EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Judges Approves $9.5 Million Facebook ‘Beacon’ Accord: Via Threat Level.

A federal judge on Wednesday approved a $9.5 million settlement to a class action lawsuit challenging Facebook’s program that monitored and published what users of the social networking site were buying or renting from Blockbuster, Overstock and other locations.

The case concerned allegations Facebook’s now defunct “Beacon” program breached federal wiretap and video-rental privacy laws. Terms of the settlement, in which Facebook denied any wrongdoing, require the site to finance what the deal calls a “Digital Trust Fund” that would issue more than $6 million in grants to organizations to study online privacy.

The social networking site will have a seat on the fund’s three-member board — a fact that was a big bone of contention (.pdf) in the privacy community, but one U.S. District Judge Richard Seeborg in San Jose, California, said Wednesday was immaterial.

“There has been no pervasive showing that the foundation will be a mere publicity tool for Facebook,” (.pdf) Seeborg wrote.

Seeborg gave preliminary approval to the deal last year, but finalized it Wednesday after reviewing objections. [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

How Privacy Vanishes Online: Via NYT > Privacy.

Using innocuous bits of data from Web sites like Facebook and Twitter, researchers gleaned people’s names, ages and even Social Security numbers.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

“Technology has rendered the conventional definition of personally identifiable information obsolete,” said Maneesha Mithal, associate director of the Federal Trade Commission’s privacy division. “You can find out who an individual is without it.” [ Read more ... ]

Undercover Feds on Social Networking Sites Raise Questions: Via Threat Level.

The next time someone ties to “friend” you on Facebook, it may turn out to be an undercover fed looking to examine your private messages and photos, or surveil your friends and family, according to an internal Justice Department document obtained by the Electronic Frontier Foundation.

The 33-page document shows that law enforcement agents from local police to the FBI and Secret Service have been logging on to MySpace and other sites undercover to communicate with suspects, read private postings and view photos and videos that are restricted to a user’s friends, according to the Associated Press.

The document also describes techniques for verifying alibis — such as checking messages posted by a suspect on Twitter disclosing his whereabouts at the time a crime was committed — and uncovering information that might point to illegal activity, such as photos depicting a suspect with expensive jewelry, a new car or even a weapon.

The document says that evidence from social networking sites can: [ Read more ... ]

EFF Posts Documents Detailing Law Enforcement Collection of Data From Social Media Sites: Via EFF.org Updates.

EFF has posted documents shedding light on how law enforcement agencies use social networking sites to gather information in investigations. The records, obtained from the Internal Revenue Service and Department of Justice Criminal Division, are the first in a series of documents that will be released through a Freedom of Information Act (FOIA) case that EFF filed with the help of the UC Berkeley Samuelson Clinic.

One of the most interesting files is a 2009 training course that describes how IRS employees may use various Internet tools -- including social networking sites and Google Street View -- to investigate taxpayers. [ Read more ... ]

Smackdown: Consumer Privacy vs. Advertiser Revenue: Via CDT - Center for Democracy & Technology..

I attended Smackdown: Consumer Privacy vs. Advertiser Revenue and was expecting to hear good discussion about how advertising and targeting firms are battling with privacy groups to meet the needs of the consumer. I was a little disappointed in how little representation from the privacy end there was in the room. The panel opened with moderator Alan Chapell from BlueKai asking whom in the room represented the business side of consumer data and who was from the advocacy end. I was one of three people representing the advocacy end.

The talk began with defining what data they were talking about as panelists tiptoed around exactly what data is being taken by marketers and commented that nothing used is personally identifiable and is used to tailor a better online experience; however, the panel didn’t really discuss one of the most important questions of user data being used for marketing - how long this data is kept and stored?

Discussion from the panelists turned to how advertisers can adapt their industry practices and data practices in the changing legislative environment. The FTC’s public roundtables, in which CDT participated, were discussed as was legislation in Congress being proposed by Rep. Boucher. [ Read more ... ]

To Stop Crime, Share Your Genes: Via NYTimes.com ( Op-Ed Contributor ).

PERHAPS the only thing more surprising than President Obama’s decision to give an interview for “America’s Most Wanted” last weekend was his apparent agreement with the program’s host, John Walsh, that there should be a national DNA database with profiles of every person arrested, whether convicted or not.Emphasis added: Many Americans feel that this proposal flies in the face of our “innocent until proven guilty” ethos, and given that African-Americans are far more likely to be arrested than whites, critics refer to such genetic collection as creating “Jim Crow’s database.”

In truth, however, this is an issue where both sides are partly right. The president was correct in saying that we need a more robust DNA database, available to law enforcement in every state, to “continue to tighten the grip around folks who have perpetrated these crimes.” But critics have a point that genetic police work, like the sampling of arrestees, is fraught with bias. A better solution: to keep every American’s DNA profile on file. [ Read more ... ]

NetFlix Cancels Recommendation Contest After Privacy Lawsuit: Via Threat Level.

Netflix is canceling its second $1 million Netflix Prize to settle a legal challenge that it breached customer privacy as part of the first contest’s race for a better movie-recommendation engine.

Friday’s announcement came five months after Netflix had announced a successor to its algorithm-improvement contest. The company at the time said it intended to expand the amount of information it gave to researchers in hopes that its recommendation system — a key part of Netflix’s customer retention strategy — would get even better. That was then followed with a warning by prominent data privacy lawyers that the new dataset was easily de-anonymized.

Those fears were highlighted in December, when an in-the-closet lesbian mother sued Netflix for privacy invasion, alleging the movie-rental company made it possible for her to be outed when it disclosed insufficiently anonymous information about nearly half-a-million customers as part of its $1 million contest. [ Read more ... ]

Advertising - Instant Ads Set the Pace on the Web: Via NYTimes.com .

Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly.

For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web.

If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. [ Read more ... ]

The Beginning of the End of Data Retention: Via EFF.org Updates.

Last week, the German Constitutional Court issued a much-anticipated decision, striking down its data retention law as violating human rights. It was an important victory for Europe’s Freedom Not Fear movement, which was formed to oppose the EU Data Retention Directive. But it was also a reminder of the political work which remains to be done to defeat it.

When the European Union first passed the Data Retention Directive in 2006, despite a hard-fought campaign by European activists, it seemed like the beginning of the end for Internet privacy. The directive sought to require telecommunications service providers operating in Europe to retain a detailed history of each of their customers' activity for up to 2 years for possible use by law enforcement; including phone calls made and emails sent and received.

The response from European citizens was swift and outraged. Under the banner of Freedom Not Fear, mass protests were held in cities all across Europe and beyond. [ Read more ... ]

Hi-tech governments growing keener on snooping, says report | Pinsent Masons LLP: Via Pinsent Masons LLP at Out-Law.com .

Western industrial countries are becoming more willing to spy on their citizens, according to an analysis of snooping that says that the UK is sixth in a world ranking for electronic state surveillance.

Privacy technology company CryptoHippie has produced its second annual report on surveillance trends and says in it that countries that previously showed restraint in their monitoring of individuals have lost some of that self-control.

"When we produced our first Electronic Police State report, the top ten nations were of two types: those that had the will to spy on every citizen, but lacked ability [and] those who had the ability, but were restrained in will," it said in its 2010 report. "This is changing: the able have become willing and their traditional restraints have failed." [ Read more ... ]

New "Smart Meters" for Energy Use Put Privacy at Risk: Via EFF.org Updates.

The ebb and flow of gas and electricity into your home contains surprisingly detailed information about your daily life. Energy usage data, measured moment by moment, allows the reconstruction of a household's activities: when people wake up, when they come home, when they go on vacation, and maybe even when they take a hot bath.

California's PG&E is currently in the process of installing "smart meters" that will collect this moment by moment data—750 to 3000 data points per month per household—for every energy customer in the state. These meters are aimed at helping consumers monitor and control their energy usage, but right now, the program lacks critical privacy protections.

That's why EFF and other privacy groups filed comments with the California Public Utilities Commission Tuesday, asking for the adoption of strong rules to protect the privacy and security of customers' energy-usage information. Without strong protections, this information can and will be repurposed by interested parties. It's not hard to imagine a divorce lawyer subpoenaing this information, an insurance company interpreting the data in a way that allows it to penalize customers, or criminals intercepting the information to plan a burglary. Marketing companies will also desperately want to access this data to get new intimate new insights into your family's day-to-day routine–not to mention the government, which wants to mine the data for law enforcement and other purposes. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Correcting Errors and Making Changes: Via Freedom to Tinker.

[This is the fourth post in a series on best practices for government datasets by Harlan Yu and me. (previous posts: 1, 2, 3)]

Even cautiously edited datasets sometimes contain errors, and even meticulously produced schemas require refinement as circumstances change. While errors or changes create inconvenience for developers, most developers appreciate and prepare for their inevitability. Agencies should strive to do the same. A well-developed strategy for fixes and changes can ease their burden on both developers and agencies.

When agencies release data, developers ideally will interact with it in creative new ways. Given datasets containing megabytes to gigabytes of data, novel uses will reveal previously unnoticed errors. Knowledge of these errors benefits the agency as well as other developers using the data, so agencies should take steps to encourage error reporting. Labels in a dataset allow developers to specify errors efficiently and unambiguously. An easy-to-find channel for reporting errors, such as a prominently provided email address or web form, is also critical. Tracking down the contact information of the person responsible for a dataset can be difficult, and a well-known channel reduces this barrier to feedback. [ Read more ... ]

Technology Review: Massive Gene Database Planned in California: Via Technology Review(MIT) .

Plans for genetic analyses of 100,000 older Californians--the first time genetic data will be generated for such a large and diverse group--will accelerate research into environmental and genetic causes of disease, researchers say.

"This is a force multiplier with respect to genome-wide association studies," says Cathy Schaefer, a research scientist at Kaiser Permanente, a health-care provider based in Oakland, CA, whose patients will be involved. Researchers will be able to study the data and seek insights into the interplay between genes, the environment, and disease, thanks to access to detailed electronic health records, patient surveys, and even records of environmental conditions where the patients live and work. [ Read more ... ]

Corporations Hide Flight Records From Public View: Via Center for Media and Democracy - Publishers of PR Watch.

A federal district court ruled that the public interest journalism group ProPublica can obtain a list of corporate-owned airplanes whose flight information was blocked from public view. ProPublica first sought the list in 2008 under the Freedom of Information Act, after the CEOs of General Motors, Ford and Chrysler flew to Washington, D.C. on corporate jets to ask Congress to bail out their companies. Those flights became known because the Federal Aviation Administration (FAA) provides real-time flight information that the public could see. But the bad publicity over the flights led General Motors to try and stop the public from tracking its planes in the future. [ Read more ... ]

Redrawing the Route to Online Privacy: Via NYT > Privacy.

ON the Internet, things get old fast. One prime candidate for the digital dustbin, it seems, is the current approach to protecting privacy on the Internet.

It is an artifact of the 1990s, intended as a light-touch policy to nurture innovation in an emerging industry. And its central concept is “notice and choice,” in which Web sites post notices of their privacy policies and users can then make choices about sites they frequent and the levels of privacy they prefer.

But policy and privacy experts agree that the relentless rise of Internet data harvesting has overrun the old approach of using lengthy written notices to safeguard privacy. [ Read more ... ]

How To Manage (and Protect) Your Online Reputation: Via Forbes.com .

When Megan Maloney lost her job at a Detroit auto supplier last April, she made sure her online reputation was as strong as the image she would present in person to prospective employers. She Googled herself to check for unflattering links. Then she changed her Facebook privacy setting so no one could see beyond her profile picture. She updated her profile on LinkedIn.

Maloney's instinct was right: When she landed a job in September, her new bosses admitted they had researched her online. They told me that they had checked Facebook," says Maloney, 32, now a business development manager in Milwaukee. "I had posted a photo of me wearing a T-shirt that said 'Unemployed,' and they thought that I showed the right kind of personality for a sales job. They liked that I was on LinkedIn, because it's helpful for leads and networking."

Managing your online reputation is a critical step in landing a new job. According to a recent survey by business networking organization ExecuNet, 90% of recruiters used a search engine to learn more about candidates and 46% of recruiters had eliminated a candidate based on information they found online. Self-Googling isn't an act of narcissism; it's a smart way to determine whether your online personality jives with how you want the world to view you. [ Read more ... ]

I don't bleepin' believe it - Insurers may raise your home insurance premiums if you use social networking.: Via Network World on computerworld.

From the Backspin "I don't believe it" department comes this week's top story: Insurers may raise your home insurance premiums if you use social networking.

Yep, according to Legal and General, one of the United Kingdom's biggest home insurers: "The insurance industry is aware that, with increasing acceptance of social media, the standard risk indicators may need to be reviewed. New risks and patterns in crime and claims are continually monitored to ensure the implications do not impact viable business models …. This social networking trend is clearly one that is making home insurers sit up and take note."

The rationale behind the interest in social networking can be found in L&G's "Digital Criminal Report". This document, based on a survey of "more than 2,000 social media users," found that "38% of users of sites such as Facebook and Twitter have posted status updates detailing their holiday plans and ... 33% have posted status updates saying they are away for the weekend." [ Read more ... ]

Location Data Sensitive Like Medical Information, Says Congressional Witness: Via NYTimes.com .

"The writing is on the wall that there will be baseline privacy legislation introduced," said John Morris, general counsel for the Center for Democracy & Technology at a Congressional hearing on location data and privacy yesterday. "It will require location be treated as sensitive data, like medical data. You'll need to do more than just post a disclosure statement."

We're entering an era of location as platform but should that location data be as fundamentally private by default as medical information is?

Many users are concerned about their location being exposed in ways they don't control and that have adverse impacts on their safety and freedom. That's one side of the debate. [ Read more ... ]

EPIC Urges Congress to Adopt Privacy Safeguards for Locational Data: Via EPIC - Electronic Privacy Information Center .

Today, EPIC submitted comments for an upcoming joint hearing on "The Collection and Use of Location Information for Commercial Purposes." EPIC cited the growing uses of location data for advertising and tracking purposes, typically without any legal protections, and noted widespread support among US and European consumer organizations for clear protections. EPIC recommended that Congress establish strong rules, similar to those in the European Union Eprivacy Directive, that would give users meaningful control over their locational data. EPIC had previously recommended that the F.C.C. establish guidelines for the protection of users' locational privacy. For more information, see EPIC: CPNI.

Read Original Article:(Via EPIC - Electronic Privacy Information Center .)

Are Aggregation Services Security Risks?: Via NYTimes.com .

Do you like social aggregation and tracking services like FriendFeed, Google Buzz and Cliqset? If so, there's another startup launching today that wants your attention: Strings. This service is focused less on social content sites like flickr and YouTube (although supported) and more on traditional online activity like clothing purchases from JCrew or Saks, groceries from Amazon Fresh, beauty products from Sephora and a slew of other purchases from web-based shopping sites.

But before you rush to sign up with yet another activity aggregation service, it may be time to pause and think. Do the benefits of seeing your friends' purchases on sites like Strings and the online shopping tracker Blippy outweigh the risks of handing over login credentials to these third parties? [ Read more ... ]

Redefining privacy in the era of personal genomics: Via Ars Technica.

DNA, the storage bank of genetic information for all living organisms, is challenging scientists and policy makers to reconsider the issue of privacy. With the completion of the human genome and advancements in DNA sequencing technologies, a person’s DNA can potentially be tested for risks related to a number of genetic diseases. This progress is promising for personalized medicine, but ethical and policy issues are coming to the forefront as well. After all, can DNA data ever be truly private and anonymous when DNA itself can also act as a unique identifier? [ Read more ... ]