Archive for July 2010
This article reports on Apple’s admission that they are building their own location database to replace Skyhook (which is a WiFi location database).
Many of us are now walking around with devices that monitor our environments and report back to the mother ship about them (even if done anonymously).
Ron Bowes wrote some software which scanned through Facebook to capture any unprotected personal information from the website.
The collected data has been compiled in to a huge file which is available over BitTorrent among other free channels.
While the program did not access any protected information, it has exposed any and all users who have not taken the proper steps to restrict access to their Facebook accounts, either through error or lack of knowledge, awareness or prudence.
The fact that it has been captured and distributed also makes it impossible to ever effectively change or remove any of the collected information. It is out there in the wild and out of anyones hands or ability to corral or correct.
Here we go again with an ISP monitoring users without consent and collecting information about their activities.
In this case the ISP claims to be doing so as part of a project to improve some future security and parental control services. They say that they are not capturing any data about which users visit what sites, but obviously the capability is there. The ISP did not announce this to their customers and only admitted it after it had been discovered and exposed.
Whether the ISP later decided to start capturing that information, the government makes them start capturing it, or a hacker get in to trick the system in to capturing, there is a real likelihood that users of the TalkTalk broadband service in the UK will have their activities captured.
Once again, this shows that you can’t trust your Internet providers. Their business is not privacy and their interests do not run parallel to your privacy interests. Only tools which encrypt your Internet activity, like Anonymizer Universal, can protect you against this kind of surveillance by your ISP.
Privacy Digest reports on a new White House proposal to extend the powers of FBI “national security letters” to include gathering of “electronic communication transactional records”. While this may appear to be a small change, the potential impact is huge.
These records include all the header information from emails: To:, From:, Time, and often Subject:.
It may also include a list of the full URLs that you visit.
While it does not include the contents of the messages, this level of detail is often more than enough to discover social networks, relationships, intentions, plans, political affiliations, and more.
The real problem is that there are no checks and balances on national security letters. They are issued by FBI offices on their own authority without review by a judge. Historically, self restraint in the face of this kind of power has never worked well. While judges approve the vast majority of subpoenas and search warrants in a timely manor, they can reject egregious cases and the mere fact of their review causes law enforcement to be more restrained in their use.
From the Privacy Digest article:
The use of the national security letters to obtain personal data on Americans has prompted concern. The Justice Department issued 192,500 national security letters from 2003 to 2006, according to a 2008 inspector general report, which did not indicate how many were demands for Internet records. A 2007 IG report found numerous possible violations of FBI regulations, including the issuance of NSLs without having an approved investigation to justify the request. In two cases, the report found, agents used NSLs to request content information “not permitted by the [surveillance] statute.”
In order to help develop better information about public perceptions of on-line privacy, I am posting information about an academic research survey to study just this. I encourage you to fill it out.