Computerworld reported that an upset Arkansas man has posted sensitive information on his website, PulaskiWatch. The information was found via public records and consisted of e-mails between nine government officials, including the county clerk. This privacy issue may seem a little familiar as the Virginia Watchdog (which, coincidentally, does not seem to be working) also posted sensitive information on government officials in Virginia.

Reuters and Yahoo! News report that Google has agreed to cut the amount of time it stores users’ web surfing habits from 18 month to only nine months. This is quite a significant drop, especially when taking into account that in March 2007 Google had no policy and kept the information for an indefinite period of time. Google’s new policies, “are part of a broader trend that is increasing across the industry for companies to compete in good privacy practices,” according to Google’s global privacy counsel Peter Fleischer.

Along with the new nine month data retention policy, Google plans to anonymize the data much more quickly. Could this be in response to the Viacom/YouTube issue? This is is a great precautionary measure to protect our Internet privacy from companies like Viacom that want to sue Google so they can obtain users’ records. After nine months the data and the IP address are disassociated and the data can no longer be tracked back to a specific user.

The move to an 18-month data retention policy came about due to the European Union putting pressure on Google to increase their privacy measures. The new nine-month policy was adapted to further refine Google’s privacy protection and keep users much safer while surfing the Internet. The new nine month policy makes Google the alpha male, as far as privacy is concerned. Microsoft still keeps data for 18 months and Yahoo! currently retains data for 13 months.

While this is good news for anyone who surfs the Internet, it is important to remember that your data is being tracked and recorded. Data retention policies are extremely helpful, but ultimately privacy must begin with you. Using an anonymous proxy server will help you be invisible and maintain anonymity while surfing and stay one step ahead of even the most favorable data retention policies.

Reports from Internetnews.com state that NebuAd, creators of the very controversial behavioral targeting technology, recently announced they will stop their ad-targeting campaign. This comes shortly after many of their clients (such as CableOne) dropped NebuAd over privacy concerns and a Congressional hearing. In a statement made by NebuAd, they stated, “plans for wide spread deployment via the Internet service provider channel are delayed to allow time for Congress to spend additional time addressing the privacy issues and policies associated with online behavioral advertising.” Along with the project being halted and ISPs canceling their contracts, CEO and co-founder Bob Dykes resigned.

NebuAd’s behavioral targeting campaign was supposed to keep information anonymous and only collect and store pertinent information so that online advertisements could reflect an individuals tastes and offer products that they are more likely to want to purchase. The above mentioned ISP was one of the many multiple service operators that had contracts with NebuAd for their state-of-the-art services. ISPs have been tracking and recording their users’ information and selling it to the highest bidder, which in many cases was NebuAd. While this concept seemed like a good idea, privacy advocates and security experts called it “browser high jacking,” and made it clear that an ISP could be breaking federal wiretapping laws by using NebuAd.

NebuAd required the ISPs they contracted with to inform their users of the ad-tracking campaign. ISPs did inform their users, but in many cases did not allow them to opt-out of having their Internet privacy jeopardized. Also, many of the ISPs did not specifically tell their users what was happening, but just made small modifications to their privacy policies. Embarq, for example, stated in their privacy policy: “The Web sites that you visit or online searches that you conduct” may be used to “deliver or facilitate the delivery of targeted advertisements.” On a side note–only 15 Embarq users opted out. Who should be blamed then? Is NebuAd at fault for developing the eavesdropping software, or is it the fault of the ISPs who don’t tell their users they are being spied on and then sell the information? The next step is for Congress to introduce legislation requiring explicit consent from users that way they know and willingly allow their information to be collected.

Microsoft has recently introduced the world to InPrivateBrowsing, or privacy mode, which is the latest and greatest feature of IE8. According to numerous reports, including PCAdvisor, private mode is not very private at all. The information can easily be recovered and the privacy features are mostly cosmetic, giving you the false sense of security that you are protecting and securing your browsing habits. The main goal of InPrivateBrowsing is to prevent other users [of the same PC] from being able to access web surfing information.

InPrivateBrowsing was created by Microsoft to protect a user’s Internet privacy by deleting browser history and other data that is stored by IE during a web surfing session. The dubbed, “Porn Mode,” hides browser history from nosy people trying to spy on your web history. Forensic experts were able to easily retrieve all the information that IE was expected to keep protected. The main feature of InPrivateBrowsing is that it does not allow cookies to be stored. Cookies are bits of text and data that are stored on your computer so that websites can easily access your information. Without cookies, login details and other sensitive information remains secure. Along with the disabling of cookies, the browser doesn’t allow history to be stored in the Windows registry, which is another way information can be found on your PC.

The major flaw of InPrivateBrowsing lies with cache files. These files are stored on your computer so that the websites you visit will load faster. The major flaw of InPrivateBrowsing is that it does not delete, or even disable, the Internet cache files. A user can manually delete these files, but they are still easily accessible with forensic tools. Users can always delete their cookies, cache, and temporary Internet files, but why would someone want to do that? For example, if I am searching the Internet for an engagement ring I could use privacy mode to make sure no traces of the searches are left online. That would be much more convenient than manually deleting everything. Not only would it be convenient, but it would look a lot less suspicious than having to delete all traces of my surfing. Both privacy mode and manual deletion solve the same problems, but the latter definitely looks fishy.

Betty Ostergren, a privacy advocate that posts Social Security numbers she found on the Internet, has been given the thumbs up by a federal judge in Virginia. Computerworld reports that the state government can not stop her from posting the Social Security numbers on her website. At first glance, this privacy issue should enrage a lot of people. Knowing she has your personal information and is posting it all over the Internet would upset a lot of people; but how did she find this information in the first place? She got the information from the Internet and public records. The privacy advocate did this as a lesson, and to start a campaign to show people just how easy it is to find sensitive information about them.

She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren’s website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.

I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don’t see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved… Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.

TechCrunch (via the WashingtonPost) has recently published an article stating what should be the Digital Bill of Rights to protect consumers. With the Internet age in full-swing, and Election ’08 in the near future, what better time than now to present a plan of action for laws and regulations regarding the Internet? Many laws governing the Internet are quite outdated and can’t keep up with the daily advances in technology…as food for thought: What if laws had never been changed with the inception of modern mail carriers? Imagine the same laws were still completely intact even with the transition from the Pony Express to the modern-day United States Postal Service. Could that work? Could a law regarding the Pony Express still govern the actions of USPS?

Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users’ Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.

Presented in the article is the author’s own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.

Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users’ surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.

Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers’ privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide “more relevant advertising” to their customers.

Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd’s service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn’t these companies help protect personal information, not jeopardize it?

Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One’s yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, “because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow…

In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can’t even choose to say “No.” In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research–not be forced into whatever absurd money-making scheme the companies are up to.

Recently reported by the New York Times and the Herald Tribune (Sarasota’s local newspaper), a little bit more than 88% of the 38,500 students in the Sarasota school district had personal information posted on the Internet for nearly two months.

The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students’ grades. The information, which contained students’ names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students’: birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.

Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students’ identities stolen. Hackers could have had a field day with this information–but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.

The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted–some cached record may be sitting on a server with the information.

Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren’t stressed as the focal point of a student’s education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review’s contract.

In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.

GovGab is an important tool for staying up to date on government legislation and resources. The blog posts vary by many different topics, with some of the newer ones focusing on keeping your food from spoiling during a power outage or discovering disabilityinfo.gov. The blog also breaks down into different categories so you can search for the things you are interested in.

The part of the blog I would like to focus on is one of their more recent posts. It is focused on privacy protection. The most important part of the posts points us to a list of privacy resources aimed at helping us maintain privacy. The resource page is set up with government and non-government sponsored websites that are all focused on helping us keep our privacy.

The resource page has just about any topic you could need to know about. It does have a lot of articles and resources for protecting children online, which is always a major concern. Other areas include financial information, identity theft protection, medical records privacy and Internet privacy. The resources site has a lot to offer and can keep you busy for a long time. Along with privacy resources, the resources site allows you to locate local officials, find information on a business, and get resources for teachers and consumers.

Ultimately the blog is a great source of information from our government. It does a great job of keeping the postings entertaining and not just focused on politics and policies.

Blogger News Network is reporting on a 20-year old Rhode Island native who has been sentenced to two years in prison for a drunk driving accident that left another driver seriously injured. Now you are probably asking, “What does this have to do with an Internet privacy blog?” The answer: Two weeks after he was charged, Joshua Lipton attended a Halloween party dressed as a “jail bird.” The photos of him partying were posted on Facebook, which ended up being very useful to the prosecution.

The prosecution found these photos and used them as evidence in court. They said Joshua was an “unrepentant partier” who “lived” it up, even though the victim of the crash was in the hospital. The judge agreed and before giving out his sentence deemed Justin to be “depraved.”

Prosecutors are not the only ones who are using social networking sites to make important professional decisions. Many employers are looking up their candidates on these sites to see what kind of life they lead and if they would like to employ them, or not.

It is probably a good idea to completely delete your profiles when you are looking for a job…or when you are on trial. Better yet, think twice before you post anything.