Wednesday, February 29, 2012

7 Signs We're Living In The Post-Privacy Era

By Helen A.S. Popkin 
January 3, 2012 
Courtesy Of "MSNBC"


Whether by corporate subterfuge, government decree, hacker invasion and our own ambivalence, our digital rights have never faced more peril than they will in 2012. Here's a look at the most egregious losses in privacy — the ways in which the stage was set — during this past year.
Facebook's meaningless settlement with the FTCEverything about Facebook is designed to make it easy for people to reveal things about themselves. Nothing about Facebook's FTC settlement in November — and a spin-heavy mea culpa from CEO Mark Zuckerberg and/or his media consultant — changes that.
According to the FTC complaint, Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public."
As we reported on the FTC settlement, Facebook is now barred "from making any further deceptive privacy claims." It also requires "that the company get consumer's approval before it changes the way it sharestheir data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years."
The settlement does not require that Facebook restore the privacy settings it rolled back in 2009, which led to the FTC investigation. Much of your information is still widely available to the public — as well as to Facebook's business partners — by default. If you want more privacy, you need to "opt out," otherwise your info is out there for anyone to see.
Meanwhile, the much celebrated Facebook Timeline — which rolled out to most users in December — may prove to be the ultimate Trojan horse,  soliciting users to add personal information and life details that occured before Facebook even existed. All the better for direct marketers to sell you stuff, my dear.
Now, the Electronic Privacy Information Center questions whether the rollout of the much celebrated Facebook Timeline conforms to the FTC settlement, sending a letter to the FTC, stating that, "with Timeline, Facebook has once again taken control over the user's data from the user and has now made information that was essentially archived and inaccessible widely available without the consent of the user."
SOPA vs. your right to Internet accessThe obsessive concern among free speech activists and the technorati over the Stop Online Piracy Act and similar Internet blackball bills went mainstream following the recent "Dump Go Daddy" campaign.
The anti-piracy bill, which the U.S. House Judiciary Committee is set to review next year, makes the streaming of unauthorized content a felony. Which is all well and good, but as the EFF warns, the bill's "vague language would create devastating new tools for silencing legitimate speech all around the Web."
"Netizens angered by the initial support of Web hosting giant Go Daddy for a controversial online piracy bill voted with their 'domain' — moving tens of thousands of website names to other Internet domain registrars in a coordinated day of online protest," msnbc.com's Miranda Leitsinger recently reported in Technolog. Go Daddy stopped its havering, making a solid statement opposing SOPA, and in doing so, joining other anti-SOPA corporations such as Google, Facebook and Wikipedia.
"All of the sudden there really is a lot of mainstream attention … we're seeing a lot of people waking up to these issues and taking a firm stance," Parker Higgins, an EFF activist, told Technolog. "It is an important issue and it's one that really affects the future of the Internet."
Why such a strong anti-SOPA turnout? Despite its authority in the U.S., SOPA has international ramifications. Websites that run afoul could be de-indexed by search engines, blocked by Internet service providers, and blackballed by payment processors such as Visa or PayPal as court-ordered by the U.S. Attorney General.
Here's a worst-case scenario free speech supporters say is entirely possible: Proxy servers such as those that aided Arab Spring by allowing protesters to share information on social media are also used to stream pirated content such as movies and music. Shut down the proxy server for a SOPA violation — such as aiding copyright violations — and the voices of protest could be muffled as well.
Given the success of the Go Daddy boycott, odds are SOPA won't pass — sooner or later however, a similar bill will. What we're seeing here is the first, clumsy attempt at inevitable regulation. Call that cynicism if you will, but as the history of radio and TV reveal, such is the fate of all new forms of major media.
Yeah, your cellphone is pretty much stalking you"Locationgate" — the kerfuffle following researchers' discovery that Apple iPhones send user locations back to Apple via unencrypted files — seems like small potatoes compared to a discovery made later in the year, but it was a harbinger of the many phone-related privacy threats ahead.
In April, Steve Jobs hotly denied during Locationgate that Apple tracked anyone, but in an email declared that Google's Android sure did. Google countered with an official statement that "location sharing on Android is opt-in by the user. We provide users with notice and control over the collection."
Apple's passive collection of user data was eventually declared to be "a bug," and it was revealed that the company never shared any of the info anyway.
Congress invited both companies to explain themselves, but as msnbc.com'sBob Sullivan pointed out in Red Tape Chronicles:
If you sensed from Apple — and Apple sympathizers — a bit of, "everyone does this, why is this such a big deal?” that's because they're right. It's true that location information greatly helps their network function. Anyone who's ever turned on a GPS and waited five minutes for the gadget to get a "fix" can appreciate the enhancement Apple was implementing. Plenty of other companies do collect and use detailed location information about us. Many will tell you they “anonymize” the information, they have strict policies about how it is used and stored, that they always get users’ permission before collecting it, that  they secure it, yadda, yadda, yadda. The Apple incident shows that location information is toxic, and the consequences of its collection can be very hard to control.
The bigger privacy scare came in November. Researcher Trevor Eckhart announced that he'd discovered that Carrier IQ — a cell phone diagnostics software company — didn't just track user location, but keystrokes as well (including, yes, passwords). As the case made headlines, it was revealed that Carrier IQ is, or may be, installed in handsets sold by AT&T, Sprint and T-Mobile, from brands including Apple, HTC and Samsung. Verizon Wireless is the only company that says it never installed the software.
The organization also reverse engineered the software to find out just what was going on. ExtremeTech's Sebastian Anthony broke down the process:
There are three parts to a Carrier IQ installation on your phone: The program itself, which captures your keystrokes and other "metrics"; a configuration file, which varies from handset to handset and carrier to carrier; and a database that stores your actions until it can be transmitted to the carrier. Now, the Carrier IQ program is a binary application and fairly hard to reverse engineer, and the database sounds like it's stored in RAM and thus hard to obtain — but the configuration profile … well, it turns out that that is very easy to crack.
On Dec. 1, Sen. Al Franken (D-Minn.) — who earlier this year launched the Location Privacy Protection Act — requested that Carrier IQ "explain exactly what the software records, whether it is transmitted to Carrier IQ or any third party, and whether the data is protected against security threats that could risk the safety and privacy of American consumers."
For all the sneaky stuff our smartphones do, we increasingly have the opportunity to be complicit in our own e-stalking, aptly noted by Gawker's Ryan Tate.
The predicted Facebook phoneGoogle Wallet and the fact that Apple recently obtained a number of patents, "including one that would turnthe device into a key to your home," present more ways we will voluntarily allow three major tech companies to track or locations, our financial info, our correspondences, our contacts and even open our front door. At the same time.
Some judges are cool with cops accessing your cell phone"In January 2011, the California Supreme Court ruled in People v. Diaz (PDF), that the police were authorized to search any person's cellphone, without a warrant, after they had been arrested under the narrow 'search incident to arrest' exception to the Fourth Amendment, that permits a brief search in the area immediately around a person for the purposes of officer safety and protection of evidence from immediate destruction," the EFF reports.
Since the beginning of the year, we've seen a disturbing trend throughout the United States in which police officers apprehend the telephones of bystanders.
"A high-school student who used her cellphone to take video of police on a city bus was arrested by police and taken into custody after she refused to turn her cellphone off," Technolog reported of a Newark, N.J. incident in May. "Police later released her, but not before they erased the video on the teen's phone."
A police shooting of a man in Miami Beach on Memorial Day was terrifying, but when it was over, officers turned their attention to a man filming the violent scene with his cellphone. They demanded the device, smashed it and probably thought that was that; no video anymore. It was not: Narces Benoit had had the presence of mind to pull the phone's memory card with the video on it from his cellphone and put the card in his mouth.
"Now, people are carrying years of email correspondence, text and instant messages, bank and financial records, personal photos, calendars, websites they've visited, places they've visited, even the books they read," the EFF points out. "So, with all the mobile computing smartphones are capable of, it comes as no surprise that law enforcement wants to get their hands on the digital goodies. And unfortunately, in 2011 courts gave them the ammunition to do so."
Oh yeah, and the Feds want to know what you're up to, tooIn December, a Carrier IQ senior executive said that the FBI approached the company about using its technology but was rebuffed, Associated Press reported. "The disclosure came one day after FBI Director Robert Mueller assured Congress that agents 'neither sought nor obtained any information from the company, Carrier IQ."
Meanwhile"several court decisions in recent months have sent mixed messages about the legality of GPS and cellphone tracking by the government, and the issue has just landed in the U.S. Supreme Court," Security News Daily reported in November.
In August, a federal judge in New York ruled that police would need a warrant to track an individual using cellular-tower triangulation. In early October, a different federal judge, this one in Washington, D.C., ruled that police did not need a warrant to use same method to track the cellphone of an armed-robbery suspect in an ongoing case. And just last week, a third federal judge,  this one in Houston, ruled that a warrant was necessary.
When it comes to location, there's also the matter of the feds attaching GPS devices directly to your car. "Cases of surprised citizens finding government GPS units on their car aren't everyday occurrences, but they are happening,Technolog reported in November.
"In March, an Egyptian-American college student filed suit against the FBI for secretly putting a GPS tracking device on his car. Yasir Afifi, a California native who said he had and has nothing to hide, said a mechanic doing an oil change on his car found the device between his car's right rear wheel and exhaust."
In November, Wired's Threat Level reported a "Hispanic American who lives in San Jose at the home of his girlfriend’s parents," found not one, but twohidden GPS devices on his Volvo.
And if you're not being tracked directly on your vehicle, perhaps it's from above. The New York Times reported in December:
The American Civil Liberties Union on Thursday warned of the prospect of "routine aerial surveillance of American life" and called for new regulations to govern the use of unmanned aerial systems, or drones, over American skies.
Know what else the ACLU ain't happy about? That National Defense Authorization Act (NDAA) President Barack Obama signed on Dec. 31 — the one that allows the indefinite military detention without trial of American citizens. "The statute is particularly dangerous because it has no temporal or geographic limitations, and can be used by this and future presidents to militarily detain people captured far from any battlefield,"  Anthony D. Romero, ACLU executive director, said in a statement.
Even if you don't leave your house, there's always the Internet. As we mentioned earlier, a quick review of the EFF's growing gallery of evidencerevealing social media monitoring by various U.S. government agencies only goes to show: There are no secrets among "friends."
Don't forget the hackers! While the Matrix-like intrigue of Operation AntiSec  —  the distributed denial of service attacks (DDoS) against banks, corporations and the government — made for a more exciting read, individuals still have more to fear from far more malicious cybercrime.
In April, a company called Epsilon released a statement reporting an unauthorized entry in its clients' customer database. Though nobody had really heard of this company, it turns out, most Internet-active Americans were affected one way or another. See, Epsilon is an electronic direct marketing outfit that sends 40 billion emails annually and counts over 2,500 clients, including 7 of the Fortune 10, as well as the New York Times.
For the most part, only emails were exposed — no passwords or other personal information.
That was a mild relief, yet not a breach to be taken lightly, as Technolog noted at the time. Following the breach, customers of any of Epsilon's clients needed to be wary of spam, that could take the form of fake emails that appear to be from a trusted company, tempting you to click.
Scammers use hijacked email addresses to create email based on your interests or email that appears to be from your bank or other company you know and trust. Clicking the malicious link within an email can hijack your computer and turn it into a spam bot without your knowledge or worse, install malware that can record your passwords and credit card info.
During the past year or so, similar user or employee database hackings were reported on Gawker Media's blog network, Sony's PlayStation Network (and other related services), the Citigroup bank, defense contractor Lockheed Martin, military consulting firm Booz Allen Hamilton — even the Hershey chocolate company, among others.
Also, we're jerksIn November, an inexcusable number of media outlets found it super awesome that Andy Boyle, a newsroom web developer for the Boston Globe, live-tweeted the ugly details of a young couple's argument in Burger King.
As David Pell pointed out best, "The fight was loud enough for Boyle and other patrons to overhear. The fighting couple was certainly aware of that. They chose to argue in public. They, in effect, gave up their right to privacy among those at the restaurant. But should they have assumed their fight would be broadcast on Twitter and eventually featured on ABC News?"
But in an act similar to say — a journalist emailing crime scene photos to friends for giggles with no thought to the victims — Boyle also tweeted a photo of the couple. Mainstream media outlets ran the photo as well.
Pell, one of the shamefully few to call shenanigans on this incident, goes on to write:
In that Burger King, Andy Boyle thought he was listening to the disintegration of a couple's marriage. He was really hearing the crumbling of his own ethics and self-restraint. We can't stand by and let an alliance between technology and poor judgment disintegrate all decency, and turn every human exchange into another tawdry and destructive episode on a never-ending social media highlight reel.
If our disgust with this kind of secondhand sharing is widespread enough, maybe there's still a chance such invasions of privacy will be the exception and not the rule. But I wouldn't bet on it.
As 2012 moves forward, we may not have much control over our own privacy, but we can at least control what we do with the privacy of others.

No comments: