Privacy Lost (pt 2)

May 30th, 2008

Today I will be continuing the Privacy Lost article with part two of the segment. “On privacy, talk and actions are poles apart” discusses a survey conducted by MSNBC to see just how much privacy people are willing to give up. The results came from a group that are more interested in privacy issues than an average person, but the results seem to be consistent regardless of the level of interest according to the developers. The article does have some interesting items that are worth taking a look at. On the main page is a section where people discuss what privacy means to them and how things are changing, and a survey that you can take.

Conclusion: Americans are much more trusting than they say they are. Many people are willing to accept many privacy risks because it is such a difficult term to accurately assess. The survey showed that 88% of respondents said they could not trust their government or private corporations to protect their privacy. That is a lot of smart people if you ask me… But, many of those same respondents are also willing to share personal and private information with the very people they don’t trust. They give personal information to get a supermarket loyalty card, and would use the E-Z pass to save a few cents on the tolls, not thinking that they just gave up a big chunk of their privacy…these are the same people who responded “that bothers me,” when figuring out that their sense of privacy is getting slimmer everyday.

A large majority of the respondents were worried about government-related privacy issues, such as phone taps and Internet tracking. At the same time, they would be willing to submit biometric information or have a universal ID card. Is it the case of consumers being savvy as the article states, or are people just unaware and misinformed about the amount of information they regularly give up without a fight? With this also comes private corporations and the way they are perceived. Although it seems that Americans are very trusting, many agree that private corporations and government are both a threat to privacy. Ultimately, it boils down to what information an average person is willing to give up and to what extent they will go to ensure their privacy is protected.

Privacy Lost

May 29th, 2008

Roughly 2 years ago published a 5-part articled called “Privacy Lost,” which showed the various privacy issues that Americans will have to deal with as well as the steady decline in our privacy. While most articles written this long ago would be faded away with newer and updated information, this article did a great job assessing the way things were in 2006, and showing exactly what the future holds.

The first article, “Privacy under attack, but does anybody care?” discusses the various methods that companies, the government, and criminals could use to slowly chip away at the privacy you think you have. Many of the issues in the article, including giving out personal information to get supermarket coupons or a political consultant contacting you based on the information they bought from another company or person, are still pertinent today. Everything we do can be found somehow or somewhere…anything I type can be found on the Internet one way or another. The article brilliantly states, “The digital bread crumbs you leave everywhere make it easy for strangers to reconstruct who you are, where you are and what you like.” I have written countless blogs about this very subject….today, yesterday…2 years later.

A poll conducted by MSNBC found that 60% of people were fearful that they were losing their privacy and it did bother them. As far as I can see, not that much has changed. More recent polls conducted by EPIC pretty much say the same thing. Awareness has not increased, but the privacy issues have. The article continues to discuss companies and agencies losing millions of peoples’ personal information and the backlash they face, but yet Home Depot asks you for a phone number when you make a purchase so they can keep track of you…and everyone I saw politely gives it up. Why get mad at a reliable organization that misplaces your information, but then give all your personal information for a free coupon?

How should law enforcement approach the privacy issue? Is it OK to monitor everyone, or should you lose your right to privacy for a criminal (or alleged criminal)? Government agencies buy information from marketing companies that buy our information from supermarkets…no one person can assume their information is private. Is it a worthwhile trade off?

The Electronic Privacy Information Center (EPIC) is “a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.”

EPIC is another great organization that was established to help people against all the privacy risks they may encounter. EPIC publishes a newsletter called the EPIC Alert which is openly available for anyone to read or subscribe to. Along with the Epic Alert, the organization also publishes books pertaining to privacy issues, open government, and free speech.

One of my favorite parts of the website is the “Policy Issues” menu. This is where you can look up more detailed information on free speech, open government, and privacy issues. The “Privacy A to Z” gives a very detailed list of Hot Topics and New Resources, as well as a comprehensive list of privacy issues (listed alphabetically of course). Many of the issues you can find here are ones that would be difficult to get any decent amount of information about. EPIC stays updated with the latest concerns and privacy risks through this section.

Another excellent part of the site that I use a lot is the “Resources” section. This is where you can also sign up for the EPIC Alert, visit the bookstore, check out EPIC-sponsored events, company press releases, and find privacy tools/resources. This section also offers a very useful Bill-Track, which keeps updated information on Congressional bills, and also features an entire section regarding “Former Secrets,” uncovered by EPIC’s use of the Freedom of Information Act (FOIA).

EPIC is another pioneer for privacy. The hard work and dedication of the staff makes it easier for everyone to be informed about the latest privacy issues and ways to stay protected. EPIC is regularly featured in the news, and continues to fight hard to protect us.

The Electronic Frontier Foundation (EFF) is here to protect your digital privacy. The EFF is the first line of defense against cyber attacks. The nonprofit organization contains a mix of lawyers, analysts, activists and technologists that are working hard to protect us all from damage to our digital rights, ranging from cyber criminals to legislation against privacy.

EFF spends much of its time litigating and overseeing court cases that concern the digital rights of everyone who is entitled to them. Many crucial EFF court victories have shaped the way we use the Internet today.

The EFF website offers a wide array of information to research including e-voting rights and intellectual property issues. The site also has current cases that the EFF is involved in and any important updates. The Deeplinks Blog offers commentary and submission from various writers who have joined the fight with EFF in protecting us all.

It is great knowing that there is a place to turn when in need of information. EFF goes above and beyond most other organizations to protect us. The website offers an almost endless amount of content…just about anything you could want to know concerning privacy and the rights you have. EFF offers employment opportunities, internships, and volunteering for anyone who wants to join in the protection of our rights. The Electronic Frontier Foundation has been working hard since 1990 to set precedents and continues to fight against today’s issues.

As mentioned in a previous post about Internet privacy and who can be trusted, it is important to know who you can and can’t count on. The EFF does not remain anonymous about what they do. They put themselves on the front lines and allow themselves to be seen by everyone, including photos and biographical information.

We’ve all heard about Phishing; i.e. getting phony e-mails asking you to give up important personal information. We also all know about scams involving telephone solicitation.

Now we have Smishing which is getting personal information by sending bogus text messages to your phone. According to an article in the Kansas City Star, warning consumers about a new, multifaceted identity theft scam where victims are targeted by phone, text messages and e-mails, we now have to worry about fake text messages.

Here’s my question: “How many of us get text messages from their banking or brokerage firms?” My guess is not many at all. Therefore why would anyone believe a text message could be from their financial institution, especially in this age of ever more clever identity theft criminals?

It is sad that people get taken in by these thieves. However we all must continue to be cautious when we get a suspicious communication regardless of the way it was transmitted. The first step in preventing identity theft is to be skeptical of any communication that asks for personal information. Without willing takers, identity thieves would have a harder time collecting this information.

The Privacy Rights Clearinghouse is a “nonprofit consumer information and advocacy organization,” helping people stay protected in most aspects of their lives. The site ranges from issues concerning financial privacy and identity theft to Internet privacy. The organization was founded and is still run by Beth Givens and its mission is two-fold: consumer information and consumer privacy. The San Diego-based company was established in 1992 and is predominately grant-supported. The goals of the PRC are:

  • Raise consumers’ awareness of how technology affects personal privacy.

  • Empower consumers to take action to control their own personal information by providing practical tips on privacy protection.

  • Respond to specific privacy-related complaints from consumers, intercede on their behalf, and, when appropriate, refer them to the proper organizations for further assistance.

  • Document the nature of consumers’ complaints and questions about privacy in reports, testimony, and speeches and make them available to policy makers, industry representatives, consumer advocates, and the media.

  • Advocate for consumers’ privacy rights in local, state, and federal public policy proceedings, including legislative testimony, regulatory agency hearings, task forces, and study commissions as well as conferences and workshops.

The PRC website offers consumer information regarding just about any privacy issue that could be of concern. The website offers various fact sheets on privacy issues in both English and Spanish. The site is conveniently indexed so that the user can easily search for a specific issue. Of course, as any pioneer for privacy should, PRC has a very extensive privacy policy clearly stated on the website. The best part, I feel, is the “Alerts & New Info” section which shows current privacy-related issues that should be paid special attention to. At this time the newest alert is “Security & Privacy for your Windows Computer” (in PDF). Privacy Rights Clearinghouse is a great site and a great organization that is founded on helping consumers protect themselves from the many privacy risks out there.

With the invention of MySpace and the vast amounts of other social networking sites, the entire landscape of the Internet universe has changed. People freely connect with long lost companions or meet new people that share similar interests; this allows a once distant community to come together.

With this power, also comes risk. Many people join social networking sites and openly post personal information such as birth dates, or post photos of their personal lives. A new breed of criminal has also evolved with social networking; one that can break down privacy barriers and research their prey by visiting their MySpace of Facebook pages and learning just about everything they could ever want to know.

Maintaining your privacy and avoiding identity fraud are not difficult things to accomplish, but do require some common sense. Many people post more information than needed, letting people know everything possible without having to even know who this person is. Many sites have been created to help users protect their social networking privacy, but a few important tips to remember when considering what information you want available to the world include:

  • Providing just enough information. You want your friends to be able to locate and contact you, but you don’t need to put your entire life story so that anyone with eyes and a PC can learn everything about you.
  • Making your profile private so that only people you have befriended can view the information and photos. Some sites allow networks of people to view your information, but a user should consider limiting their private information just to their friends.
  • Be wary when adding external applications. For the most part don’t add any, and if you do already use some be sure to keep only the ones you actually do use on a consistent basis. These apps are developed by outside parties that have no affiliation with the site, and most likely do not include any sort of privacy policy.
  • Do not use the same password for your social networking sites that you would to access your e-mail or any sites that contain personal information, such as banking sites.
  • Frequently check the privacy policies for any changes that may concern you.
  • THE GOLDEN RULE: Never assume something you post on the Internet is completely private. If someone wants the information badly enough, they will find it. Always use common sense when posting sensitive information on a website.

The front page of Yahoo! News has quite an interesting story about Identity Theft and Privacy. Everyone may know Todd Davis as the creator of LifeLock who has his real Social Security Number displayed for the world to see and guarantees that it will be safe. Well, interestingly enough, his guarantee didn’t stand.

Customers from three different states are suing him because they claim the product doesn’t work, a claim Mr. Davis unfortunately knows all too well, since he was also hacked and had his identity stolen. At least 20 people tried to obtain a driver’s license in his name, and in 87 different attempts to steal his identity one person managed to succeed and get himself a $500 payday loan in Mr. Davis’ name through an online company.

LifeLock charges a monthly fee to monitor your information and set fraud alerts with the credit bureaus. The lawsuit, which is seeking class-action status, will attempt to shed light on how much protection these companies can actually provide.

It is unfortunate that this happened to Mr. Davis, but he didn’t follow the basic rule that everyone learned when they were 12….DON’T GIVE OUT YOUR SOCIAL SECURITY NUMBER. Nobody can guarantee this type of protection and LifeLock proved it. In Friday’s Internet Privacy post, I mentioned that, “You can safely assume that you have zero privacy while surfing the Internet, and privacy protection goes above and beyond the latest Norton update. Privacy on the Internet is not given to you. As an Internet user, you must proactively search ways to protect your Internet Privacy while online.” Well, this is a perfect example…Customers thought that LifeLock would be secure enough that they didn’t have to worry about anything else. While LifeLock is without a doubt an excellent product, common sense must be used at all times.

Two recent articles about Charter Communications, recently reported that the company will monitor customers’ web surfing habits. The second article discusses the two congressmen who are trying to stop Charter from tracking the surfing habits of their customers.

Charter is the third-largest publicly traded cable operator in the U.S., operating in 29 states. Charter wanted to test this concept in four market areas: Fort Worth, TX; San Luis Obispo, CA; Oxford, MA.; and Newtown, CT. and sent out letters to hundresds of thousands of customers telling them this program will begin in 30 days….before a final desicion is made about using this on all 2.8 million Internet customers.

This data will be sent to NebuAd, which will then cross-reference the surfing habits and send advertisements that would be of interest to the user. This term is called “behavioral targeting,” and it is a major privacy threat. I suppose the letters that the customers received made it alright to pry in on their personal lives and invade their internet privacy. Of course, the users can opt out but they have to go out of their way and manually do it…which takes us back to a previous blog post from Friday regarding who you can trust with your Internet privacy. Shouldn’t it be the other way around? Users should manually choose to accept this test program…

Charter will need to follow their users around somehow, and it will have to be with an IP address. Is it really enhancing my Internet experience to be tracked all over the Internet, and then having it pushed back in my face in the form of Internet advertising? I don’t see it that way. I see it as having to go out and find a good proxy server to protect myself while surfing the internet.

This is a difficult question to answer. Of course, Internet privacy should be a major concern to anyone who boots up a computer and checks their e-mail. With modern technology comes a new generation of criminals and misfits who will use it with bad intentions.

Even if criminal activity isn’t involved, some of the sources you, as an Internet user, think you can trust will let you down. Internet Service Providers (ISP), search engines, and marketing companies all use this technology to track your IP address and slowly build up a profile about your surfing habits so they can advertise more effectively…that is correct, your own ISP keeps tabs on your internet habits.

You can safely assume that you have zero privacy while surfing the Internet, and privacy protection goes above and beyond the latest Norton update. Privacy on the Internet is not given to you. As an Internet user, you must proactively search ways to protect your Internet Privacy while online.

This brings us to the million dollar question…who can you trust?

Many places offer Internet privacy tools, but what do they have in mind? Is it a company that cares about your privacy? Knowing who you can and can’t turn to is important. Internet privacy tools can be found just about anywhere, but this is an area where you get what you pay for. Would you trust a stranger on the streets to walk up to you and give you a brand-new television? Then why would you use a tool that is meant to protect your privacy without knowing who is behind it?

While you can never be truly anonymous, you can be protected. Some company will always have your information, especially since have to pay your bills. In the case of using a company’s protection tools, the important thing to know is how will they use it? Will they sell it to the highest bidder, or will they follow their privacy policy and not jeopardize your information. The point of using their products is that they stand behind them and guarantee them to work. I feel strongly about knowing who is taking my money and I want to have a face and a name to stand behind the product. I want to know the people who I am trusting with my personal information.