Posts tagged privacy

To Strongbox or Not to Strongbox

Last week we noted that the New Yorker launched Strongbox, an online system meant to preserve the anonymity of leakers submitting sensitive material to the magazine.

Strongbox is based on the work of Aaron Swartz and Kevin Poulsen and, as Amy Davidson noted when announcing its implementation, “Even we won’t be able to figure out where files sent to us come from. If anyone asks us, we won’t be able to tell them.”

Which is a good thing given recent news about the Justice Department’s surveilling of journalists and news organizations.

But can it be be a newsroom boon?

Writing at CSO Online, John P. Mello argues that while Strongbox “provides strong protection of the identity of a source, it removes an important element in the process: authentication.”

Here’s what he means:

A system where anonymous leakers are dropping documents into a folder has advantages when government investigators start probing a story’s sources, but it also creates tremendous disadvantages. “The government can’t come after you to find out who gave you the document because you have no way of knowing,” [Northeastern University assistant journalism professor Dan] Kennedy said.

“That gives more protection to the source, but it makes it harder to vet the document because you don’t know who gave it to you,” he said…

…”All sources, anonymous or not, have to be evaluated. That’s impossible to do without context. “Knowing your source’s motivations helps contextualize the information,” said Mark Jurkowitz, associate director for the Pew Research Project for Excellence in Journalism.

“A solution that prevents the news organization from knowing the identity of a confidential source has value, but it’s not an ideal solution because it is important to know the identity of the source to weigh the information,” he told CSO.

“Information supplied by a confidential source needs to be evaluated, weighed and understood in the same way that information of somebody speaking on the record does,” he added.

FJP: A tool is a tool. While Mello illustrates important drawbacks, if the alternative is no documents to work with then you work with the tools available. It’s just important to know going in what their limitations are.

Images: Independent Twitter posts via Nicholas Thomson and Kevin Anderson.

We now live in a world where we have public lives and private lives — and for over a century now, since roughly the point at which the above article appeared, the portion of our lives considered “public” has been expanding, while the portion of our lives we can consider “private” has been contracting.

Felix Salmon, How Technology Redefines Norms, Reuters.

What’s more, Jarvis himself is a prominent proponent of the idea that we should maximize the speed at which we move our lives into the public realm; he also equates a desire for privacy with being “scared of the public” .

Never before have we faced so many opportunities to turn the formerly-private into the newly-public. As those opportunities arise, many people adopt them, and turn “public” into the new norm for such activities. Eventually, the norms become societally entrenched, to the point at which it is now utterly unobjectionable for those who once would have been labeled “kodak fiends” to take photographs outside a Newport tennis tournament.

My point here is that technology has a tendency to create its own norms.

Which means, according to Salmon, that if wearable computing (like Google Glass) is successful, norms about what is public and private will continue to change, so if you are attached to what’s normal now, it’s better not to be, or you have every reason to worry.

Selling Data, Taking Things in Your Hands Edition A common truism says that if it’s free and on the Web, you’re not the customer but the product being sold. Also common is the following reaction: what can I do about that. The less common reaction: How can I get in on that? Try this one on as a thought experiment. Via Slate: In a world of privacy-invading smartphone apps and government-grade spyware, keeping personal data personal online can seem like a difficult task. But could you make money by choosing to give away logs of your most intimate data? Federico Zannier is trying to find out. Emails, chat logs, location data, browser history, screenshots—you name it, the New York-based software developer is selling it all.With a Kickstarter campaign launched earlier this month, Zannier, a 28-year-old Italian-born master’s student at NYU, is offering to hand over a day’s digital footprint for a measly $2. He says he “violated his own privacy” starting back in February for about 50 days straight, recording screenshots and webcam snaps of himself every 30 seconds and tracking his every footstep using GPS technology. He logged the address of each Web page he visited—storing some 3 million lines of text—and accumulated a massive trove of 21,124 webcam photos and 19,920 screen shots. Zannier’s aim, somewhat paradoxically, is to take ownership of his own data by selling it. He points out that we often hand over our private data unwittingly, given that few people take the time to read the terms and conditions of apps and online services. Companies rake in millions of dollars selling our information to marketing firms while we receive little in return. But Zannier’s Kickstarter is not just out to make a statement about online privacy—he plans to use the funds to create a browser extension and a smartphone app that he says will help others sell their own data. “If more people do the same, I’m thinking marketers could just pay us directly for our data,” he writes on his Kickstarter page. “It might sound crazy, but so is giving all our data away for free.” So, just as the Web often disrupts, let’s cut out the middle man. Image: It’s Free, But They Sell Your Information, via Telco 2.0.

Selling Data, Taking Things in Your Hands Edition

A common truism says that if it’s free and on the Web, you’re not the customer but the product being sold. Also common is the following reaction: what can I do about that. The less common reaction: How can I get in on that?

Try this one on as a thought experiment.

Via Slate:

In a world of privacy-invading smartphone apps and government-grade spyware, keeping personal data personal online can seem like a difficult task. But could you make money by choosing to give away logs of your most intimate data?

Federico Zannier is trying to find out. Emails, chat logs, location data, browser history, screenshots—you name it, the New York-based software developer is selling it all.With a Kickstarter campaign launched earlier this month, Zannier, a 28-year-old Italian-born master’s student at NYU, is offering to hand over a day’s digital footprint for a measly $2. He says he “violated his own privacy” starting back in February for about 50 days straight, recording screenshots and webcam snaps of himself every 30 seconds and tracking his every footstep using GPS technology. He logged the address of each Web page he visited—storing some 3 million lines of text—and accumulated a massive trove of 21,124 webcam photos and 19,920 screen shots.

Zannier’s aim, somewhat paradoxically, is to take ownership of his own data by selling it. He points out that we often hand over our private data unwittingly, given that few people take the time to read the terms and conditions of apps and online services. Companies rake in millions of dollars selling our information to marketing firms while we receive little in return. But Zannier’s Kickstarter is not just out to make a statement about online privacy—he plans to use the funds to create a browser extension and a smartphone app that he says will help others sell their own data. “If more people do the same, I’m thinking marketers could just pay us directly for our data,” he writes on his Kickstarter page. “It might sound crazy, but so is giving all our data away for free.”

So, just as the Web often disrupts, let’s cut out the middle man.

Image: It’s Free, But They Sell Your Information, via Telco 2.0.

When the Government Comes Knocking, Who Has Your Back?

Hat tip to Josh Stearns for making us aware of this 2012 report.

Via the Electronic Frontier Foundation:

When you use the Internet, you entrust your online conversations, thoughts, experiences, locations, photos, and more to companies like Google, AT&T and Facebook. But what happens when the government demands that these companies to hand over your private information? Will the company stand with you? Will it tell you that the government is looking for your data so that you can take steps to protect yourself?

The Electronic Frontier Foundation examined the policies of 18 major Internet companies — including email providers, ISPs, cloud storage providers, and social networking sites — to assess whether they publicly commit to standing with users when the government seeks access to user data. We looked at their terms of service, privacy policies, and published law enforcement guides, if any. We also examined their track record of fighting for user privacy in the courts and whether they’re members of the Digital Due Process coalition, which works to improve outdated communications law. Finally, we contacted each of the companies with our conclusions and gave them an opportunity to respond and provide us evidence of improved policies and practices. These categories are not the only ways that a company can stand up for users, of course, but they are important and publicly verifiable.

While some Internet companies have stepped up for users in particular situations, it’s time for all companies that hold private user data to make public commitments to defend their users against government overreach. The purpose of this report is to incentivize companies to be transparent about what data flows to the government and encourage them to take a stand for user privacy when it is possible to do so.

Read through for the report’s findings.

Let’s Say Your Name is Mark Zuckerberg

Via MakeUseOf:

Since the rise of Facebook, and the thrusting of the founder into the public eye, Mark S. Zuckerberg has found him being confused for his socially awkward, sweatshirt donning namesake on a daily basis. He cringes whenever he hears the all-too-familiar phrase ‘are you that guy’?

“Whenever I call my credit card company and they ask for my name, they hang up because they think I’m playing a prank… I was taking a flight and I went through security, and I had to show them my ID and the guy looks at me and says ‘Oh my God!’, he goes ‘Are you him?’, and I’m like ‘Do you think I’d be flying Southwest Airlines if I was him?’”

Mark S. Zuckerberg has completely lost his identity…

…[G]etting a Facebook account was by no means a trivial task. On the basis of him sharing a name with the founder, he had to send off copies of his birth certificate, driver’s license and even his Indiana bar association certificate just to even open an account. The process dragged on so long and was so tedious, he even had to go as far as to threaten legal action.

MakeUseOf, Banned: What Happens When Facebook Doesn’t Like You.

So if your phone doesn’t move from a single location between the hours of 10 p.m. and 6 a.m. for say a week or so, Facebook can quickly deduce the location of your home. Facebook will be able to pinpoint on a map where your home is, whether you share your personal address with the site or not. It can start to build a bigger and better profile of you on its servers. It can start to correlate all of your relationships, all of the places you shop, all of the restaurants you dine in and other such data. The data from accelerometer inside your phone could tell it if you are walking, running or driving. As Zuckerberg said — unlike the iPhone and iOS, Android allows Facebook to do whatever it wants on the platform, and that means accessing the hardware as well.

This future is going to happen – and it is too late to debate. However, the problem is that Facebook is going to use all this data — not to improve our lives — but to target better marketing and advertising messages at us. Zuckerberg made no bones about the fact that Facebook will be pushing ads on Home.

Om Malik, GigaOm. Why Facebook Home bothers me: It destroys any notion of privacy.

FJP: Note that these concerns can be applied to Google, Apple and the rest. Our phones, after all, are surveillance units. Just ask Malte Spitz. But the concerns Om raises here are important to understand if you’re thinking about installing Facebook Home on your phone.

Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.
Facebook finally admits to tracking non-users | Firstpost (via new-aesthetic)

firstpost.com

Harvard Searches Faculty Email over Media Leaks Last year, there was a cheating kerfuffle (outlined in The New York Times) at Harvard University regarding a take home test. Private information about the scandal leaked to the media, and the school took it upon themselves to peruse the emails of resident deans to see who blabbed. Now, before you go stating the obvious about academic freedom and privacy rights, let the university attempt to quell your concerns: VIa Harvard’s Website: Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University’s IT Department. It was limited to the Administrative accounts for the Resident Deans – in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one’s emails were opened and the contents of no one’s emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the “metadata” - the name of the sender and the time the emails were sent – was returned. The school only searched the subject lines of emails for queried phrases. How are your concerns? Quelled? Now, consider this… Via The Chronicle: One of the deans was told of the search shortly after it occurred. The others were left unaware that administrators had searched their e-mail accounts until the Globe questioned Harvard officials about the incident late last week. So, even if one were to accept Harvard ‘s subject-line-search as harmless, the fact remains that some deans weren’t even notified that this was happening.  Via Associations Now:  When dealing with a media leak, how can you be sure to keep in mind the privacy of your members and leaders so that if such a situation arises, it doesn’t have to reach this point? Or should it ever be allowed to reach this point?  Unfortunately, that’s where we are. Lewis Maltby, head of the National Workrights Institute, says people shouldn’t be surprised by employer snooping. “Almost every every major employer in America today reads employee email,” he told NPR in an interview about the Harvard snoop. “And if you haven’t been told by your boss that someone is reading your email, that’s just because they haven’t told you.” Image: via The Harvard Gazette.

Harvard Searches Faculty Email over Media Leaks

Last year, there was a cheating kerfuffle (outlined in The New York Times) at Harvard University regarding a take home test. Private information about the scandal leaked to the media, and the school took it upon themselves to peruse the emails of resident deans to see who blabbed.

Now, before you go stating the obvious about academic freedom and privacy rights, let the university attempt to quell your concerns:

VIa Harvard’s Website:

Consequently, with the approval of the Dean of FAS and the University General Counsel, and the support of the Dean of Harvard College, a very narrow, careful, and precise subject-line search was conducted by the University’s IT Department. It was limited to the Administrative accounts for the Resident Deans – in other words, the accounts through which their official university business is conducted, as distinct from their individual Harvard email accounts. The search did not involve a review of email content; it was limited to a search of the subject line of the email that had been inappropriately forwarded. To be clear: No one’s emails were opened and the contents of no one’s emails were searched by human or machine. The subject-line search turned up two emails with the queried phrase, both from one sender. Even then, the emails were not opened, nor were they forwarded or otherwise shared with anyone in IT, the administration, or the board. Only a partial log of the “metadata” - the name of the sender and the time the emails were sent – was returned.

The school only searched the subject lines of emails for queried phrases.

How are your concerns? Quelled? Now, consider this…

Via The Chronicle:

One of the deans was told of the search shortly after it occurred. The others were left unaware that administrators had searched their e-mail accounts until the Globe questioned Harvard officials about the incident late last week.

So, even if one were to accept Harvard ‘s subject-line-search as harmless, the fact remains that some deans weren’t even notified that this was happening. 

Via Associations Now

When dealing with a media leak, how can you be sure to keep in mind the privacy of your members and leaders so that if such a situation arises, it doesn’t have to reach this point?

Or should it ever be allowed to reach this point? 

Unfortunately, that’s where we are. Lewis Maltby, head of the National Workrights Institute, says people shouldn’t be surprised by employer snooping. “Almost every every major employer in America today reads employee email,” he told NPR in an interview about the Harvard snoop. “And if you haven’t been told by your boss that someone is reading your email, that’s just because they haven’t told you.”

Image: via The Harvard Gazette.

A Guide to Facebook’s Privacy Options The Wall Street Journal attempts to make sense of it all. As the Journal points out, Facebook offers many privacy options, but the “trick is knowing how to use them.” I’d also suggest, where to find them. — Michael Image: Via the Wall Street Journal. Select to embiggen.

A Guide to Facebook’s Privacy Options

The Wall Street Journal attempts to make sense of it all.

As the Journal points out, Facebook offers many privacy options, but the “trick is knowing how to use them.”

I’d also suggest, where to find them. — Michael

Image: Via the Wall Street Journal. Select to embiggen.

Graph Search: Islamic men interested in men who live in Tehran, Iran People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time. We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are. — Mark Zuckerberg FJP: With Facebook rolling out its Graph Search, visit Actual Facebook Graph Searches for examples of the types of things friends, family, adversaries, authorities and others can find. Yes, the arrow points to an “extended” search option that reveals where the people in this search query work. No, you can’t opt out of being searched. Select image to embiggen.

Graph Search: Islamic men interested in men who live in Tehran, Iran

People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.

We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are. — Mark Zuckerberg

FJP: With Facebook rolling out its Graph Search, visit Actual Facebook Graph Searches for examples of the types of things friends, family, adversaries, authorities and others can find.

Yes, the arrow points to an “extended” search option that reveals where the people in this search query work.

No, you can’t opt out of being searched.

Select image to embiggen.

US Expands Citizen Data Surveillance to Predict Future Crimes

The Wall Street Journal reports that a little known government agency now has the authority to hold and monitor data on US citizens for up to five years, even if the individual has never committed a crime.

The goal, it appears, is to use the data to predict future — or potential — criminal activity.

Via the Wall Street Journal*:

[New] rules now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation.

Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited…

The changes also allow databases of U.S. civilian information to be given to foreign governments for analysis of their own. In effect, U.S. and foreign governments would be using the information to look for clues that people might commit future crimes.

Under the new rules, the NCTC can request access to any governmental database that it “reasonably believes” contains “terrorism information.”

Considering the National Security Agency is currently building a massive information center in Utah to monitor almost “all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails,” the NCTC wont be want for information.

BONUS: Looking for more about government surveillance? Check the FJP Surveillance Tag.

Wall Street Journal, U.S. Terrorism Agency to Tap a Vast Database of Citizens.

* This WSJ article is paywalled if you go directly to the site. If you want to read it, copy the title, paste it in Google and follow the search result back to the WSJ.

719 plays

Digital Surveillance, 1975 Edition

We post about government surveillance and digital monitoring fairly frequently here. For example, how the US government can intercept and suck down 20 terabytes of information per second.

While at the Newseum on Monday, I came across this 1975 report from NBC News about ARPANET, the world’s first network and precursor to the Internet. In it, we’re warned about the government’s new surveillance capabilities.

Via the Newseum:

There was little television reporting on the early development of the Internet. In this 1975 NBC report on ARPANET (funded by the Defense Advanced Research Projects Agency), the technical promise of what would become the World Wide Web was not yet in focus. Instead, viewers were warned that citizens’ private data could be sent via phone line from one government computer to another.

If they knew then what we know now.

Sound quality’s a little shoddy (recorded it with the voice memo app on my phone) but give a listen. Runs 90 seconds or so. — Michael

Your Phone is a Surveillance Unit

Yesterday we noted how governments are tracking everyday people via mobile devices. In the United States, this includes “1.3 million government requests for customer data—ranging from subscriber identifying information to call detail records (who is calling whom), geolocation tracking, text messages, and full-blown wiretaps.”

This isn’t specific to the US, of course. In 2010, German politician Malte Spitz went to court in order to obtain all information that Deutsche Telekom had about his activity. The results astonished him. Over the course of five months, they had tracked his geographical location and what he was doing with his phone 35,000 times.

Working with the German newspaper Die Zeit, an infographic was created that shows Spitz’s activity across an interactive timeline.

In this TED Talk, Spitz discusses the threats and repercussions such tracking has on politics and society, and in particular the authoritarian manifestations that can ensue.

As Spitz notes, with current data retention policies, authorities know who we call, how we communicate with each other, when we go to sleep, what our social networks look like and who the leaders within a group are.

“If you have access to this information you can see what your society is doing,” says Spitz. “If you have access to this information, you can control your society. This is a blueprint for countries like China and Iran. This a blueprint for how to surveil your society.”

Most important, Spitz calls for self determination in the digital age by calling for stronger privacy regulations and getting rid of data retention laws that governments are demanding of Internet and mobile providers around the world.

Run Time: ~9:00.

If you’d like to see a shorter visualization of the actual tracking, I created a brief screencast of it last year. — Michael

We Know What You’re Doing… And We Think You Should Stop File this under your social networking privacy reminder of the day. Callum Haywood, an 18-year-old developer from Nottingham England, launched an experiment over the weekend that pulls publicly available data from Facebook updates and categorizes them by type (eg., hangover status, drug status, new telephone number and job rants). The point: to demonstrate that what we might think are private rants and BS sessions with friends can leave a very public data trail of extracurriculars that current and future employers, admissions officers and others can peruse.  Via We Know What You’re Doing: [We Know What You’re Doing] simply queries Facebook’s Graph API and outputs the results. There is nothing on this website that cannot be accessed by anyone else… …People have lost their jobs in the past due to some of the posts they put on Facebook, so maybe this demonstrates why. Efforts have been made to remove any personal data from the results, such as the actual phone numbers, surnames, etc. The data is still easily accessible from the API, the filters have been put in place to protect the site from legal issues. So, just like you should regularly back up your hard drive, remember to check and recheck your privacy status on your social networks of choice. On Facebook, you do that here. Image: Screenshot of We Know What You’re Doing.

We Know What You’re Doing… And We Think You Should Stop

File this under your social networking privacy reminder of the day.

Callum Haywood, an 18-year-old developer from Nottingham England, launched an experiment over the weekend that pulls publicly available data from Facebook updates and categorizes them by type (eg., hangover status, drug status, new telephone number and job rants).

The point: to demonstrate that what we might think are private rants and BS sessions with friends can leave a very public data trail of extracurriculars that current and future employers, admissions officers and others can peruse. 

Via We Know What You’re Doing:

[We Know What You’re Doing] simply queries Facebook’s Graph API and outputs the results. There is nothing on this website that cannot be accessed by anyone else…

…People have lost their jobs in the past due to some of the posts they put on Facebook, so maybe this demonstrates why. Efforts have been made to remove any personal data from the results, such as the actual phone numbers, surnames, etc. The data is still easily accessible from the API, the filters have been put in place to protect the site from legal issues.

So, just like you should regularly back up your hard drive, remember to check and recheck your privacy status on your social networks of choice. On Facebook, you do that here.

Image: Screenshot of We Know What You’re Doing.