Betty Ostergren, a privacy advocate that posts Social Security numbers she found on the Internet, has been given the thumbs up by a federal judge in Virginia. Computerworld reports that the state government can not stop her from posting the Social Security numbers on her website. At first glance, this privacy issue should enrage a lot of people. Knowing she has your personal information and is posting it all over the Internet would upset a lot of people; but how did she find this information in the first place? She got the information from the Internet and public records. The privacy advocate did this as a lesson, and to start a campaign to show people just how easy it is to find sensitive information about them.
She won the case and it was ruled that she should not have to remove the Social Security numbers from her site since she legally obtained them from public records. While the memorandum does not set a precedent, it is the first step in truly realizing how much we take our Internet privacy for granted. Ostergren's website, The Virginia Watchdog, presents privacy issues that arise from the government posting personal information on websites. Over the past few years she has repeatedly shown that Social Security numbers have been posted and little has been done to protect personal information.
I can agree with what she is doing. She did not seek out the information from private sources or use illegal methods, she used the Internet and the public sector. Everything she found was attained from government documents that did not conceal the ultra-sensitive information. With the already astonishing number of identity thefts every year, I don't see how the government posting such private information can help. How about a permanent marker and two seconds to hide the information? Problem solved... Ms. Ostergren also posts the information of high-profile officials, such as former Gov. Jeb Bush, former U.S. Secretary Colin Powell, and some local Virginia officials. I guess it really strikes a nerve and makes them care when their information is up there, and not just the information of the huddled masses.
Sunday, August 31, 2008
Wednesday, August 27, 2008
A Digital Bill of Rights to Protect Internet Privacy
TechCrunch (via the WashingtonPost) has recently published an article stating what should be the Digital Bill of Rights to protect consumers. With the Internet age in full-swing, and Election '08 in the near future, what better time than now to present a plan of action for laws and regulations regarding the Internet? Many laws governing the Internet are quite outdated and can't keep up with the daily advances in technology...as food for thought: What if laws had never been changed with the inception of modern mail carriers? Imagine the same laws were still completely intact even with the transition from the Pony Express to the modern-day United States Postal Service. Could that work? Could a law regarding the Pony Express still govern the actions of USPS?
Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users' Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.
Presented in the article is the author's own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.
Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users' Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.
Presented in the article is the author's own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.
Saturday, August 23, 2008
European Privacy? More Like European Invasion of Privacy...
OhMyNews recently reported that the U.K., along with other European powers, are developing a system to spy on cell phone records, including text and calls, as well as Internet searches.
The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.
The cost for transferring the massive amount of data--a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn't bad enough, now forget about protecting personal information or any type of Internet privacy.
I can't see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale--imagine millions of people having their information posted on the Internet.
The British government wants to invade privacy by storing records in a database so that hundreds of public organizations can access this information as needed. The cell phone, text message, and Internet records will be used to investigate criminal and terrorist acts. The records will be kept at the data center for at least 12 months. Dates, times, and contacts (from cell phones) will be stored, while searches and instant message conversations will be tracked and recorded as well. The only bright side is that, supposedly, the content will not be stored just the identifying information.
The cost for transferring the massive amount of data--a mere 50 million pounds per year. It must be worth it to the surveillance-obsessed nation that already monitors citizens through CCTV. 1984 anyone? One spy camera for every fourteen people wasn't bad enough, now forget about protecting personal information or any type of Internet privacy.
I can't see any benefit in this. The U.K. is making it seem like every citizen is guilty and will be treated accordingly. What will the exact laws be concerning the use, or better yet misuse, of information? How secure will this database be? We could end up having another situation, much like what happened in Sarasota, but on a much larger scale--imagine millions of people having their information posted on the Internet.
Protecting Personal and Financial Privacy - Blog Review
As an avid reader with more than a casual interest in privacy, I tend to find interesting sites on the topic of privacy. Today I found Protecting Personal and Financial Privacy, a blog by Mike Valentine. Not only does he write well, I found the articles thoughtful.
His latest post discusses AOL and behavioral targeting. He points out that people are careless with their personal information. This is point we've been making on this blog since we started it. Privacy starts with personal responsibility. If you give up your personal information too easily, you forfeit your right to privacy.
His latest post discusses AOL and behavioral targeting. He points out that people are careless with their personal information. This is point we've been making on this blog since we started it. Privacy starts with personal responsibility. If you give up your personal information too easily, you forfeit your right to privacy.
Friday, August 22, 2008
Another ISP Admits to Invasion of Users' Privacy...
Well it is more than an Internet Service Provider, but Cable One, the 10th largest cable operator, has recently admitted to conducted a six-month study on their Internet users' surfing habits. Cable One joins Charter Communications (as reported in a previous post) and a slew of other MSOs (multiple service operators) who spy on their customers for behavioral targeting purposes, and ultimately sell that information for big bucks to advertising companies.
Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers' privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide "more relevant advertising" to their customers.
Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd's service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn't these companies help protect personal information, not jeopardize it?
Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One's yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, "because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow...
In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can't even choose to say "No." In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research--not be forced into whatever absurd money-making scheme the companies are up to.
Cable One revealed the information on August 8 to the House Energy and Commerce Committee, which had previously expressed their concerns on cable operators using advanced technology to invade privacy. So if I decipher this correctly: Cable One tried to defend themselves against these allegations by providing information and stating they invaded their customers' privacy. Cable One stated that spying on 14,000 of their 700,000 customers was a better way to provide "more relevant advertising" to their customers.
Bresnan Communications and Knology also came out of the woodwork to say they spied on customers throughout a similar time frame. WideOpenWest admitted to doing this, in cooperation with NebuAd's service. WideOpenWest stopped the program after five months because of the privacy concerns. All efforts to surf anonymously have become null and void for many Internet users, and for no apparent reason other than having better online advertisements. Shouldn't these companies help protect personal information, not jeopardize it?
Cable One argues that they were not breaking any laws by conducting this research, and had made the information available to their users via the acceptable use policy they read when signing up for services. The information was also found in Cable One's yearly privacy notice, which is sent to all customers. They provided users with appropriate notice, BUT did not allow them to opt out of the research, "because doing so would stifle our ability to test new technologies that have the potential to offer significant benefits to our customers.” Wow...
In essence the companies are arguing that because they put it in writing it is alright to spy on users and completely ignore any type of Internet privacy laws. It seems a bit ridiculous that my privacy rights are in jeopardy and I have no way of opting out. I can't even choose to say "No." In other words, even if I know it is happening I have no say in the outcome. The companies are not just able to record information for advertising purposes, but can use this technology to track and record ALL information being transmitted and received through their network. Hopefully when the Committee drafts a new law they remember to add the clause that we, as paying customers who want to feel safe, should have to opt-IN to this research--not be forced into whatever absurd money-making scheme the companies are up to.
Thursday, August 21, 2008
Sarasota Students' Personal Information Posted on the Internet
Recently reported by the New York Times and the Herald Tribune (Sarasota's local newspaper), a little bit more than 88% of the 38,500 students in the Sarasota school district had personal information posted on the Internet for nearly two months.
The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students' grades. The information, which contained students' names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students': birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.
Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students' identities stolen. Hackers could have had a field day with this information--but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.
The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted--some cached record may be sitting on a server with the information.
Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren't stressed as the focal point of a student's education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review's contract.
In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.
The school district has a contract (for now) with Princeton Review to maintain a database of Sarasota County Planning Tools, to help teachers develop tests and keep track of students' grades. The information, which contained students' names and school ID numbers (which in some cases were Social Security numbers) from this database was accidentally posted on the Internet for two months before it was finally removed this past Monday. Along with names and ID numbers the information also included students': birth dates, sex, ethnicity, disabilities, and standardized test scores. The files were able to be found by using a search engine and Princeton Review claims the files were released when the company recently switched ISPs.
Sarasota students were not the only ones affected by this mistake, Fairfax, VA. students (nearly 74,000 of them) had their information posted on the Internet as well. The company was hired to measure student performance and nearly got 74,000 students' identities stolen. Hackers could have had a field day with this information--but if we recall correctly from a previous Identity Theft post, it usually takes the Identity Theft victim three months to realize something is wrong. In the case of a young student that has no need to check their credit ratings; it could be even longer.
The article hints around as to who is to blame here. Of course Princeton Review is at fault because the security of their system and website has been compromised and over 100,000 students had their personal information sitting on the Internet for two months. Not to mention that with the world wide web, nothing that has been posted can truly be deleted--some cached record may be sitting on a server with the information.
Is the school board to blame as well? Would they need to compile this massive database of personal information if standardized tests weren't stressed as the focal point of a student's education? While I am not trying to start a debate as to the validity of standardized tests, it is just an interesting subject to touch on. What happened to the days where teachers logged the information in their grade books? Is it necessary to have a massive database with every bit of information about a student? These are all questions that the school board will be answering when deciding whether or not to keep Princeton Review's contract.
In this case I would say protecting personal information trumps the ease of sticking everything on some site to analyze the students performance. It is great for parents, students and teachers to have access to this information so they can all keep track of performance and make sure nothing is wrong. Is the risk of having this happen again worth it? Do students even get and interim reports and report cards anymore? I remember that being a pretty good gauge as to what I needed work on.
Friday, August 15, 2008
Breaking Down the Great Firewall (part 2)...
As an update to my recent post about China's Great Firewall it seemed appropriate to discuss the methods for bypassing the Golden Shield Project. With the Olympics in full swing, and nearly halfway over, it is only a matter of time before China's government re-bans the websites and Beijing is again part of China's Internet censorship program. Chinese officials lifted their ban on certain websites after journalists were upset that many of the sites they needed to access were unavailable because of the GSP. Once the final medal is awarded it most likely won't be much longer before China is back to banning as much content as possible, so it is important to know ways to bypass the Great Firewall and maintain Internet privacy.
The following methods may seem familiar, as they are used for anonymous surfing, but they do in fact work rather well for circumventing the GSP and gaining access to banned sites.
The following methods may seem familiar, as they are used for anonymous surfing, but they do in fact work rather well for circumventing the GSP and gaining access to banned sites.
- Anonymous Proxy servers: Anonymous proxy servers based outside of China can be used to access blocked content. The sites are blocked only to Chinese citizens and therefore if you surf using a U.S.-based proxy server then you can gain access to restricted sites. The website will read the IP address and give you permission to view the site. At the same time, the server will hide your IP so that anyone snooping the connection will see a person from Tulsa, OK surfing the Internet. As an added bonus a good proxy server will also encrypt the data being transmitted so that anyone spying can not view the information.
- Foreign companies can apply for a local website hosted in China. While this method does not apply to an individual user attempting to access a banned site, it is a method to bypass the Great Firewall since the company's content does not have to go through the Great Firewall (but the company does have to apply for a local ICP license)
- Using secure tunnels such as a Virtual Private Network (VPN). GSP can't filter secure traffic that is being communicated and therefore secure tunnels provide a way for users to access content and create sites that would otherwise be banned.
- Onion routing networks, such as Tor, can be used since it requires a network of computers to encrypt and mask your information. This method is, in essence, very similar to an anonymous proxy server. The major drawback of Tor is that you do not know who set up the anonymous connection you are passing through. As noted in an earlier post, you really have no idea who set up the connection and therefore anyone can invade your privacy through this trusted network. If a group of grad students and professors can do it, why wouldn't the Chinese government?
- FreeGate: a software utility created for Iranian and Chinese citizens to bypass any Internet censorship attempts by the government. The software finds open proxies, which are not blocked and can be accessed by any user, and penetrate firewalls. This useful tool is a bit controversial as it has been reported to be a Trojan virus.
- Reporters without Borders offers a "Handbook for Bloggers and Cyber-Dissidents" (PDF) which gives detailed information and tools for blogging and surfing anonymously. The handbook gives detailed instructions, including screenshots, for setting up a blog and remaining anonymous.
Subscribe to:
Posts (Atom)