Tech and Media Companies Back Microsoft in Email Seizure Case

Over Under Sideways

Good for Microsoft, and good for the tech industry to rally behind Microsoft1

A broad array of organizations in technology, media and other fields rallied on Monday behind Microsoft’s effort to block American authorities from seizing a customer’s emails stored in Ireland.

The organizations filing supporting briefs in the Microsoft case included Apple, Amazon, Verizon, Fox News, National Public Radio, The Washington Post, CNN and almost two dozen other technology and media companies. A cross-section of trade associations and advocacy groups, from the American Civil Liberties Union to the United States Chamber of Commerce, and 35 computer scientists also signed briefs in the case, which is being considered in New York by the United States Court of Appeals for the Second Circuit.

“Seldom do you see the breadth and depth of legal involvement that we’re seeing today for a case that’s below the Supreme Court,” Bradford L. Smith, Microsoft’s general counsel, said in an interview.

The case involves a decision by Microsoft to defy a domestic search warrant seeking emails stored in a Microsoft data center in Dublin. Microsoft has argued that the search warrant could provide a dangerous precedent that is already leading to privacy concerns among customers. The case is especially relevant, the company says, to customers who are considering conducting more of their electronic business in the cloud.

(click here to continue reading Tech and Media Companies Back Microsoft in Privacy Case – NYTimes.com.)

Even the Faux Walls have eyes
Even the Faux Walls have eyes

You know who isn’t mentioned here or at Microsoft’s public blog page for this case? Google. I wonder why? Seems like a pretty high profile case to be siding with the US DOJ instead of privacy advocates.

Today represents an important milestone in our litigation concerning the U.S. Government’s attempt to use a search warrant to compel Microsoft to obtain and turn over email of a customer stored in Ireland. That’s because 10 groups are filing their “friend of the court” briefs in New York today.

Seldom has a case below the Supreme Court attracted the breadth and depth of legal involvement we’re seeing today. Today’s ten briefs are signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic.

We believe that when one government wants to obtain email that is stored in another country, it needs to do so in a manner that respects existing domestic and international laws. In contrast, the U.S. Government’s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk.  And as today’s briefs demonstrate, the impacts of this step are far-reaching.

Today’s briefs come from:

Leading technology companies such as Verizon, Apple, Amazon, Cisco, Salesforce, HP, eBay, Infor, AT&T, and Rackspace. They’re joined by five major technology trade associations that collectively represent most of the country’s technology sector, including the BSA | The Software Alliance and the Application Developers Alliance. These groups raise a range of concerns about the significant impact this case could have both on the willingness of foreign customers to trust American technology and on the privacy rights of their customers, including U.S. customers if other governments adopt the approach to U.S. datacenters that the U.S. Government is advocating here.

Seventeen major and diverse news and media companies, including CNN, ABC, Fox News, Forbes, the Guardian, Gannett, McClatchy, the Washington Post, the New York Daily News, and The Seattle Times. They’re joined by ten news and media associations that collectively represent thousands of publications and journalists. These include the Newspaper Association of America, the National Press Club, the European Publishers Council, and the Reporters Committee for Freedom of the Press. These organizations are concerned that the lower court’s decision, if upheld, will erode the legal protections that have long restricted the government’s ability to search reporters’ email for information without the knowledge of news organizations.

(click here to continue reading Business, Media and Civil Society Speak Up in Key Privacy Case – The Official Microsoft Blog.)

Footnotes:
  1. not a sentence I’d thought I’d type []

Americans Cellphones Targeted in Another Secret U.S. Spy Program

Conversation In Front of 110 N. Wacker Drive
Possible Criminal Conversation In Front of 110 N. Wacker Drive

Devlin Barrett of the WSJ reports that the U.S. Justice Department is collecting data on phones through a novel approach: fake cellphone towers on airplanes that fly around the country. Warrants not necessary, of course, because when you clicked through the EULA terms on your new smartphone, you agreed that you gave up all rights to privacy. Well, probably, because who actually reads those things?

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.

Planes are equipped with devices—some known as “dirt boxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them1—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

The technology in the two-foot-square device enables investigators to scoop data from tens of thousands of cellphones in a single flight, collecting their identifying information and general location, these people said.

(click here to continue reading Americans’ Cellphones Targeted in Secret U.S. Spy Program – WSJ – WSJ.)

Eye see u Willis
Eye see u Willis

Sounds great. Warrants are so old fashioned, so 20th Century. 

Or as Digby adds:

But never fear, they’ve assured us that they are only using it to catch bad guys.They have no interest in anything you might be doing.  Well, unless you’re doing something wrong.  If you are an upstanding citizen there’s little reason to worry that the police might be re-routing your phone calls without your knowledge right? Why should you care?

In fact, we really need to re-think that whole 4th Amendment thing altogether. When you think about it, you shouldn’t object to the police ransacking your house and your car without any probable cause either. They could be looking for someone they know is in your neighborhood. If you have nothing to hide in your home why would you object? Sure, they might find something they think is suspicious in your house when they go on their fishing expedition but maybe you shouldn’t have suspicious things in your house if you don’t want the cops finding it, eh?

This is what we call liberty.

(click here to continue reading Hullabaloo- Secrets and more secrets .)

Do All Photographers Need a Warrant?
Do All Photographers Need a Warrant?

Mariella Moon of Engadget writes

These dirtboxes are also sophisticated enough to mimic a particular provider. If a drug dealer under surveillance uses Verizon, for instance, then the machine pretends to be a Verizon cell tower and connects only to all the carrier’s subscribers in the area. Once a target’s phone is identified (at which point, connections to other people’s phones are dropped), the box can pinpoint his location within 3 meters and down to a specific room. The WSJ’s sources wouldn’t reveal how often planes loaded with these boxes are deployed (they have a flying range that covers the whole country’s population, by the way), but they said the Cessnas fly out regularly to target a handful of criminals per flight.

Obviously, the more densely populated the target area is, the more data the boxes collect, but it’s unclear what steps are in place to safeguard innocent people’s information. It’s also unclear at this point if they’ve ever used the newer dirtboxes’ capabilities, which include jamming phones and extracting messages, photos and other data remotely. If you’re thinking, “Hmmm fake cell towers? Those sound ominously familiar,” it’s because this isn’t the first time authorities used them. In fact, this dirtbox project sounds like a larger, airborne version of a previous one, wherein feds placed fake towers called “stingrays” in moving cars.

(click here to continue reading Flying fake cell towers target fugitives, but can ID your phone too.)

City of Chicago Emergency Management Surveillance Vehicle
City of Chicago Emergency Management Surveillance Vehicle

Footnotes:
  1. Boeing subsidiary Digital Recovery Technology Inc. or DRT []

Facebook Is the NSA of Corporate America

Over Under Sideways
Over Under Sideways

Speaking of Big Data and Facebook, the marketing and privacy experts at Mark Zuckerman’s data mining company have come up with a new way to make money off of you: turning on the microphone on your mobile device, and listening in to your life as you live it.

The social network appears to be preparing to serve ads to users based on a Shazam-style feature that picks up via the microphones on devices with Facebook’s app installed—watching Breaking Bad? Check out this ad for the new drama on AMC. Listening to OutKast? Try Ludacris.…

Facebook’s ad strategy is getting more sophisticated every week; with the new tool (which Facebook stresses is optional, though you know how it is: if people like it and it’s convenient, that’s better than mandatory), it’ll have far more information about something Nielsen, Acxiom and other data giants conduct huge panel studies to determine: user media habits. Not the media habits users write down in diaries, but what people actually do and might not self-report to anyone but their friends—who marathons Murder, She Wrote until 3 in the morning or listens to nothing but Ween for three straight months.

  • It’s totally fair to wonder where the data derived from the recordings—song title, album, etc.—is stored and where it goes. Based on the fact that this is being used for marketing, the short answer seems to be “to people who are willing to pay to know what you’re into.” 
  • It’s hard to make this not creepy. Facebook is using your cell phone to listen to you and serve you ads. It’s doing it all in the name of user convenience, of course, but it’s still doing it. 
  • Marketers are going to love this. Dynamic ad serving has been a pipe dream for so long, and Facebook’s multi-billion-person user base is everyone’s favorite thing for that specific purpose.

(click here to continue reading Listening to Beyoncé? Facebook Has an Ad for You | Adweek.)

Or Pay The Price
Or Pay The Price

From the WSJ:

Facebook on Wednesday added a feature to its mobile app that identifies music and television shows playing in the background and suggests users share them with a larger audience.

The feature was the latest in a series of changes by Facebook to nudge users to divulge more—and more-specific—personal information on the social network. This week, it introduced a feature that allows users to prompt their friends to divulge more information about themselves. Last year, the social network allowed users to categorize posts by activity.

Facebook uses the data to sell targeted advertisements. The more detailed the information it gathers from users, the more personalized—and expensive—advertising the company can sell.

The recent changes represent an effort by Facebook to prod users into sharing more information about themselves. In recent years, the company has added categories, like “watching,” “eating” or “listening,” that users can add to their posts. In April it created a “traveling to” category, allowing users to post their travel destinations. A “nearby friends” feature, also rolled out last month, lets users know when their Facebook friends are in the vicinity. Turning on the feature lets Facebook track users wherever they go, even when the app is closed.

This week, Facebook began allowing users to request their friends’ relationship status using the new “Ask” button.

Advertisers like the additional data.

(click here to continue reading Facebook Adds Feature to Identify Music, TV Shows – WSJ.com.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

Amusingly, Facebook announced on the same day:

Responding to business pressures and longstanding concerns that its privacy settings are too complicated, Facebook announced on Thursday that it was giving a privacy checkup to every one of its 1.28 billion users.

 …

“They have gotten enough privacy black eyes at this point that I tend to believe that they realized they have to take care of consumers a lot better,” said Pam Dixon, executive director of the World Privacy Forum, a nonprofit research and advocacy group. Ms. Dixon was briefed in advance about the latest changes.

For most of its 10-year history, Facebook has pushed — and sometimes forced — its users to share more information more publicly, drawing fire from customers, regulators and privacy advocates across the globe.

(click here to continue reading Facebook Offers Privacy Checkup to All 1.28 Billion Users – NYTimes.com.)

Sure, sure they are.

Facebook, Google Face Backlash Over Logins

Cougle, Google's neighbor
Cougle, Google’s neighbor

Personally, I never, ever use logins that depend upon Facebook. I have run across a few iOS apps that insist upon Facebook logins, and I deleted them rather than give up my information. I have on rare occasion used the Google login, but I’d much prefer using my own login credentials, even if it involves creating yet another password. Since I use 1Password these days, creating and maintaining unique passwords isn’t as much of a burden as it used to be.

Facebook and Google are battling to be the gateway through which users connect to websites and mobile apps. But users and businesses may be losing interest in such “social login” services.

Consumers worry about broadcasting their preferences and habits to companies and across their social networks. Businesses are torn between making life easier for users and letting Facebook and Google see the resulting data.

“A few years ago, there was a frenzy, but the interest has peaked,” says Sucharita Mulpuru-Kodali, an analyst at Forrester Research who studies social login. “There’s the fear of, ‘Oh my God, I’m going to click something and God knows what’s going to show up on my Facebook wall.’ ”

The social login buttons allow consumers to log in to other websites and apps using their usernames and passwords, for example, from Facebook Login or Google+.
But a Forrester survey of 66 large and midsize companies finds that only 17% use social-login buttons, and more than half have no plans to do so. Forrester hadn’t previously done a similar survey, but Ms. Mulpuru-Kodali says social login offerings are no longer appealing to retailers and users.

(click here to continue reading Too Much Information? Facebook, Google Face Backlash Over Logins – WSJ.com.)

The One Chord Song Lasts A Lifetime
The One Chord Song Lasts A Lifetime

I think also more consumers are realizing that Facebook and Google are not creating these tools to make consumers digital lives easier, but instead to enable Facebook and Google to collect data on consumers that they will then sell to businesses. Why make the process any easier for Big Data? Especially since Google and Facebook have repeatedly made errors that benefit their own business practices, and only apologize when the “error” becomes public, or the FTC files a complaint.

One reason users hesitate is privacy — the fear that logging in to the real-estate website Zillow through a Facebook button, for example, might inadvertently reveal the house you looked at, and its price, to your social network. Facebook says this can’t happen without a consumer’s express permission. But many users are wary because of the social network’s mixed record on privacy.

Some large brick and mortar retailers are concerned that letting Facebook or Google put code on their website might lead to the Web giants collecting their purchase data. Google says it doesn’t collect this information1.

(click here to continue reading Silicon Valley Is Waging a War Over Your Online Identity. But Is It Worth It? – Digits – WSJ.)

Footnotes:
  1. but won’t swear to it in court []

California Urges Websites to Disclose Online Tracking

 Tired Of Keeping Track

Tired Of Keeping Track

Kudos to Attorney General Kamala D. Harris, let us stipulate that this becomes a national trend, and soon…

Every major Internet browser has a feature that lets you tell a website that you don’t want it to collect personal information about you when you visit.

And virtually every website ignores those requests. Tracking your online activities — and using that data to tailor marketing pitches — is central to how Internet companies make money.

Now California’s attorney general, Kamala D. Harris, wants every site to tell you — in clear language — if and how it is respecting your privacy preferences. The guidelines, which will be published on Wednesday, are intended to help companies comply with a new state privacy law that went into effect on Jan. 1. That law requires sites to prominently disclose all their privacy practices, including how they respond to “do not track” requests.

“This guide is a tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions,” Ms. Harris said in a statement.

(click here to continue reading California Urges Websites to Disclose Online Tracking – NYTimes.com.)

Eye see u Willis
Eye see u Willis

Though this is a voluntary rule, and there are lots of lobbyists chewing on Congress-critters ears to block this practice from expanding, the publics’ opinion is very clear, so maybe by the time the aliens land, or the oceans reach the Midwest, we’ll have action:

The California guidelines for the Jan. 1 privacy law are voluntary. Other efforts to establish more binding privacy protections — either through federal or state laws or through industry self-regulation — have failed to win enough support to pass.

In an attempt to nudge the process along, two of the leading web browsers, Mozilla’s Firefox and Microsoft’s Internet Explorer, began giving users the option of sending a signal that tells all websites they visit that they don’t want to be tracked. Apple’s Safari and Google’s Chrome later added similar options.

But despite pledges by the advertising and technology industries to find a way to honor such requests — and endless discussions at an industry standards group, the World Wide Web Consortium, that was supposed to come up with a common set of rules — little progress has been made. This month, a White House advisory group again called for limits on tracking.

Do Not Track
Do Not Track 

Today, virtually no site respects “do not track” requests coming from web browsers. The only major company that honors the signals is Twitter.

Yahoo, which was one of the first companies to respect “do not track” signals, announced last month that it would no longer do so. Part of the company’s turnaround strategy depends on personalizing its services and advertising, which requires — you guessed it — tracking you across the web.

For what it’s worth, I still use Ghostery, despite it breaking functionality of some websites like Crain’s Chicago, or Nordstroms…

Police Keep Quiet About Stingray A Cellphone Surveillance Tool

Eye see u Willis
Eye see u Willis

Ahh, our National Security State keeps chugging along, snatching us up in its tentacles…

Police across the country may be intercepting phone calls or text messages to find suspects using a technology tool known as Stingray. But they’re refusing to turn over details about its use or heavily censoring files when they do.

Police say Stingray, a suitcase-size device that pretends it’s a cell tower, is useful for catching criminals, but that’s about all they’ll say.

For example, they won’t disclose details about contracts with the device’s manufacturer, Harris Corp., insisting they are protecting both police tactics and commercial secrets. The secrecy – at times imposed by nondisclosure agreements signed by police – is pitting obligations under private contracts against government transparency laws.

Even in states with strong open records laws, including Florida and Arizona, little is known about police use of Stingray and any rules governing it.

A Stingray device tricks all cellphones in an area into electronically identifying themselves and transmitting data to police rather than the nearest phone company’s tower. Because documents about Stingrays are regularly censored, it’s not immediately clear what information the devices could capture, such as the contents of phone conversations and text messages, what they routinely do capture based on how they’re configured or how often they might be used.

(click here to continue reading POLICE KEEP QUIET ABOUT CELL-TRACKING TECHNOLOGY, BY JACK GILLUM, News from The Associated Press.)

Cops on Bikes
Cops on Bikes on Cellphones

Note that this works on everyone’s cellphones, regardless if you are a criminal suspect, or just a teenage girl texting your friends. Who needs warrants, right? The old United States that celebrated civil liberties as a constitution right has been superseded by 9-11 and the War on Terra.

ACLU Staff Attorney Nathan Freed Wessler writes:

It appears that at least one police department in Florida has failed to tell judges about its use of a cell phone tracking device because the department got the device on loan and promised the manufacturer to keep it all under wraps. But when police use invasive surveillance equipment to surreptitiously sweep up information about the locations and communications of large numbers of people, court oversight and public debate are essential. The devices, likely made by the Florida-based Harris Corporation, are called “stingrays,” and unfortunately this is not the first time the government has tried to hide their use.

So the ACLU and ACLU of Florida have teamed up to break through the veil of secrecy surrounding stingray use by law enforcement in the Sunshine State, last week filing a motion for public access to sealed records in state court, and submitting public records requests to nearly 30 police and sheriffs’ departments across Florida seeking information about their acquisition and use of stingrays.

As two judges noted during the oral argument, as of 2010 the Tallahassee Police Department had used stingrays a staggering 200 times without ever disclosing their use to a judge to get a warrant.

Potentially unconstitutional government surveillance on this scale should not remain hidden from the public just because a private corporation desires secrecy. And it certainly should not be concealed from judges. That’s why we have asked the Florida court that originally sealed the transcript to now make it available to the public. And that’s also why we have asked police departments throughout Florida to tell us whether they use stingrays, what rules they have in place to protect innocent third parties from unjustified invasions of privacy, and whether they obtain warrants from judges before deploying the devices.

Although secret stingray use has increasingly been exposed by the press (and by the ACLU), public details are still scant. Our new work in Florida is part of national efforts to understand how law enforcement is using these devices, and whether reforms are needed to protect our privacy from law enforcement overreach.

(click here to continue reading Police Hide Use of Cell Phone Tracker From Courts Because Manufacturer Asked | American Civil Liberties Union.)

Transformers 3 Soldier extra
Soldier on a Cellphone (Transformers 3)

via

Senator Rockefeller Warns Marketing Data Giants: You’re On Notice

Video Flag Z by Nam June Paik
Video Flag Z by Nam June Paik

We’ve long been dismayed by how powerful and secretive the massive data broker corporations have become. Our data is collected, often surreptitiously, then repackaged and sold to other corporations, and we don’t get a percentage of the profits, nor any real notice that this is happening.

Good news, maybe, from Washington, as reported by Kate Kaye of AdAge:

Today the Senate Commerce Committee held a long-awaited hearing about the consumer-data-broker industry.

“We have a feeling people are getting scammed or screwed,” said Senator Jay Rockefeller, D-W.V., whose office sent inquiries to several data brokers in the past year. He called out data giants Acxiom, Epsilon and Experian, threatening to use more forceful ways of getting them to divulge information about how they do business and with whom.

One concern shared by Mr. Rockefeller and privacy advocates is predatory marketing activity conducted by financial firms or other companies targeting vulnerable groups such as the impoverished or immigrant populations. Another concern is the practice of scoring individuals determined by algorithmic data analysis and serving them with tailored offers. In some cases that could involve higher interest rates for loans or dynamic prices for products based on prior web behavior or demographic data.

“To date they have not given me complete answers,” said Mr. Rockefeller of Acxiom, Epsilon and Experian. “I’m putting these three companies on notice today…that I am considering further steps and I have steps I can use to get this information.”

Mr. Rockefeller sent letters to data companies such as Acxiom, Datalogix, Epsilon, Experian and Transunion in June, then broadened the inquiry to include media firms — typically big collectors of behavioral web data — like About.com, Babycenter.com, Cafemom.com, Time’s Health.com and Conde Nast’s Self.com.

 

(click here to continue reading Rockefeller to Marketing Data Giants: You’re On Notice | Privacy and Regulation – Advertising Age.)

Bares paying attention to…

Photo Republished at AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica

Eyeing John Marshall Law School

My photo was used to illustrate this post

AT&T is watching you browse. AT&T’s “GigaPower” all-fiber network has launched in parts of Austin, Texas, with a price of $70 per month for download speeds of 300Mbps (which will be upgraded to a gigabit at no extra cost in 2014). The $70 price is only available if you agree to see targeted ads from AT&T and its partners, however. Interestingly, AT&T labels the Internet service with targeted ads as its “premier” service while calling the service without targeted ads “standard.”

click here to keep reading :
AT&T offers gigabit Internet discount in exchange for your Web history | Ars Technica

automatically created via Delicious and IFTTT

Experian Sold Consumer Data to ID Theft Service

We Finally Came To Realize

We Finally Came To Realize

A troubling tale via Krebs on Security

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement. Martin said that several years ago US Info Search and CourtVentures each agreed to grant the other company complete access to its stores of information on US consumers.

Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Cached, historic copies of courtventures.com are available through archive.org.

THE ROLE OF EXPERIAN

In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.

Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.

While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”

Experian declined multiple requests for an interview.

(click here to continue reading Experian Sold Consumer Data to ID Theft Service — Krebs on Security.)

Or Pay The Price
Or Pay The Price

so if your account was one of the unlucky ones, what was stolen?

These services specialized in selling “fullz” or “fulls,” a slang term that cybercrooks use to describe a package of personally identifiable information that typically includes the following information: an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. Fulls are most commonly used to take over the identity of a person in order to engage in other fraud, such as taking out loans in the victim’s name or filing fraudulent tax refund requests with the IRS.

All told, findget.me and superget.info acquired or sold fullz information on more than a half million people, the government alleges.

Why exactly do we as a society allow Experian and similar organizations collect this data in the first place? They accumulate the data, and sell it to advertisers, or to scammers, and what benefit does it bestow on us? Other than headache and grief…

There was much gnashing of teeth when we discovered just how many hard disks the N.S.A. has filled with our personal data, why does Experian and other similar corporations get a pass from the public?

Revolution of The Innocent
Revolution of The Innocent

especially when Experian will skip away from this investigation with nothing more than a slap on the wrist with a wet noodle…

Meanwhile, it’s not clear what — if any — trouble Experian may face as a result of its involvement in the identity theft scheme. This incident bears some resemblance to a series of breaches at ChoicePoint, a data aggregator that acted as a private intelligence service to government and industry. Beginning in 2004, ChoicePoint suffered several breaches in which personal data on American citizens was accessed by crooks who’d used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. ChoicePoint was later sued by the U.S. Federal Trade Commission, an action that produced a $10 million settlement — the largest in the agency’s history for a violation of federal privacy law.

Experian makes about $500,000,000 in profit a year, btw.

Big Data Owns You And You Cannot Opt Out

Electric Eye
Electric Eye

So Big Data is not only collecting, and selling your information online, but in retail stores too. I know we are being trained to just shrug our shoulders and chalk it up to living in the 21st C.E., but I can’t quite get comfortable with the idea that corporations have accumulated so much information about me and you that the information is a commodity. We’ve discussed how prevalent this activity is, a few times, or more.

The technology that allows stores to track shoppers’ cellphones, for instance, works even when customers do not log on to the Wi-Fi networks of stores. The only way a cellphone user can avoid being tracked is to turn off the Wi-Fi feature on their phones, which few are likely to do if they are unaware of the monitoring in the first place. While a few retailers like Nordstrom have posted signs telling customers that they were being monitored in this way, many others do not do so. (Nordstrom stopped tracking cellphones in May, partly as a result of complaints from customers.)

If stores want to track their customers, they should tell the public what they are doing and give people the ability to opt out of monitoring. Many shoppers say they are willing to give information about themselves in exchange for special deals and promotions. But some consumers go to physical stores because they want to protect their privacy. Traditional retailers would be smart not to alienate customers by surreptitiously tracking them.

(click here to continue reading You (and Your Cellphone) on Candid Camera – NYTimes.com.)

Eyeing John Marshall Law School
Eyeing John Marshall Law School

especially since technology to track us is advancing quickly:

Pam Dixon, executive director of the World Privacy Forum, says that although most of the focus in the media has been on how companies are tracking us through Internet browsers and smart phones, there is actually more danger of invasions of privacy occurring in physical retail outlets, mostly because consumers are unaware of the extent to which they are being tracked. “This is an entire business model that has sprung up that I think maybe three people in the entire country know about outside the industry,” she says.

And though analytics firms and retailers claim they aren’t using technology to personally identify shoppers or pair that information with financial histories, it is very much possible to do so. In 2010, the Association of Marketing in Retail produced a voluntary code of conduct for marketers and retailers to use as a guide in their tracking and marketing efforts. The code outlines the various tracking capabilities available and rates them on a scale from low risk to high risk. According to the code of conduct, a low-risk tracking method would include “infrared or laser or laser beam motion detectors” that can give retailers an idea of how many people are in a store and where they are traveling but “are not able to track or record individual consumer paths.” The high-risk end of the spectrum includes methods that allow retailers to individually track consumers by recognizing a smart phone wi-fi signal or through interpreting visual data from facial-recognition technology.

That kind of tracking is, according to Dixon, unethical and contrary to shoppers’ expectation of privacy. “Legally, stores have the right to put up security cameras, but the consumer expectation of privacy is being circumvented here,” she says. “Because when a consumer looks into that camera, they expect it’s being used for security, not marketing purposes.”

According to Mark Eichorn of the Division of Privacy and Identity Protection at the Federal Trade Commission, the FTC has been monitoring this type of consumer tracking but hasn’t found that firms are using facial-recognition software to create individual profiles of customers. Last December, the FTC held a workshop on facial-recognition technology in the retail space

(click here to continue reading Are Retailers Using Facial-Recognition Software to Track Customers? | TIME.com.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

To me, a government agency such as the FTC saying “we haven’t seen this activity” does not make me confident. The federal government is not proactive in most instances, preferring to Not Know, so that nobody can complain that Nothing Is Being Done. In other words, I’m guessing some corporations are using facial recognition software and merging that with databases of financial history and who knows what else. The NSA is one thing, but do you really want Home Depot or Macy’s to be able to profit off of you in this way? Where do you opt out? Nowhere, other than moving to Frostpocket and going off the grid…

Internet groups whine about new online privacy rules for children

 Miniature Office Globe

Oh, cry me a river. I’d love to have the same options available for myself! Kids luckily have some protection from being subsumed by the data collection industry, but not much. Adults – not even a token bit of assistance.

Internet groups complained Monday that new Federal Trade Commission regulations to protect children’s privacy online are financially burdensome to start-up companies.

Under regulations that went into effect July 1, websites catering to children will no longer be able to collect a range of identifying information without obtaining verifiable parental consent.

The child protection regulations will now hold the owners of sites and apps frequented by children responsible for third-party services — such as plug-ins or ads — that collect personal information from visitors who say they’re younger than 13. The third-party services will be held liable only if the FTC can prove they knowingly collected personal information from children.

Kid-friendly websites that want to use such ads to provide free content to kids, or that want to collect personal information for interactive content, now have to either get parental consent or forgo the content altogether, as some tech experts worry they’ll do.

“The biggest challenge here is that the commission defines personal information in a way that is so incredibly broad,” said Lydia Parnes, the former director of the FTC’s Bureau of Consumer Protection and now a privacy lawyer, at a gathering of data experts and representatives of Internet companies in Washington.

 

(click here to continue reading Internet groups decry cost of new online privacy rules for children – latimes.com.)

Embarrass
Embarrass

 Have you ever tried to opt out of Acxiom’s database, for instance? Good luck. And they are just one firm out of thousands that Ghostery knows about. Unless you are paying attention to that industry, you’ve never heard of most of them, have no business relationship with them, nor consent to your information being bought and sold. Tough luck, unless you are under 13…

Privacy Breach on Bloomberg Data Terminals

Gold Coins
Gold Coins

I’ve never had the opportunity to use a Bloomberg terminal, but this seems like a fairly large and systemic breach of trust. If I was a corporation with a contract with Bloomberg, I’d seriously look into canceling it, or at least not renewing without financial concessions.

The company confirmed that reporters at Bloomberg News, the journalism arm of Bloomberg L.P., had for years used the company’s terminals to monitor when subscribers had logged onto the service and to find out what types of functions, like the news wire, corporate bond trades or an equities index, they had looked at. Bloomberg terminals, which cost an average of more than $20,000 a year, are found in nearly every banking and trading company.

Bloomberg said the functions that allowed journalists to monitor subscribers were a mistake and were promptly disabled after Goldman Sachs complained that a Bloomberg reporter had, while inquiring about a partner’s employment status, pointed out that the partner had not logged onto his Bloomberg terminal lately.

The incident led to broader concerns about the line at Bloomberg between its lucrative terminal business and the hypercompetitive newsroom, threatening to undermine the credibility of both. In a secretive world that thrives on opacity, traders and financial firms jealously guard every speck of information about their activity to avoid tipping their hand on their trades and investments.

“On Wall Street, anonymity is critically important. Secrecy and the ability to cover one’s tracks is paramount,” said Michael J. Driscoll, a former senior trader at Bear Stearns who now teaches at Adelphi University. He added: “If Bloomberg reporters crossed that line, that’s an issue.”

 

…In the early 1990s, when Bloomberg L.P. had just started to build its news division, reporters were encouraged to leverage the terminals as a way to get a leg up on the competition, said several former employees who would discuss practices only anonymously. Reporters often went on sales calls to talk to banks and hedge funds about the news division to help the company sell terminals. The practice became much less pervasive as Bloomberg became an established news outlet, although many Bloomberg veterans still consider the news division solely a means to sell more terminals.

(click here to continue reading Privacy Breach on Bloomberg’s Data Terminals – NYTimes.com.)

Eyeing John Marshall Law School
Eyeing John Marshall Law School

more from Zachary Seward:

Bloomberg LP is in damage-control mode. Some of its largest customers have publicly accused the firm’s journalists of snooping on their usage of Bloomberg terminals, the firm’s wildly profitable information service for investors.

 …

Every Bloomberg terminal customer knows you just need to tap twice on the greenbutton in the top-left corner of the keyboard in order to chat with a customer service representative. Fewer of them are aware that the transcripts of those conversations are stored by the company and could be viewed by any employee.

Several former Bloomberg employees say colleagues would look upchat transcripts of famous customers, like Alan Greenspan, for amusement on slow workdays. The transcripts were typically mundane and hardly incriminating, but who wouldn’t enjoy watching a former US Federal Reserve chairman struggle to use a computer? And, in theory, the substance of someone’s query to customer service could reveal specific information that he’s interested in, tipping off a reporter to a story.

It’s common for companies to keep logs of their interactions with customers. What makes Bloomberg different is that any employee, including journalists, could access those logs through thefunction on their terminals. Trippet said that access was revoked from journalists.

(click here to continue reading What Bloomberg employees can see when they snoop on customers – Quartz.)

Electric Eye
Electric Eye

and worse of all, Bloomberg knew about it a while ago, but didn’t think it a problem, as Buzzfeed reports:

Executives at the financial information company Bloomberg have known about journalists using the company’s terminals to spy on clients at least since September 2011 — more than a year before the practice turned into a scandal that threatens the company’s relationships with its clients. That month, Erik Schatzker, an anchor at Bloomberg TV and host of “Market Makers,” was reprimanded for making on-air comments about using terminal data to track the activities of at least one story subject, according to two sources with knowledge of the situation. One source said the matter was a very big deal internally but was handled quietly.

Editorially, this information was seen as so benign that surfacing it was an open practice, if not openly encouraged. Internally, reporters are taught to “harness the power of the terminal” to mine for stories, one former newsroom source said. Bloomberg reporters can see the aggregate number of readers for a specific story, but cannot identify the individual readers.
Indeed, not unlike at some other digital media companies, sources said half of the annual bonus for Bloomberg reporters is based in part on story views, so seeing which stories are gaining traction among readers is valuable in helping reporters determine what to chase. According to the former newsroom source, reporters pitch a lot of what Bloomberg calls “people movers” stories (i.e., a Morgan Stanley banker being hired by UBS) because they get a lot of traction among clients.

(click here to continue reading Bloomberg Execs Knew Journalists Were Tracking Clients In 2011.)

Marketing Data Gathered in Malls

Eye see u Willis

Eye see u Willis

Sort of disturbing, but sadly inevitable. All of our behavior is grist for the marketing mill.

Online retailers have long gathered behavioral metrics about how customers shop, tracking their movements through e-shopping pages and using data to make targeted offers based on user profiles. Retailers in meat-space have had tried to replicate that with frequent shopper offers, store credit cards, and other ways to get shoppers to voluntarily give up data on their behavior, but these efforts have lacked the sort of data capacity provided by anonymous store browsers — at least until now. This holiday season, shopping malls in the U.S. have started collecting data about shoppers by tracking the closest thing to “cookies” human beings carry — their cell phones.

The technology, from Portsmouth, England-based Path Intelligence, is called Footpath. It uses monitoring units distributed throughout a mall or retail environment to sense the movement of customers by triangulation, using the strength of their cellphone signals. That data is collected and run through analytics by Path, and provided back to retailers through a secure website. On March 31, Path CEO Sharon Biggar presented the tech at the ICSC Fusion conference in Los Angeles. She discussed how data collected by Footpath could be used by retailers to boost revenue. Options include tracking response to mailers and other advertising by providing the equivalent of web metrics like unique visitors, “page impressions” (measuring how many people walked past a display or advertisement), and “click-through” (determining how many people who passed an advertisement then visited the store associated with it). “Now we can produce heat maps of the mall and show advertisers where the premium locations are for their adverts,” she said, “and perhaps more importantly we can price the advertising differently at each location.”

(click here to continue reading We’re Watching: Malls Track Shoppers’ Cellphone Signals to Gather Marketing Data | Epicenter | Wired.com.)

update 2:06 pm

Hmm, maybe not quite yet:

You may now shop two malls again without fear of individualized tracking—at least by your cell phone signal. Privacy concerns raised by US Senator Charles Schumer (D-NY) have ended plans by malls in southern California and Virginia to “survey” customers’ shopping habits by tracking their cell phone signals.

… Forest City had planned to conduct the trial until the end of December. However, just a day after the trial began, Sen. Schumer contacted Forest City to raise his concerns. In a press conference on Sunday, Schumer said that the malls should have allowed customers to opt into the survey, rather than having to “opt out” by turning off their cell phones. “A shopper’s personal cell phone should not be used by a third party as a tracking device by retailers,” Schumer said in a press conference on Sunday. “Personal cell phones are just that — personal. If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so.”

Schumer also sent a letter to Federal Trade Commission chairman Jon Leibowitz asking the FTC to look into whether Path’s technology was legal in the U.S.

Forest City has not abandoned plans for the survey, however.

(click here to continue reading Mall Owners Pull Plug on Cellular Tracking (For Now) | Epicenter | Wired.com.)

California SB-761 a Do Not Track law

C is not always for Cookie

Speaking of online privacy, there wouldn’t be a need for anti-cookie extensions like Ghostery if bills like California’s SB-761 become the law of the land:

California is a step closer to getting the first Do Not Track legislation in the U.S., aimed at protecting Internet users from invasive advertising. The proposed Senate bill, SB-761, passed a Senate Judiciary Committee vote late Tuesday, but it still has a long way to go before having a chance of being signed into law. It now moves on to the Appropriations Committee, and must also pass the Senate and State Assembly before landing on Governor Jerry Brown’s desk.

Still, it’s the first time such a bill has made it out of committee, and that’s a big deal, according to John Simpson, director of Consumer Watchdog’s Privacy Project. “This is the first time that a ‘do not track’ bill has actually had a hearing and been debated and then voted forward in the legislative process,” he said.

The bill would give California consumers a simple way of opting out of data collection systems that keep track of their online activities. “It puts up a no trespassing sign on our device,” Simpson said.

Opponents of the bill, including Google, the Direct Marketing Association, and the wireless industry group CTIA, say it puts an unnecessary burden on online commerce.

(click here to continue reading California’s Do Not Track law takes a step forward | Web | Macworld.)

Unfortunately, advertising behemoths like Google and the DMA already have gazillions of lobbyist dollars earmarked to defeat this bill.

Rupert Murdoch and Phone Hacking

Pippen Peruses the Newspaper

Good! Rupert Murdoch, or someone else in his corrupt organization should go to jail over this criminality. They’ve so far avoided arrest because of their wealth and political power, but justice is supposed to be impartial1.

LONDON — The story so far: Clive Goodman, a journalist for Rupert Murcoch’s English tabloid, the News of the World, was sent to prison in 2006, along with a private detective, Glenn Mulcaire, for hacking into the voice mail messages of Prince William and Prince Henry. News International, the U.K. newspaper-owning subsidiary of Murdoch’s News Corporation, has consistently claimed that the phone-hacking was confined to a single rogue reporter, but evidence uncovered by the Guardian and New York Times has suggested otherwise.

Last Friday, James Murdoch told PBS’ Charlie Rose that News International had defused a reputation crisis over allegations of widespread illegal phone hacking at the News of the World newspaper: “You talk about a reputation crisis—actually the business is doing really well. It shows what we were able to do is really put this problem into a box.”

But the lid has not stayed on the box and the contents have spilled over the sides. Rupert Murdoch has now tried to put that box into yet another one by issuing a blanket apology and offering a compensation fund for a select number of victims. Again, the lid does not seem likely to stay put.   News International’s announcement of the apology on Friday amounts to a complete reversal of policy by Rupert Murdoch and his top brass. Until now the management of News International has always argued that a single rogue reporter had been engaged in phone hacking. But the recent arrests of a former senior News of the World executive and the paper’s chief reporter—both of whom have been bailed till September pending further developments—and a court order requiring the release of internal e-mails has given the lie to that strategy.

The former Labour minister Chris Bryant, who is suing News International, said that it is “a pretty extraordinary moment . . .  when a national newspaper, which has been saying for years and years that there was just one rogue reporter, that it was all very regrettable, and that there were very few victims, owns up to a massive degree of criminality at the newspaper.”

(click here to continue reading Murdoch’s Attempt to End Phone Hacking Scandal Unlikely to Succeed.)

Footnotes:
  1. ha []