Excellent reporting on CNN about the Internet and Privacy. This is a must watch video. It’s a little less than 4 minutes long.
This video reinforces what we’ve been saying for awhile. Be very careful what you post and where you post. Protecting your privacy is your responsibility.
The TSA (Transportation Security Administration) and the U.S. Government have been working on ways to us safe. Throughout the years, they have come up with many procedures and innovations that have forever changed the way we fly, and how safe we are. They introduced the metal detector, a truly pioneering technology that stopped many a criminal from sneaking in with a gun or bomb. Over time though, after no one tried that anymore, things got a little more lax around the security department. Suddenly, the 911 attacks occurred. This was a big slap in the face for the government; someone got through their supposedly unbreakable shields, and a terrorist nonetheless. After this tragedy, airports and any places of aviation are much more secure than they ever were before, and anyone who has sat in a security line forever or been patted down meticulously would agree. They needed something better though, and their answer came in a surprising, futuristic form.
Some have the false premonition that celebrities and other “big players” are larger than life, and protected as such. Some would think that hackers and criminals would only prey on the average civilian, but this is not true. Celebrities represent credibility, and wealth. If a hacker were to gain access to a famous person’s credit card, you can be sure they would go to town with it, knowing the celebrity is rich. If a hacker simply wanted to get a message out, posing as a good speaker would be a good idea. These are often obviously fake though, and discredited quickly. If a hacker were to gain access to a celebrities e-mail account however, they would have access to the fan list millions long.
This has just recently happened. A Green Party representative Peter Ellis, recently had his e-mail hacked. The criminal got his password, and went on posing as Peter Ellis himself. He then sent out an e-mail requesting money from any of his supporters, saying that he was on a trip to help out his sick daughter, who needed money for an immediate medical procedure. Anyone who knew Ellis knew his daughter was only eight years old and in perfect health.
The e-mail was sent out to many of the people on Ellis’ contact list. It requested a loan of $1500 dollars be sent to a Belleville address. After Peter figured this out, he quickly called HotMail and had them deactivate his account. One of Peter’s friends tried to catch the crook by feigning interest, but no one knows if it led to an arrest.
Everywhere you turn on the internet, there are articles and columns warning you to be safe on the internet and touting ways to do so. After awhile, you can become desensitized and the threat of internet security breaches will seem unreal. It seems enough to most to avoid sketchy websites and pop-ups telling them they have won a million dollars, but it seems the danger is closer than we thought.
The Federal Trade Commission that a major retailer has been caught red-handed snooping on customer’s computer information. The retailer offered participants 10$ to sign up for a survery program. Here is the description of the program: “…participate in exciting, engaging, and on-going interactions- always on your terms and always by your choice.”
It seems benign, harmless, and vague, but unfortunately, according to the FTC, it turns out that this retailer was gathering more information than just that which pertained to their business. The company said that all it would glean from its participants’ activities was online browsing of their company website, to delineate product demographics, find popular pages, etc…. boring, corporate stuff.
With recent blog posts about the Virginia Watchdog and PulaskiWatch, it was only a matter of time before someone had their identity stolen due to the negligence of county clerks posting sensitive information. Computerworld reported on a Ohio woman suing the county clerk after her identity was stolen. An image of a speeding ticket, containing her personal information, was posted on the county website.
Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.
Reports from Internetnews.com state that NebuAd, creators of the very controversial behavioral targeting technology, recently announced they will stop their ad-targeting campaign. This comes shortly after many of their clients (such as CableOne) dropped NebuAd over privacy concerns and a Congressional hearing. In a statement made by NebuAd, they stated, “plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising.” Along with the project being halted and ISPs canceling their contracts, CEO and co-founder Bob Dykes resigned.
NebuAd’s behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users’ information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it “browser high jacking,” and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.
NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: “The Web sites that you visit or online searches that you conduct” may be used to “deliver or facilitate the delivery of targeted advertisements.” On a side note–only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don’t tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.
OhMyNews recently reported that the U.K., along with other European powers, are developing a system to spy on cell phone records, including text and calls, as well as Internet searches.
The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.
The cost for transferring the massive amount of data–a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn’t bad enough, now forget about protecting personal information or any type of Internet privacy.
I can’t see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale–imagine millions of people having their information posted on the Internet.
Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users’ surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.
Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers’ privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide “more relevant advertising” to their customers.
Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd’s service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn’t these companies help protect personal information, not jeopardize it?
Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One’s yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, “because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow…
In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can’t even choose to say “No.” In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research–not be forced into whatever absurd money-making scheme the companies are up to.
cnet News is reporting that researchers from the University of Colorado and the University of Washington could face charges for snooping the Tor network. The researchers could face up to five years in prison for breaking the Wiretap Act. Tor (The Onion Router) anonymous proxy network is a free software that allows users to surf the Internet anonymously through a circuit of networked computers that encrypt and transmit the data.
Two graduate students and three professors never had a legal review of the project or had been authorized by the university’s Human Subjects Committee. The academic paper was presented at the Privacy Enhancing Technology Forum and intended to shed light on exactly what kind of information was flowing over Tor. The results found “some of Tor’s users include pro-democracy dissidents, journalists and bloggers in countries like China, Egypt and Burma who would otherwise face arrest and torture for their work.”
To study Tor, the researchers set up an exit node in December 2007 and recorded and stored the first part of each network packet passing through the node. This gave them information as to what kind of information was being passed and what websites people are visiting. They then ran an entry node which gave them the users’ IP addresses as they passed through the node, allowing them to see which countries used Tor the most. The two studies recorded and stored different types of information so users could not be cross-referenced.
They found German users were on Tor the most, while 58% of bandwidth used on Tor was from web browsing. A massive 40% of the bandwidth was used by torrent users, even though these users only amounted for 3% of the total.
The researchers spoke with a lawyer and felt that it was unnecessary to get a second opinion or to contact the university’s Institutional Review Board, even though Tor’s policy is not to attach such recording programs because it could result in criminal and civil charges. The team did not follow proper protocol in any way…could it perhaps be that the university would have a problem with their researchers spying and recording people’s information without their consent?
