Protect Personal and Financial Privacy

Data Mining Moves from Big Brother to Baby Brother

2008-11-22T07:11:00.000-08:00

In the past we only had reason to fear Big Brother tools from intrusive government spy agencies and monster telco's that invade your privacy by digging into your past and eavesdropping on your digital lifestream with hugely expensive tools and massive databases.

Now we all have reason to fear what might be called "Baby Brother" as more powerful tools are becoming available for free to any script kiddy hacker or truly junior bad guys and mischief makers. New open source snooping software is now available to anyone to easily mine your data and invade your personal, financial and medical privacy.

A Forbes Magazine article published Friday titled, "When Everyone Can Mine Your Data" profiles a former hacker, who is a South African electronic engineer by trade. Roelof Temmingh has created a company around new open source software he developed named "Maltego". He's built a $430 software tool which mines all publicly available databases for data on anyone.

Temmingh has begun selling his snoop software to government agencies for a 10% discount. Clearly he is going the route nobody needs to go with governments, which, rather than use a watered down open source version for free will choose the Gold Plated version that could easily cost a hundred times more.

The point here is that data mining software is becoming available as open source, meaning bad guys will bolt on suddenly available free open source plug-in tools for identity theft and Private Investigators will bolt on the open source PI plug-ins and governments will build their own versions based on the code base that anyone can use and keep those to themselves for whatever invasive purpose they can come up with.

Data mining is definitely here for the masses - but mostly for masses of troublemakers and bad guys.

Printer Companies Tracking Your Printed Documents

2008-11-02T08:14:00.000-08:00

Your color laser printer is quietly encoding all your printed documents with it's own serial and model number so all documents printed on your personal private printer can be tracked back to you. If you registered for warranty protection on that printer when you bought it, the manufacturer can tell that a printer you purchased made printouts of specific web pages or photos or bank statements if they have the physical piece of paper from your printer.

This is very likely to have been requested by Treasury to track photocopied paper money or legal documents which shouldn't be copied (like birth certificates) from being used illegally to obtain fake ID's and track bad guys who use those types of nefarious techniques to do illegal stuff.

As mentioned in the light-hearted EFF (Electronic Frontier Foundation) video below, printer manufacturers probably did this at the request of the government and have agreed and complied in order to be allowed to make ever better copy machines and printers capable of printing pretty official looking copies of cash or legal documents so the dodo's using them for illegal activity can be caught and punished.

All well and good, but once again - what happens when errors, mistakes and misunderstandings lead to false accusations caused by malfunctioning equipment or incorrect warranty registrations? Maybe just some personal harm or embarrassment come from tracking documents to the wrong owner or a second owner of the printer.

The EFF is attemting to bring this to the attention of the public so we at least know we are being spied on by our own machines. Watch the video below for more.

As I mentioned in a post on this topic nearly four years ago, this seems justifiable, but as also mentioned then:

All that is required is NOTICE to the consumer or citizen in public places that they are being monitored and when that is not done, there appears to be more to the story. The fact that this laser printer technology has been kept quiet for over ten years it has been in use suggest that there is more to this story as well.

It's now almost 15 years this has been going on. EFF wants you to be aware of the practice of monitoring your laser printer documents. The issue has been discussed at Engadget and more recently by Cory Doctorow in BoingBoing, so geeks who follow tech news know about this - but the creepiness factor hasn't faded since the story broke and nothing has changed in the way of public notice from manufacturers.

Poverty is Topic for Blog Action Day 2008

2008-10-15T00:25:00.000-07:00

"Remember the poor, it costs nothing" -- Josh Billings

... For 60 days I've been posting money quotations on Poverty and the Poor in preparation for this one day - Blog Action Day - Poverty - where over 9000 bloggers have agreed to discuss, explore and seek solutions to poverty. (Even the MySpace Impact Channel got into the Poverty conversation on their blog

My decision to support #BAD08, as it's come to be called on Twitter, was out of a desire to continue expanding my collection of Money Quotes on this blog. But, inevitably I got more interested in the topic and in learning something about Poverty - through words - but not just blather, these are some of the most powerful words ever uttered about the Poor and Poverty.

In the two months since I started collecting and posting quotations, I found over 150 Poverty Quotes in the larger collection of quotes on the poor, Here are a dozen to get you started.

Muhammad Yunus, founder of the Grameen Bank said, "One day our grandchildren will go to museums to see what poverty was like" and truly believes we can cut global Poverty in HALF by 2015!
Most powerful quote on poverty from a politician IMHO was Dwight D. Eisenhower, who said in 1953, "Every gun that is made, every warship launched, every rocket fired signifies, in the final sense, a theft from those who hunger and are not fed, those who are cold and are not clothed"
Many politicians, as a matter of fact, had something to say of poverty - from Thomas Jefferson, "Experience demands that man is the only animal which devours his own kind, for I can apply no milder term to the general prey of the rich on the poor"
To Ronald Reagan, "Poverty is a career for lot's of well paid people"
There are those who devote their lives to the poor, "There is hunger for ordinary bread, and there is hunger for love, for kindness, for thoughtfulness; and this is the great poverty that makes people suffer so much" -- Mother Teresa
There are those who poke fun at poverty, "Money is better than poverty, if only for financial reasons." -- Woody Allen
Some believe it's sometimes better to be poor, "Satan is wiser now than before, and tempts by making rich instead of poor" -- Alexander Pope
Some flatly state the obvious, "I've been rich and I've been poor: Rich is better." -- Sophie Tucker
And even more obvious, "A rich man is nothing but a poor man with money." -- W.C. Fields
Some point out misconceptions "Literary tradition is full of lies about poverty—the jolly beggar, the poor but happy milkmaid, the wholesome diet of porridge, etc." -- Mason Cooley
There is the frightening commentary from Colin Powell, "Terrorism really flourishes in areas of poverty, despair and hopelessness, where people see no future"
And in the end, it really doesn't matter whether we are rich or poor, "Pale death with an impartial foot knocks at the hovels of the poor and the palaces of king" -- Horace

Blog Action Day 2008 Poverty from Blog Action Day on Vimeo.

Join the discussion, but don't stop there, decide to take action to end poverty, consider donating your day's earnings to the poor.

AOL Uses Penguin for Behavioral Targeting Tutorial

2008-08-11T19:47:00.000-07:00

AOL has launched an international campaign to teach users about behavioral targeting & online ad serving cookies by creating a brief flash animation showing a penguin surfing the web and viewing Anchovie ads.

Hmmm Mr Penguin is serving as AOL's silent voice on privacy. (no sound in that flash movie)

If you click on the end card of the video, you can then visit the opt-out page for those cookies it shows you links to privacy policies for no less than 7 ad servers used by AOL, plus and 8th link for the NAI (National Advertising Initiative) opt-out site. From the AOL opt-out pageg, you can visit the blog of AOL's Chief Privacy Officer, Jeff Polonetsky for some research done by AOL on how users treat their own private information, like their annual income figures.

It all comes down to the fact that we SAY one thing and DO another when it comes to protecting personal details. We trade private personal and financial information for convenience and minor perks and freebies.

Well, Google, Yahoo and now AOL have come out with very different responses to this issue. I haven't found a public statement yet from MSN, but here is the MSN Opt-Out page.

Yahoo Behavioral Advertising Cookies Opt-out

2008-08-08T13:44:00.000-07:00

Yahoo has joined Google one day later to announce privacy practices and provides an opt-out option (although buried 3000 words into a 4500 word page.)

The Yahoo press release headline reads:

Yahoo! Announces New Privacy Choice for Consumers Will Expand Its Opt-Out Policy to Customized Advertising on Yahoo.com

However, the privacy option here is very much hidden as nobody but privacy advocates, and maybe bloggers or a rare journalist here and there, are willing to dig as deep as required to find this information.

As a service to those not willing to scour Yahoo's privacy policy and its massive response to the House Energy and Commerce Committee attached below their puff piece press release. Wow.

In addition to the Yahoo! opt-out, Blue Lithium and Right Media each also maintain their own opt-out mechanisms. The Blue Lithium opt-out is available here: http://www.bluelithium.com/optout.html and the Right Media opt-out is available here: http://content.yieldmanager.edgesuite.net/opt_out.html. As members of NAI, Yahoo! and Blue Lithium each have opt-out links available from the NAI opt-out page found here: http://networkadvertising.org/managing/opt_out.asp which is linked to from over 20,000 publisher sites.
Additionally, users have direct control over their Internet experience through their web browser settings. Users can delete their cookies or adjust their privacy setting in their browser today. Yahoo! helps users understand this under the special category "cookies" in our privacy policy http://info.yahoo.com/privacy/us/yahoo/cookies/.

The

DoubleClick & Google Content Network Opt-Out Cookie

2008-08-07T07:38:00.000-07:00

Announcement from Google that they will enhance ad targeting through DoubleClick cookie comes with the ability to opt-out of that cookie across both networks. Follow the link to opt out of Google DoubleClick ad serving behavioral tracking. If you want to "See more relevant ads" I suggest paying attention to PPC ads in the Google search results. That is as relevant as I need, thank you.

Here is a basic video from Google about cookies.

There are more of these videos at the cookie opt-out page which do a credible job of explaining cookies, but make them seem a bit more innocuous than they are. As both a web enthusiast and a privacy advocate, I have accepted that cookies are a necessary evil - but don't agree with behavioral targeting when done across multiple sites.

I written multiple articles, most of them years ago about privacy issues, but things have evolved and become far more complex. I've accepted that few people care about privacy issues until they are personally affected in some way by some form of privacy invasion in financial, medical privacy or suffer some form of hacking, social engineering, job loss, embarrassment or suffer from some type of either real-world or cyber stalking incident.

Some privacy advocates go too far in agitating for change and that does the cause no good at all. But perhaps this small opt-out cookie to keep your web travels out of the hands of DoubleClick will contribute to a bit of digital privacy for those who do care.

Private Eye Says Privacy is Dead

2008-07-20T10:27:00.000-07:00

This C-Net news article focuses on how simple it is - through social networks, cell phone tracking, security cameras, credit card records, etc. - to learn almost anything about someone being researched or investigated.

I'm actually quite surprised how few TV cop shows or movies about crime solving detectives go into using the web, even though they do quite often show bad guys using technology to hack into places they don't belong and either make their criminal activity easier or to research or commit actual crimes. I always cheer the good guys in their use of the web to solve crimes and stop criminal activity because I'm a technology enthusiast and love that it can be used for good.

Maybe there are just so many times you can show someone tapping away at keyboards and staring at slick user interfaces before television or movie viewers tire of the scene or those inevitably geeky characters doing the typing.

But the point here is not that good-guy/ bad-guy drama of crime-fighting - but how easy it is to access data once it is digitally stored and/or distributed. The ease of access issue is the concern.

We've repeatedly heard the line from data miners and law enforcement that goes something like, "If you have nothing to hide, you have nothing to fear." That is a truism that can't be denied.

The problem for all of us comes when erroneous data or erroneous conclusions are drawn from innocent or incorrect data. The problem comes when that ease of access to data lets bad guys use technology and the web to commit a multitude of crimes.

The problem comes when data is treated with less care than it deserves by those entrusted with it and is either stolen, lost, hacked or otherwise abused due to neglect or bad policy. The problem comes when the public fails to understand how widely distributed their private data can become when posted to the web or sent digitally to anyone, anywhere.

Privacy Capitulation: Where Do We Go From Here?

2008-07-18T10:03:00.000-07:00

The idea that we have any privacy left is becoming sort of a naive and quaint concept. Nearly all services we use routinely can be monitored in real-time or mined from data stored in a multitude of digital storage farms - making digital record of all traffic and content. Phone service has moved to IP telephony, whether that is through Skype, business, home cable or call routers at the phone companies.

Corporate networks monitor employee activity through their computers and phone calls. Your internet service provider knows every web site you visit, every email you send/receive and every file you download and sells all of that data to marketers (in aggregate we are assured - so not just yours - everyone at once) to as many sources as they can find to pay for it. Your bank and/or credit card companies know all details of every electronic transaction immediately.

So that laundry list of potential breaches, security holes, hacks and thefts by both internal and external bad guys grows longer each day.

Recently I've been tempted to sign up for a half-dozen free web services, and due to my very unusual habit of actually reading those long "terms of service" pages presented during sign-up for web-based services or those software "End User License Agreement" (EULA) - which most of us click right past during download or installation to our machines - I stumble across one very common and unacceptable line.

... you automatically grant (or warrant that the owner of such rights has expressly granted) us an irrevocable, royalty-free, transferable and worldwide non-exclusive right and license to use, copy, modify, adapt, publish, translate, create derivative works from and sell and distribute such materials or incorporate such materials into any form, medium or technology without compensation to you. In addition, you warrant that all so-called moral rights in those materials have been waived. None of the materials shall be subject to any obligation ...

Now the above line, along with many variations on the theme, means you are giving up your right to any content you contribute using that web service or software if it comes under the provisions of the contract - yes I said contract, which you are signing by clicking "Agree" during signup or installation of any software carrying that language.

So I've signed up for a couple, realizing that anything I post, record or upload can be recorded, stored and sold. I resolve not to put anything there that I'm not willing to lose or lose money on by selling myself. But my point here is that most users fail, not only to read, but to care about the loss of privacy or content or money due to that ridiculous provision that has become standard for most web services and many EULA's signed by millions of users.

So if nobody knows they are signing away their privacy and sometimes their profits - and even fewer care when they do know - where do we go from here? I don't have an answer and don't expect others to either. It seems we've traded privacy for convenience and in most cases, are willing to make that trade-off in order to use free or ad-supported services or software.

I've given up hope that people will begin to care about privacy until they experience identity theft or get fired from their job or lose their potential profit from great ideas because they traded away their privacy and content rights for that convenience. It's just plain sad.

Scott McNealy of Sun Microsystems said it in January of 1999 - "You have no privacy - Get over it!"

Understanding Privacy: Book from Daniel J. Solove

2008-06-17T21:45:00.000-07:00

Understanding Privacy a new book introduced last month by Harvard University Press, written by George Washington University Law School professor Daniel J. Solove The first chapter is available for free download (PDF) I may have the opportunity to review this in the near future. Watch this space ...

Computers, Freedom, and Privacy Conference 2008

2008-04-29T23:37:00.000-07:00

Below is the announcement email from - well as you can see:

COMPUTERS, FREEDOM, AND PRIVACY: TECHNOLOGY POLICY '08
http://cfp2008.org/
18th Annual CFP conference
May 20-23, 2008
Omni Hotel
New Haven, CT

DEADLINES this Week:
Early Bird Registration: Fri., May 2, 2008
YJoLT Tech Policy Essay Contest: Mon., May 5, 2008

Conference Blog: http://cfp08.blogspot.com/
Facebook Group: http://www.facebook.com/group.php?gid=10926816973

ABOUT CFP: TECHNOLOGY POLICY `08

What should the technology policy priorities of the next administration
be?

As the choice of presidential candidates becomes clearer and election
year moves towards a comparison of the candidates' platforms on the
issues, technology policy is increasingly relevant to the forefront of
public debate. In the areas of privacy, intellectual property,
cybersecurity, telecommunications, and freedom of speech, topics that
were once confined to experts now appear in the mainstream of political
issues. We now know that our decisions about technology policy are being
made at a time as the architectures of our information and communication
technologies are still being built.

This year, the 18th annual Computers, Freedom, and Privacy conference is
focusing on those issues at the forefront of technology policy this
election year. With plenary panels on the "National Security State and
the Next Administration" and "The 21st Century Panopticon?" the
discussions taking place look towards our present and future priorities.

CFP: Technology Policy '08 is an opportunity to participate in shaping
those issues being made into laws and regulations and those technological
infrastructures being developed. Policies ranging from spyware and
national security, to ISP filtering and patent reform, e-voting to
electronic medical records, and more will be addressed by expert panels
of technologists, policymakers, business leaders, and activists. The
panel topics are listed below and full panel descriptions are available
on the conference website at:

http://www.cfp2008.org/wiki/index.php/Program.

The CFP: Technology Policy `08 conversation has already begun in the
virtual spaces connected to the conference. Even if you are unable to
attend the conference this year, there are several opportunities to
participate remotely. The guiding principles that ought to guide our
policies are being debated on the conference blog. Social networking
groups on Facebook and LinkedIn are providing new spaces for the CFP
community to meet and discuss. The Yale Journal of Law and Technology is
hosting a call for essays, on the priorities of the next administration,
with more details below.

We look forward to seeing you in New Haven on May 20-23.

CONFERENCE PROGRAM

Plenary Sessions
Presidential Technology Policy: Priorities for the Next Executive
The 21st Century Panopticon?
The National Security State and the Next Adminstration

Tutorials
A Short History of Privacy
Constitutional Law in Cyberspace
e-Deceptive Campaign Practices: Elections 2.0
Maintaining Privacy While Accessing On-line Information

Panel Sessions
Activism and Education Using Social Networks
Breaking the Silence: Iranians Find a Voice on the Internet
Charismatic Content: Wikis, Social Networks, and the Future of
User-Generated Content
Filtering Out Copyright Infringement: Possibilities, Practicalities, and
Legalities
Filtering and Censorship in Europe
Hate Speech and Oppression in Cyberspace
Interoperability at the Crossroads?: The "Liberal Order" versus
Fragmentation
Law, Regulation, and Software Licensing for the Electronic Medical Record
Measuring Global Threats to Internet Freedom
Network Neutrality: Beyond the Slogans
New Challenges for Spyware Policy
Patents: The Bleeding Edge of Technology Policy
Privacy, Reputation, and the Management of Online Communities
Rights & Responsibilities for Software Programs?
States as Incubators of Change
"The Transparent Society:" Ten Years Later
Towards Trustworthy e-Voting: An Open Source Approach?

CALL FOR ESSAYS

Yale Journal of Law & Technology Call for Essays on the Technology Policy
of the New Administration
Deadline: Monday, May 5th

The Yale Journal of Law & Technology (YJoLT) is seeking essay-length
submissions concerning the technology policy platform of the new American
presidential administration. Essays selected for publication will appear
in the Fall Issue of YJoLT (publication date November 2008).

Ideal submissions will discuss the priorities and guiding principles that
American technology policy should follow. Submissions analyzing a
particular technology policy issue in depth will also be accepted.

Essays of less than 5,000 words are preferred. Please submit all essays
to yjolt.submissions@gmail.com. Please include the text "CFP Essay"
in the subject line of the email. The authors of essays selected for
publication will be notified on a rolling basis. Any questions can be
directed to Lara Rogers, lara.rogers@yale.edu.

--------------
Eddan Katz
CFP: Technology Policy '08 Program Chair
http://www.cfp2008.org/

International Affairs Director, Electronic Frontier Foundation
http://www.eff.org/
Lecturer and Associate Research Scholar, Yale Law School
Senior Fellow, Yale Information Society Project
http://isp.law.yale.edu/

Yahoo Open Strategy (Y!OS) vs Privacy

2008-04-26T12:11:00.000-07:00

I attended the O'Reilly Web 2.0 Expo Friday at Moscone West in San Francisco where I attended two sessions I'd like to address here. First was titled "Yahoo and Open Platforms - A Deeper Dive" by Yahoo Chief Architect of Platforms, Neal Sample. The second was a (Yahoo-owned) Flickr presentation on "Casual Privacy" by Kellan Elliot-McCrae. (This Flickr photo sharing tool is aptly titled and the technology consists only of a simplistic use of hard to guess complex URL's - once posted to a blog they become exposed to search engines and lose all privacy.)

I often come away from sessions like the first one mentioned above thinking "Wow! There are some scary smart people working on some really incredible things out there." But when looked at through the filter of personal privacy, the "Scary" part stands out for me.

Scary simply because the "Yahoo Open Strategy" takes personal data and distributes Yahoo user profiles across a multitude of Yahoo properties and makes it available to all Yahoo services once a user is logged in. Scary only because it means this database of personally identifiable information on anyone who opts-in becomes distributed widely across those Yahoo properties. I hope that user preferences for which services it is shared with come with their own privacy settings - necessarily complex settings to boot.

I had to miss two Web 2.0 sessions, one Wednesday and another on Thursday that I'd wanted to attend when a work project required immediate attention. Those included one with Joseph Smarr from Plaxo titled "Data Portability, Privacy and the Emergence of the Social Web" and I had heard Smarr speak at WebGuild event on OpenSocial launch in November, hosted on the Google campus.

The second session I had to miss was the Yahoo announcement of "Yahoo Open Strategy" by Ari Balogh, Chief Technology Officer at Yahoo! during his keynote on Thursday. This last announcement was major and has been characterized as a move against the Microsoft takeover bid. Personally, I think it's too big and sweeping to not have already been in progress before the bid became public. It involves reworking the entire system to incorporate the "Open Strategy" into most Yahoo properties, including Yahoo Mail, the home page, their Open Search platform, (announced at SMX West in Santa Clara in March). Bits a bytes of this have been leaking out here and there since then.

My reaction at the SMX show was "Wow, sounds cool!" and I'm still excited about how this might change the face of search and usability, and I'll address that elsewhere, but for now I'm pulling back a bit due to Privacy concerns related to this "Openness" because it makes me nervous that all of the aggregation of data (potentially in the hands of Microsoft) has me concerned about willingly providing all my data to one source.

I had my first privacy concerns when I noticed, on (Yahoo-owned) MyBlogLog, a request for extensive (and yes, publicly available) data from all my social sites. Having had a bit more time to digest this all - and now looking at it in the full light of the Yahoo Open Strategy announcement, It's losing its shininess due to privacy concerns.

The commenter on the previous post where I address this concern points to the MyBlogLog Blog discussing the new tools. But nothing is really addressed there except that this data will be offered to users from their own profile and made available to their own "Friends" if they opt-in. Swell, despite the fact that I want to define my "Friends" and what they see, differently based on they kind of friend they are, (marketing, business, true close friends, co-workers, management, family, etc.)

I'm going to leave that for now and look purely at this one fact: Despite the wonderfully friendly UI and utility of this "Openness" I'm not liking the need to gather all my own data and hand it to others to use as they see fit. In this case, Yahoo, in the future, Microhoo and who knows who else if they choose to "Share" it in aggregate or "Ooops" leak it out like AOL did in August of 2006.

I just don't know that I'll ever give Yahoo, or Microhoo - all of my public data to aggregate (and maybe leak) regardless of how convenient it is (and only on Yahoo-owned properties) or how easy it makes my online life. The aggregation and distribution of public social profiles is interesting, but once it starts getting distributed through API's to each social network or service - you've lost all control of who sees what and when.

This only truly matters if you DON'T want family seeing ALL of your Flickr photos or DON'T want your employer looking at resumes posted on job boards on social networks, or DON'T want your clients reviewing your connections with their competitors on business social networks - this list could go on endlessly and with thousands of DON'T wants - because we've already seen people fired from corporations due to private information or photos or personal associations being exposed on social networks.

Some people live their entire lives in full public view - others prefer a bit of control and security of that data. If everyone gave serious thought to how they want this information shared, it would surprise me. But for those who care, fine control of where the information flows should be an option. I doubt that level of control will ever be available, with the full ability to change or delete all data in all places it flows via API's and "Open Strategies."

All Your Datas are Belong to Yahoo: Social=NO Privacy

2008-04-13T10:18:00.000-07:00

I belong to and use about a dozen social networking sites, including LInkedIn, Facebook, Plaxo, a bunch of Google services and publicly link to profiles on several that I want to be public. But it wasn't until I visited my settings page on MyBlogLog (a Yahoo owned social network) that I realized how companies hope to "mine" that data and use it for their own purposes.

The first annoyance was when I jumped over to MyBlogLog and was asked for my Yahoo ID - which I begrudgingly provided and thought to myself, "Damn! I wish they didn't own so many things!" From there it took me to a screen with tabs across the top, one of which was labeled "Data Collection" - "Well," I thought, "at least they are being honest about that title - most times it is marked something tame like "Your info" or "Details" - but being charmed by their honesty didn't last long after visiting the page. (shown below)

Uploaded with plasq's Skitch!

I noted that I was "Opted-in" by default, realizing that being a part of this community meant sharing my photo or avatar and publicly agreeing to be tracked across the MyBlogLog member communities that I visited. I like this service and use it fairly often. One thing I like is how the service prompts you to "Join Community" after you've visited a blog a preset number of times *(mine is set to 10 visits - but you can choose 5). Alright, I realize they need to track me to make this feature work and I find it useful.

But then I got REALLY disturbed when I clicked on a tab that is benignly labeled "Services" to see a list of over 40 online social sites with those I had previously provided were pre-filled with each of my identities and/or URL's. But then I started to scroll the list to see over 40 other services listed, including OpenID, Plaxo and other aggregators. This is a bit much - what does this do to improve the MyBlogLog user experience? It seems to me that it only helps Yahoo track members of MyBlogLog - no?

Uploaded with plasq's Skitch!

These are hard to read at this size, but click the images to see larger versions. What do you think - is this useful for you as a member of MyBlogLog? How would listing your membership data for all of those services/sites improve your user experience? Am I missing something here? Why are they collecting that data? Why do people provide it willingly? Hmmm.

Internet Service Providers Spying on Users

2008-04-05T22:33:00.000-07:00

The New York Times has an editorial piece today on ISP tracking of users and selling that information for behavioral targeting. Doesn't mention that the information is already sold to net tracking firms (yes in anonymized aggragate form supposedly) but it is becoming pervasive and nobody seems to care enough to attempt to stop it. The NY Times editorial, by Adam Cohen titled The Already Big Thing on the Internet: Spying on Users quotes the famous New Yorker cartoon

One dog, sitting at a computer, tells another: “On the Internet, nobody knows you’re a dog.” Fifteen years later, that anonymity is gone.

Then says ominously, "It’s not paranoia: they really are spying on you."

Yes, many of us know that and have been complaining about it for years now. The question becomes... What can be done to stop it? The question before that is ... How do you get the public to care?

Security Conscious Loose with Private Financial Data

2008-02-26T04:41:00.000-08:00

The linked headline leads to a Silicon.com commentary on how careless we all are with personal financial information while comparing how cautious companies sometimes are with that same information it holds on millions of individual customers. The author discusses his own care with customer data, while marveling at how careless he is with his own financial information

I wonder how much I pay as a consumer for the privilege of using digital and electronics for purchases and to manage my life.
Whatever that cost, I'm certain that given the needs of online businesses and with the scale of the information flow there are major gaps in the handling of personal data.
In many cases these failings may not be created through ignorance but rather complexity. It is rapid growth and oversights that cause personal information to be exposed.

What Will Make Privacy Important to Public & Business?

2007-09-23T19:01:00.000-07:00

For several years now I've blogged about privacy laws, data mining, data breaches, search privacy, cookies, phishing, spyware, data theft and big brother.

What never fails to amaze me is the fact that few people care about privacy until it touches them personally through identity theft, harmed reputation, excessive spamming, loss of work or public embarrassment.

I've searched for ways to spur public discussion of the need for effective privacy laws and protections. There is the ocassional flare-up in public interest when AOL leaks the private searches of their users to the world. There are dumb moves by our government when they over-reach their authority and exceed reason as when the Department of Justice demanded 30 days of search data from the top tier search engines.

There are silly stumbles of companies when they expose users to spam by including ALL their customer database of emails in stupid slip-ups. There are major cases of careless greed when data mining companies continuously sell consumer data to criminals because they won't bother to check their own customers need for (or even the right to) private financial data. There is the proposal by the Bush Administration that we have a (poorly designed) defacto National ID required of us to travel anywhere, which becomes an even greater risk to security and privacy.

I could go on for days with this. But to get to the point of this post, I've searched for ways to engage the public in discussion of important privacy issues of the day, so far without effect.

So when I see ways that may help expose the privacy issues discussion to more people, I leap on it with gusto in the hopes that it will bring more attention to privacy laws and protections. I've discovered a tool that may help bring privacy to more bloggers and those involved in building the technologies of the web.

It's called BlogRush and works on the principle of the old banner exchange model - but this one operates with an embeddable widget. The more times you display the widget, the more "credits" you get for your posts being displayed within the widgets of other members of the BlogRush Network. The concept is extended beyond simple one-to-one numbers as those who get their widgets from you, then expose your widget to their own audience and you gain more credits for display of your post headlines across the network on all bloggers using the widget. It seems like the model will overextend itself at some point unless growth is phenomenal and sustained over time.

Nevertheless, I'm happy to try it out and see if the model works for exposing privacy concerns to the world of influential bloggers. Take the BlogRush widget you see to the right on this blog and see how it works for you to increase the visibility of your most important topic. If your topic involves the need to research privacy at all - try out our Privacy Search Engine which draws ONLY from authoritative privacy sources via the Google Custom Search Engine.

Google on International Internet Privacy Standards

2007-09-15T19:58:00.000-07:00

Google Calls for International Standards on Internet Privacy and has taken some lumps from privacy advocates which may not be justifiable - YET. The linked Washington post article above quotes comments from Google's global privacy counsel, Peter Fleischer where he makes a case for a standards body to set and enforce privacy rules internationally.

Not a bad idea, especially if European standards are incorporated into that mix. But the fact is that Google is very likely to be making this call for international privacy standards simply to deflect concerns about their DoubleClick acquisition when a decision is made by the FTC.

I recently ran across the video below at the VortexDNA Blog. It is a whiteboard discussion of Google Privacy Policy by senior search engineer Maile Ohye - which makes no direct mention of major public concerns - but somehow manages to calm fears - even if you are a bit sceptical of the safety or your private information under current Google privacy practices.

All I can say to this issue is that Google has proven themselves trustworthy so far and has suffered no major data losses or privacy gaffes. This call for international privacy standards from Google appears at a time when they are under scrutiny for the DoubleClick acquisition and after Ask announced the "Ask Eraser" product which will allow any user to completely wipe out their search history and delete all information already gathered and opt out of future data gathering by Ask. Google and all other search engines should consider adopting the Ask Eraser model. Although right now it is all talk and little action by Ask as it is simply a promised product and not a reality.

Privacy Conference, Ottawa, Canada September 25-28, 2007

2007-09-14T21:47:00.000-07:00

OTTAWA, Sept. 6 PRNewswire - The who's who of the privacy world will meet in Montreal this month to explore ways to better protect privacy in the face of rapidly changing technologies and heightened national security concerns.

The Office of the Privacy Commissioner of Canada is hosting the 29th International Conference of Data Protection and Privacy Commissioners in Montreal from September 25 to 28th. Among the topics to be explored are: public safety, globalization, Radio Frequency Identification, nanotechnology, children and privacy, location-based tracking, data mining and Internet crime.

Speakers include:

Michael Chertoff, Secretary of the US Department of Homeland Security, who will give a keynote address on privacy and public security.
Peter Fleischer, Google's global privacy counsel.
Bruce Schneier, internationally renowned privacy and security guru and best-selling author of books such as Beyond Fear: Thinking Sensibly about Security in an Uncertain World and Secrets and Lies.
Katherine Albrecht, widely recognized as one of the world's leading experts on consumer privacy for her work as director of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering), an organization she founded to address retail privacy invasion.
Simon Davies, a pioneer of the international privacy arena and the founder and director of the watchdog group Privacy International.

The complete program and speakers list are available at: http://www.privacyconference2007.gc.ca. Media are encouraged to complete and submit an accreditation form, also available online, before the conference.

Out-of-town journalists are encouraged to reserve hotel rooms as soon as possible.

Search Privacy: You Are What You Search For - Er What You Eat

2007-09-14T20:57:00.000-07:00

The following comes from AltSearchEngines and was used by permission

Search Engines & The Illusion of Privacy

For those who don’t recognize this image, this is the ubiquitous “Cone of Silence” from the TV series “Get Smart.” Whatever was said in the Cone stayed in the Cone! The privacy of your conversation was absolutely guaranteed.

Let’s see, I’ll be 60 years old…

The story from the Associated Press (AP) that greeted me this morning looked like it was just an update on one of the Homeland Security Department’s policies. It said, in part, that instead of keeping risk assessments on you and me for 40 years, they will only keep them for 15 years. What a break! Oh, and by-the-by, you’re not allowed to see your risk assessment, or even why they have one on you.

You are what you eat!

But what really got my attention was that they will try to deduce whether or not we are terrorists by the names of our traveling companions, the number of hotel beds requested, and -wait for it- airline meal choices! That made me wonder, does Homeland Security know what groceries I buy (with my credit card, to make it a little easier for them)? Do they know what cereal I had for breakfast? What do terrorists eat when they travel? I sure don’t want to order that…

Alternative Search Engines

What does any of this have to do with the alternative search engines? That’s what I was wondering. On Mondays at AltSearchEngines we usually feature a different Vertical search category. But after reading this news, search engines that I once thought of as helpful and innocuous, now seemed to be under a black cloud of suspicion.

People Search

Of course People search is often singled out as the bad guy. What do they know about me? Why is Facebook releasing my profile? If I misspell “kiddie horns” when I search for my nephew’s birthday party favors, am I going to be tagged as a pervert? Personal data and issues of privacy will always be at the top of everyone’s concern. The alternative People search engines and the social networking sites will always have that special burden of reassuring their users that it’s safe to use their site. (Or at the very least that the benefits outweigh the risks.)

Likewise the Job search engines. Before today I would have only wondered which one is most likely to find a good position. But in a parallel paranoid universe, what if “something” happened and my boss found that I have been searching for a new job while I was on the clock! After all, didn’t Monster.com have a theft of confidential information?

Health Search? Could a prospective employer surreptitiously buy a list that revealed that I have a preexisting condition and then find another reason not to hire me?

Travel search? Yep, he’s a terrorist. Probably off to training camp.

Search engines that track blogs, discussions, buzz, and other readily available Internet chatter; if I make a joke about renting out my basement to “that guy on the video,” will they “accidentally” fire bomb my house?

Video search? Buy Season Three of “24″ ? Not any more; no way.

Image search. More bad news. Another article, again, in this morning’s paper, said that if they catch a child pornography suspect with a picture of a child on a red blanket, they perform a search for all photos with red blankets. My beach towel is red! I could be looking at 10-15 years of hard time - and lose my beach towel.

Conclusion

We live in a world where every email, every outdoor camera, every Internet search on every search engine, every hotel we book or meal that we order might be captured by someone and used against us. The “Age of Innocence” has run head-on into the “Illusion of Privacy,” and the result is the “Plague of Paranoia” that is sweeping our world like an electronic epidemic.

Now, what would a terrorist order for lunch?

Here’s a bonus, check out this really creative UI for a local restaurant search!

DHS Shuts ADVISE Data-Mining System Citing Privacy

2007-08-27T12:39:00.000-07:00

According to the Christian Science Monitor, a Department of Homeland Security (DHS) Data Mining project called ADVISE (Analysis, Dissemination, Visualization, Insight and Semantic Enhancement - WHEW!) had been in effect for over 18 months before it was killed by privacy assessment requirements from their own "Office of the Inspector General" (OIG) While at first blush it appears that we've got sufficient oversight in place with the OIG of DHS, I think it more likely that they simply chose to avoid informing that office of the status and scope of the project - or that OIG got involved only after a muckracking journalist or whistleblowing staffer got involved.

The interesting thing here is that DHS launched this project after two similar projects were killed - Total Information Awareness from the Defense Advanced Research Projects Administration (DARPA) and the TALON Terrorism database program headed by the Pentagon - were shut down for the same reasons, although oversight for those agencies comes from the GAO (Government Accountability Office).

So the question becomes which government agency is currently working on a similar program and do they all share their data and findings with each other as each project is killed for privacy concerns. These data mining spooks are bound to come up with a fully operational system that stays out of the privacy spotlight by the time a fifth or sixth agency has built their system and input all the data from each of the other programs.

Each agency in turn develops new advances and seeks more ways to stay out of the crosshairs of privacy advocates, then shuts down operations and passes it to the next agency when they are found out.

Ask Eraser To Erase Search History

2007-07-23T20:18:00.000-07:00

Ask.com To Launch Ask Eraser To Erase Search History & New Data Retention Policy. This is an excellent coverage by Search Engine Land of the newly announced Ask Privacy Initiative with the cute name. It appears that with the "Me Too!" announcement by Microsoft they will honor privacy concerns of users by anonymizing data after 18 months (as Google already has), that pressure is building on the search engines to offer privacy as a feature to lure new searchers.

According to Wired Magazine, Yahoo is now doing the "Me Too!" dance with this statement:

"We have decided on 13 month policy because we believe it is consistent with our commitment to our users' privacy and consistent with local data protection laws across the world," said Yahoo spokesman Jim Cullinan in a written statement.

Of all the hand waving and foot stomping, Ask really does appear to have the strongest privacy intentions. We'll see when all the noise dies down who does privacy best and who offers the most search privacy.

Meanwhile, if you want to stay on top of the news about search privacy, may I suggest you consider trying our Google Co-op powered Privacy Search Engine

Microsoft & Ask Call for Privacy Initiatives

2007-07-23T16:06:00.000-07:00

REDMOND, Wash., and OAKLAND, Calif. — July 22, 2007 — Building on their respective efforts to protect consumer privacy, industry leaders Microsoft Corp. and Ask.com, a wholly owned business of IAC (NASDAQ: IACI), today joined together in the commitment to call on the industry to develop global privacy principles for data collection, use and protection related to searching and online advertising. The companies will work with other technology leaders, consumer advocacy organizations and academics to come together and join them in working on the development of these principles, which could include developing and sharing best practices to provide more control for consumers.

“As search and other online services progress, it’s important for our customers to be able to trust that their information is being used appropriately and in a way that provides value to them,” said Peter Cullen, chief privacy strategist at Microsoft. “We hope others in the industry will join us in developing and supporting principles that address these important issues. People should be able to search and surf online without having to navigate a complicated patchwork of privacy policies.”

“Anonymous user data can be very useful to enhance search products for all users, but people should have access to privacy controls based on their level of comfort around the storage of their search data,” said Doug Leeds, vice president of product management at Ask.com. “We’re committed to developing new ways to give consumers the control they are entitled to when it comes to searching online, and hope others will join us in engaging in dialogue on these important issues.”

Microsoft and Ask.com are proposing that leading search providers, online advertising companies and privacy advocates convene to engage in an active dialogue to discuss privacy considerations posed by the proliferation of online advertising and search. The goal of the dialogue is to determine ways that the industry can work cooperatively to define privacy principles that take these new considerations into account. The companies will provide an update on their progress in September.

More information about Microsoft’s and Ask.com’s current privacy policies and practices is available at http://www.microsoft.com/privacy and http://about.ask.com/en/docs/about/privacy.shtml.

About Ask.com

A leading search engine on the Web, Ask.com combines world-class search technology with one-of-a-kind search tools to help people get what they are looking for faster. Ask.com sites include Ask.com US (www.Ask.com), Ask.com Deutschland, Ask.com Espana, Ask.com France, Ask.com Italia, Ask.com Japan, Ask.com Nederlands and Ask.com UK. Additionally, Ask.com syndicates its search technology and advertising units to a network of affiliate partners. Ask.com is a division of IAC Search & Media, a wholly-owned business of IAC (NASDAQ: IACI).

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Real ID - Oppose Defacto National ID - Driver License

2007-05-01T19:28:00.000-07:00

FOR IMMEDIATE RELEASE
May 1, 2007

Contact:
Melissa Ngo
Director, EPIC Identification and Surveillance Project
(202) 483-1140 ext. 123
ngo AT epic.org

FORTY-THREE GROUPS ANNOUNCE NATIONAL REAL ID PUBLIC CAMPAIGN

WASHINGTON, DC - Today, 43 organizations representing transpartisan, nonpartisan, privacy, consumer, civil liberty, civil rights, and immigrant organizations have joined to launch a national campaign to solicit public comments to stop the nation's first national ID system: REAL ID.

The groups joining in the anti-REAL ID campaign are concerned about the increased threat of counterfeiting and identity theft, lack of security to protect against unauthorized access to the document's machine readable content, increased cost to taxpayers, diverting of state funds intended for homeland security, increased costs for obtaining a license or state issued ID card, and because the REAL ID would create a false belief that it is secure and unforgeable.

This effort builds on the momentum that is signaling broad opposition to the REAL ID in the states. Montana has become the fifth state, following Maine, Idaho, Arkansas, and Washington, to prohibit cooperation with the Department of Homeland Security in implementing the REAL ID national identification system.

Under the Act, states and federal government would share access to a vast national database that could include images of birth certificates, marriage licenses, divorce papers, court ordered separations, medical records, and detailed information on the name, date of birth, race, religion, ethnicity, gender, address, telephone, e-mail address, Social Security Number for more than 240 million with no requirements or controls on how this database might be used. Many may not have the documents required to obtain a REAL ID, or they may face added requirements base on arbitrary and capricious decisions made by DMV employees.

EPIC joins this group of 43 organizations in a fight against the national identification system created by the Department of Homeland Security. "Make no mistake, this is a national identification system that will affect your everyday life," said Melissa Ngo, Director of EPIC's Identification and Surveillance Project. "Critics of the REAL ID scheme are called anti-security, but it is not anti-security to reject a national identification system that will harm our national security and make it easier for criminals to pretend to be law-abiding Americans."

The draft regulations to implement the REAL ID Act are open for comment until 5 p.m. EST on May 8, 2007. To take action and submit comments against the fundamentally flawed national identification scheme, under Docket No. 2006-0030-0001.

Online: Through the public submission portal at:

http://www.regulations.gov

Or use one of the more user-friendly sites found at the following web addresses:

EFF

Privacy Activism

To Fax Comments to the Department of Homeland Security:

Electronic Frontier Foundation

Privacy Coalition

Or send a letter to the agency. Fax: 1-866-466-5370.

Postal mail:
Department of Homeland Security
Attn: NAC 1-12037
Washington, DC 20528

All comments must be received by until 5:00 PM EST on May 8, 2007.

Visit the Stop REAL ID Campaign site

Visit EPIC's National ID Cards and REAL ID Act page

List of all of the Groups Supporting this Campaign:

American Federation of Labor-Congress of Industrial Organizations
American Library Association
American Policy Center
American-Arab Anti-Discrimination Committee
Association of American Physicians & Surgeons
Bill of Rights Defense Committee
Center for Digital Democracy
Center for Financial Privacy and Human Rights
Citizen Outreach Project.
Citizens Against Government Waste
Common Cause
Computing Professionals for Social Responsibility
Consumer Action
DownsizeDC.org
Electronic Frontier Foundation
Electronic Privacy Information Center
Fairfax County Privacy Council
Give Me Back My Rights Coalition
Government Accountability Project
Gun Owners of America
Immigrant Workers Union
Leadership Conference on Civil Rights
Liberty Coalition
National Center for Transgender Equality
National Council of Jewish Women
National Council of La Raza
National Gay and Lesbian Task Force
National Immigration Law Center
OpenCarry.org
Parents, Families and Friends of Lesbians and Gays
Patient Privacy Rights Foundation
People for the American Way
Privacy Activism
Privacy Rights Clearinghouse
Privacy Times
Republican Liberty Caucus
Rutherford Institute, The
The Arc of the United States United Cerebral Palsy
The Multiracial Activist
US Bill of Rights Foundation
Virginia Citizens Defense League
Virginia Gun Owners Coalition
World Privacy Forum

Search Privacy & Google Personalized Search

2007-04-30T20:37:00.000-07:00

Could Google Personalized Search and their Web History feature be the "tipping point" for privacy issues online? The headline on this post links to a BigMouthMedia (UK SEO Company) study about user "Trust" of search engines with their personal data. The SEM company's marketing push (press release) twists the actual perceptions around to seem opposite of the real results when they suggest that users don't trust Google with their personal data (Web History, Search History, Contact Info, Financial details, etc.) when the survey numbers show very clearly that more people trust Google (38%) than trust Yahoo (23%) and trust MSN (21%) with the title "Uncertainty Over Google's Privacy Intentions".

How disingenuous. They put Google in the headline to elicit public interest when their own results show MORE people trust Google (38%) than Yahoo (23%) or MSN (21%). If the press release had been honestly headlined, it might have read "Searchers Trust Google by Two to One Margin over Other Search Engines". Is that not obvious or do people read with that shallowly and with so much disinterest? How does this benefit a search marketing company to discuss this topic just as Google Personalized Search and Web History are launching? Hmmm.

I spoke yesterday about search privacy as it relates to Google after seeing a minor flurry of posts on blogs and search industry forums. I had no idea privacy discussions would balloon because of Web History and Personalized Search from Google. The funny thing is that my personal level of trust in Google with my personal information is probably at about 80%.

Google Personalized Web History & Privacy

2007-04-26T15:57:00.000-07:00

The following is adapted from my comments left today at Google Engineer Matt Cutts blog. To those reading this blog who aren't aware of him, Matt is the unofficial Google top search engine spam cop. He often attends Search Engine Strategies shows discussing quality guidelines for web content among attendees who are search engine optimization specialists.

I don't often mention on this blog that I make my living as an SEO, because privacy issues are usually more related to data security than search. The issues of search and privacy do cross paths on occassion, like when AOL exposes user search queries to the world, or when the Department of Justice demands search history from the top 4 search engines.

But as I've said on my RealitySEO blog, I trust Google with my data as they've so far proven trustworthy. I've even expressed a love for Google that is beyond reason, but my high opinion of Google is not shared by everyone interested in privacy protection. With that introduction, I'll share what I had to say on Google Web History with Matt Cutts:

I'm glad to hear that privacy protection is on the mind of Googlers. The fact that Matt Cutts is discussing privacy suggests that the Web History feature has brought up internal discussions that I hope will lead to protecting that data (and all the information Google holds on individuals) from leaks, hacks and employee error.
Privacy gets little attention by anyone until their own is threatened. I attended the "Search and Privacy" session at Search Engine Strategies New York to hear an amazing panel speak to a paltry 15 attendees. The topic of privacy flares up when there is a huge gaffe committed by a major company or when the DOJ makes absurd demands. Most ignore the issue until it gets personal.
But we need to pay attention to security and privacy issues on a daily basis because data retention adds up all those daily activities into a very much larger mass of information than anyone intends for one organization to hold. Aggregation of databases is inevitable as companies sell their clickstream data, credit info, contact data, email addresses, etc. to partners, clients and customers and sometimes to bad guys.
Wherever that data resides, it will get leaked, hacked or subpoenaed. Even Google can't entirely prevent things from going wrong at every turn. I tend to trust Google simply because they have proven themselves to be trustworthy so far. If those at the top are committed to privacy protection and security of the data they hold, we're very much better off.
The data portability idea sounds great - but I suspect we'd all be shocked should we ever see the totality of information held on each of us by Google. I'm very happy to hear that protecting that data is important to you.

Google Dumps User IP Data Mining

2007-03-14T21:03:00.000-07:00

Google Moves to Protect User ID's from their search records over two years old by trimming IP addresses off user log files. This means that the computer IP address is being dumped from massive silos of old user search records stored for past searches.

I suspect this is more to preserve space in stored data than entirely about protecting privacy. But either way the result is the same - the move protects privacy of Google users. Why they insist on keeping newer information if what should be scrutinized. How is it relevant other than "Anonymous user A did this type of searches" in their research and data mining? Anonymized data would serve them just as well.

The bottom line is that it is a move in the right direction toward privacy protection - so three cheers for Google. Now we've reached the end of the first quarter of this privacy game. What's the next play in the playbook coach Schmidt? What do Brin & Page have to say about anonymizing search data for current searches? There's the whistle! Start the second quarter!