The two I speak of, as detailed by Alternet's Tana Ganeva, have to do with domestic spy drones. As I wrote at the time, apparently,<b> these drones do more than just kill innocent women and children</b> around the world, but in fact, are perfect domestic spying devices too.<br />
<br />
As Ganeva also detailed, "<i>An ACLU report from December says that local<b> law enforcement officials are pushing for domestic use</b> of the new technology, as are drone manufacturers. As Glenn Greenwald points out, drone makers "continuously emphasize to investors and others that a major source of business growth for their drone products will be domestic, non-military use." </i><br />
<br />
<i>Right now drones range in size from giant planes to hummingbird-sized, the ACLU report says, with the technology improving all the time. Some can be operated by only one officer, and others by no one at all. The report points to all the sophisticated surveillance technology that can take flight on a drone, including night vision, video analytics ("smart" surveillance that can track activities, and with improvements in biometrics, specific people), massive zoom, and the creepy see-through imaging, currently in development. </i><br />
<br />
Similarly,<b> there are also what are called "Super drones" </b>that actually know who you are, because, as reported by Wired magazine, the military has given out research grants to several companies to spruce up these drones with technology that lets them identify and track people on the move, or "tagging, tracking, and locating" (TTL).<br />
<br />
<b>After writing about these disturbing possibilities</b>, I then read these 3 stories, "<a href="http://www.chicagotribune.com/business/breaking/chi-congress-oks-faa-bill-allowing-drones-in-us-gps-air-traffic-control-20120207,0,6395974,print.story">Congress OKs FAA Bill allowing drones in US, GPS air traffic control</a>", "<a href="http://www.thenewamerican.com/usnews/politics/10807-bill-authorizes-use-of-unmanned-drones-in-us-airspace">Bill authorizes Use of Unmanned Drones in US Airspace</a>", and "<a href="http://www.washingtontimes.com/news/2012/feb/7/coming-to-a-sky-near-you/print/">Drones over US get OK by Congress</a>"<br />
<br />
Let's go to the Chicago Tribune's report on this...this clip was found about halfway into the article:<br />
<i><br />The FAA is also required under the bill to provide military, commercial and<b> privately-owned drones with expanded access to U.S. airspace currently reserved for manned aircraft </b>by Sept. 30, 2015. That means permitting unmanned drones controlled by remote operators on the ground to fly in the same airspace as airliners, cargo planes, business jets and private aircraft.<br /><br /><b>Currently, the FAA restricts drone use primarily to segregated blocks </b>of military airspace, border patrols and about 300 public agencies and their private partners. Those public agencies are mainly restricted to flying small unmanned aircraft at low altitudes away from airports and urban centers.<br /><br />Within nine months of the bill's passage<b>, the FAA is required to submit a plan</b> on how to safely provide drones with expanded access.</i><br />
<br />
Interestingly, <b>not much more was said or discussed </b>about these new rules and right in the article. So,<a href="http://www.thenewamerican.com/usnews/politics/10807-bill-authorizes-use-of-unmanned-drones-in-us-airspace"> let's go to the piece by the New American</a> for more:<i><b> </b></i><br />
<br />
<i><b>Big Brother is set to adopt a new form of surveillance after a bill </b>passed by Congress will require the Federal Aviation Administration (FAA) to open U.S. airspace to drone flights under a new four-year plan. The bill, which passed the House last week and received bipartisan approval in the Senate on Monday, <b>will convert radar to an air traffic control system based on GPS technology, </b>shifting the country to an age where satellites are central to air traffic control and unmanned drones glide freely throughout U.S. airspace.<br /><br />By using GPS technology, congressional leaders argued, planes will land and take off more efficiently, as pilots will be able to pinpoint the locations of ground obstacles and nearby aircraft. The modernization procedures play into the FAA’s ambitious plan to achieve 50-percent growth in air traffic over the next 10 years. This legislation is "the best news that the airline industry ever had," applauded Sen. Jay Rockefeller (D-W.Va.). "It will take us into a new era."</i><br />
<br />
<i>...</i><br />
<i><br />Furthermore, <b>privacy advocates worry that the bill will open the door to widespread use of drones for surveillance by law enforcement and, eventually, by the private sector.</b> Some analysts predict that the commercial drone market in the U.S. could be worth hundreds of millions of dollars once the FAA authorizes their use, and that 30,000 drones could be flying domestically by 2020. "There are serious policy questions on the horizon about privacy and surveillance, by both government agencies and commercial entities," said Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists.<br /><br /><b>The Electronic Frontier Foundation</b>, a digital rights advocacy and legal group, also is "concerned about the implications for surveillance by government agencies," affirmed attorney Jennifer Lynch, and it is "<b>a huge push by lawmakers and the defense sector to expand the use of drones" in U.S. airspace.</b><br /><br />"Congress — and to the extent possible, the FAA —<b> need to impose some rules to protect Americans’ privacy from the inevitable invasions that this technology will otherwise lead to</b>," wrote American Civil Liberties Union policy analyst Jay Stanley. "We don’t want to wonder, every time we step out our front door, whether some eye in the sky is watching our every move."</i><br />
<br />
Now that I have your attention, <a href="http://www.washingtontimes.com/news/2012/feb/7/coming-to-a-sky-near-you/print/">let's get to the Washington Times</a> (an admitted rag of a paper...but that doesn't mean they don't have anything of use to report): <br />
<br />
L<i>ook! Up in the sky! Is it a bird? Is it a plane?<b> It's ... a drone, and it's watching you.</b> That's what privacy advocates fear from a bill Congress passed this week to make it easier for the government to fly unmanned spy planes in U.S. airspace.</i><br />
<br />
....<br />
<br />
<i><b>Privacy advocates say the measure will lead to widespread use of drones</b> for electronic surveillance by police agencies across the country and eventually by private companies as well.<br /><br />"<b>There are serious policy questions on the horizon about privacy and surveillance</b>, by both government agencies and commercial entities," said Steven Aftergood, who heads the Project on Government Secrecy at the Federation of American Scientists.<br /><br />....</i><br />
<i><br /><b>The Electronic Frontier Foundation is suing the FAA to obtain records of the certifications.</b> "We need a list so we can ask [each agency], 'What are your policies on drone use? How do you protect privacy? How do you ensure compliance with the Fourth Amendment?' " Ms. Lynch said.<br /><br /><b>"Currently, the only barrier to the routine use of drones for persistent surveillance </b>are the procedural requirements imposed by the FAA for the issuance of certificates," said Amie Stepanovich, national security counsel for the Electronic Privacy Information Center, a research center in Washington.</i><br />
<br />
<b>Let's remember what I posted last week on this topic </b>- before I knew Congress was about to legitimize all of it. As Noah Shachtman wrote: P<i>erhaps the idea of spy drones already makes you nervous. <b>Maybe you’re uncomfortable with the notion of an unblinking, robotic eye in the sky </b>that can watch your every move. If so, you may want to click away now. Because if the Army has its way, drones won’t just be able to look at what you do. T<b>hey’ll be able to recognize your face — and track you</b>, based on how you look. If the military machines assemble enough information, they might just be able to peer into your heart.<br /><br /><b>One company claims it can equip drones with facial recognition technology</b> that lets them build a 3-D model of a face based on a 2-D image, which would then allow the drone to ID someone, even in a crowd. </i><br />
<br />
They also say that if they can get a close enough look, they can tell twins apart and reveal not only individuals' identity but their social networks.<br />
<i><br /><b>The Army also wants to identify potentially hostile behavior and intent,</b> in order to uncover clandestine foes. Charles River Analytics is using its Army cash to build a so-called “Adversary Behavior Acquisition, Collection, Understanding, and Summarization (ABACUS)” tool. The system would integrate data from informants’ tips, drone footage, and captured phone calls. Then it would apply “a human behavior modeling and simulation engine” that would spit out “intent-based threat assessments of individuals and groups.” <b>In other words: This software could potentially find out which people are most likely to harbor ill will toward the U.S. military or its objectives.</b> Feeling nervous yet?</i><br />
<br />
<b>We're getting into truly Orwellian levels of surveillance that makes one ask</b>, "just what in the hell are we so afraid of that we need to be monitored at all times?" We know that, study after study indicates we ARE NOT under a dangerous threat from terrorists, either from abroad or <a href="http://tpmmuckraker.talkingpointsmemo.com/2012/02/report_finds_radical_american_muslims_are_not_such.php">from within</a>.We know that the chances of being killed by a terrorist are a fraction of the chance that you'll be hit by lightning.<br />
<br />
Yet, here we are, <b>rationalizing and legitimizing MASSIVE surveillance apparatuses </b>that leave our privacy, and the Constitution, in tatters. What is the bigger threat here? A government, and in fact, a PRIVACY drone industry that can watch us anywhere, at all times, and even facially recognize us, for who knows what purposes (i.e. stifle dissent)....or, can we, as brave Americans simply take the TINY TINY risk that living in a world in which we're not constantly watched is acceptable? I hate to repeat myself so much on this blog, but, I also know how many readers are first time readers, so let me break this <b>privacy versus security paradox </b>down again.<br />
<br />
In the final analysis,<b> if we include in our definition of "safe" the concept of "safe" from government intrusiveness </b>and corporate profiteering off fear peddling, I would argue these machines make us less secure, not more. So let’s scrap the meme that we should live in fear and that our constitutional rights must be sacrificed to address a threat the fraction of that posed by lightning, salmonella, and the health insurance industry.<br />
<br />
<b>The trend line is all too clear</b>. More concerning than any single threat posed by any single technology – including drone surveillance – is this larger pattern indicating that privacy as both a right and an idea is under siege. The consequences of such a loss would be profound.<br />
<br />
<b>This false dichotomy between security and privacy </b>must be directly confronted. As security and privacy expert Bruce Schneier once wrote, "<i>I<b>f you set up the false dichotomy, of course people will choose security over privacy</b> -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "<b>Those who would give up essential liberty to purchase a little temporary safety</b>, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.”</i><br />
<br />
And let me sum this all up, once again, as I often do here.<br />
<br />
<b>Whether its the knowledge that everything we do on the internet is followed and stored,</b> that we can be wiretapped for no reason and without a warrant or probable cause, that smart grid systems monitor our daily in home habits and actions, that our emails can be intercepted, that our naked bodies must be viewed at airports and stored, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move (and perhaps drones too), and that RFID tags and GPS technology allow for the tracking of clothes, cars, and phones (and the list goes on)...what is certain is privacy itself is on life support in this country...and without privacy there is no freedom.<b> I also fear how such a surveillance society stifles dissent and discourages grassroots </b>political/social activism that challenges government and corporate power...something that we desperately need more of in this country, not less.<br />
<br />
<b>But perhaps the GREAT Jim Hightower frames this attack on privacy the best when he writes,</b> <i>"Look, up in the sky! Neither a bird nor Superman, the next must-have toy for assorted police agencies is the unmanned aerial vehicle, better known as drones. <b>Yes, the same miniaturized aircraft that lets the military wage war with a remote-controlled, error-prone death machine </b>is headed to your sky, if the authorities have their way. Already, Homeland Security officials have deployed one to a Texas sheriff's office to demonstrate its crime-fighting efficacy, and federal aviation officials are presently proposing new airspace rules to help eager departments throughout the country get their drones.<br /><br />But airspace problems are nothing compared to the as-yet-unaddressed Fourth Amendment problems that come with putting cheap, flying-surveillance cameras in the air. As usual, this techno-whiz gadget is being rationalized as nothing more than an enhanced eye on crime. <b>But the drone doesn't just monitor a particular person or criminal activity, it can continuously spy on an entire city, with no warrant to restrict its inevitable invasion of innocent people's privacy. Drones will collect video images of identifiable people. Who will see that information? How will it be used?</b> <b>Will it be retained?</b> By its nature, this is an invasive, all-encompassing spy eye that will tempt authorities to go on fishing expeditions. The biggest question is the one that is not even being asked: <b>Who will watch the watchers?."</b></i><b><br /></b><br />
<br />
We would do well to - sooner rather than later -<b> to recognize the inherent and fundamental value that privacy provides</b> ANY claimed democracy. Without one there can not be the other..CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-68320220639442099852012-02-07T11:48:00.000-08:002012-02-07T11:48:51.702-08:00Privacy Threats The Constitution Can't Protect You FromI just read yet another fascinating and disturbing article by Alternet's Tana Ganeva - someone I've sourced on this blog before. The article in question, which certainly connects to many of the issues I've written on here over the years, is entitled "<b><a href="http://www.alternet.org/module/printversion/153999">7 Privacy Threats the Constitution Can't Protect You Against</a></b>".<br />
<br />
Now, let's go through each, and I'll mix in some of what I have written on these topics in the past (and others I've cited), along with what Tana does in her article.<br />
<br />
<div class="MsoNormal">
Interestingly, <b>she begins with the Supreme Court case recently decided regarding GPS tracking</b> of suspects without a warrant - an issue I've covered here in detail for over a year now. She and I see this case, and the very limited (though correct) decision made by the court in a similar fashion. As I wrote just a couple weeks ago in response to the decision, "<i>The fourth amendment isn’t completely dead after all! While
this fundamental right to privacy is admittedly in tatters, the Supreme Court
ruled yesterday that police must have a warrant in order to track someone using
a GPS device....Unfortunately, the government will likely continue to insist that
tracking the location of cell phones is unaffected by this ruling.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
Certainly,<b> the stand out Justice was Sonia Sotomayor, who
went much further than her colleagues</b> on the issue of privacy in the digital
age - even making a case for revision of the “third-party” doctrine (i.e. we
lose Fourth Amendment protection when we disclose certain information). She
wrote,<i> “More fundamentally<b>, it may be necessary to reconsider the premise that
an individual has no reasonable expectation of privacy</b> in information
voluntarily disclosed to third parties. This approach is ill suited to the
digital age, in which people reveal a great deal of information about
themselves to third parties in the course of carrying out mundane tasks. People
disclose the phone numbers that they dial or text to their cellular providers;
the URLs that they visit and the e-mail addresses with which they correspond to
their Internet service providers; and the books, groceries, and medications
they purchase to online retailers.”</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As you can see, <b>my concern immediately went to the question of law enforcement tracking </b>things like cell phones<i> - </i>which wasn't addressed in the decision (except implicitly by Sotomayor)<i>. </i>This matters because <!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
in 2009 <a href="http://www.eff.org/deeplinks/2009/12/surveillance-shocker-sprint-received-8-million-law">Sprint
received 8 million law enforcement requests </a>for GPS location data in just
one year. This is what we already KNOW, let alone what might be the full scope of the problem.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: #990000;">
<b>Tana Ganeva goes deeper, as the cell phone is only one way we can be tracked now, writing: </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<i>The Jones case itself presents an outdated problem, because
police don't really have to bother
with the clumsy task of sneaking a device onto a car; at this point, <b>private
companies have shoehorned location trackers in most "smart" gadgets.</b>
Justice Alito pointed out that the more than 332 million phones and wireless
devices in use in the US
contain technology that transmits the user's
location. Many cars feature GPS as well, thanks to OnStar navigation. </i></div>
<i>
</i><div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>…</i></div>
<i>
</i><div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i><b>Location is just the start</b>. There has probably not been a
single week since 2005 without a story about Facebook, or Google, or Verizon,
or AT&T terrifying consumers and privacy advocates with some new way to
collect too much information and then share it with other companies or
authorities. <b>The problem is that the law does not adequately address
private information</b> that has been shared with third parties, like credit card
companies or Google, Facebook and the telecoms, Tien says.</i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>As Sotomayor put it, "I for one doubt that people would
accept without complaint<b> the warrantless disclosure to the Government of a list
of every Web site </b>they had visited in the last week, or month, or year. " </i></div>
<i>
</i>
<div class="MsoNormal">
<i> </i></div>
<i>
</i><div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><span style="color: #990000;">Now let's get to Tana's second "threat", which she calls "</span></b><span class="s1"><b><span style="color: #990000;">Cameras everywhere</span></b>: <b><span style="color: #990000;">License plate
readers, movement tracking on cameras."</span></b> </span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span class="s1">This too is something I have tackled here on this blog, <b>writing about </b></span><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]--><b>the ever
expanding reach of video surveillance cameras</b>. Certainly, polls are also not on my side, as large majorities of
Americans seem generally fine with having every movement of their existence on
tape, and watched by someone. Of course, <i>we
know that cameras DON'T in fact
reduce crime </i>and we also know that governments and law enforcement DO abuse our
civil liberties when given such authority to monitor us. Those are two BIG
strikes in my mind.<br />
<br />
I'm still not convinced however,
that this general support for such technological surveillance is a done deal,
and the argument in favor of FEWER cameras in FEWER locations is a lost one. I
believe this to be true for a couple reasons. One, most Americans have no
concept of just how often they are being watched or worse, for what purposes.
Two, <i>f</i><b>ew Americans have any idea the level of abuses such "watchers"
</b>are capable of...and if the Bush Administration has taught us anything its that
we can't trust government when they
are given more power than they know what to do with. My guess is we are just
scratching the surface, on issues ranging from wiretapping to surveillance to
monitoring, and when that surface is broken, public opinion might just change
on this topic.<br />
</div>
<div class="MsoNormal">
<br />
<a href="http://www.origin.popularmechanics.com/technology/military_law/4236865.html"></a></div>
<div class="MsoNormal">
What people may also not fully comprehend is that advanced monitoring systems such as the one
at the Statue of Liberty are proliferating around the country. State-of-the-art surveillance is increasingly being
used in more every-day settings. By local police and businesses. In banks,
schools and stores. There are an <b>estimated 30 million surveillance cameras now
deployed in the United
States shooting 4 billion hours</b> of footage a
week. Americans are being watched, all of us, almost everywhere.</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal" style="color: #990000;">
<b>Now let's get to what Tana has to say on this:</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<i>Thanks in part to a decade of Homeland Security grants, America's cities are teeming with cameras -- they're on subways, on buses, on store fronts, in
restaurants, in apartment complexes, and in schools. In New York, <a href="http://www.nyclu.org/pdfs/surveillance_cams_report_121306.pdf">the NYCLU</a>
found<b> a five-fold increase in the number of security cameras in one area of New
York between 1998 and 2005,</b> and that was before the Bloomberg administration --
inspired by London, most heavily surveilled city in the world -- pledged to
install 3,000 cameras in lower Manhattan as part of the<a href="http://www.counterpunch.org/2011/10/18/wall-street-firms-spy-on-protestors-in-tax-funded-center/">
Lower Manhattan Security Initiative</a> (this plan was expanded to midtown
Manhattan as well). The cameras, which stream footage to a centralized
location, are equipped with video analytics that can alert police to
"suspicious" activity like loitering. The NYPD, and municipalities
all over the country and world also make generous use of <a href="http://albanycriminalattorneys.com/2011/01/nypd-using-more-license-plate-readers/">license
plate readers (LPR)</a> that can track car movement. </i></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br /></div>
Tana's third example is of biometrics - another topic I've covered here in depth. <!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]--><b>A few months back <a href="http://consumercal.blogspot.com/2011/08/is-facial-recognition-top-privacy-issue.html">I
posted a pretty extensive blog</a> on Facial Recognition</b> technology and the
threat it poses to individual privacy. As I've
done in the past, because I know not everyone can read every post, I'll repeat a few of my thoughts here today: For some backdrop on biometrics, you can check out a past post I did about
another article, also by Tana, entitled <b><a href="http://www.alternet.org/news/152231/5_unexpected_places_you_can_be_tracked_with_facial_recognition_technology/">5
Unexpected Places You Can Be Tracked With Facial Recognition Technology</a></b>. As
I wrote then, this issue has particular interest to me due to California's recent fight that we (Consumer Federation of
California) were deeply involved in<b> - whether biometric identifiers should be
used by the DMV</b> (we were able, with a host of other groups, to stop them).<div class="MsoNormal">
<br />
<a href="http://www.californiaprogressreport.com/site/node/9298"><b>As for the
larger concern over facial recognition technology</b>,</a> groups from the Privacy
Rights Clearinghouse (PRC) to the ACLU to the Electronic Frontier Foundation to
EPIC have all been very active in making the case that there is a very real
threat to privacy at stake in determining just how, and when, this technology
can be used. <br />
<br />
Again, <b><span style="color: #990000;">going back to a prior post, I wrote</span></b>: "First, let me refresh
everyone on the concept of biometric identifiers - like fingerprints, facial,
and/or iris scans. <b> These essentially match an individual’s personal
characteristics against an image</b> or database of images. Initially, the system
captures a fingerprint, picture, or some other personal characteristic, and
transforms it into a small computer file (often called a template). The next
time someone interacts with the system, it creates another computer file.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: #990000;">
<b>Now, here's Tana on this privacy creep:</b></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<i>After 9/11 many cities and airports rushed to boost their
camera surveillance with facial recognition software. The tech proved
disappointing, and after testing that hit a paltry 60 percent accuracy
rate <a href="http://epic.org/privacy/facerecognition/">in one case</a>
(that's pretty bad if you're trying to figure out identity), many programs
were abandoned. In the years since then,<b> both private companies and university
research labs funded with government grants </b>have made vast improvements in
facial recognition and iris scans, like 3-D face capture and
"skinprint" technology (mapping of facial skin patterns). Iris scans
can allegedly tell identical twins apart. </i><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>Many private companies shill these products directly to
local law enforcement agencies, a business strategy that police tend to be
pretty enthusiastic about. One such success story is the <a href="http://blogs.wsj.com/digits/2011/07/13/how-a-new-police-tool-for-face-recognition-works/">MORIS
device,</a> a gadget attached to an iPhone that can run face recognition
software, take digital fingerprints and grab an iris scan at a traffic stop.
Starting last fall, the MORIS device has been in use in police departments all
over the country. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><span style="color: #990000;">Tana's next example is that of ever expanding government databases and the incredible amounts of private data they are accumulating on us. In this instance, I'll go straight to the article, she writes</span></b>:</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<i>Privacy advocates point out that novel types of biometric
technology like facial recognition and iris scans <b>can be an unreliable form of
ID in the field, but that has not discouraged government agencies from
embarking on grand plans </b>to hugely expand their biometric databases. The FBI's billion-dollar "Next Generation
Identification" system (NGI) will house iris scans, palm prints, measures
of voice and gait, records of tattoos, and scars and photos searchable with
facial recognition technology when it's
complete in 2014. The bulk of this information is expected to come from local
law enforcement. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
There are a number of reasons why such technological
identifiers should concerns us. So let's
be real clear, <b>creating a database with millions of facial scans and
thumbprints raises a host of surveillance</b>, tracking and security question -
never mind the cost. And as you might expect, such identifiers are being
utilized by entities ranging from Facebook to the FBI. In fact, the ACLU of
California is currently asking for information about law enforcements’ use of
information gathered from facial recognition technology (as well as social
networking sites, book providers, GPS tracking devices, automatic license plate
readers, public video surveillance cameras)."</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><span style="color: #cc0000;">Next up on Tana's list of 7 privacy threats is a new one for me</span></b>,<span style="color: #990000;"> c<b>alled "FAST (Future Attribute Screening Technology)</b></span>". She writes, <i>"Then there's the
tech that's supposed to peer inside
your head. In 2008, the Department of Homeland security lab tested a program
called <a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_st_fast.pdf">Future
Attribute Screening Technology</a> (FAST)<b>, designed to thwart criminal activity
by predicting "mal-intent.</b>" Unsavory plans are supposed to reveal
themselves through physiological tells like heart rate, pheromones,
electrodermal activity, and respiratory measurements, according to a 2008 privacy
impact assessment. </i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>The 2008 privacy assessment, though, only addressed the
initial laboratory testing of FAST's
prophesying sensors on volunteers. According to a report in the journal <a href="http://www.nature.com/news/2011/110527/full/news.2011.323.html">Nature,</a>
sometime last year <b>DHS also tested the technology in a large, undisclosed area
in the northeastern US. </b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><span style="color: #990000;">Tana's 6th threat</span><i style="color: #990000;"> </i><span style="color: #990000;">is none other than those mechanical war criminals called Drones!</span></b> Apparently, they do more than just bomb innocent women and children around the world, but in fact, are perfect domestic spying devices too. She writes, <i>"An <a href="http://www.aclu.org/files/assets/protectingprivacyfromaerialsurveillance.pdf">ACLU
report from December</a> says that l<b>ocal law enforcement officials are
pushing for domestic use of the new technology</b>, as are drone manufacturers. As
Glenn Greenwald <a href="http://www.salon.com/2011/12/12/the_growing_menace_of_domestic_drones/">points
out,</a> drone makers "continuously emphasize to investors and others that
a major source of business growth for their drone products will be domestic,
non-military use." </i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>Right now drones range in size from giant planes to
hummingbird-sized, the ACLU report says, with the technology improving all the
time. Some can be operated by only one officer, and others by no one at all.
<b>The report points to all the sophisticated surveillance technology that can
take flight on a drone, i</b>ncluding night vision, video analytics
("smart" surveillance that can track activities, and with
improvements in biometrics, specific people), massive zoom, and the creepy
see-through imaging, currently in development. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
And finally, <!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]--><b><span style="color: #990000;">Tana's 7th privacy threat are what she terms "Super drones that know who you are!" <span style="color: black;">She goes on to explain, writing:</span></span></b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><img src="http://img2.blogblog.com/img/video_object.png" style="background-color: #b2b2b2; " class="BLOGGER-object-element tr_noresize tr_placeholder" id="ieooui" data-original-id="ieooui" />
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</div>
<div class="MsoNormal">
<i>In September, <a href="http://www.wired.com/dangerroom/2011/09/drones-never-forget-a-face/">Wired
reported</a> that the military has given out research grants to several
companies to <b>spruce up their drones with technology that lets them identify and
track people on the move</b>, or "tagging, tracking, and locating" (TTL).
Noah Shachtman writes:</i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i>Perhaps the idea of spy drones already makes you nervous.
<b>Maybe you’re uncomfortable with the notion of an unblinking, robotic eye in the
sky that can watch your every move.</b> If so, you may want to click away now.
Because if the Army has its way, drones won’t just be able to look at what you
do. They’ll be able to recognize your face — and track you, based on how you
look. If the military machines assemble enough information, they might just be
able to peer into your heart.</i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i><b>One company claims it can equip drones with facial
recognition technology</b> that lets them build a 3-D model of a face based on a
2-D image, which would then allow the drone to ID someone, even in a crowd.
They also say that if they can get a close enough look, they can tell twins
apart and reveal not only individuals'
identity but their social networks, reports Wired. That's
not all. Shachtman continues: </i></div>
<div class="MsoNormal">
<br /></div>
<i>
</i><div class="MsoNormal">
<i><b>The Army also wants to identify potentially hostile behavior
and intent, in order to uncover clandestine foes.</b> <a href="http://www.crai.com/">Charles
River Analytics</a> is using its Army cash to build a so-called “Adversary
Behavior Acquisition, Collection, Understanding, and Summarization (ABACUS)”
tool. The system would integrate data from informants’ tips, drone footage, and
captured phone calls. Then it would apply “a human behavior modeling and
simulation engine” that would spit out “intent-based threat assessments of
individuals and groups.” In other words: <b>This software could potentially find
out which people are most likely to harbor ill will toward the U.S. military
or its objectives. Feeling nervous yet?</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="color: #990000;"><span style="color: black;">To answer that final question, yes...I do feel nervous.</span></span><b><span style="color: #990000;"><span style="color: black;"> </span></span></b><span style="color: #990000;"><span style="color: black;">I've written a lot on this blog about what it means to live in a society without ANY privacy. As I have said, such a society, one we are rapidly approaching, has <b>ramifications that go far deeper than simply "being watched" or feeling uneasy. </b>What we are talking about is freedom itself...and the way such an all seeing surveillance state stifles dissent and dis-empowers citizens.</span></span><b><span style="color: #990000;"><span style="color: black;"></span></span></b></div>
<div class="MsoNormal">
<b><span style="color: #990000;"><span style="color: black;"><br /></span></span></b></div>
<div class="MsoNormal">
<b><span style="color: #990000;"><span style="color: black;"><span style="color: #990000;">As I have written here before</span>, "</span></span></b><i>Whether its the knowledge that everything we do on the
internet is followed and stored, that we can be wiretapped for no reason and
without a warrant or probable cause, that smart grid systems monitor our daily
in home habits and actions, that our emails can be intercepted, that our naked
bodies must be viewed at airports and stored, that our book purchases can be
accessed (particularly if Google gets its way and everything goes electronic),
that street corner cameras are watching our every move (and perhaps drones too), and that RFID tags and
GPS technology allow for the tracking of clothes, cars, and phones (and the list
goes on)...what is certain <b>is privacy itself is on life support in this
country...and without privacy there is no freedom. </b>I also fear how such a
surveillance society stifles dissent and discourages grassroots
political/social activism that challenges government and corporate
power...something that we desperately need more of in this country, not less."</i></div>
<b style="color: black;">
</b><div class="MsoNormal" style="color: #990000;">
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]--><b>
</b></div>
<div class="MsoNormal">
<b><span class="s1"><br /></span></b></div>
<b>
</b><div class="MsoNormal">
<b> </b></div>
<b>
</b><div class="MsoNormal">
<b>As Bruce Schneier, a security and privacy expert once wrote, "</b><i>...lack of privacy shifts power from people to businesses or
governments that control their information. If you give an individual privacy,
he gets more power…laws protecting digital data that is routinely gathered
about people are needed. The only lever that works is the legal lever...Privacy
is a basic human need…<b>The real choice then is liberty versus control.”</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
We would do well to - sooner rather than later - <b>to recognize the inherent and fundamental value that privacy provides</b> ANY claimed democracy.<i><b> </b></i>Without one there can not be the other...<i><b><br /></b></i></div>
<div class="MsoNormal">
<i> </i></div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-23909174902872975152012-02-02T13:13:00.000-08:002012-02-02T14:11:48.578-08:00Is Google Evil?That's the question posed by an article I want people to read today. See my last post for the details and a variety of expert opinions on Google's new privacy policy and the outcry it induced. For today's purposes I want to go straight to an article I found by the President of the Internet Security Advisors Group, and author, named Ira Winkler. <b>The article is entitled "<a href="http://www.cio.com.au/article/414066/ira_winkler_google_evil_jury/">Is Google Evil? The Jury is Out.</a>"</b><br />
<br />
I figure if anyone can shed some light on this subject its him.<br />
<br />
<b>He writes,</b> "..<i>.there is plenty to get upset about regarding Google's new policy. <b>Google has managed to wriggle into just about every area of our lives</b>. It all started with Google search, of course, and that seemed innocuous. But later you could sign up for a Gmail account, and suddenly any searches you did while signed onto Gmail could have an identity assigned to them -- and Google roughly knew what was on your mind. Google Docs was another chance to gather data, and the social network Google+ really ups the ante. Every post is captured, and Google has access to information such as who is in your circles -- not only that you know those people, but what your relationship is to them, because you've defined your circles so carefully (family, friends, colleagues, fellow alumni). G<b>oogle Calendar reveals where you are going to be. Google Maps gleans where you are considering going.</b> Google Latitude knows exactly where you are right now. Picasa stores pictures, and if you carefully tag them, you have provided more information about where you have been and whom you have been with. Google Chrome keeps track of your browsing habits and history. Google Checkout and Google Wallet know what you are buying and where you are. The Android operating system can track every aspect of your cellphone usage, including the apps you have loaded. YouTube searches can reveal proclivities that you might not want other people to know about.<br /><br />Until now, we could think of all of these as stand-alone services. <b>Each had information about us, but the threat of privacy invasion seemed manageable. It's a different story when it all gets consolidated</b>. Now, for all practical purposes, a single entity has the ability to put together your past, present and future. Who calls you on your Android phone can be combined with what you are searching. The interests you repeatedly post about can be combined with your location. Your appointments can be cross-referenced with your acquaintances' appointments.<br /><br /><b>What we know is that Google tries to monetize the information it has about the users of its services</b> by selling advertising that is carefully targeted to their interests. Facebook and other companies do similar things. Some people have been sized up pretty well just based on their searches. Others have not. Wired recently ran a short piece on </i><b><i>how Google currently can be inaccurate in its current analysis of a user's searches. After consolidation, though, there will be little ambiguity.</i></b><br />
<br />
...<br />
<i><br /></i><br />
<div class="storybody">
<i>And this is where my presumption that Google is not
evil runs up against a big problem. Because I have to believe that
Google always intended to combine the data from all of the businesses
that it built or acquired. I have too much respect for the company to
think otherwise. I saw the potential for this three years ago; isn't it
likely that Google did as well?<b> But there is currently nothing in the
law stopping a company from getting people to offer up their personal
data under one privacy policy,</b> even though the company fully intends to
change the policy and use the data for other purposes.</i></div>
<div class="storybody">
<br /></div>
<div class="storybody">
<i>Now,
you could argue that <b>any company that did that had to induce people to
use its services under false pretenses.</b> And that sounds, well, evil.</i></div>
<div class="storybody">
<br /></div>
<div class="storybody">
<i>In
the wake of Google's policy change, eight members of Congress sent the
company a list of questions about the new policy's effects on privacy.
Google responded on Monday, <a href="http://www.computerworld.com/s/article/9223852/In_letter_to_Congress_Google_defends_privacy_changes" target="_blank">basically saying that its approach to privacy has not changed</a>
. <b>My expectation is that in the end Google will make some small
concessions, and the lawmakers and various privacy advocates </b>will play
those up so we'll all think they're looking after our welfare. To my
mind, that's not nearly good enough. If Google is really going to live
up to its corporate mantra of "Don't be evil," then it should undo this
latest move and support regulation that would stop other companies from
making similar changes. Because, unlike lions on the savannah, a
company's worst impulses can be constrained.</i></div>
<div class="storybody">
<br /></div>
<div class="storybody">
<b><a href="http://www.cio.com.au/article/414066/ira_winkler_google_evil_jury/">Read more here. </a></b></div>
<div class="storybody">
<i><br /></i></div>
<div class="storybody">
Again<b>, I think we're running up against the question of just what privacy rights do we have in the digital age? </b>What is legal for companies to do with information that we ostensibly "give up" on the net? Sure, Google promises to use all this information to make our internet experience that much more seamless, efficient and enjoyable. Of course, as I have painstakingly documented on this blog for years now, there are all kinds of examples how this is not always the case<b>...whether its the government and law enforcement wanting increasing amounts </b>of access to every aspect of our lives, or whether its advertisers, insurance companies, or the pharmaceutical industry looking to market to us in increasingly invasive ways.<br />
<br />
As the author also pointed out, it wasn't long ago that Google promised IT WOULDN'T consolidate all these functions...so as Google becomes more and more ubiquitous, so to is there access to everything we do. As Winkler points out, "<i>Should it ever cross the line, then all of that<b> information it has could be used for truly nefarious and malicious purposes, including extortion and harassment."</b></i></div>
<div class="storybody">
<br /></div>
<div class="storybody">
Interestingly, <b>it was Supreme Court Justice Sotomayor that brought this very topic up</b> in the recent GPS tracking case when she said made a case for revising the “third-party” doctrine (i.e. we lose Fourth Amendment protection when we disclose certain information). She wrote, <i>“<b>More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy </b>in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers.”</i></div>
<br />
<div class="storybody">
It becomes clearer and clearer that this core question over data control and digital privacy must be asked and answered sooner rather than later. As Winkler correctly points out, "<i>My thought is that regulators and privacy professionals<b> should rethink the concept of privacy protection. When companies are allowed to set their own privacy policies</b> and retain the right to change them at will, do privacy policies mean anything at all? The Google case suggests that voluntary privacy policies, always subject to change, provide no protection."</i></div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-88647906636162138152012-02-01T12:11:00.000-08:002012-02-02T12:58:24.397-08:00Google's New Privacy Policy Causes Controversy<b>A bit of a firestorm was sparked by Google changing its privacy policies </b>rather abruptly, while making opt-ing out of the massive amount of data sharing that will take place if their proposed folding 60 of its 70 existing
product privacy policies under one blanket policy and breaking down the
identity barriers between (to accommodate its new Google+
social network software) nearly impossible.<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In other words, <b>Google will combine data from all its services,</b> so when users are signed in, Google may
combine identity information users provided from one service with information
from other services. The goal is to treat each user as one individual across
all Google products, such as Gmail, Google Docs, YouTube and other Web
services.<br />
<br />
One one hand, this didn't strike me as something they weren't already probably doing...but that doesn't make it okay, either. By the least, Google's ability to create an <b>incredibly detailed digital dossier</b>
of every one of us, with little to no control on our part, would be enhanced beyond what it already can do.<br />
<br /></div>
<div class="MsoNormal">
As John Simpson, director of the the nonprofit, nonpartisan Group's
Privacy Project stated, "<i>Google has eliminated its last pretense that it
protects consumer privacy - the walls are torn down. Instead of a privacy policy Google has finally
admitted they have a profiling policy - and every Internet user is a target to
be spied on."</i><br />
</div>
<div class="MsoNormal">
<b>Peter Eckersley,
the Electronic Frontier Foundation's</b>
Technology Projects Director points out that the search giant's
disclosure that it will track what you do across all Google-owned services that
you partake of -- on your PC and mobile devices -- comes across more like a
confession than a bold new move.<br />
<br />
<div class="MsoNormal">
</div>
<div class="MsoNormal">
Google of course is claiming it will simply and improve the users experience...but they also admit it will also make it impossible for users to opt out of having their
identities applied to dozens of Websites they might not have agreed to use.<br />
<br />
<b>Common Sense Media CEO James Steyer wrote in a statement emailed to eWEEK:</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>"Google's
new privacy announcement is frustrating and a little frightening. Even if the
company believes that tracking users across all platforms improves their
services, <b>consumers should still have the option to Opt Out</b>—especially the kids
and teens who are avid users of YouTube, Gmail and Google Search."</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<div class="MsoNormal">
More than anything<b>, this kind of "cross personalization", from video to email, </b>would be a boon for advertisers and marketers...which is what's this really all about. Already though, lawmakers and the the Federal Trade Commission are looking into Google's search business practices - a company that has already been ordered to submit to 20 years of audits after breaching user privacy
with its Google Buzz feature.</div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So what exactly is different with this policy?<b> Peter Eckersley of EFF note</b>s, "<i>"It has always been the case that Google kept
effectively linkable records of our uses of Gmail, Search, Maps and Market for
Android, and other services,. Only very
sophisticated users have ever been able to remove any of that linkability, and
that remains the case today. In a couple of cases, Google had some internal
practices of not linking your browsing history, and YouTube history, to other
data -- and those internal walls at the company are now gone."</i></div>
</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
We should also consider Google's sordid privacy
history, from <a href="http://consumercal.blogspot.com/2009/10/letter-to-google-take-time-to-add.html">Google
Books </a>to <a href="http://consumercal.blogspot.com/2009/09/ny-times-casualty-of-technology.html">the
loss of "Locational Privacy</a>" to the company's
<a href="http://consumercal.blogspot.com/2009/03/google-and-privacy-growing-concerns.html">lobbying
efforts in Congress</a>, to <a href="http://consumercal.blogspot.com/2009/03/more-flaws-in-google-cloud.html">its
cloud computing</a>, to its <a href="http://consumercal.blogspot.com/2009/03/googles-targeted-behavioral-advertising.html">increasing
usage and expansion of behavioral marketing techniques,</a> to Google
StreetView cars gathering private information from unaware local residents, to
the company teaming with the National Security Agency (the agency responsible
for such privacy violation greatest hits as warrantless wiretapping) "for
technical assistance" to the infamous Google Buzz to the company's recent admittance that it gets THOUSANDS of requests from the government for information about its users to claims that the company
manipulates its search results to favor its own products. <br />
<br />
<div class="MsoNormal">
<a href="http://www.wired.com/threatlevel/2011/10/google-data-requests/">AS
reported by Wired Magazine</a>: <i><b>The number of U.S. government requests for data on Google
users for use in criminal investigations rose 29 percent</b> in the last six
months, according to data released by the search giant Monday. U.S. government
agencies sent Google 5,950 criminal investigation requests for data on Google
users and services from Jan. 1 to June 30, 2011, an average of 31 a day. That’s
compared to 4,601 requests from July 1 to Dec. 31, 2010, the company reported
Tuesday in an <a href="http://googleblog.blogspot.com/2011/10/more-data-more-transparency-around.html">update
to its unique transparency tool</a>. Google says it complied in whole or part
with 93% of such requests, which can include court orders, grand jury subpoenas
and other legal instruments...<b>According to Google, the numbers do not include National Security Letters, </b>a
sort-of self-issued subpoena used by the FBI in drug and terrorism cases. At
their post–Patriot Act peak, the FBI issued more than 50,000 such letters a
year, nearly all with gag orders attached to them. The use of such letters
dipped for a time after the Justice Department’s internal watchdog unveiled
widespread abuses and sloppy procedures, but are on the rise again. Also not
included are national security wiretap and data requests, known as FISA
warrants, that are approved by a secret court in D.C. to combat spies and
threats to national security.</i></div>
<div class="MsoNormal">
<br />
In other words, <b>I view ANYTHING Google says or apparently does when it comes to
privacy</b> with a huge grain of salt.We are living in a brave new cyber world in which nearly everything we do can be monitored, sold and stored. And, let's remember, we have yet to establish the kinds of privacy protections demanded in this new information age. And that is not by accident, last year Google spent a record $9.7 million on lobbying <br />
<div class="MsoNormal">
<br /></div>
Let's also remember the bigger picture, and why we need a set of ironclad privacy protections for internet users, including opt-in (and by the least opt-out), as well as Do Not Track...to name a few.<br />
<br /></div>
In a recent op-ed in the San Diego Union Tribune,<b> Beth Givens, Executive Director of the Privacy Rights Clearinghouse </b>lays out this larger issue of privacy on the net:</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>Individuals are increasingly using the Internet as their
primary information source</b>, often seeking information on sensitive matters such
as finances, health, personal relationships, divorce, sexuality, workplace
difficulties and legal conflicts. But few individuals realize the extent to
which they are being tracked by companies that create rich profiles of their
web-browsing activities. The 2010 Wall Street Journal series, “What They Know,”
reported that the nation’s top 50 websites installed an average of 64 pieces of
tracking technology onto each visitor’s computer. Tracking tools go beyond the
cookies many of us routinely delete. Some companies deploy “Flash cookies” or
other “supercookies” that are not only extremely difficult to delete but can
also be used to reinstall cookies that a user has removed.<br />
<br />
<b>Such data-gathering and profiling activities are largely invisible, except that
they can result in the real-time display of behaviorally targeted ads</b>. You
might ask, “What’s the harm in receiving ads based on my web-surfing history?”
In a legislative primer presented to members of Congress by 10 organizations,
including ours, several potentially harmful effects of behavioral tracking and
targeting were identified: (1) targeting economically distressed individuals
with payday loans and subprime mortgages; (2) sending ads for bogus cures to
individuals with serious medical conditions; (3) engaging in discriminatory
pricing in which some people are offered products or services at higher prices
than others; and (4) targeting children who lack the judgment capacity of
adults. Further, profiles compiled originally for the ad industry may be sold
to non-advertising third parties such as insurance companies.</i>
</div>
<i>
</i>
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Harms aside, let’s not forget, simply, the right to privacy.
</b>The definition of privacy that guides my organization’s work is the ability of
individuals to control the use of their personal information. Everyone has a different
comfort level regarding the collection and use of their personal information.
We believe individuals’ choices must be respected, no questions asked.<br />
<br />
...</i>
</div>
<div class="MsoNormal">
<i><br />
However,<b> studies show that robust profiles generated from anonymous data can be
matched with other data sources</b>, offline and online, to determine individuals’
identities. These days, the anonymity argument is largely a myth. Another myth
is that young people are not concerned about privacy. These “digital natives”
have not known a world without the Internet, so the argument goes, and they are
not worried about their personal information being revealed online. However, a
2009 academic survey found there are no significant differences between young
adults and older individuals regarding online privacy concerns. While some
believe that in a generation or two, concerns about online privacy will vanish,
we at the Privacy Rights Clearinghouse are not so quick to accept that
argument.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>In closing, e<b>ffective online privacy protection requires a
multipronged approach </b>involving policymakers, industry, nonprofits and
consumers. It must not be lost to bogus arguments and unfounded myths.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<a href="https://www.signonsandiego.com/news/2011/nov/13/internet-privacy-a-contradiction-in-terms/">You
can read the rest here</a>.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>Legislators Taking Action </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The good news is legislators are asking Google some tough questions. Rep. Jackie Speier, a longtime privacy stalwart, has co-authored a letter (<a href="http://markey.house.gov/sites/markey.house.gov/files/documents/2012_0126.Google%20Prviacy%20Letter.pdf">PDF</a>) asking the company to respond to a series of sternly worded questions
about its <a href="http://news.cnet.com/8301-31921_3-57365195-281/google-wants-ability-to-combine-your-user-data/">plans
to simplify privacy policies</a> into one more-or-less standard one. Currently
Google has more than 70 individual privacy policies. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>The letter states,</b> <i>"We believe that consumers should have the ability to
opt-out of data collection when they are not comfortable with a company's terms of service and that ability to exercise that choice should be simple and straightforward."</i><br />
<br />
Other members signed on include Cliff Stearns (R), Henry
Waxman (D)--plus <a href="http://news.cnet.com/8301-31921_3-20037289-281.html">veteran
Google antagonists</a> Joe Barton (R) and Ed Markey (D). Google has until February 16th to respond.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
Interestingly, there happens to be a major privacy conference taking place in Europe right now. Here's how the Europeans are addressing some of these same concerns (it goes without saying they're taking a much more PRO privacy stance):<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>The European Commission proposed these key changes in the
data protection law </b>that went into effect in 1995 when only 1 percent of
Europeans were on the Internet:</div>
<div class="MsoNormal">
---A ‘right to be forgotten’ will help people better manage
data protection risks online: people will be able to delete their data if there
are no legitimate grounds for retaining it.</div>
<div class="MsoNormal">
---Companies and organisations must notify the national
supervisory authority of serious data breaches as soon as possible (if feasible
within 24 hours).</div>
<div class="MsoNormal">
---Wherever consent is required for data to be processed, it
is clarified that it has to be given explicitly, rather than assumed.</div>
<div class="MsoNormal">
--- People will have easier access to their own data and be
able to transfer personal data from one service provider to another more easily
(right to data portability). This will improve competition among services.</div>
<div class="MsoNormal">
--- EU rules must apply if personal data is handled abroad
by companies that are active in the EU market and offer their services to EU
citizens.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>Conclusions</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>The ramifications of Google's new policy aside </b>- and I'm not saying I know exactly what they are yet - the
fact is, there's been a virtual
explosion in data collection, data analysis and use of behavioral marketing on
the internet without the requisite privacy protections to go along with
it. Billions of dollars at stake, and your private information is the
currency.</div>
<div class="MsoNormal">
<br />
As I have written on this blog in the past: We know for instance, and they have been sued for it, companies like Google,
Yahoo, Microsoft and other Internet companies track and profile users and then
auction off ads targeted at individual consumers in the fractions of a second
before a Web page loads.<br />
<br />
That in itself, may not be all that threatening to most. But it raises some
interesting questions: <b>What kind of control should we have over our own data?</b>
And, what kind of tools should be available for us to protect it? What about
ownership of our data? Should we be compensated for the billions of dollars
being made by corporations from their tracking of us? And of course, what of
the government's access to this new
world of data storage?<br />
<br />
The argument from privacy advocates has largely been that this massive and
stealth data collection apparatus threatens user privacy and regulators should
compel (not hope that) companies to obtain express consent from consumers
before serving up "behavioral" ads based on their online history.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As I have also written before, <b>its not by accident that we are told by the same
interests that profit off </b>our information that privacy is dead, and people don't care about it anymore, or that it will "kill
business". Well, that's easy to
say when you are the ones developing the complicated and difficult to find
privacy settings consumers have to deal with - and profiting off our personal
information without our consent.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
More to the point is the simple, unavoidable fact that<b>
consumers should have MORE control, not less,</b> over what information of ours is
used, shared, and profited off. This basic principle is at the heart of the
ACLU's DotRights campaign.</div>
<div class="MsoNormal">
<b><br /></b></div>
<div class="MsoNormal">
<b>There remains an interesting dichotomy in all this: </b>While
people seem to "care" about privacy on one level, they tend to do
very little to actually protect it. Which in my mind, makes easy to use, clear
options to protect privacy so paramount. Once people are given such a choice,
not only will more people choose to "not be tracked", I think more people
will become more AWARE of just how all pervasive such monitoring of nearly
everything we do has become."</div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-6521525273919674512012-01-24T11:32:00.000-08:002012-01-24T12:47:33.824-08:00Supreme Court Rules Search Warrant Needed to Track People Using GPSThe fourth amendment isn’t completely dead after all! While
this fundamental right to privacy is admittedly in tatters, the
Supreme Court ruled yesterday that police must have a warrant in order to track someone
using a GPS device.<br />
<br />
The case in question involved police covertly tracking a
suspected cocaine dealer's car using
a GPS device for an extended period of time without getting a warrant. <b>The
question before the court largely centered on </b>whether the constant, and
extended, use of a secret GPS tracking device violated the Fourth Amendment’s
protection against unreasonable searches and seizures?<br />
<br />
Or, is such use of these devices without a warrant
acceptable on the grounds that there is no expectation of privacy when in
public places and that such tracking technology merely makes public surveillance
easier and more effective?<br />
<br />
Clearly, a whole lot was riding on this decision for privacy
advocates. Citizens shouldn’t be concerned that trips to a friend's house, a place of worship, or a therapist's office can be tracked in real time by the
government.<b> <br /></b><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
Thankfully, in this case, the court agreed: attaching a GPS
device to a car and tracking its movements is a violation of the Fourth
Amendment. Unfortunately, the government will likely continue to insist that tracking
the location of cell phones is unaffected by this ruling.</div>
<br />
<b><a href="http://www.wired.com/threatlevel/2010/08/gps-tracking-unconstitutional/" target="_self">As previously laid out in an article in Wired Magazine</a></b>,
<b>there is an important distinction between traditional surveillance and GPS
tracking: </b>"<i>Repeated visits to a church, a gym, a bar, or a bookie tell a
story not told by any single visit, as does one’s not visiting any of these
places over the course of a month. The sequence of a person’s movements can
reveal still more; a single trip to a gynecologist’s office tells little about
a woman, but that trip followed a few weeks later by a visit to a baby supply
store tells a different story."</i><br />
<br />
Interestingly, though not surprising, the Court, while in
unanimous agreement that a warrant is necessary, came to that conclusion from
very different perspectives.<br />
<br />
Certainly<b>, the stand out Justice was Sonia Sotomayor</b>, who
went much further than her colleagues on the issue of privacy in the digital age - even making a case for revision of the
“third-party” doctrine (i.e. we lose Fourth Amendment protection when we
disclose certain information). She wrote, “<i>More fundamentally, it <b>may be
necessary to reconsider the premise that an individual has no reasonable expectation</b>
of privacy in information voluntarily disclosed to third parties. This approach
is ill suited to the digital age, in which people reveal a great deal of
information about themselves to third parties in the course of carrying out
mundane tasks. People disclose the phone numbers that they dial or text to
their cellular providers; the URLs that they visit and the e-mail addresses
with which they correspond to their Internet service providers; and the books,
groceries, and medications they purchase to online retailers.”</i><br />
<br />
On the question of surveillance, <b>she also distanced herself
from Antonin Scalia’s narrow property rights</b> argument (i.e. by installing the
device police were violating the suspect’s private property), writing “<i>…the
same technological advances that have made possible nontrespassory surveillance
techniques will also affect the Katz test by shaping the evolution of societal
privacy expectations. Under that rubric, I agree with Justice Alito that, at
the very least, 'longer term GPS
monitoring in investigations of most offenses impinges on expectations of
privacy.'"</i><b> </b><br />
<br />
<b><a href="http://www.cato-at-liberty.org/jonesing-for-a-fourth-amendment-upgrade/">As
Julian Sanchez of the CATO institute noted</a></b>, the ruling was a big victory
for privacy advocates and the Fourth Amendment, writing, “<i><b>This is a pretty big
deal. Fourth Amendment scholars have been warning for decades</b>—and with
increasing alarm—that modern communications technology could turn
constitutional privacy protections into an empty formality if we’re regarded as
waiving those protections whenever we “expose” information to a third party. It
is inherent to the nature of the Internet and mobile telecommunications, after
all, that almost everything we do online—and, increasingly, much that we do
offline as well—leaves a trace in the vast databases of one corporation or
another.</i><br />
<br />
<i>Sotomayor’s concurrence signals a recognition that we need
to move beyond what privacy scholar Daniel Solove has called “The Secrecy
Paradigm,” which assumes that whatever is not totally secret (or very nearly
so) is effectively “public.” In other words,<b> if your Internet provider has a
record of every Web site you visit,</b> there’s no invasion of privacy when the
government decides to have a look at the list. At least one Justice, evidently,
recognizes that this is an indefensible inference—and one hopes she’s not
alone.”</i><b> </b><br />
<br />
<b>Does Sotomayor's case against the third party doctrine</b> have any significance for privacy advocates moving forward?<b> <a href="http://arstechnica.com/tech-policy/news/2012/01/supreme-court-holds-warrantless-gps-tracking-unconstitutional.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss">Timothy
B. Lee of ArsTechnica says yes, writing</a></b>, “<i>Sotomayor's
discussion of the third-party doctrine has no legal significance, since she was
the only one to sign onto her concurrence. But it could prove to have greater
significance in the long run. The existence of at least one justice who is
skeptical of the doctrine will inspire privacy advocates to raise objections to
the idea in future cases. And one of those cases is likely to reach the high
court at some point in the future.”</i>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-16566509871350335642012-01-12T15:05:00.000-08:002012-01-12T15:12:55.828-08:00E-Health Records, Data Breaches, and PrivacyRather than re-inventing the wheel today, if you want some past posts I've done on electronic health records (EHR's) and the need for strict privacy safeguards that protect consumers<b>, you can go <a href="http://consumercal.blogspot.com/2011/12/electronic-health-record-data-breaches.html">here</a>, <a href="http://consumercal.blogspot.com/2011/09/really-bad-week-for-electronic-health.html">here</a>, or <a href="http://consumercal.blogspot.com/2011/08/another-massive-e-health-record-data.html">here</a></b>. Generally speaking, I've made the following arguments: yes, this transition from paper to EHR's is inevitable and necessary; yes, such a transition does offer numerous benefits from cost effectiveness to better care; but, and this is a big but, what remains contentious - and rightly so -<b> is the intrinsic threat a massive electronic database</b> containing our most personal medical records poses to individual privacy and security.<br />
<br />
Similarly, I have also documented, <b>one medical records data breach after another</b>, some due to hackers/identity thieves and some as a result of gross hospital incompetence and negligence (and more). In addition, I've detailed how states, like California for instance, are trying to create a set of privacy standards for these records that often means merging state rules and federal ones.<br />
<br />
Given the lack of consistency, for instance, <b>between California’s Confidentiality of Medical Information Act </b>(CMIA) and the federal HIPAA (The Health Insurance Portability and Accountability Act), there is no single, comprehensive “rule” for the use and disclosure of health information in our state.<br />
<br />
<b>Thus the debate taking place over what kind of privacy standards and protections </b>should apply to EHR’s centers around a few core principles: accountability among parties involved in processing electronic transactions, consumer control over how their information is shared and the availability of access to it, transparency (so anyone who accesses files is recorded and made available to the consumer if desired), and system security to ensure a patients private information is protected from identity thieves, overzealous law enforcement, or unwanted marketers.<br />
<br />
Now that I've briefly gone over some of the general fundamentals of this very complex issue, I want to discuss two articles that have come out in the past week or so, one <b><a href="http://www.dailybruin.com/index.php/article/2012/01/classaction_lawsuit_against_ucla_health_system_for_data_breach_fails_to_move_foward">about the UC Regents dragging its feet</a></b> in the lawsuit against it for a medical records data breach at the UCLA Health System, and the other, a MUST READ from the Los Angeles Times Michael Hiltzik entitled (apt for this blog), "<b><a href="http://www.latimes.com/health/healthcare/la-fi-hiltzik-20120104%2C0%2C3519433.column">Her case shows why healthcare privacy laws exist</a>."</b><br />
<br />
I want to bring these up because they demonstrate, particularly the Los Angeles Times piece, WHY the work that, in California for instance, CalOHII (<a href="http://www.ohi.ca.gov/calohi/Home/AboutCalOHII.aspx">State of California Office of Health Information Integrity</a>) is doing to come up with ironclad privacy protections for the state to adopt is so important (full disclosure:<a href="http://www.ohi.ca.gov/calohi/LinkClick.aspx?fileticket=KV3frTr02Nk%3d&tabid=127"> <b>I'm on the privacy steering committee</b></a><b>).</b><br />
<br />
<b>Let's begin with Hiltzik's piece</b> because it truly blows the mind, and brings home why this MATTERS. He writes:<br />
<br />
<i><b>Of all the personal information that you might want to keep private, </b>your medical records are the most important. That's why federal and state laws carry stiff penalties, up to and including jail time, for healthcare providers who let such data loose into the wild.<br /><br />So you should be aghast at how free and easy Prime Healthcare Services and two executives at Prime-owned Shasta Regional Medical Center have been with the medical chart of a patient named Darlene Courtois. <b>They showed the entire chart to an editor of her hometown newspaper,</b> and Prime's corporate office divulged some of her medical examination results to me (though I didn't ask for them). They didn't have her permission for those disclosures, her daughter says.<br /><br />...<br /><br /><b>Here's what state and federal laws have to say:</b> A hospital can't disclose a patient's medical information publicly, such as to a newspaper, without the patient's written authorization. The authorization has to be very specific, designating exactly which records may be disclosed and to whom.<br /><br />The applicable laws are the federal Health Insurance Portability and Accountability Act of 1996, which is known as HIPAA, and the 2008 California Confidentiality of Medical Information Act. The covered records include any information about an individual's "past, present or future physical or mental health or condition," and "the provision of health care to the individual." (The language comes from the federal government's published privacy rule summary.)<br /><br /><b>There are a few limited circumstances in which a healthcare provider doesn't need permission. </b>Chiefly these fall into the categories of "treatment, payment and healthcare operations" — in other words, charts can be seen by doctors treating the patient or insurers paying for care, or in connection with hospital functions such as evaluating doctors' competency — and regulatory activities or subpoenas.<br /><br />...<br /><br />Under the law<b>, there's no such thing as an implied authorization by a patient for disclosure</b> of personal records, said Linda Ackerman, a San Francisco expert in privacy law.<br /><br />The office of civil rights of the U.S. Department of Health and Human Services, which enforces HIPAA, put it this way: "There is no 'waiver' that would apply to the release of a chart or medical record to the media without an individual's written authorization."<br /><br />Several experts told me <b>it doesn't matter if the hospital was trying to contradict misinformation </b>provided by a patient (even if that's what Courtois did, which is debatable). Under the law, patients themselves can divulge anything they wish about their medical conditions and their treatment by a hospital. But a hospital's obligation is to keep its mouth shut. A desire to deflect bad PR is not an excuse. Even if they think they're in the right, the law says healthcare providers have to suffer in silence, the experts say.<br /><br />Anthony Wright, executive director of the statewide patient advocacy group Health Access California, <b>also mentioned the "chilling precedent" of a hospital company exposing a patient's personal information</b> just because she criticized the company in public. Indeed, the lesson of the Courtois case is clear: Give an interview about your experience at a Prime-owned hospital, and don't be surprised if the hospital responds by exposing the most private details of your medical history to the world.</i><b> </b><br />
<br />
<b><a href="http://www.latimes.com/health/healthcare/la-fi-hiltzik-20120104%2C0%2C3519433.column">Click here for more.</a></b><br />
<br />
I would have to say, in addition to the blatant disregard for the privacy, and the RIGHTS of Darlene Courtois demonstrated by Prime,<b> I find Anthony Wright's point on this serving as a "chilling effect" against patients </b>who may speak out, to be of particular concern. I say this because all too often, as a consumer advocate, industry's from chemical to big pharma to big oil, and on down the line, we see intimidation, obfuscation, and in fact, a factoring in of the damage they cause people and the planet into their business model. I would HATE to think that EHR's could serve as yet one more tool to protect these kinds of corporate interests from proper justice and accountability.<br />
<br />
My sense is, that in the case of Prime, its so egregious, there will be accountability, and this chilling effect will not take root. But, that is why I brought up the issue of factoring in the cost of the damage these corporate interests do into their business model: <b>will the damages Prime faces outweigh the benefits, they, and other vultures like them, feel they might get from such intimidation?</b><br />
<br />
This also is why, as Hiltzik rightly states in the articles title,<i> "Her case shows why health care privacy laws exist"</i>, and why,<b> INCREASED privacy protections, and increased accountability and enforcement</b>, are also necessary...and must also exist.<br />
<br />
On a similar note, let's look at the case of the UCLA Health System data breach and the lawsuit against it (remember<a href="http://consumercal.blogspot.com/2011/12/electronic-health-record-data-breaches.html">,<b> as I pointed out in a recent post</b></a><b>, </b>hospitals are NOT doing their job, and spending the required resources to protect these EHR's to date). <a href="http://www.dailybruin.com/index.php/article/2012/01/classaction_lawsuit_against_ucla_health_system_for_data_breach_fails_to_move_foward"><b>As the Daily Bruin reports:</b></a><br />
<br />
<i>The UCLA Health System reported in November 2011 that a<b> hard drive containing more than 16,000 patients’ information</b> had been stolen from the home of a UCLA physician on Sept. 6, 2011.<br /><br />Social Security numbers and financial information were not among the documents stolen, but they did include<b> first and last names and may have contained birth dates, medical record numbers, </b>addresses and medical record information, according to the Health System’s statement.<br /><br />The lawsuit claims the September incident was a violation of the California Confidentiality of Medical Information Act, in place to protect the privacy of patients’ personal histories and information. The suit is calling for $1,000 in damages for each patient on the hard drive. The total <b>cost of the suit for the Health System could amount to as much as $16 million</b>, including the legal fees associated with the case.</i><br />
<br />
...<br />
<br />
<i>While storing information online is an increasingly common practice, and can certainly coexist with patient privacy rights,<b> the potential for data breach is significantly higher than a paper-based system,</b> said Tena Friery, research director at the Privacy Rights Clearinghouse, a national nonprofit organization focused on consumer privacy protection.<br /><br />She also cited a 2011 study revealing that <b>71 percent of health care organizations had suffered a data breach in the last year.</b><br /><br />Kabateck was also involved in a case concerning similar violations against Stanford University’s Hospital and Clinics late last year,<b> filed on behalf of 20,000 patients whose information was released </b>onto a public website through a third party.</i><b> </b><br />
<br />
<b><a href="http://www.dailybruin.com/index.php/article/2012/01/classaction_lawsuit_against_ucla_health_system_for_data_breach_fails_to_move_foward">Click here to read more.</a></b><br />
<br />
Obviously, this brings me back to the same key points at the article before it...how do we prevent this MASS amounts, in some cases (as in Prime), intentional, data breaches from occurring? This, my friends, is serious business. And, as such, I would urge<b> we seek and demand adequate penalties</b> against those responsible for such breaches to ensure they don't keep happening going forward. This means BOTH privacy standards AND enforcement/security/accountability.<br />
<br />
<b>As I wrote in past posts</b>, "<i>If medical records fell into the wrong hands at worst they could be used for a host of purposes unrelated to improving your health: <b>advertisers might flood our email inboxes with even more spam and patients may not feel so comfortable</b> having an honest conversation with their doctor if it could end up for all to see. This treasure trove of personal information would also be a goldmine for insurance companies, drug companies, data mining companies, and software companies....</i><br />
<i><br /></i><br />
<i>When it comes to the issue of e-health records certainly one question the consumers should ponder is "Where is my data and who has access to it and for what purposes?" Or perhaps even more importantly, "<b>can my private data be traced back to me personally and sold to others?</b>"...Clearly, what is MORE than clear now is that we need <b>MORE attention paid to privacy, not less</b>...and that means taking a bit more time to get this new system up and running...and more care given to the rights of patients...not hospitals, not suppliers, not the government, and not any other interest looking to profit off this transition. We can have BOTH privacy and a more efficient medical records system...there's no need to sacrifice one for the other.</i>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-78984628447944066742012-01-09T13:20:00.000-08:002012-01-10T10:59:29.741-08:00Congress and FBI Seeking to Expand Use of Biometric Identifiers<b>A few months back <a href="http://consumercal.blogspot.com/2011/08/is-facial-recognition-top-privacy-issue.html">I
posted a pretty extensive blog</a> on Facial Recognition technology</b> and the
threat it poses to individual privacy. As I've done in the past, because I know not everyone can read
every post, I'll repeat a few of my thoughts here today before I get to an
outstanding piece by Tana Ganeva of Alternet not JUST about the massive FBI database
- the <a href="http://www.fbi.gov/about-us/cjis/fingerprints_biometrics/iafis/iafis">"largest
biometric database in the world,"</a> - containing records for
over a hundred million people, but also the agency's plans for Next
Generation Identification (NGI), “<i>a massive, billion-dollar upgrade that will
hold iris scans, photos searchable with face recognition
technology, palm prints, and measures of gait and voice recordings
alongside records of fingerprints, scars, and tattoos. - particularly in
the workplace (which is especially disturbing).”</i><br />
<div class="MsoNormal">
<br />
For some backdrop on biometrics, you can check out a past post I did about
another article by Tana, entitled <a href="http://www.alternet.org/news/152231/5_unexpected_places_you_can_be_tracked_with_facial_recognition_technology/">5
Unexpected Places You Can Be Tracked With Facial Recognition Technology</a>. As
I wrote then, this issue has particular interest to me due to California's recent fight that we (Consumer Federation of California) were deeply involved in - whether biometric
identifiers should be used by the DMV (we were able, with a host of other groups, to stop them).<br />
<br />
<b><a href="http://www.californiaprogressreport.com/site/node/9298">As for the
larger concern over facial recognition technology,</a> </b>groups from the Privacy
Rights Clearinghouse (PRC) to the ACLU to the Electronic Frontier Foundation to
EPIC have all been very active in making the case that there is a very real
threat to privacy at stake in determining just how, and when, this technology
can be used. <br />
<br />
Again, going back to a prior post, I wrote: "First, let me refresh everyone on the concept of biometric identifiers - like fingerprints,
facial, and/or iris scans. <b>These essentially match an individual’s
personal characteristics against an image </b>or database of images. Initially, the
system captures a fingerprint, picture, or some other personal characteristic,
and transforms it into a small computer file (often called a template). The
next time someone interacts with the system, it creates another computer file.<br />
<br />
<b>There are a number of reasons why such technological identifiers should
concerns us.</b> So let's be real clear, creating a database with millions of
facial scans and thumbprints raises a host of surveillance, tracking and
security question - never mind the cost. And as you might expect, such
identifiers are being utilized by entities ranging from Facebook to the FBI. In
fact, the ACLU of California is currently asking for information about law
enforcements’ use of information gathered from facial recognition technology
(as well as social networking sites, book providers, GPS tracking devices,
automatic license plate readers, public video surveillance cameras)."<br />
<br />
But for today’s sake, let’s hone in on the articles by Tana Ganeva in Alternet
entitled <i>5 Things You Should Know About the FBI's Massive New Biometric Database</i>,
as well as a piece by the Cato Institute detailing all the ways Congress is
currently, and aggressively, pushing biometric identifying technologies.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
First, let me list the bills<a href="http://www.cato-at-liberty.org/congress-pushes-biometrics/">, <b>as
identified in the Cato piece</b></a><b> that all seek to expand</b> and promote these technologies: </div>
<ul>
<li>A Reauthorization and Reform Act of 2011, has passed the
House and awaits action in the Senate. It says that “improved pilot licenses”
must be capable “of accommodating a digital photograph, a biometric identifier,
and any other unique identifier that the Administrator considers necessary.” </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_HR_1690.html" target="_blank">H.R. 1690</a>, the MODERN Security Credentials Act, establishes
that air carriers, airport operators, and governments may not employ or contract
for the services of a person who has been denied a TWIC card. “TWIC” stands for
“Transportation Worker Identity Card,” the vain post-9/11 effort to secure
transportation facilities from bad people. TWIC cards use biometrics.</li>
<li>The Army deploys biometrics. <a href="http://www.washingtonwatch.com/bills/show/112_PL_112-10.html" target="_blank">Public Law 112-10</a>, the Department of Defense and Full-Year
Continuing Appropriations Act, 2011 (cost per U.S. family: $13,500+) allowed
spending on Army field operating agencies “established to improve the
effectiveness and efficiencies of biometric activities and to integrate common
biometric technologies throughout the Department of Defense.” </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_HR_1842.html" target="_blank">H.R. 1842</a> is an immigration bill called the Development,
Relief, and Education for Alien Minors Act of 2011. (Senate version: <a href="http://www.washingtonwatch.com/bills/show/112_SN_952.html" target="_blank">S.
952</a>) It would allow an otherwise qualified immigrant to get conditional
permanent resident status only after submitting biometric and biographic data
for use in security and law enforcement background checks. </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_SN_1258.html" target="_blank">S. 1258</a> does roughly the same thing with regard to any lawful
immigration status. This bill is called the Comprehensive Immigration Reform
Act of 2011, one of many attempts at comprehensive reform. In addition to
requiring immigrants to submit biometrics, it also requires the government to
issue “documentary evidence of lawful prospective immigrant status” that
includes a digitized photograph and at least one other biometric identifier.
The bill would also reinforce the use of biometrics in employer background
checks and at the border. </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_HR_2463.html" target="_blank">H.R. 2463</a>, the Border Security Technology Innovation Act of
2011, calls for continued study of mobile biometric technologies at the border.
The Under Secretary for Science and Technology of the Department of Homeland
Security would coordinate this research with other biometric identification
programs within DHS. </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_HR_2895.html" target="_blank">H.R. 2895</a>, the Legal Agricultural Workforce Act, would
create a nonimmigrant agricultural worker program. In the program each
nonimmigrant agricultural worker would get an identification card that contains
biometric identifiers, including fingerprints and a digital photograph. </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_SN_1384.html" target="_blank">S. 1384</a>, The HARVEST Act of 2011, is similar. In providing
for the temporary employment of foreign agricultural workers, it calls for “a
single machine-readable, tamper-resistant, and counterfeit-resistant document”
that verifies the identity of the alien through the use of at least one
biometric identifier. </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_HR_3735.html" target="_blank">H.R. 3735</a>, the Medicare Fraud Enforcement and Prevention
Act of 2011, would establish a biometric technology pilot program. The
five-year pilot program would use biometric technology seeking to ensure that
Medicare beneficiaries “are physically present” when receiving items and
services reimbursable under Medicare. How many biometric scanners would have to
be out there for that to work? </li>
<li><a href="http://www.washingtonwatch.com/bills/show/112_SN_744.html" target="_blank">S.
744</a>, the Passport Identity Verification Act, calls on the Secretary of
State to conduct a study into whether people applying for or renewing passports
should provide biometric information, including photographs that facilitate the
use of facial recognition technology.</li>
<li>…<a href="http://www.washingtonwatch.com/bills/show/112_SN_1604.html" target="_blank">S. 1604</a>, the Emergency Port of Entry Personnel and
Infrastructure Funding Act of 2011, establishes a grant program in which the
Department of Homeland Security would give cash out to state and local law enforcement
for the purchase of various technologies including “biometric devices.”</li>
</ul>
<div class="MsoNormal">
Clearly, biometrics is on the “to do” list of our Congress.
But it gets worse, and that’s where the FBI’s massive database, and its plans
to expand it, comes in.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.alternet.org/rights/153664/5_things_you_should_know_about_the_fbi%27s_massive_new_biometric_database/">As
Tana Ganeva illustrates</a>:</b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>NGI will expand the type and breadth of information FBI
keeps </b>on all of us," says Sunita Patel of the Center for Constitutional
Rights. "There should be a balance between gathering information for law
enforcement, and gathering information for its own sake."</i><br />
<br />
<i>Here are 5 things you should probably know about NGI:</i><b><i> </i></b><br />
<br />
<b><i>1. Face Recognition</i></b></div>
<div class="MsoNormal">
<i>This month,<b> the FBI is giving police departments in 4 states
access to face recognition technology</b> that lets them search the agency's
mugshot database with only an image of a face. Police can repay the favor
by feeding the FBI mugshots they collect from local arrests, bulking up the
agency's database with images of more and more people.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><i>2. Iris Scans</i></b></div>
<div class="MsoNormal">
<i>Iris-scanning technology is the centerpiece of the
second-to-last stage in the roll-out of NGI (scheduled for sometime before
2014). Iris scans offer up several advantages to law enforcement, both in
terms of identifying people and fattening up databases. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i>The pattern of an iris is so unique it can distinguish
twins, and it allegedly stays the same throughout a person's life. Like
facial recognition,<b> iris scans cut out the part where someone has to be
arrested or convicted of a crime</b> for law enforcement to grab a record of their
biometric data.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><i>3. Rap-Back System</i></b></div>
<div class="MsoNormal">
<i><b>A lot of the action in the FBI's fingerprint database is in
background checks for job applicants </b>applying to industries that vet for
criminal history, like taking care of the elderly or children, hospital work,
and strangely, being a <a href="http://www.mttlrblog.org/2008/02/27/fbis-next-generation-identification-system-new-liabilities-for-employers/#athensfn14sym" target="_blank">horse jockey in Michigan</a>. As Cari Athens, writing for
the <a href="http://www.mttlrblog.org/2008/02/27/fbis-next-generation-identification-system-new-liabilities-for-employers/#athensfn14sym" target="_blank">Michigan Telecommunications and Law Review</a> points out,
if a job applicant checks out, the FBI either destroys the prints or returns
them to the employer. But that's no fun if the goal is to collect vast amounts
of biometric data!</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>4. Data Sharing Between Agencies</b></i></div>
<div class="MsoNormal">
<i><b>The roll-out of NGI advances another goal: breaking down
barriers between databases operated by different agencies</b>. One of the
directives of the billion-dollar project is to grease information swapping
between the Department of Homeland Security, the State Department, the
Department of Justice, and the Department of Defense. The DOJ and DHS have
worked <a href="https://www.fbibiospecs.org/FacialRecogForum/Forum2/_Uploads/facial%20recog%20forum%20110211_1.pdf" target="_blank">toward "interoperatibility" between their databases
for years.</a> In 2009, the Department of Defense and DOJ also signed on
to an agreement to share biometric information. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><i>5. NGI and Secure Communities (S-Comm)</i></b></div>
<div class="MsoNormal">
<i>One recent test run in interagency data-sharing <b>has not gone
particularly well</b>: Secure Communities, a DHS program that lets local law
enforcement officials run the fingerprints of people booked in jails against
the IDENT database to check their immigration status and tip off ICE to
undocumented immigrants. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Like many policies targeting America's immigrant population</b>,
Secure Communities (S-Comm) -- pitched as protection against violent criminals
-- devolved into dragnets and mass deportations, with people getting
dragged in for minor offenses like missing business permits and even for
reporting crimes. <b>In one incident a woman called the police about a
domestic violence incident</b>, only to be ensnared in deportation <a href="http://uncoverthetruth.org/wp-content/uploads/7-6-11-Scomm-NGI-Fact-Sheet.pdf">proceedings
herself</a>. As Marie Diamond points out in <a href="http://thinkprogress.org/justice/2011/12/14/377664/thousands-of-us-citizens-illegally-detained-in-crackdown-on-undocumented-immigrants/">Think
Progress</a>, DHS's immigration databases have so many errors that the program
"routinely flags citizens as undocumented immigrants." </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
…</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><i>What could possibly go wrong? </i></b></div>
<div class="MsoNormal">
<i><b>Advancements in the collection of biometric data are
double-edge</b>d: there's the threat of a massive government surveillance
infrastructure working too well -- e.g., surveillance state
-- and there are concerns about its weaknesses, especially in keeping data
secure. </i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>A breach of a sophisticated, multi-modal biometric database
makes for a nightmarish scenario </b>because the whole point of biometric data is
that it offers unique ways to ID people, so there's no easy fix -- like a password
change -- for compromised biometric data. Pointing to the dangers of
identify theft of biometric data, Patel observes that, "Unlike a password,
the algorithm of an iris can't be changed."</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="http://www.alternet.org/rights/153664/5_things_you_should_know_about_the_fbi%27s_massive_new_biometric_database/">Read more here.</a></b></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
As I have often stated, "What concerns me is
what are the side effects of living in a society without privacy. Where are we
left when the power of corporate or government interests to monitor everything
we do is absolute?<br />
<br />
Whether its the knowledge that everything we do on the internet is followed and
stored, that we can be wiretapped for no reason and without a warrant or
probable cause, that smart grid systems monitor our daily in home habits and
actions, that our emails can be intercepted, that our naked bodies must be
viewed at airports and stored, that our book purchases can be accessed (particularly
if Google gets its way and everything goes electronic), that street corner
cameras are watching our every move, and that RFID tags and GPS technology
allow for the tracking of clothes, cars, and phones (and the list goes
on)...what is certain is privacy itself is on life support in this
country...and without privacy there is no freedom. I also fear how such a
surveillance society stifles dissent and discourages grassroots
political/social activism that challenges government and corporate power...something
that we desperately need more of in this country, not less." </div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-88328600496470148582011-12-22T10:12:00.000-08:002011-12-22T10:13:53.395-08:00Electronic Health Record Data Breaches SurgeMost of us have come to the obvious, inevitable realization that we are going to shift (and in fact are doing so right now) what are currently called personal health records from a paper system to an electronic one. <b>Having your medical records computerized and stored electronically</b> promises to reduce medical errors - including prescribing the wrong medications. The National Academy of Sciences' Institute of Medicine estimates between 44,000 and 98,000 people in the United States die each year because of errors such as being prescribed medicine to which they are allergic. <br />
<br />
<b>These EHR’S offer an easier way to collect, double-check and complement </b>the information you receive from your physician. At the very least, your records can help you speed through waiting room forms and prompt important conversations with your physicians. If your doctor writes a new prescription, you can use your current medication list to ask about any interactions with the new drug. Or if your records suggest it’s time for a colonoscopy, you might make time to discuss the pros and cons of the procedure.<br />
<br />
EHR’S can also allow you to access your health information to prepare for medical appointments<b>. As laid out by Patient Privacy Right</b>s, "<i>It can enable you to communicate better with your healthcare providers about your medical needs. People with chronic health conditions may use them to keep track of such things as how their medications are affecting them, or how they’re feeling from day to day. People with hypertension might want use it to track their blood pressure readings."</i><br />
<i><br /></i><b>Transitioning to a health information exchange will create much more patient data</b> in electronic formats than ever before in history. <b>The privacy threat posed by the interoperability </b>of a national network is a key concern because in order for the records to be readily available and accessible they would have to be linkable and searchable. <br />
<br />
If medical records fell into the wrong hands at worst they could be used for a host of purposes unrelated to improving your health: <b>advertisers might flood our email inboxes with even more spam and patients</b> may not feel so comfortable having an honest conversation with their doctor if it could end up for all to see. This treasure trove of personal information would also be a goldmine for insurance companies, drug companies, data mining companies, and software companies.<br />
<br />
I give you this backdrop because we are witnessing increasing numbers of data breaches that are exposing - on a mass level - peoples personal health records.<br />
<br />
Before I get to the latest news on partly why these breaches are occurring (hospitals skimping on their security costs), let me layout some of the data and its costs we ALREADY knew about:<br />
<ul>
<li><b>More than 11 million consumers have had medical data stolen</b> or inappropriately disclosed since September 2009, and the privacy breaches are expected to rise as more health information is put online, according to the report released today by the New York-based accounting firm’s health research institute. </li>
<li>While the report didn’t specify how many security thefts were carried out by insiders, 40 percent of surveyed providers<b> reported an incident of improper internal use </b>of protected health information during the past two years. </li>
<li><b>Health organizations notified approximately 5.4 millio</b>n individuals affected by patient health data breaches in 2010, compared to approximately 2.4 million individuals in 2009. </li>
<li>HHS' latest report to Congress revealed that in 2010 theft was the most common cause of large breach incidents that affected 500 or more individuals. Among the 207 breaches that covered entities such as healthcare providers, health plans, and healthcare clearinghouses reported last year, 99 incidents involved theft of paper records or electronic media, combined affecting approximately 3 million individuals. </li>
<li>In 2010, the second highest number of data breaches involved the loss of electronic media or paper records<b>, with 33 reported cases that affected more than 1 million individuals</b>. There were 31 breaches that involved unauthorized access to, or uses or disclosures of, protected health information that affected approximately 1 million individuals. Other breaches included 19 incidents resulting from human or technological errors that affected approximately 78,663 individuals. Eleven covered entities reported breaches caused by the improper disposal of protected health information that affected approximately 70,000 individuals. </li>
</ul>
Now that we've gone over just a few of the reasons why this is all so important, and why concerns articulated by privacy advocates that STRICT privacy safeguards, at every step of the transition process must be implemented have been proven true, <b>lets get to some of the reasons WHY such breaches are occurring.</b><br />
<b><br /><a href="http://consumercal.live.radicaldesigns.org/article.php?id=1834">As Business Week reported</a>:</b><i> </i><br />
<br />
<i>Data breaches at U.S. health-care providers are increasing as hospitals adopt electronic medical records and mobile technolog<b>y without spending enough on security to ensure patient privacy</b>, a research group said.<br /><br /><b>The frequency of data breaches at health organizations jumped 32 percent in 2011</b> from a year earlier, costing the industry an estimated $6.5 billion, according to a study released today by the Ponemon Institute LLC, a Traverse City, Michigan-based information-security research group.<br /><br />Forty-nine percent of health organizations said that lost or stolen devices were to blame for breaches, according to the institute, <b>which surveyed 72 hospitals and health providers</b>. The study didn’t name the organizations surveyed.</i><br />
<br />
...<br />
<br />
<i>Fifty-three percent of the organizations surveyed<b> said that inadequate funding was the biggest barrier</b> to preventing data breaches, according to the study.<br /><br /><b>U.S. data-breach notification laws for health organizations </b>are making providers more aware of their security vulnerabilities, Ponemon said. Data breaches affecting more than 500 people must be reported to the Health and Human Services Department, which posts a list of incidents on its website.<br /><br />Health providers, insurers and their business partners reported<b> 373 breaches affecting almost 18 million individuals between September 2009 and October of this year,</b> according to the list, which is tended by the Health and Human Services Department’s Office of Civil Rights.</i><br />
<br />
In fact,<b> the Privacy Rights Clearinghouse listed the now notorious Sutter Health data breach</b> as one of the largest of the year. Amber Yoo, the organization's Communications Director<a href="http://www.californiaprogressreport.com/site/data-breaches-year-review"> <b>recently wrote in the California Progress Report</b></a>, "<i>Sutter Physicians Services (SPS) and Sutter Medical Foundation (SMF) (Nov. 16) - A company-issued desktop computer was stolen from SMF's administrative offices in Sacramento, California, during the weekend of October 15th. Although the data was password protected, it was not encrypted. Approximately 3.3 million patients whose health care provider is supported by SPS <b>had their names, addresses, dates of birth, phone numbers, email addresses, medical record numbers and health insurance plan name expose</b>d. An additional 934,000 SMF patients had dates of services and description of medical diagnoses and/or procedures used for business operations, bringing the total to 4.2 million patients. At least two lawsuits have been filed against Sutter Health. One class-action suit alleges that <b>Sutter Health was negligent in safeguarding its computers and data,</b> and then did not notify the millions of patients whose data went missing within the time required by state law....<b>The security lapse occurred on two levels: </b>both the data itself (being unencrypted) and the physical location (stored in an unsecure location). Although no Social Security numbers or financial information were apparently exposed, all the data elements needed for medical identity theft were included in the stolen records.</i><br />
<br />
In additio<b><a href="http://www.californiaprogressreport.com/site/data-breaches-year-review">n, Amber points out another massive breach, writing,</a> </b><i>"Nine data servers containing sensitive health information went missing from Health Net's data center in Rancho Cordova, California. The servers contained the personal information of 1.9 million current and former policyholders, compromising their names, addresses, health information, Social Security numbers and financial information. Not only was Health Net the first massive medical breach of the year, but the company waited three months before notifying affected individuals. The servers were discovered missing in January, but policyholders were not notified until March. The breach highlights the importance of timely notification.</i>"<br />
<br />
The good news, as if there is any in all this, is that <b>California recently implemented one of the strongest data breach notification laws</b> in the country - one we here at the<b><a href="http://consumercal.live.radicaldesigns.org/index.php"> Consumer Federation of California </a></b>worked hard to pass the legislature and convince Governor Brown to sign. Now, thanks to the law, any breached entity must submit their notice letters to the California Attorney General. The AG's office will then post the letters on its website. In addition, the notifications sent to individual who's private information was breached<b> will be clearer, more detailed, with specific recommendations </b>for what to do no next, including who to call.<br />
<br />
As for the larger issue of electronic health records, as these breaking news stories make clear, time is running out, <b>because states across the country, including California, are working to implement such a system</b>, with consumer privacy perhaps the paramount area of dispute.<br />
<br />
We know such a system will save money and improve health care (though how significant these improvements and savings will be is still in question), but what remains contentious - and rightly so - <b>is the intrinsic threat a massive electronic database</b> containing our most personal medical records poses to individual privacy and security.<br />
<br />
When it comes to the issue of e-health records certainly one question the consumers should ponder is <b>"Where is my data and who has access to it and for what purposes?</b>" Or perhaps even more importantly, "can my private data be traced back to me personally and sold to others?"<br />
<br />
But as it stands today,<b> there still aren't uniform standards for electronic medical records</b>. Yes, there are some protections in the Health Insurance Portability and Accountability Act of 1996, as well as some in the stimulus bill. But key protections are still absent, and state laws often conflict with federal ones.<br />
<br />
For instance, the federal law on the books <b>only require that patients are notified when their information was disclosed</b> in the course of treatment but not how it was used. As a result, the patient will not know which hospital personnel looked at the information or for what purpose.<br />
<br />
Clearly, what is MORE than clear now is that <b>we need MORE attention paid to privacy, not less..</b>.and that means taking a bit more time to get this new system up and running...and more care given to the rights of patients...not hospitals, not suppliers, not the government, and not any other interest looking to profit off this transition. We can have BOTH privacy and a more efficient medical records system...there's no need to sacrifice one for the other.CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-32357691609073107962011-12-15T09:16:00.000-08:002011-12-15T09:41:24.592-08:00Federal Probe Of Carrier IQ LaunchedFor all the background you could ever need on the Carrier IQ controversy check out my recent posts on the subject, starting from earliest to the latest, <b><a href="http://consumercal.blogspot.com/2011/12/new-smart-phone-privacy-revelations.html">here</a>, <a href="http://consumercal.blogspot.com/2011/12/latest-carrier-iq-revelations-franken.html">here</a>, and<a href="http://consumercal.blogspot.com/2011/12/does-carrier-iq-record-text-messages.html"> here</a>.</b><br />
<br />
As we know<b>, executives from Carrier IQ</b> — the company whose spying software was secretly installed in as many as 150 million cellphones — went to Washington to answer questions posed by the Federal Trade Commission and the Federal Communications Commission.<br />
<br />
As I have written too many times to count on this blog, <b>a lot of this comes down to data ownership and control</b> - as in its OUR data and it should be in OUR control. Clearly, in the case of Carrier IQ and increasing numbers of telecom companies, third party marketers, and many more, we are seeing the invasion of individual privacy on a mass scale, including locational tracking and web search monitoring.<br />
<br />
Now to the latest news: <b>The FTC and FCC are looking into this matter closely</b>...but we need and deserve more than just a questioning of Carrier IQ, but an investigation into what companies like AT&T, Sprint and T-Mobile are doing with our data as well.<br />
<br />
With that,<a href="http://www.washingtonpost.com/business/economy/feds-probing-carrier-iq/2011/12/14/gIQA9nCEuO_print.html"> <b>let's get to the Washington Posts coverage</b></a> of these new inquiries:<br />
<br />
<i>Federal investigators are probing allegations that Carrier IQ software found on about 150 million cellphones tracked user activity and sent the information to cellphone companies without informing consumers, according to government officials...<b>The FTC inquiry was confirmed by officials who spoke on condition of anonymity because it is private</b>. An FTC spokeswoman said she could not confirm or deny whether the agency was investigating Carrier IQ. But a spokesman for Carrier IQ said company executives were cooperating with federal agencies.</i><br />
...<br />
<i><br /><b>Carrier IQ has said that its software is not designed to capture keystrokes</b> or the content of messages but that in some cases that might have happened by accident. The data are intended to help improve the user experience with smartphones, the company said.<br /><br />Woods said Carrier IQ chief executive Larry Lenhart and Coward met with regulators at the FTC and the FCC. <b>The Carrier IQ executives also met with the staffs of three senators</b> — Richard Blumenthal (D-Conn.), Christopher A. Coons (D-Del.) and Al Franken (D-Minn.) — who each had written letters of concern to Lenhart.<br /><br /><b>Three of the four major cellular providers — AT&T, T-Mobile and Sprint</b> — have said they use the company’s software in line with their own privacy policies. A Verizon spokesman said the program is not on any of the company’s mobile devices. Apple has said it would remove Carrier IQ from iPhones in a future software update.<br /><br /><b>Rep. Edward J. Markey (D-Mass.) asked the FTC on Dec. 2 to investigate the practices</b> of Carrier IQ as possibly unfair or deceptive. “I have serious concerns about the Carrier IQ software and whether it is secretly collecting users’ personal information, such as the content of text messages,” said Markey, co-chairman of the Bi-Partisan Congressional Privacy Caucus. “Consumers and families need to understand who is siphoning off and storing their personal information every time they use their smartphone.” </i><br />
...<br />
<br />
<i>While Carrier IQ executives were meeting with federal regulators, another controversy about the company erupted in the blogosphere. A response by the FBI to a reporter <b>sparked rumors that the bureau was using the software for domestic surveillance.</b><br /><br /><b>The FBI denied a request for information regarding Carrier IQ </b>filed by a reporter for MuckRock News under the Freedom of Information Act. The reporter had asked for “manuals, documents or other written guidance used to access or analyze data” gathered by any Carrier IQ program. In denying the request,<b> the FBI said it had information but could not disclose it, because it was considered “law enforcement records.”</b></i><br />
<br />
...<br />
<i><br />The backlash following Eckhart’s research has prompted <b>several lawsuits against the compan</b>y, mobile carriers and handset makers, including two class action lawsuits in Illinois. <b>A class-action lawsuit has also been filed against </b>AT&T, Sprint Nextel, Apple, T-Mobile USA, HTC, Samsung, Motorola and Carrier IQ by mobile phone customers in Delaware. </i><br />
<br />
<b><a href="http://www.washingtonpost.com/business/economy/feds-probing-carrier-iq/2011/12/14/gIQA9nCEuO_print.html">Click here to read more</a>. </b><br />
<br />
There are two particularly important developments here, one<b>, that the FTC and FCC are looking into this controversy and two, the fact that the FBI</b> and its potential use of this technology is being discussed and questioned. From the beginning, when I see the potential "uses" of this kind of tracking technology, in addition to the usual concerns, from stalkers to identity thieves to third party marketers, I worry about law enforcement access.<br />
<br />
These concerns are especially resonant with me because <b>two major battles over smart phone privacy are being fought in the courts </b>and the California legislature as we speak: one being whether law enforcement can track individuals locations in real time without a warrant, and two, whether law enforcement can search someones smart phone, also without a warrant. Its not much of a leap to also suspect they'd want access to the treasure trove of information being collected by a technology like Carrier IQ.<br />
<br />
As I detailed last post, there is debate now over whether Carrier IQ actually collects every keystroke, and therefore the contents of text messages and emails. However, The Electronic Frontier Foundation has just released a technical report on Carrier IQ that concluded that <b>"keystrokes, text message content and other very sensitive information is in fact</b> being transmitted from some phones on which Carrier IQ is installed to third parties." <br /><br />As CNET reported, "<i><b>This is most likely inadvertent</b> and "happens when crash reporting tools collect copies of the system logs for debugging purposes," Peter Eckersley, technology projects director for the EFF, wrote in the report.<br /><br />"Our software does not communicate with Android and does not transmit any files up to Google or anybody else," Coward said today. "Our implementation, <b>the only thing we are sending out is metrics</b> ... if other information is going out of the device to Google or anyone else it has nothing to do with Carrier IQ."<br /><br />"<b>There should not be personal information written into the Android log files</b>. Applications can get ahold of them, on the one hand, which is not good," he continued. "We've implemented a new procedure as we qualify our software on devices (and) we check that...We saw the Android log file may be receiving messages from our software but ... also from other applications too. So it's a generic issue here with regard to Android log files that the industry needs to address and we point that out in the report." </i><br /><br />Clearly there are a lot more questions in need of answers. <br />
<br />
As the Free Press noted in a recent action alert, "<i>Mobile phones are the new frontlines in the battle over our right to communicate." </i>As for next steps, I'm also in agreement with Free Press in that its <b>time Congress takes a closer look at the role of companies like AT&T, T-Mobile, and Sprint </b>- particularly as it relates to what's being done with our data.CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-6051768607416112102011-12-12T15:58:00.000-08:002011-12-13T08:39:20.357-08:00Does Carrier IQ Record Text Messages and Emails?There are now conflicting analyses regarding whether Carrier IQ's software (that was kept secret from consumers) goes as far, and captures as much, information as initially suspected. Now, this is NOT to say there aren't all kinds of questions that remain unanswered, nor is this to say that there still aren't deeply disturbing components to this story (See my past two posts for a complete detailing of this continually evolving story).<br />
<br />
But, <b>we now have heard from Carrier IQ's Vice President and a Linux kernel hacker</b> who just completed his own analysis of the software, and they say its incapable of recording keystrokes or "perusing SMS messages and e-mail correspondence."<br />
<br />
<b>These assertions contradict the initial claims made</b> by Android developer Trevor Eckhart (and demonstrated on video). Before I get to them,<b> let's be clear on some of the real concerns and questions that remain, including</b>: what the company does with all the data they've been collecting (even if they can't read emails and texts...they still know your searches, location, and app purchases...and more), <b>what kinds of data it collects, why the software was buried so deep </b>within the operating system and without consumer knowledge (or choice), what devices have this code installed, what carriers are aware of it (and what they might be doing with it, if anything), whether government/law enforcement has had any role in this process (including requests for access to data), and many more.<br />
<br />
With that said, let's get to <b><a href="http://news.cnet.com/8301-31921_3-57336801-281/carrier-iq-analysis-finds-no-evidence-of-keylogger/">the latest analysis of this code from Cnet</a>: </b><br />
<br />
<i>He found that contrary to what a slew of initial -- and erroneous -- reports claimed, the Carrier IQ software is <b>not a keylogger and "cannot" be configured as one</b>. "CarrierIQ cannot record SMS text bodies, web page contents, or email content even if carriers and handset manufacturers wished to abuse it to do so," Rosenberg concludes. "There is simply no metric that contains this<br />information."</i><br />
<br />
<b>...</b><br />
<br />
<i>Rosenberg determined that Carrier IQ can, as a YouTube video by Trevor Eckhart indicated, <b>record what digits are pressed in the dialer application. </b></i><i><b>But it "cannot record any other keystrokes</b> besides those that occur using the dialer," wrote Rosenberg, who says he has no affiliation or relationship with Carrier IQ.</i><br />
<br />
...<br />
<br />
<i><b>Rosenberg suggested that carriers need to let consumers "opt out of any sort of data collection,</b>" that there should be "more transparency on the part of carriers in terms of what data is being collected from users," and that there "needs to be third-party oversight on what data is collected to prevent abuse." </i><br />
<br />
...<br />
<br />
<i>It's true that carriers already know what URLs you're visiting when you use their network--meaning that, in many cases, Carrier IQ can be configured to send them data they already have. <b>Privacy concerns arise when a list of URLs is stored on the device</b> and accessible to forensic analysis, when a list of URLs visited on a Wi-Fi network is transmitted, or when encrypted HTTPS URLs are leaked.<br /><br />Sprint and AT&T, which have acknowledged they use Carrier IQ, <b>have not elaborated on what options they have chosen to enable</b>, except to indicate that the use is consistent with their privacy policies. </i><br />
<br />
<b><a href="http://news.cnet.com/8301-31921_3-57336801-281/carrier-iq-analysis-finds-no-evidence-of-keylogger/">Click here to read more</a>.</b><i><b> </b></i><br />
<br />
<b>Network World</b> <b><a href="http://www.networkworld.com/news/2011/120711-carrier-iq-253845.html?t51hb">has a lot more</a></b>:<br />
<br />
<i>In his blogpost, <b>a table lists the metric ID, the metric itself, the data sent,</b> and the "situation" that triggers the metric:<br /><br />* browser page render event<br /><br /><b>* location event, which can use GPS or other location data</b><br />* HTTP request sent, or response received (the URL, request type, content length, and so on but not page contents)<br /><br />* network state changes, sending an "internal identifier"<br /><br />* a range of telephony and radio events (such as a dropped call, service issues, and so on)<br /><br />* hardware event, sending data such as voltage, temperature, battery level<br /><br />* key presses, but only in the phone dialer application<br /><br />* miscellaneous GUI state changes, such as battery state<br /><br />* starting or receiving a call or a failed call, which sends CallerID, state, and phone number<br /><br />* application events such as a stopped app, or a new app, sending the application name<br /><br />* questionnaire event, used when Carrier IQ is configured to present the user with a service questionnaire<br /><br /><b>* SMS message received or sent, which includes message length, phone, number, status</b>, but no text from the body of the message.</i><br />
<br />
...<br />
<br />
<i>HTC's failure to disable the display of the debug statements <b>constitutes a legitimate potential security threat to user information. These are a "risk to privacy,</b>" Rosenberg says, and HTC should mitigate that risk by <b>disabling these debugging messages.</b> But it's not a risk created by the CIQ software or the data it is able to collect.</i><br />
<br />
<i>In his blogpost, Rosenberg spells out what the deconstruction of the CIQ code reveals about how the application actually works, as revealed by the metrics enabled for his Samsung phone. </i><br />
<br />
<i>"Taking this information into account, <b>all of the data that is potentially being collected supports Carrier IQ's claim</b>s that its data is used for diagnosing and fixing network, application, and hardware failures," Rosenberg concludes. "Every metric in the above table has potential benefits<br />for improving the user experience on a cell phone network. If carriers want to improve coverage, they need to know when and where calls are dropped. If handset manufacturers want to improve battery life on phones, knowledge of which applications consume the most battery life is essential."</i><br />
<br />
...<br />
<br />
<i>Nonetheless, <b>Rosenberg is critical of the way the Carrier IQ application has been implemented in the carrier-manufacturer relationship</b>. End-users should be able to opt out of any sort of data collection; carriers should be clearer and plainer about what data is being collected from the phone, and why; and "there needs to be third-party oversight on what data is collected to prevent abuse."<br /><br />Finally, he says, <b>the "legality of gathering full URLs with query parameters</b> and other data of this nature should be examined."</i><b><br /></b><br />
<b><a href="http://www.networkworld.com/news/2011/120711-carrier-iq-253845.html?t51hb">Click here to read more</a>.</b><br />
<br />
Due to time constraints, I'm going to have to discuss the interview with the VP of Carrier IQ in a future post, but <b><a href="http://www.theverge.com/2011/12/5/2609662/carrier-iq-interview">you can check it out here</a></b>...its very comprehensive. What I will include is the conclusion reached by reporter<b> </b> <a class="author" href="http://www.theverge.com/users/Sean%20Hollister"><b>Sean Hollister after conducting the interview (who's been all over this story from the outset):</b></a><br />
<br />
<i>Carrier IQ claims that it is not the source of the insecure log files discovered on HTC devices. Other technical details — including how exactly Carrier IQ stores and transmits its data and how carriers utilize it — are both comforting and disquieting by turns. <b>Although more secure and less nefarious than originally feared, there may still be ample opportunity for malware to access its data</b>. At the very least,<b> how Carrier IQ’s software is implemented on various devices needs wider scrutiny from both security experts and regulators.</b></i><br />
<i><br />...the biggest takeaways are that Carrier IQ and its client operators have logical reasons for taking most of the information they do — and mind you, many forms of personal data, like the contents of SMS and emails, aren’t being tracked at all, and no data is tracked in real time — but by the same token, <b>it feels like there may be a lack of oversight when it comes to mobile privacy.</b></i><br />
<br />
<b>We are slowly beginning to see a clearer picture of what this all means</b> and what the potential threats to privacy really are...at this point, I think its safe to say that the Carrier IQ software isn't as outwardly nefarious as initially suspected, and perhaps erroneously claimed by Mr. Eckhardt. On the other hand,<b> this in no way should dissuade anyone from demanding</b> more questions be answered - particularly how this code, with this kind of tracking capabilities, EVER could have been slipped into these products without the consumer's knowledge or ability to opt-out (let alone opt-in). This, in itself, is a dangerous precedent.<br />
<br />
I think its also important to point out that <b>even the VP of Carrier IQ and the Linux hacker</b> were clear in their support for a consumers right to opt-in to such tracking, as well as their dismay they weren't even given this choice, and the code was kept secret. <br />
<br />
Clearly, this entire episode, with its many questions still unanswered, <b>points to the need for GREATER consumer control over data,</b> which could be achieved, at least partially, through a Do Not Track mechanism. Another takeaway from this whole controversy is the need for improved transparency.<br />
<br />
Jonathan Zittrain, Harvard Law School professor and cofounder of the Berkman Center for Internet and Society, has an idea for addressing this concern, stating, <i>"<b>It would be good to have some form of auditing function built into our devices.</b> The auditing function can be implemented by Apple and by handset makers through Android. Make it part of the 'About' tab. And it<b> would show with whom the phone has been communicating and the sorts of things it has been sending."</b></i><br />
<br />
I will continue to follow this story here...CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-50356020977575515932011-12-05T13:57:00.001-08:002011-12-05T14:27:39.838-08:00Latest Carrier IQ Revelations: Franken Steps Up, 141 Million "Products" Have Code<b>This story is moving fast so I want to get you the latest news regarding the revelations</b> that a secret code (Carrier IQ) was discovered that allows
your smart phone (and who knows what else) to not only be tracked at all times,
but in fact, every key stroke made is monitored and stored – including the
content of text messages. And perhaps most incredible, the ability to opt-out,
let alone opt-in, of this kind of “super surveillance” was not made available,
as the fact that this code even existed, or was being utilized, wasn’t even shared
or made known to the consumer.<br />
<br />
Now we discover that since the Carrier IQ story broke last week, we’ve learned
that the company’s spying technology is present <b><a href="http://www.theverge.com/2011/11/30/2601695/carrier-iq-controversy">on 141 million phones</a>,
including Androids and iPhones </b>and possibly models made by<b>
BlackBerry, Nokia </b>and other manufacturers.<br />
<br />
As I touched on last post, <b>this data collected by Carrier IQ represents a virtual treasure trove </b>of information for those
seeking to access it, particularly advertisers and the government. And we know
how willing the telecom industry was to give up such private information to the
government in the past, just as we know how the government used the Patriot
Act, not to track and catch terrorists, but rather, to target peace protesters (think Occupy)
and suspected drug users/dealers.<br />
<br />
But government desire to access this data aside, <b>what about
the likelihood that a corporate entity is tracking/recording EVERYTHING you do</b> (i.e.
where you shop, when you shop, while you shop, what you search for on the
internet, who you talk and text, and what you say and write), then turning that
information into a detailed digital profile (98% of Google's profits come from advertising) that they can then
sell – for huge profits - to third party advertisers so they can market their
products to you more effectively???<b> </b><br />
<br />
<b>Thankfully it didn’t take long for privacy stalwart, Senator Al
Franken, <a href="http://franken.senate.gov/?p=press_release&id=1868" title="http://franken.senate.gov/?p=press_release&id=1868">to demand
answers</a>,</b> stating, “<i>Consumers need to know that their safety and privacy are
being protected by the companies they trust with their sensitive information.
The revelation that the locations and other sensitive data of millions of
Americans are being secretly recorded and possibly transmitted is deeply
troubling. This news underscores<b> the need for Congress to act swiftly to
protect the location information</b> and private, sensitive information of consumers.
But right now, Carrier IQ has a lot of questions to answer.”</i><b> </b><br />
<br />
<b>In <a href="http://franken.senate.gov/?p=press_release&id=1868" title="http://franken.senate.gov/?p=press_release&id=1868">his letter</a>
to Carrier IQ President and CEO Larry Lenhart,</b> he writes, <i>“I am very concerned
by recent reports that your company’s software—pre-installed on smartphones
used by millions of Americans—is logging and may be transmitting
extraordinarily sensitive information from consumers’ phones, including:</i><br />
<br />
<i>• when they turn
their phones on;<br />
• when they turn
their phones off;<br />
• the phone numbers
they dial;<br />
• the contents of
text messages they receive;<br />
• the URLs of the
websites they visit;<br />
• the contents of
their online search queries—even when those searches are encrypted; and<br />• the location of
the customer using the smartphone—even when the customer has expressly denied
permission for an app that is currently running to access his or her location.</i><br />
<br />
<i>It appears that this software runs automatically every time you turn your phone
on. It also appears that an average user would have no way to know that
this software is running—and that when that user finds out, he or she will have
no reasonable means to remove or stop it.</i><b> </b><br />
<br />
<b>He goes on to ask a series of pointed questions in which he
demands answers </b>by December 14th, including (among many), <i>“Is that data
transmitted to Carrier IQ? Is it transmitted to smartphone manufacturers,
operating system providers, or carriers? Is it transmitted to any other
third parties? If Carrier IQ receives this data, does it subsequently
share it with third parties? With whom does it share this data? What data
is shared?”</i><br />
<br />
<a href="http://franken.senate.gov/?p=press_release&id=1868">Read the whole list of questions</a>...impressive...disturbing. So let's all mark our calendars...as I'm eagerly awaiting answers to them.<br />
<br />
As I also pointed out last post, these revelations<b> reaffirm the need for an opt-in, Do-Not-Track </b>mechanism available to all consumers, whether
online or using something like a smart phone. I would also <b>encourage readers to sign</b> and send the Free Press's action alert: “<b><a href="http://act2.freepress.net/go/7564?akid=3099.9452308.w8cmX3&t=3" target="_blank">Tell Congress and the Department of Justice: My mobile phone is
mine, and I have the right to be free from being spied on. </a>“ </b>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-46585121001064272692011-12-01T11:39:00.001-08:002011-12-05T14:22:27.055-08:00New Smart Phone Privacy Revelations UncoveredI wasn't planning on following up my last post entitled "<b><a href="http://consumercal.blogspot.com/2011/11/smart-phones-and-privacy.html">Smart Phones and Privacy</a></b>" with yet another post about the technology and some of its privacy implications. But, after reading this headline "<b><a href="http://www.theatlanticwire.com/technology/2011/11/your-smartphone-spying-you/45575/">Your Smartphone Is Spying on You</a>"</b>- on the front page of Yahoo no less - I feel I have little choice.<br />
<br />
I'm not going to go over what I just did in my last post, but suffice it to say, <b>I detailed a number of concerns with the technology,</b> including government/law enforcement locational tracking without a warrant or even probable cause as well as law enforcement searching peoples smart phones (also without a warrant).<br />
<br />
The context, particularly in light of growing Occupy protests, is important here. <b>We should be wary of giving up more and more information - including location, text messages,</b> and internet searches, to ANYONE, let alone when considering it could fall into the hands of forces that may be seeking to stifle dissent and intimidate (as well as break the law and violate the constitution). <br />
<br />
But this article takes the cake!! I know this sounds incredibly Orwellian, but a
secret code (Carrier IQ) has been discovered that<b> allows your smart phone to not only track
you, but take and keep every keystroke you make</b> - even the content of your
text messages. And perhaps most incredible, the consumer is not even given the ability to opt-out, let alone opt-in!). In fact, the consumer doesn't even know this code is in the phone. <b> </b><br />
<br />
<b>Such information represents a treasure trove of information for all kinds of interests</b>
desiring access to it, particularly advertisers and the government. And of course, we know
how willing and ready<b> the telecom industry has been to do anything our
government wants </b>despite the rights and desires of their customers. <br />
<br />
But government aside, what about the basic right to not have EVERYTHING you do recorded (i.e. where you shop, when you shop, while you shop, what you search for on the internet, who you talk and text, and what you say and write), <b>and then have that information turned into a detailed digital profile of you (98% of Google's profits come from advertising)</b>, and then have that profile sold on the market for HUGE profits to advertisers so they can market their products to you more effectively??? Its more than our right to privacy that is being violated...its the very idea that we "own" our own private information...and that others can't take it and profit off it without our consent.<br />
<br />
<b>So there are two VERY disturbing aspects of this story</b>, from the treasure trove of personal data it offers to a law enforcement, surveillance state apparatus that is becoming increasingly authoritarian, to the "commodity" we, and what we do, has become - but without our control or right to privacy.<br />
<br />
<b>If these revelations don't demand an opt-in, Do-Not-Track mechanism available</b> to all consumers, whether online or using something like a smart phone I don't know what does. We should be looking for Congress, and state houses to take this issue up, and start MANDATING that such mechanisms are provided. Perhaps in that sense, this discovery will help this important cause, and legislation that will take it on.<br />
<br />
<a href="http://www.theatlanticwire.com/technology/2011/11/your-smartphone-spying-you/45575/#"><b>So let's get straight to the article in the Atlantic Wire</b></a> because I'm practically speechless. <span class="autor fn"><a href="http://www.theatlanticwire.com/authors/adam-clark-estes/" title="Adam Clark Estes">Adam Clark Estes</a> reports:</span><br />
<br />
<i>The reason for this invasive Android app seems reasonable enough at face value. Even though it's on most Android, BlackBerry and Nokia devices, most users would never know that Carrier IQ is running in the background, and that's sort of the point. Described on the company's website as software to gain "unprecedented insight into their customers' mobile experience," Carrier IQ is ostensibly supposed to help mobile carriers and device manufacturers gather data in order to improve their products. Tons of applications do this, and you're probably used to those boxes that pop up on your screen and ask if you want to help the company by sending your data back to them. If you're concerned about your privacy, you just tap no and go about your merry computing way. As security-conscious Android developer Trevor Eckhart realized, however, <b>Carrier IQ does not give you this option, and unless you were code-savvy and looking for it, you'd never know it was there</b>. And based on how aggressive the company has been in trying to keep Eckhart quiet about his discovery, it seems like Carrier IQ doesn't want you to know it's there either.
… </i><br />
<br />
<i>This week, Eckhart fired back with a 17-minute long video showing in painstaking detail <b>how much data CarrierIQ collects, effectively undercutting the company's denial</b>. It was even logging contents of text messages! Wired posted the video on Tuesday night and cemented CarrierIQ's status "as one of nine reasons to wear a tinfoil hat." The magazine explains how CarrierIQ even undercuts other companies' security measures... </i><br />
<br />
…<br />
<br />
<i><b>Tracking is creepy. In an Orwellian kind of way, it makes people nervous </b>-- especially Americans -- that the government or the corporations or the system is closing in on them and stealing their freedom. Of course, not everybody feels so strongly about privacy, but as long as you can opt out, it should be fine. This seems be where privacy agnostics as well as advocates both get concerned. Some people don't mind being tracked, but nobody wants to be tricked. Last week, Sen. Charles Schumer spoke out about a program at some malls in Virginia and Southern California that were anonymously tracking shoppers' movements by tracking their cell phone signals, and the only way to opt was by not going to the mall. Schumer did not approve. "Personal cell phones are just that -- personal," the New York senator said in a statement. "If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so."
The CarrierIQ software is not dissimilar to the shopper tracking program. In fact, <b>it's arguably worse since it follows you everywhere</b>. In the age of social media, everybody is becoming increasingly aware of and often angry about the amount of private data companies are scooping up with or without their consent. </i><br />
<br />
<i>This week, the Federal Trade Commission and Facebook came to an agreement that t<b>he social network must make all of their new programs opt-in </b>so as not to break the law by violating users' privacy. Even Mark Zuckerberg admitted in a sincere-sounding blog post that his company had "made a bunch of mistakes" on the privacy front in the past. He went on to detail how "offering people control over the information they share online" was a top priority. This is Mark "Privacy Is Over" Zuckerberg we're talking about here. With Facebook reportedly building its own mobile phone platform, wouldn't it be super ironic if people started defecting from the Android army and switching to the Facebook phone in the name of privacy? </i><br />
<br />
<i>Your move, Google.</i><br />
<br />
Here's the video:<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/T17XQI_AYNo" width="420"></iframe>
<br />
<br />
<div class="MsoNormal">
So what to do? Thankfully,<b style="color: blue;"> it didn't
take long for the Free Press's
"Save the Internet" campaign</b> to jump on this today and provide us
with an opportunity to let Congress and the Justice Department know that we don't appreciate being spied on. Here's some of the language from the action alert (I'll skip the stuff that repeats what I've already included in today's
post), with the link to the action page...interestingly, <b>their experts ALSO made
the connection I did this reeks of like "wiretapping".</b> </div>
<div class="MsoNormal">
<br /></div>
<div style="color: blue;">
<span style="font-size: large;"><b><span style="font-size: small;">Free Press: Tell Justice Department and Congress You Don't Want to Be Spied On!</span></b></span></div>
<div class="MsoNormal" style="color: blue;">
<b> </b></div>
<div class="MsoNormal">
<br />
<b>Are you being watched?</b> A researcher just discovered a hidden application that
records what millions of people write, view and search for on their mobile
phones. It sends all of that data to a company no one’s ever heard of. And we
have no idea what that company is doing with our information.1</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Sounds like 1984. But it’s happening in 2011. Earlier today,<b> Sen. Al Franken demanded answers from the
company, Carrier IQ</b>, calling its technology "deeply troubling." We
now need a full investigation.2</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: blue;">
<a href="http://act2.freepress.net/go/7564?akid=3099.9452308.w8cmX3&t=3" target="_blank">Tell Congress and the Department of Justice: My mobile phone is
mine, and I have the right to be free from being spied on. </a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>The fact that one company is secretly storing away the data
of millions of mobile phone users</b> — without our knowledge, and with no way for
us to opt out — is just incredible. You’d expect this sort of thing from the
Chinese government — not from a company operating in the present-day U.S.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: blue;">
<a href="http://act2.freepress.net/go/7564?akid=3099.9452308.w8cmX3&t=4" target="_blank">Take action now to stand up for your mobile freedoms.</a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>This is not only a privacy problem. It’s a democracy
problem</b>. Mobile phones have become the ultimate democracy devices.
Activists from Cairo to New
York City to Los Angeles
have used their phones to broadcast images of pepper-spraying cops, handcuffed
journalists and squares full of protesters. We must ensure that the most
important movements of our time aren’t compromised by data spies with little
regard for our free speech or privacy.</div>
<div class="MsoNormal" style="color: blue;">
<br /></div>
<div class="MsoNormal" style="color: blue;">
<a href="http://act2.freepress.net/go/7564?akid=3099.9452308.w8cmX3&t=5" target="_blank">Tell Congress and the Department of Justice: Protect mobile
phone users from data spies. Investigate Carrier IQ. </a></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Law professor and former Department of Justice attorney Paul
Ohm says that<b> Carrier IQ’s snoopware “is very likely a federal wiretap,”</b> which
means that the company could be prosecuted for breaking federal law.4 “Consumers need to know that their safety and privacy are
being protected by the companies they trust with their sensitive information,”
Sen. Franken said. “ … Carrier IQ has a lot of questions to answer.”</div>
<div class="MsoNormal">
<br /></div>
<b>We agree. <a href="http://act2.freepress.net/go/7564?akid=3099.9452308.w8cmX3&t=6" style="color: blue;" target="_blank">Let’s get some answers.</a></b>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-20775665298646792432011-11-28T14:57:00.001-08:002011-11-29T09:24:32.073-08:00Smart Phones and PrivacyI want to follow up yet again on my series of posts on the historic
case currently before the Supreme Court that could determine just how much privacy smart phone users can expect in the future. The case in question seeks to determine <b>whether law enforcement should be required</b> to attain a warrant BEFORE tracking
a suspect (or alleged suspect) using GPS technology - which all smart phones happen to now have.<br />
<br />
Before I get to the article delving into the smart phone aspect of this case, let me provide a brief summary of how we got here: <b>The case in question involved police covertly tracking a suspected cocaine
dealer's</b> car using a GPS device for
an extended period of time without getting a warrant. Thanks to this tracking, the
suspect was initially convicted. But, a ruling by the D.C. Court (by Judge
Ginsburg) of Appeals overturned that decision, arguing that the use of a secret
GPS tracking device on the man’s vehicle for two months violated the Fourth
Amendment’s protection against unreasonable searches and seizures. The idea
being, no one wants to feel as if a government agent is following you wherever
you go - be it a friend's house, a
place of worship, or a therapist's
office - and certainly innocent Americans shouldn't
have to feel that way.<br />
<br />
The problem was that t<b>wo federal appellate courts had first upheld the use of
GPS devices</b> without warrants on the grounds that we have no expectation of
privacy when we are in public places and that tracking technology merely makes
public surveillance easier and more effective. Now this case is being heard by the Supreme Court.<br />
<br />
Now, in some of my past posts I haven't focused on what this ruling could mean to ALL smart phone users, but instead, simply on the way the police tracked this particular suspect (see past posts for more detail). But let's be real, <b>if law enforcement can argue, and win, the right to track someone's whereabouts</b> without a warrant (or even probable cause) using a device implanted in the car, it goes to reason that this would be done in many cases through an individuals smart phone instead.<br />
<br />
And of course, this isn't the only area in which privacy and smart phone technology are being debated. This year in California - <b>to the dismay of civil liberties advocates -</b> the Governor vetoed SB 914 (Leno). The legislation was a response to a recent California
Supreme Court decision (People v. Diaz) allowing police to rummage through all
of the private information on a smart phone as part of an arrest, including
text messages and e-mails.<b> </b><br />
<br />
<b>SB 914 would have clarified that an arrestee’s smart phone</b>
can only be accessed with a warrant, except in circumstances where there is an
immediate threat to public safety or the arresting officer. The bill
acknowledged that accessing the detailed, private information contained on a
smart phone is fundamentally different than searching an arrested person’s
wallet, cigarettes or pockets. Senator Mark Leno has announced he will bring this
legislation back next year.<b> </b><br />
<br />
<b>Here's more from a BBC News report entitled "<a href="http://www.bbc.co.uk/news/magazine-15730499">How much privacy can smart phone users expect?</a></b>":<i> </i><br />
<br />
<i>Millions of us happily invade our own privacy every day on
Twitter and Facebook, sharing personal details with the world and broadcasting
our location in a way previous generations would have found bizarre. Even those who shy away from social media and new technology
in general are not immune.<b> The most basic mobile phones are in constant contact
with the nearest mast</b>, sending information about the whereabouts of their users
to phone companies, who can later hand that data over to the police, if
requested.</i><br />
<br />
…<i> </i><br />
<br />
<i>There are signs that<b> governments and law enforcement
agencies around the world are taking advantage</b> of this increasingly relaxed
attitude towards privacy to step up surveillance of citizens. The case currently before the Supreme Court, US vs Jones,
hinges on whether police officers should be allowed to plant GPS tracking
devices on suspects' cars without a
warrant…Lawyers for the Obama administration<b> argued that Jones did not have a
"legitimate expectation of privacy"</b> - the standard legal test in the US for the past
45 years - because his car was in a public place.</i><br />
<br />
…<i> </i><br />
<br />
<i>But law enforcement<b> officers no longer have to physically
plant a bug</b> on a suspect's car or
person. In the US,
they are increasingly using mobile phone tracking software.<b> </b></i><br />
<br />
<i><b>"Police officers can sit in the comfort of their own
stations and use this technology</b> to watch not just one person, but many people,
over long periods of time," says Catherine Crump, an attorney for American
Civil Liberties Union. This is far more invasive than traditional surveillance,
she argues. "<b>GPS tracking can actually be quite revealing about who
a person is </b>and what they value. It can show where a person goes to church,
whether they are in therapy, whether they are an outpatient at a medical
clinic, whether they go to a gun range."</i><br />
<br />
…<i> </i><br />
<br />
<i>But the London
force is also <b>reportedly using software that masquerades as a mobile phone
network,</b> allowing it to intercept communications and gather data about users in
a targeted area, such as a demonstration.</i><br />
<br />
<i>Most civil liberties campaigners do not want the police
banned from using new technology and accept that telecoms companies are
"not the Gestapo", as Catherine Crump puts it. But, argues the ACLU lawyer: "<b>People should not have to
choose between using new technology,</b> which is becoming increasingly commonplace
and hard to live without, <b>and giving up their privacy."</b> </i><br />
<br />
<i>Some believe <b>the moment when that choice</b> has to be made has
arrived.</i><br />
<br />
<a href="http://www.bbc.co.uk/news/magazine-15730499">Click here to read more</a>.<br />
<br />
Again, my mind goes to social movements and protests and the government's insatiable desire to stifle dissent. These concerns are all the more disconcerting in light of the Occupy protests, and what we already know about how the Patriot Act was used to target peace/anti-war activists.<b> </b><br />
<br />
<b>No doubt in my mind we are indeed reaching a watershed moment</b> - as highlighted by the current case before the Supreme Court. As technology advances, and becomes a more and more integral part of our lives, so too is the opportunity for authorities, both corporate and governmental, to use it in ways that violate our civil liberties.<br />
<br />
Smart phones (and the information we have/use on social media like Facebook and Twitter) represent a clear line in the sand that must be drawn..<b>.no government has the RIGHT to track our whereabouts OR access all the information</b> now stored in this technology unless they have a warrant.CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com2tag:blogger.com,1999:blog-8994486887985127167.post-17781948278344196762011-11-22T12:30:00.001-08:002011-11-22T15:13:22.048-08:00Surveillance State IroniesAll the incredible video documenting grotesque police abuse of peaceful protesters across the country provides a bit of irony: <b>Just as we citizens are being increasingly watched </b>by both commercial and governmental interests, so too can we now watch them - and use it to our advantage.<br />
<br />
I don't need to go into too much detail regarding our burgeoning surveillance state and our loss of privacy in just about all areas of life. But,<b> consider the bigger picture...as I wrote on this blog in the past</b>, whether its the knowledge that everything we do on the internet is followed and stored,<b> that we can be wiretapped for no reason and without a warrant or probable cause</b>, that smart grid systems monitor our daily in home habits and actions, that our emails can be intercepted, that our naked bodies must be viewed at airports and stored, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move, and that RFID tags and GPS technology allow for the tracking of clothes, cars, and phones (and the list goes on)...what is certain is privacy itself is on life support in this country...and without privacy there is no freedom.<b> I also fear how such a surveillance society stifles dissent and discourages grassroots political/social activism that challenges government and corporate power...</b>something that we desperately need more of in this country, not less. <br />
<br />
With that overview,<b> I think its particularly fascinating, and ironic, that "we the people" are so effectively documentin</b>g, through smart phones and video cameras, the kinds of law enforcement abuses that we otherwise would not have been able to in the past - and thus would have remained unknown and unpunished.<br />
<br />
With this in mind,<b><a href="http://www.truth-out.org/peoples-surveillance-state/1321898348"> I found an article by one of my favorite writers</a> - Will Pitt of Truthou</b>t - that describes how this "Peoples Surveillance State" is being used, particularly in the documenting of the pepper spray incident at UC Davis. Pitt writes:<i> </i><br />
<br />
<i>In the aftermath of September 11, <b>there was a big push to
create a <a href="http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html#ixzz1eJ0fURBx" target="_blank">national surveillance system</a> in the name of national
security.</b> Cameras were installed at traffic lights, ostensibly to catch people
running red lights and stop signs, but those cameras came with a nifty side
benefit: they recorded everyone within reach of the lens in their comings and
goings. Cameras were installed at street corners, ostensibly to provide
security against crime, but again, you were recorded wherever you went. Bank
machines all come with security cameras, and those added to the ever-broadening
web of national surveillance. Finally, a<b>lmost every cell phone now comes with
software that,</b> so long as the thing is turned on,<b> can track your every step by
triangulating your position via GPS</b> and the cell towers your phone signal
bounces off of.</i><br />
<div class="MsoNormal">
<br />
<i>Those with a fealty to the quaint ideals of American civil
liberties had, to no great surprise, a big problem with putting this system in
place. Combine the concern over having millions of innocent people on camera
with the fact that the Bush administration decided to spy on pretty much
everyone by way of the NSA because no one had the guts to stop them, and what
you had - and have to this day - is a pretty damned paranoid situation where
everyone is being watched by The Man. <b>Today, it is almost impossible to be
anywhere in America
without something tracking you.</b> After this technology had been in place for a
few years, it even became fodder for cop shows; half the episodes of "Law
& Order: SVU" after 2008 involve catching criminals using this web of
eyes and ears. As you can imagine, the bad guys almost never got away.</i></div>
<div class="MsoNormal">
<br />
<i>The basic idea behind setting up this incredibly invasive
system, if you listen to its advocates, is that security is paramount in the
aftermath of 9/11. There were plenty of people, after the Towers came down, who
were very happy to surrender their liberties in the name of security, despite
Benjamin Franklin's warning about
deserving neither and losing both. Nowadays,<b> the existence of such a system is
established fact, leading to yet another bout of cognitive dissonanc</b>e: those in
favor of such a system a few years ago, because it meant the state was looking
out for their safety, are now in all likelihood the same people railing against
the state with guns on their hips at Tea Party rallies...but that's a brain cramp to be dealt with another day.</i></div>
<div class="MsoNormal">
<br />
<i>The advent of the Occupy movement, the length of time that
movement has been able to hang fire, and the vast number of cities in which it
is taking place, has led to an astonishingly violent reaction from the very
state we are supposedly trusting to watch over our every move<b>. There have been
a dozen incidents of gruesome official violence against peaceful, non-violent
protesters,</b> including the near-murder of an Iraq war veteran by police in
Oakland...violence the likes of which has not been seen in America since the
dogs and firehoses days of Birmingham, Alabama.</i></div>
<div class="MsoNormal">
<br />
<i>Last Friday, students at UC Davis in California were subjected to an attack by
police that beggars likeness. <b>Here's
the thing, though: this time, <a href="http://www.youtube.com/watch?v=WmJmmnMkuEM" target="_blank">it's all on
film</a>.</b> </i></div>
<div class="MsoNormal">
<br />
<i>If you haven't
seen it yet, <b>what you're looking at
is a dozen or so protesters seated with their heads down</b>, arms linked, in
peaceful non-violent resistance. An armored UC Davis police officer calmly
pulls out a can of pepper spray the size of a fire extinguisher, shakes it up,
and hoses these seated students down from one side to the other and then back
again. Several of the students subjected to this attack required hospitalization,
and there is an unconfirmed report that one of the protesters had a UC Davis
cop shove the nozzle of his pepper spray canister into her mouth and then
pulled the trigger.</i><br />
<br />
As Pitt also mentions, th<b>e result of this video has been millions of hits, calls for the firing of the Chancellor</b> and cops responsible, an investigation of the incident, and even greater resolve in students across the state and country to continue to speak out against ever increasing tuition costs and fee increases (among MANY legitimate complaints). Granted, we will see if justice is served, and we all know that video alone isn't enough to convict even the most glaringly abusive and illegal tactics. Nor does video guarantee real, systemic reforms to what is clearly an increasingly authoritarian, and militarized police force.</div>
<br />
But certainly, it VASTLY improves the potential that justice will be realized - and reforms will be instituted. More than anything though, what this kind of peoples surveillance offers is the ability to educate the larger public about what is really going on in this country - particularly when you have the temerity to speak out against "the elites". This education opportunity, and how it might serve to motivate and inspire more people to get involved with their democracy and demand change (<b>as well as make cops think twice about their actions</b>) shouldn't be discounted.<br />
<br />
If you want to see what I mean, check out Joshua Holland's Caught on "<b><a href="http://www.alternet.org/occupywallst/153134/caught_on_camera%3A_10_shockingly_violent_police_assaults_on_occupy_protesters/">Camera: Ten Shockingly Violent Police Assault on Occupy Protesters</a>"</b>and consider whether it impacts your opinion on these matters.CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-89423045506903457482011-11-16T11:07:00.001-08:002011-11-16T11:51:04.416-08:00The Need for Internet PrivacyI want to alert everyone to a <a href="https://www.signonsandiego.com/news/2011/nov/13/internet-privacy-a-contradiction-in-terms/"><b>fantastic op-ed</b> </a>in the San Diego Union Tribune by one of my most relied upon privacy experts - Beth Givens of the Privacy Rights Clearinghouse<a href="https://www.signonsandiego.com/news/2011/nov/13/internet-privacy-a-contradiction-in-terms/"><b></b></a>. But, before I share some choice clips, let me provide some backdrop (taken from what I've written on the blog in the past...as there's no reason to reinvent the wheel) on <b>why this has become such an important privacy debate.</b> The fact is, there's been a virtual explosion in data collection, data analysis and use of
behavioral marketing on the internet without the requisite privacy protections
to go along with it. Billions of dollars at stake, and your
private information is the currency.<br />
<div class="MsoNormal">
<br />
We know for instance, and they have been sued for
it,<b> companies like Google, Yahoo, Microsoft and other Internet companies track
and profile </b>users and then auction off ads targeted at individual consumers in
the fractions of a second before a Web page loads.<br />
<br />
That in itself, may not be all that threatening to most. <b>But it raises some
interesting questions</b>: What kind of control should we have over our own data?
And, what kind of tools should be available for us to protect it? What about
ownership of our data? Should we be compensated for the billions of dollars
being made by corporations from their tracking of us? And of course, what of
the government's access to this new
world of data storage?<br />
<br />
The argument from privacy advocates has largely been that <b>this massive and
stealth data collection</b> apparatus threatens user privacy and regulators should
compel (not hope that) companies to obtain express consent from consumers
before serving up "behavioral" ads based on their online history.<br />
<br />
More
generally, particularly on the issue of privacy on the Internet, the fact that
we have next to no privacy standards as related to these technological
innovations and trends is disturbing, and more than enough of a reason <b>for
legislation like California's SB 761</b> (Do Not Track). <br />
<b><br />
The Do Not Track
flag is a rather simple concept </b>that's
already been built into Firefox and IE9. If users choose to turn on the option,
every time they visit a web page the browser will send a message to the site,
saying “do not track.”</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>SB 761 (Lowenthal) would offer consumers such a mechanism</b>, something the bill's
sponsor describe as "one of the most powerful tools available to protect
consumers' privacy." The
mechanism will allow anyone online to send Websites the message that they do
not want their online activity monitored.<br />
<br />
Certainly one strong point of the legislation is that it is in line with public
opinion, as detailed by a poll by Consumer Watchdog last summer that found<b> 80% of Americans
support a Do Not Track option</b>. In addition, a recent USA Today/Gallup poll
found that most Americans are worried about their privacy and security when
they use Facebook and Google.</div>
<br />
<div class="MsoNormal">
<b>The fact is, there's no longer any
anonymity on the Web</b>. The most personal information about people's online habits is collected and eventually bought
and sold, often instantaneously and invisibly. Data collection practices have
become a business in themselves, driven by profits at consumers' expense. The Wall Street Journal recently
highlighted these practices—which included targeting children—in its
groundbreaking series "What They Know."</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="color: #660000;">
<b>Now let's get to Beth's thoughts on this subject:</b></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>Individuals are increasingly using the Internet </b>as their
primary information source, often seeking information on sensitive matters such
as finances, health, personal relationships, divorce, sexuality, workplace
difficulties and legal conflicts.<b> But few individuals realize the extent to which they are
being tracked by companies</b> that create rich profiles of their web-browsing
activities. The 2010 Wall Street Journal series, “What They Know,” reported
that the nation’s top 50 websites installed an average of 64 pieces of tracking
technology onto each visitor’s computer. Tracking tools go beyond the cookies
many of us routinely delete. Some companies deploy “Flash cookies” or other
“supercookies” that are not only extremely difficult to delete but can also be used
to reinstall cookies that a user has removed.</i><br />
<br />
<i>Such data-gathering and profiling activities are largely
invisible, except that they can result in the real-time display of behaviorally
targeted ads. You might ask, “What’s the harm in receiving ads based on my
web-surfing history?” In a legislative primer presented to members of Congress
by 10 organizations, including ours, <b>several potentially harmful effects of
behavioral tracking and targeting were identified</b>: (1) targeting economically
distressed individuals with payday loans and subprime mortgages; (2) sending
ads for bogus cures to individuals with serious medical conditions; (3)
engaging in discriminatory pricing in which some people are offered products or
services at higher prices than others; and (4) targeting children who lack the
judgment capacity of adults. Further, profiles compiled originally for the ad
industry may be sold to non-advertising third parties such as insurance companies.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<i><b>Harms aside, let’s not forget, simply, the right to privacy</b>.
The definition of privacy that guides my organization’s work is the ability of
individuals to control the use of their personal information. Everyone has a
different comfort level regarding the collection and use of their personal
information. We believe individuals’ choices must be respected, no questions asked.</i><br />
<br />
...</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br />
<i>However, studies show that <b>robust profiles generated from
anonymous data can be matched</b> with other data sources, offline and online, to determine
individuals’ identities. These days, the anonymity argument is largely a myth.<b> Another myth is that young people are not concerned about
privacy</b>. These “digital natives” have not known a world without the Internet,
so the argument goes, and they are not worried about their personal information
being revealed online. However, a 2009 academic survey found there are no
significant differences between young adults and older individuals regarding
online privacy concerns. While some believe that in a generation or two,
concerns about online privacy will vanish, we at the Privacy Rights
Clearinghouse are not so quick to accept that argument.</i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i>In closing, effective online privacy protection requires a
multipronged approach involving policymakers, industry, nonprofits and
consumers. <b>It must not be lost to bogus arguments and unfounded myths.</b></i></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b><a href="https://www.signonsandiego.com/news/2011/nov/13/internet-privacy-a-contradiction-in-terms/">You can read the rest here</a>.</b></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<br />
As I have also written before, <b>its not by accident that we
are told by the same interests that profit</b> off our information that privacy is
dead, and people don't care about it
anymore, or that it will "kill business". Well, that's easy to say when you are the ones developing the
complicated and difficult to find privacy settings consumers have to deal with
- and profiting off our personal information without our consent.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
More to the point is the simple, <b>unavoidable fact that
consumers should have MORE control</b>, not less, over what information of ours is
used, shared, and profited off. This basic principle is at the heart of the ACLU's DotRights campaign.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<b>There remains an interesting dichotomy in all this</b>: While people seem to "care" about privacy on one
level, they tend to do very little to actually protect it. Which in my mind, makes
easy to use, clear options to protect privacy so paramount. Once
people are given such a choice, not only will more people choose to "not
be tracked", I think more people will become more AWARE of just how all
pervasive such monitoring of nearly everything we do has become." </div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0tag:blogger.com,1999:blog-8994486887985127167.post-61548908106202488182011-11-10T10:57:00.001-08:002011-11-10T13:56:18.798-08:00Cell Phone Providers Urged to Stop Collecting Data on Customer MovementsIn light of the current Supreme Court case regarding the GPS tracking of a suspect by law enforcement, I thought the ACLU's letter to the CEO's of the nation's biggest cell phone providers asking that they "<b>stop routinely collecting and storing data on their customers’ daily movements"</b> was worth delving into today too.<br />
<br />
<b>The essential argument by privacy advocates,</b> be it the
tracking of a cell phone user, or tracking a suspect<st1:personname w:st="on">'</st1:personname>s vehicle, is that in either case you
should not be more susceptible to government surveillance. The idea being, no
one wants to feel as if a government agent is following you wherever you go -
be it a friend<st1:personname w:st="on">'</st1:personname>s house, a place of
worship, or a therapist<st1:personname w:st="on">'</st1:personname>s office -
and certainly innocent Americans shouldn<st1:personname w:st="on">'</st1:personname>t
have to feel that way. The other major distinction between such constant, all pervasive surveillance, from say, simply following a person or suspect, is just that: its constant, over time, and all pervasive...unlike a simple "tailing" of a person by authorities.<br />
<br />
Before I share some of the ACLU letter, I want to go a little into the back story regarding why cell phone tracking should be a concern for all of us. <b>Consider:</b><br />
<div class="MsoNormal">
</div>
<ul>
<li>In just a 13-month period<b>, Sprint received over 8 million</b>
demands for location information; </li>
<li><b><st1:state w:st="on"><st1:place w:st="on">Michigan</st1:place></st1:state>
police sought information about every mobile phone</b> near the site of a planned
labor protest;</li>
<li>Last spring, researchers revealed that <b>iPhones were
collecting and storing location information;</b></li>
<li>A few months ago the general counsel of the National
Security Agency suggested to members of Congress that the<b> NSA might have the
authority to collect the location information</b> of American citizens inside the <st1:country-region w:st="on"><st1:place w:st="on">U.S.</st1:place></st1:country-region></li>
<li><b>The FBI has used </b><st1:personname w:st="on">'</st1:personname>dragnet<st1:personname w:st="on">'</st1:personname>-style warrantless cell phone tracking.</li>
</ul>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<b>And then there's the Patriot Act</b>. The fact remains that we still don’t know how the
government might be using the Act, highlighted by recent statements made by US
Senators regarding what they termed “secret Patriot Act provisions”. Senator
Ron Wyden (D-OR), an outspoken critic of the recent reauthorization, stated,
"<i>When the American people find out how their government has secretly
interpreted the Patriot Act they will be stunned and they will be angry."</i>
As a member of the Senate Intelligence Committee Wyden is in a position to
know, as he receives classified briefings from the executive branch. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In recent years, three other current and former members of
the US Senate - Mark Udall (D-CO), Dick Durbin (D-IL), and Russ Feingold (D-WI)
- have provided similar warnings. We can<st1:personname w:st="on">'</st1:personname>t
be sure <a href="http://bigthink.com/ideas/38845" target="_blank">what these
senators are referring to</a>, but the evidence suggests, and <a href="http://www.cato-at-liberty.org/atlas-bugged-why-the-secret-law-of-the-patriot-act-is-probably-about-location-tracking/" target="_blank">some assert</a>, that the current administration is using
Section 215 of the Patriot Act - a provision that gives the government access
to "business records" - <b>as the legal basis for the large-scale
collection of cell phone location records. </b></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
With that,<a href="http://www.aclu.org/blog/technology-and-liberty/aclu-wireless-carriers-stop-tracking-americans-movements"> <b>let's get to what the ACLU urged</b></a> these CEO's to do (or NOT do):</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<i><b>The fact is our cell phone companies know more about where
we are</b> throughout the day than our closest friends. One of the byproducts of
the way cell phones work – staying in constant touch with the nearest cell
tower – is that our carriers can tell roughly where we are. And over time, that
data is getting increasingly accurate.</i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
<i>But the major carriers – <a href="https://secure.aclu.org/site/Advocacy?cmd=display&page=UserAction&id=3836&s_subsrc=111109_conspriv_bor">AT&T</a>, <a href="https://secure.aclu.org/site/Advocacy?cmd=display&page=UserAction&id=3827&s_subsrc=111109_conspriv_bor">Verizon</a>, <a href="https://secure.aclu.org/site/Advocacy?cmd=display&page=UserAction&id=3833&s_subsrc=111109_conspriv_bor">T-Mobile</a> and <a href="https://secure.aclu.org/site/Advocacy?cmd=display&page=UserAction&id=3835&s_subsrc=111109_conspriv_bor">Sprint</a> –<b>
don’t just know where we are from moment to moment. They also retain detailed
data about our location for extended periods of time</b>, as we learned recently
when we received<a href="http://www.aclu.org/cell-phone-location-tracking-request-response-cell-phone-company-data-retention-chart">this
document</a> in response to our <a href="http://www.aclu.org/protecting-civil-liberties-digital-age/cell-phone-location-tracking-public-records-request">national
public records request</a> on how the authorities are using location data.
<b>The carriers also readily share the information they gather with government
agencies and law enforcement</b>…We pay them money, they provide us with phone and
data services. Being tracked everywhere we go was never part of the bargain…</i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
<i><b>We don’t know exactly how precise the data the carriers
retain is, or how they are using it. </b>Often these days there is often an
automatic, reflexive impulse to retain data – any and all. But it also seems
that the companies are looking at <b>how to monetize this information as they do
with other information they gather</b>.<a href="https://secure.aclu.org/site/Advocacy?cmd=display&page=UserAction&id=3827&s_subsrc=111109_conspriv_bor">Verizon</a>,
for example, recently announced that it was <a href="http://money.cnn.com/2011/11/01/technology/verizon_att_sprint_tmobile_privacy/">selling
location information</a> about its customers. Although it is doing so only
on an aggregate basis, that still represents a step closer to sharing our own
individual movements, which the carriers are surely tempted to do.</i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
<i>Either way, if we roll over and accept this practice, <b>then
we’ll be accepting a world that totalitarian dictators can only dream of</b>: an
entire population carrying location tracking beacons that precisely record their
every movement. This is not something we should be just taking in stride. <a href="https://secure.aclu.org/site/SPageNavigator/111108_GPS_CellPhone.html&s_subsrc=111109_conspriv_bor">It’s
not something that we have to accept.</a></i></div>
<div class="MsoNormal">
<i><br /></i></div>
<div class="MsoNormal">
<i><b>The best protection for privacy is for the carriers to not
record our location</b>s, even though the phone reveals them, unless we decide to
give permission (and not through the fine print in some boilerplate
click-through agreement). We should demand nothing less</i></div>
<div class="MsoNormal">
.</div>
<div class="MsoNormal">
You can <a href="http://www.aclu.org/technology-and-liberty/open-letter-wireless-carriers-aclu-location-tracking-cell-phones">read
the ACLU’s letter here</a> and you <a href="https://secure.aclu.org/site/SPageNavigator/111108_GPS_CellPhone.html">can
join them in making this demand</a> to your carrier too.</div>
<br />CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com1tag:blogger.com,1999:blog-8994486887985127167.post-28523386685589995112011-11-09T11:47:00.000-08:002011-11-09T12:00:08.795-08:00Update on GPS Tracking Case Being Debated by Supreme CourtI want to follow up on my last post regarding the historic case before the Supreme Court - for which hearings began yesterday - as to whether law enforcement should be required to attain a warrant BEFORE tracking a suspect (or alleged suspect) using GPS technology.<br />
<br />
I've written on this case, and issue, extensively on this blog, so I'm not going to rehash all that now (see last post for a decent summary). <b>Suffice it to say, there is a WHOLE lot riding on this case. </b><br />
<br />
For today's purposes, I'm just going to share some excerpts from a variety of news media that covered yesterday's hearings.<br />
<br />
<b><a href="http://www.npr.org/2011/11/08/142143552/justices-weigh-technology-and-privacy-in-gps-case?ps=cprs">As NPR reported</a>:</b><br />
<br />
<i><b>George Orwell's 1984 was very much on the minds of the Supreme Court</b> on Tuesday, as the justices grappled with a question that pits the use of modern technology in law enforcement against individual privacy interests. At issue is a case testing whether police must obtain a warrant before putting a GPS tracking device on a car to monitor a suspect's movements.</i><br />
<br />
<b>...</b><br />
<br />
<i><b>Dreeben, in his argument, urged the court to stick to the line it has drawn in the past </b>— no warrant is needed for surveillance of activities conducted on public roads. </i><i>Chief Justice John Roberts, however, seemed skeptical about applying that rationale to new technologies, asking if the government could "put a GPS device on our cars and monitor us?" </i><i><b>Dreeben responded that under the government's theory </b>and the court's precedents, "the justices of this court, when driving on the streets, have no greater expectation of privacy" against a GPS device attached to the car "than they would if the FBI followed them around the clock."</i><br />
<i><b><br /></b></i><br />
<i><b>Justice Stephen Breyer struck a more ominous tone</b>, asserting that "if you win this case, then there is nothing to prevent the police or the government from monitoring 24 hours a day the public movements of every citizen in the United States," a scenario that "sounds like 1984." Discussion of Orwell's dystopic novel arose five times during the argument.</i><br />
<i><b><br /></b></i><br />
<i><b>Justice Sonia Sotomayor asked Dreeban to explain the difference between the warrantless use</b> of GPS devices and the general search authority that outraged the Founding Fathers and inspired the Fourth Amendment ban on searches without court authorization. Dreeben maintained, however, that putting a GPS device on a car is not a search. And he seemed to suggest that people have different expectations of privacy in an era of technological advances.</i><br />
<i><b><br /></b></i><br />
<i><b>That is "too much for me," interjected Justice Elena Kagan</b>, suggesting that people would think their privacy interests are violated by having a robotic device monitoring their movements 24 hours a day.</i><br />
<br />
<b><a href="http://www.npr.org/2011/11/08/142143552/justices-weigh-technology-and-privacy-in-gps-case?ps=cprs">Read more here</a>.</b><br />
<br />
<b><a href="http://www.nytimes.com/2011/11/09/us/supreme-court-casts-a-wary-eye-on-tracking-by-gps.html?_r=1">And this from the New York Times</a>:</b><br />
<br />
<i>On Tuesday, <b>Chief Justice John G. Roberts Jr. said there might be a constitutional difference </b>between discrete pieces of data and the collection of vast amounts of information. “You’re talking about the difference between seeing the little tile and seeing a mosaic,” he said.</i><br />
<i><br /></i><br />
<i>But Michael R. Dreeben, a deputy United States solicitor general, said there were no constitutional limits to the government’s ability to track people’s movements in public. <b>He said a device surreptitiously attached to clothing would be permissible</b> so long as it did not convey information from inside a home. He added that the police could track the movements of the justices’ cars without a warrant.</i><br />
<i><br /></i><br />
<i>On hearing those statements, <b>Justice Ruth Bader Ginsburg said </b>the “endpoint” of the government’s argument was that “an electronic device, <b>as long as it’s not used inside the house, </b>is O.K.”<b> </b></i><i><b>Mr. Dreeben said that was correct </b>regarding people’s movements in public. Other forms of monitoring — of conversations inside cars, say — were subject to different rules, he said. </i><br />
<i><br /></i><br />
<i>That means, Justice Stephen G. Breyer told Mr. Dreeben, that <b>“if you win this case, then there is nothing to prevent the police or the government from monitoring 24 hours a day </b>the public movement of every citizen of the United States.” And that, Justice Breyer said, “sounds like ‘1984.’ ”</i><br />
<b>...</b><br />
<i><br /></i><br />
<i>Mr. Dreeben said, “The court should address the so-called ‘1984’ scenarios if they come to pass, rather than using this case as a vehicle for doing so.” </i><i><b>But Justice Sonia Sotomayor indicated that the scenario might have already arrived</b>. “It wouldn’t take that much of a budget, local budget, to place a GPS on every car in the nation,” she said.</i><br />
<br />
<b>...</b><br />
<br />
<i><b>Justices Samuel A. Alito Jr. and Antonin Scalia said</b> such arbitrary limits should be imposed by legislatures rather than a court.</i><br />
<br />
<b><a href="http://www.nytimes.com/2011/11/09/us/supreme-court-casts-a-wary-eye-on-tracking-by-gps.html?_r=1">Read more here</a><i>.</i></b><br />
<br />
<b><a href="http://www.washingtonpost.com/politics/supreme-court-worries-that-new-technology-creates-1984-scenarios/2011/11/08/gIQAbHdw2M_story.html">And finally, the Washington Post also chimed in</a>:</b><br />
<i><br /></i><br />
<i>It is allowed under the court’s own precedents, replied Deputy Solicitor General Michael R. Dreeben, and is no different than if the FBI “put its team of surveillance agents around the clock on any individual and follow that individual’s movements as they went around on the public streets.”</i><br />
<div>
<div>
<i><br /></i></div>
<div>
<i><b>But to many of the justices, something did seem different. </b>In an intense hour-long exchange in which the Big Brother of George Orwell’s novel “1984” was referenced six times, the justices wondered how the dizzying pace of technology has changed a person’s reasonable expectation of privacy.</i></div>
<div>
<i><br /></i></div>
<div>
<i><b>The justices pondered a world in which satellites can zero in on an individual’s house, cameras record the faces</b> at a crowded intersection and individuals instantly announce their every movement to the world on Facebook. They wondered about the government placing tracking devices in overcoats or on license plates.</i></div>
</div>
<div>
<i><br /></i></div>
<div>
<i>...</i></div>
<div>
<i><br /></i></div>
<div>
<div style="font-style: italic;">
<b>The court is trying to apply the Constitution’s centuries-old protection</b> against unreasonable searches and seizures at a time when devices such as a GPS can essentially do police officers’ work for them.But the justices also appeared conflicted about where to draw a constitutional line.</div>
<div style="font-style: italic;">
<br /></div>
<div style="font-style: italic;">
Stephen C. Leckar, representing Jones, said<b> police should be required to persuade a judge to issue a warrant for each use of a GPS device</b>. But the justices wondered how that squared with their previous rulings that no warrant is needed when the person being targeted was being monitored in public places.</div>
<div style="font-style: italic;">
<br /></div>
<div style="font-style: italic;">
“If there is no invasion of privacy for one day, there is no invasion of privacy for 100 days,” Justice Antonin Scalia said. <i></i><br />
<div style="display: inline !important;">
<i>Alito said Leckar had not shown that using a GPS device was any different from traditional police surveillance.</i></div>
<i>
</i></div>
<div style="font-style: italic;">
<i></i><br />
<div style="display: inline !important;">
<i><br /></i></div>
<i>
</i></div>
<div>
<a href="http://www.washingtonpost.com/politics/supreme-court-worries-that-new-technology-creates-1984-scenarios/2011/11/08/gIQAbHdw2M_story.html"><b>Read more here.</b></a></div>
</div>
<div>
<br /></div>
<div>
<b>Obviously there's no way I can get a real "feel" for which way the court may rule. </b>I'm ALWAYS deeply skeptical that the 4 extremists, and the one conservative, will ever rule in favor of the public interest when either corporate interests, or civil liberties, are concerned. Nonetheless, some of the questions posed by Roberts and Alito are at least modestly hopeful. Of course, the real wildcard, Justice Anthony Kennedy, was not quoted in any of the articles I've seen...and he remains the judge I'll be keeping my eye on.</div>
<div>
<br /></div>
<div>
<b><a href="http://www.usatoday.com/news/opinion/editorials/story/2011-11-08/GPS-warrant-amendment/51128734/1">I think today's editorial in the USA Today hit the nail on the head</a></b>, "<i><b>The government's argument is that police don't need a warrant</b> when they track people on public roads where they can be watched by cameras and other drivers — and where police could physically tail them without a warrant.</i></div>
<div>
<i><br /></i></div>
<div>
<i>But of course, <b>the technology changes everythin</b>g. Even with speed cameras, red-light cameras and a squadron of pursuers, authorities would have a very hard time amassing a record of every place someone travels for 28 days.</i></div>
<div>
<i><br /></i></div>
<div>
<i>The idea is, indeed, Orwellian, not to mention downright "creepy and un-American," to use the words of the chief justice of the 9th Circuit Court of Appeals. <b>At a minimum, police should first have to convince a judge that there's probable cause to issue a search warrant </b>— and use it properly.</i></div>
<div>
<i><br /></i></div>
<div>
<i><b>The Founding Fathers, brilliant though they were, could not possibly have envisioned GPS </b>technology. But they certainly understood the principles of personal freedom, and two centuries later those haven't changed a bit.</i></div>
<div>
<i><br /></i></div>
<div>
<i>First and foremost, <b>the Constitution they wrote guarantees individual rights against unnecessary government intrusion</b>. Let's hope that when the Supreme Court rules in this case, it does the same.</i></div>
<div>
<br /></div>
<div>
With that, stay tuned.</div>CFChttp://www.blogger.com/profile/11621511251924136343noreply@blogger.com0