With recent blog posts about the Virginia Watchdog and PulaskiWatch, it was only a matter of time before someone had their identity stolen due to the negligence of county clerks posting sensitive information. Computerworld reported on a Ohio woman suing the county clerk after her identity was stolen. An image of a speeding ticket, containing her personal information, was posted on the county website.

Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.

Reports from Internetnews.com state that NebuAd, creators of the very controversial behavioral targeting technology, recently announced they will stop their ad-targeting campaign. This comes shortly after many of their clients (such as CableOne) dropped NebuAd over privacy concerns and a Congressional hearing. In a statement made by NebuAd, they stated, “plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising.” Along with the project being halted and ISPs canceling their contracts, CEO and co-founder Bob Dykes resigned.

NebuAd’s behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users’ information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it “browser high jacking,” and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.

NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: “The Web sites that you visit or online searches that you conduct” may be used to “deliver or facilitate the delivery of targeted advertisements.” On a side note–only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don’t tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.

OhMyNews recently reported that the U.K., along with other European powers, are developing a system to spy on cell phone records, including text and calls, as well as Internet searches.

The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.

The cost for transferring the massive amount of data–a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn’t bad enough, now forget about protecting personal information or any type of Internet privacy.

I can’t see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale–imagine millions of people having their information posted on the Internet.

Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users’ surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.

Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers’ privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide “more relevant advertising” to their customers.

Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd’s service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn’t these companies help protect personal information, not jeopardize it?

Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One’s yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, “because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow…

In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can’t even choose to say “No.” In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research–not be forced into whatever absurd money-making scheme the companies are up to.

cnet News is reporting that researchers from the University of Colorado and the University of Washington could face charges for snooping the Tor network. The researchers could face up to five years in prison for breaking the Wiretap Act. Tor (The Onion Router) anonymous proxy network is a free software that allows users to surf the Internet anonymously through a circuit of networked computers that encrypt and transmit the data.

Two graduate students and three professors never had a legal review of the project or had been authorized by the university’s Human Subjects Committee. The academic paper was presented at the Privacy Enhancing Technology Forum and intended to shed light on exactly what kind of information was flowing over Tor. The results found “some of Tor’s users include pro-democracy dissidents, journalists and bloggers in countries like China, Egypt and Burma who would otherwise face arrest and torture for their work.”

To study Tor, the researchers set up an exit node in December 2007 and recorded and stored the first part of each network packet passing through the node. This gave them information as to what kind of information was being passed and what websites people are visiting. They then ran an entry node which gave them the users’ IP addresses as they passed through the node, allowing them to see which countries used Tor the most. The two studies recorded and stored different types of information so users could not be cross-referenced.

They found German users were on Tor the most, while 58% of bandwidth used on Tor was from web browsing. A massive 40% of the bandwidth was used by torrent users, even though these users only amounted for 3% of the total.

The researchers spoke with a lawyer and felt that it was unnecessary to get a second opinion or to contact the university’s Institutional Review Board, even though Tor’s policy is not to attach such recording programs because it could result in criminal and civil charges. The team did not follow proper protocol in any way…could it perhaps be that the university would have a problem with their researchers spying and recording people’s information without their consent?

Today we reexamine and update a previous blog posting concerned with you privacy while travelling. A recent article presented by istockanalyst.com discusses how laptop searches cross the line between privacy and security.

Jawad Khaki was returning home from a business trip when he was stopped by customs. Khaki, a corporate executive, told customs everything he had done and everywhere he went. He was then asked to turn on his cellphone, which customs took from him and searched. Customs checked his to-do list and his calender.

This is just one story of the line between privacy and security that is being crossed by customs agents. Does the search and seizure of laptops, cellphones, and PDAs cross the line?

The main question being presented, in both this article and my previous blog post, “What if a traveler’s laptop includes corporate secrets, a lawyer’s confidential documents, a journalist’s notes from a protected source, or personal financial and medical information?” Advocacy groups are concerned with the misuse of information and say they have not gotten any clear answers when posing these questions to the Department of Homeland Security. Two groups have actually filed a lawsuit so they can get that information from Homeland Security.

I understand that sometimes it is necessary to conduct these searches to protect our national security…I am not referring to the time where it does compromise national security, but instead the times where a businessman is travelling and is extensively searched above and beyond what is reasonable. Customs and Border Patrol spokeswoman said that, “The department doesn’t keep seized electronics unless it suspects wrongdoing, and any U.S. citizen’s information that’s copied is kept only if it’s relevant for criminal or national-security investigations.” I do appreciate that, but it needs to be made into official policy.

CBP is using the same reasoning behind checking luggage to check laptops. No reason or probable cause is needed to be searched by customs. There needs to be a distinction between the two. Laptops carry sensitive and personal information, especially if it being used for business travel. The data found on there is an “extension of a person’s professional and personal identity.” The main difference between the search of luggage and the search of a computer, which is also pointed out in the article, is that the luggage can be returned easily…but do you know what has been downloaded and copied off your laptop?

Tough situation…

It seems that angry YouTube users are showing their discontent through the use of their freedom of speech…and by making videos aimed at telling Viacom exactly how they feel. A few days ago the Viacom/Google battle was in full swing (read the blog about YouTube user losing their Internet privacy), now Newsfactor is reporting on the backlash against Viacom’s legal win over Google, forcing Google to give up all sorts of information about their YouTube users.

The copyright infringement lawsuit (for $1 billion) has angered users since now all of their information is being given up to Viacom so that the company can analyze the way viral videos vs copyrighted videos are viewed. While one good thing is that Viacom was not given YouTube’s source code, user information was not safe from Viacom.

Angry users have been making videos urging the boycott of Viacom.

While the gigantic corporation is busy picking on YouTube users, they can’t take a moment to comment on the subject. Instead they released a comment on the company’s website stating, “A recent discovery order by the federal court hearing the case of Viacom v. YouTube has triggered concern about what information will be disclosed by Google and YouTube and how it will be used. Viacom has not asked for and will not be obtaining any personally identifiable information of any YouTube user.” Well, I feel safe now…I am definitely positive that my information is safe and that Viacom will be responsible with it. Besides, if I can’t trust a large corporation with very large financial incentives that go against my best interests, who can I trust?

Telegraph UK reported that search-engine giant Google, the proud owners of YouTube, were demanded to give up ALL of their users’ information…that is correct. This started mainly because of a suit brought on by media juggernaut Viacom, who accuses Google/YouTube of hosting copyrighted information on the site. Google will have to hand information over to Viacom such your log-in details, viewing history, and the IP address from which you surf. I hope either A.) you didn’t view any copyrighted movies or B.) you are using a proxy server to mask your IP and surf anonymously.

The EFF website also has some information on this subject, which it is calling a “setback to privacy rights.” Viacom owns MTV and Paramount Pictures (among others) and is demanding this information because copyrighted programs have been appearing on YouTube and has led to an “explosion of copyright infringement.” Googling is countering the $1 billion lawsuit by saying it already goes above and beyond any legal expectations to remove copyrighted materials…a strategy which hopefully works out, especially since I don’t think I know a single person who doesn’t go on YouTube.

Viacom has stated they want the user details so they can statistically compare original videos with copyrighted videos to show “the attractiveness of allegedly infringing video with that of non-infringing video” (I smell something…it smells a lot like b.s.).

I am just glad that Google does have the firepower to fight back against Viacom and that the EFF has also made their stance clear. I do not need my log-in details and IP address taken hostage so that a “statistical analysis” can be done. How does my personal information help Viacom conduct these studies? IT DOESN’T. Viacom promises not to pursue legal action against people who watch copyrighted content…so I guess we can trust them since they said they wouldn’t do it. That has never happened before, why would a huge company like Viacom lie?

While Google has been involved in some privacy rights issues recently I am glad to see they are stepping up and fighting back. They are requesting to encrypt and anonymize the logs before sending them over to Viacom so that individual users are not prosecuted, but so that a statistical analysis can be done anonymously.

Hotels could possibly be breaking data protection laws and illegally storing information about guests. A recent article by TimesOnline (UK) discussed the privacy risks that hotels are subjecting guests to. The hotels claim that by keeping the information they are able to improve service, even though collecting the information without the guests’ knowledge or consent is against the Data Protection Act.

Information being stored includes credit card numbers, family-life information, occupation, nationalities, and even some other activities including consumption of alcohol and names of overnight visitors with the guest. Don’t order an adult film or be rude to someone at the front desk, because that goes into your “permanent record.” It’s like middle school all over again.

Other information, which is not as sensitive, is also recorded. Employees use Internet searches to find information about the guests, ranging from the books or movies they like to a favorite sport. The file is then given out to the hotel employees, because this “systematic approach” to invasion of privacy seems to be the best method of customer service.

I can see the logic behind this method…but I also remember someone telling me “The road to hell is paved with good intentions.” How does this massive invasion of privacy help out that much? I understand keeping a profile of hotel-related activities such as if a smoking room is preferred. But knowing my favorite channels and the type of alcohol I drink at the hotel bar seem to be details that do not help the hotel…and make me feel uncomfortable. The hotel employees do not need to know that much personal information. I especially do not need a manager Googling me or looking at a MySpace page to get personal information.