A recent report by Government Computer News sheds light on a topic that millions of people all over the world deal with on a regular basis: Internet privacy and security in the hotel industry. People have many different reasons to travel, but with the modern tech-era upon us one of the most frequently asked questions when booking a hotel is: “Do you have Internet?” That answer is most likely a, “yes.”

It’s common knowledge that the world has moved online, and so has the bulk of our personal lives. The majority of us pay our bills online, we manage our bank accounts online, and some may even earn an extra or full-time income from the Internet. Even those who were once leery of that “Internet thing” are venturing online these days. With our lives so impacted by the internet, there is an increased concern about online security. The information that we leave unguarded online can easily be obtained by unscrupulous people and used in ways that could a make our lives a nightmare. Be very careful of the footprints that you leave when you are on the web.

Beginning this month, many news sources (including Cnet and PC Magazine) have been reporting on the Chinese version of Skype that spies on certain “sensitive words” and blocks them from servers if needed. Skype is a software that allows you to make phone calls over the Internet and use your computer’s microphone and speakers to communicate with others. It is sort of like a beefed up version of AIM, but along with instant messaging allows you to video conference and make phone calls.

Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.

Reuters and Yahoo! News report that Google has agreed to cut the amount of time it stores users’ web surfing habits from 18 month to only nine months. This is quite a significant drop, especially when taking into account that in March 2007 Google had no policy and kept the information for an indefinite period of time. Google’s new policies, “are part of a broader trend that is increasing across the industry for companies to compete in good privacy practices,” according to Google’s global privacy counsel Peter Fleischer.

Along with the new nine month data retention policy, Google plans to anonymize the data much more quickly. Could this be in response to the Viacom/YouTube issue? This is is a great precautionary measure to protect our Internet privacy from companies like Viacom that want to sue Google so they can obtain users’ records. After nine months the data and the IP address are disassociated and the data can no longer be tracked back to a specific user.

The move to an 18-month data retention policy came about due to the European Union putting pressure on Google to increase their privacy measures. The new nine-month policy was adapted to further refine Google’s privacy protection and keep users much safer while surfing the Internet. The new nine month policy makes Google the alpha male, as far as privacy is concerned. Microsoft still keeps data for 18 months and Yahoo! currently retains data for 13 months.

While this is good news for anyone who surfs the Internet, it is important to remember that your data is being tracked and recorded. Data retention policies are extremely helpful, but ultimately privacy must begin with you. Using an anonymous proxy server will help you be invisible and maintain anonymity while surfing and stay one step ahead of even the most favorable data retention policies.

Reports from Internetnews.com state that NebuAd, creators of the very controversial behavioral targeting technology, recently announced they will stop their ad-targeting campaign. This comes shortly after many of their clients (such as CableOne) dropped NebuAd over privacy concerns and a Congressional hearing. In a statement made by NebuAd, they stated, “plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising.” Along with the project being halted and ISPs canceling their contracts, CEO and co-founder Bob Dykes resigned.

NebuAd’s behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users’ information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it “browser high jacking,” and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.

NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: “The Web sites that you visit or online searches that you conduct” may be used to “deliver or facilitate the delivery of targeted advertisements.” On a side note–only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don’t tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.

Microsoft has recently introduced the world to InPrivateBrowsing, or privacy mode, which is the latest and greatest feature of IE8. According to numerous reports, including PCAdvisor, private mode is not very private at all. The information can easily be recovered and the privacy features are mostly cosmetic, giving you the false sense of security that you are protecting and securing your browsing habits. The main goal of InPrivateBrowsing is to prevent other users [of the same PC] from being able to access web surfing information.

InPrivateBrowsing was created by Microsoft to protect a user’s Internet privacy by deleting browser history and other data that is stored by IE during a web surfing session. The dubbed, “Porn Mode,” hides browser history from nosy people trying to spy on your web history. Forensic experts were able to easily retrieve all the information that IE was expected to keep protected. The main feature of InPrivateBrowsing is that it does not allow cookies to be stored. Cookies are bits of text and data that are stored on your computer so that websites can easily access your information. Without cookies, login details and other sensitive information remains secure. Along with the disabling of cookies, the browser doesn’t allow history to be stored in the Windows registry, which is another way information can be found on your PC.

The major flaw of InPrivateBrowsing lies with cache files. These files are stored on your computer so that the websites you visit will load faster. The major flaw of InPrivateBrowsing is that it does not delete, or even disable, the Internet cache files. A user can manually delete these files, but they are still easily accessible with forensic tools. Users can always delete their cookies, cache, and temporary Internet files, but why would someone want to do that? For example, if I am searching the Internet for an engagement ring I could use privacy mode to make sure no traces of the searches are left online. That would be much more convenient than manually deleting everything. Not only would it be convenient, but it would look a lot less suspicious than having to delete all traces of my surfing. Both privacy mode and manual deletion solve the same problems, but the latter definitely looks fishy.

Betty Ostergren, a privacy advocate that posts Social Security numbers she found on the Internet, has been given the thumbs up by a federal judge in Virginia. Computerworld reports that the state government can not stop her from posting the Social Security numbers on her website. At first glance, this privacy issue should enrage a lot of people. Knowing she has your personal information and is posting it all over the Internet would upset a lot of people; but how did she find this information in the first place? She got the information from the Internet and public records. The privacy advocate did this as a lesson, and to start a campaign to show people just how easy it is to find sensitive information about them.

She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren’s website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.

I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don’t see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved… Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.

TechCrunch (via the WashingtonPost) has recently published an article stating what should be the Digital Bill of Rights to protect consumers. With the Internet age in full-swing, and Election ’08 in the near future, what better time than now to present a plan of action for laws and regulations regarding the Internet? Many laws governing the Internet are quite outdated and can’t keep up with the daily advances in technology…as food for thought: What if laws had never been changed with the inception of modern mail carriers? Imagine the same laws were still completely intact even with the transition from the Pony Express to the modern-day United States Postal Service. Could that work? Could a law regarding the Pony Express still govern the actions of USPS?

Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users’ Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.

Presented in the article is the author’s own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.

Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users’ surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.

Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers’ privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide “more relevant advertising” to their customers.

Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd’s service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn’t these companies help protect personal information, not jeopardize it?

Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One’s yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, “because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow…

In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can’t even choose to say “No.” In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research–not be forced into whatever absurd money-making scheme the companies are up to.