privacy
Harvard snooped on faculty email
Harvard snooped on faculty email
If you’re composing an email you don’t want someone to see, consider picking up the phone instead. Your assumptions about the privacy of email are inaccurate.
ECPA amendment would require warrant even for email older than 6 months
ECPA amendment would require warrant even for email older than 6 months
Reps. Zoe Lofgren (D-Calif.), Ted Poe (R-Texas), and Suzan DelBene (D-Wash.) are pushing an amendment to the Electronic Communications Privacy Act that would require a warrant for authorities to obtain any email, instead of allowing free access to messages older than six months.
I wrote in January about Google’s decision to require a warrant even where the law does not, so the ECPA’s shortcomings in the digital age (the law is more than twenty years old) are sometimes mitigated by responsible corporate policies.
But a legitimate amendment like Lofgren’s would apply Google’s common sense approach to 4th Amendment rights to all such service providers. There’s simply no excuse not to get this done.
Facebook is buying your loyalty card history
Facebook is buying your loyalty card history
Cotton Delo of Ad Age:
The targeting would hypothetically enable Coca-Cola to target to teenagers who’ve bought soda in the last month, or Pampers to show ads to North Carolina residents who’ve recently bought baby products, since Facebook’s own array of demographic and interest-based targeting options can be added to further refine audience segments. But adoption will be contingent on acceptance by corporate legal departments wary of becoming embroiled in a consumer privacy scare.
It’s not something I would rush into if I was one of those “corporate legal departments.” It’s not that I have some conspiracy theory about Facebook, or those data banks. I don’t. We give data to those data banks willingly when we use those discount cards. Shame on us for not reading the fine print.
And Facebook? They’re the same: the fact that nothing private is guaranteed to stay that way on the internet is common knowledge these days, and those who don’t know should know.
What would worry me as in-house counsel is what hackers will find when they inevitably get their hands on some of this data. In other words, Facebook and data banks are the devils we know. I would keep clients out of this plan because of the devils we don’t know.
At Google, Constitution trumps statute
At Google, Constitution trumps statute
David Kravets quotes a Googler:
“Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the Constitution, which prevents unreasonable search and seizure,” Chris Gaither, a Google spokesman, said.
The Electronic Communications Privacy Act isn’t always as demanding as Google, and their assertion that the policy is based on Constitutional requirements implies that the ECPA does not comport with the same requirements. That’s a bold legal position to take, but as Mr. Kravets explains at Wired, Google isn’t necessarily alone.
Government can still warrantlessly read older emails
Government can still warrantlessly read older emails
This is unfortunate. There are processes in place that are designed to ensure the preservation of various constitutional rights. The warrant process is one of the most important, and for many people email is far more ubiquitous than other forms of correspondence and property that do require a warrant for seizure in most situations.
Tor: An Anonymous, And Controversial, Way to Web-Surf
Tor: An Anonymous, And Controversial, Way to Web-Surf
Tor gets a headline at WSJ.com.
Federal Trade Commission to data brokers: Show us your data
Federal Trade Commission to data brokers: Show us your data
Jessica Guynn of the LA Times:
The FTC wants to know what the brokers do with the information. It also wants to know if the data brokers let consumers review and correct their personal information or opt out from having their personal information sold.
I can guess that they sell it as “background check” data to both reputable and shady services of that kind, and almost certainly none of them allow correction or opt-out.
It’s one thing to consent to tracking efforts by Amazon, Google, and Facebook, whose labyrinthine Terms of Service are at least publicly-available. It’s another thing to be tracked without consent, without even agreeing to a TOS we didn’t really read, by companies who profit by selling that information to still other companies.
We need legislation on this, as in most other areas of consumer privacy, and especially on the internet, mandating opt-in only participation in data collection like this.
Facebook Makes A Huge Data Grab By Aggressively Promoting Photo Sync
Facebook Makes A Huge Data Grab By Aggressively Promoting Photo Sync
Josh Constine at TechCrunch:
There no big launch event yesterday because Facebook didn’t need one. In fact, it probably didn’t want one, considering it didn’t even notify bloggers like me as it usually does.
This isn’t going to end well. I predict that a backlash will build over the next couple of weeks, nothing dire, but familiar fare by now for Facebook. They should have come out with PR about the easy privacy controls they have implemented to allow seamless and secure photo uploading. Instead they tried to sneak it in on the weekend.
NYPD subpoenas call logs of stolen cell phones
NYPD subpoenas call logs of stolen cell phones
Joseph Goldstein, writing for the Times:
Mr. Sussmann suggested that the Police Department could limit its subpoenas to phone calls beginning on the hour, not the day, of the theft, and ending as soon as the victim has transferred the number to a new phone.
Mr. Sussman is exactly right. I suspect the intent here on the part of NYPD is an admirable one: we have data available that can help us track thieves, so let’s use it.
But it’s not hard to limit the information requested to only the information that could possibly be of use in finding the suspect.
Grover Norquist on proposed update to Electronic Communications Privacy Act
Grover Norquist on proposed update to Electronic Communications Privacy Act
Twenty-plus years is a long time, and the Electronic Communications Privacy Act is overdue for an update. A summary of the state of things:
Unfortunately these digital documents lack long-held privacy safeguards. Email saved in web-based email systems like Yahoo for longer than six months can be accessed with an administrative subpoena, which provides less protection than a warrant. Similarly, no matter what privacy setting you use, sensitive and personal information — photos, private journals, Facebook pages, corporate data, draft reports — shared with third parties like Google and Facebook can be accessible by police without a judge’s approval. All the government has to do is swear it’s “relevant” to an investigation.
Here’s to ensuring that the Fourth Amendment isn’t rendered moot by technological advancements.
$22.5M FTC fine against Google for Safari tracking
$22.5M FTC fine against Google for Safari tracking
Michael Liedtke, writing for Associated Press:
In the Safari case, Consumer Watchdog argued that the fine amounts to loose change for a company like Google, which generates about $22.5 million in revenue every four hours.
It’s a very good deal for Google, especially because they don’t need to admit liability. It’s a decent deal from the FTC’s perspective, as well, because it’s (sadly) the largest fine they’ve ever levied in this context. I’m not sure how effective it’s going to be, but if you’re unnerved by Google’s privacy issues, there’s always DuckDuckGo.
Twitter and Two-Factor Authentication
Twitter and Two-Factor Authentication
Two-factor authentication is a pain in the ass. Just ask my Google account or my Dropbox account. But it’s a no-brainer. Savvy users will flock to it, seeing the value in the headache. Less-than-savvy users don’t need to be forced into it, but Twitter is as good a platform as any to explain to folks why it’s worth the additional steps to log in sometimes.
FTC Publishes Facial Recognition Guidelines
FTC Publishes Facial Recognition Guidelines
Carl Franzen, of TPM Idea Lab:
There are two cases where the FTC believes that companies need to get a consumer’s “affirmative express consent,” that is, an “opt-in,” before using information captured via facial recognition: When identifying anonymous individuals to third parties that wouldn’t otherwise know who they were, and when using any data or imagery captured via facial recognition for purposes outside of what was initially stated by the company.
This is good news because it signals awareness on the part of the FTC that this is an issue. Mr. Franzen provides some good context in his article, so if this stuff interests or worries you, click through to read his analysis. You can also find the FTC’s press release on the issue here, the report itself, in PDF format, here, and the dissenting statement of Commissioner J. Thomas Rosch, also in PDF format, here.
Sloppy SSL implementation begets Android app vulnerabilities
Sloppy SSL implementation begets Android app vulnerabilities
Dan Goodin at Ars Technica explains how researchers found that 8% of apps in a 13,500-app sample were susceptible to man-in-the-middle attacks. Hopefully developers will revisit their SSL implementations or, better yet, Google will update future versions of the Android SDK to disallow some of the poor coding decisions that cause these vulnerabilities.
Microsoft To Make Same Privacy Change Google Was Attacked For; No One Seems To Care
Microsoft To Make Same Privacy Change Google Was Attacked For; No One Seems To Care
This is a good piece by Danny Sullivan of Marketing Land about the lack of coverage Microsoft’s privacy policy consolidation got this week compared to what Google got on a similar move earlier this year.
Mr. Sullivan’s analysis is thorough and worth a look, but I noticed a broader issue here for Microsoft:
Google matters and Microsoft doesn’t.
I’ll elaborate. Google got hammered by voluminous coverage because, in the minds of the tech press and many consumers, what they do with data matters. Microsoft, on the other hand, is not seen as an important player in the consumer data space. That perception may be inaccurate, particularly with the generally positive reaction to, if not widespread adoption of, SkyDrive and the new Outlook.
But it’s there: when it comes to privacy, Google is search and email and Android. Microsoft is, well, not much. Windows 8 and Surface may change that, but no one is holding their breath. In short, this looks like a case in which Microsoft got let less critical press coverage than they may have wanted: people complain about the things that are important to them. The unimportant things get ignored.