Menu
Privacy threats on parade

Did you miss me last week? I didn’t think so, but what happened was, I got shanghaied. Not really, but in the spirit of making things up as I go along to suit whatever purpose I have in mind at the moment, that’s the story I’m sticking with.
You see, it’s all my buddy Chris’s fault. He comes to town, and he’s all “Let’s go to Yosemite!” And I’m all “I got so much work it’s completely unfunny.” And he’s all “C’mon, nobody’ll notice.” So I’m like, well, maybe it’s an experiment, but I don’t even believe myself, ‘cause I’m like “Yosemite – yeah, buddy!” So we’re off, and the Weekly is left dangling like a participle.
Which brings us to here, where there’s too much going on to fit in the confines of a thousand-or-so words. First, there’s what Stanford researchers found when they looked into the power of metadata. TechCrunch’s Natasha Lomas writes in a May 17, 2016, article that cross-referencing public data sets with basic phone logs provides intelligence and law-enforcement agencies with the ability to create detailed profiles of private citizens.
The researchers combined Facebook profiles, Yelp reviews, Google Places entries, and other publicly available people data with metadata volunteered by 800 Android phone users – the kind of information that the NSA, CIA, FBI, and other government agencies gather in bulk. They write that “telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences.”
One inference that can be drawn from such research is the need to regulate access to and use of telephone metadata.
What becomes of your data when the tech industry hits its next rough patch?
Another bunch of researchers imagined what would happen if the tech bubble were to burst. The Atlantic’s Kaveh Waddell writes in a May 13, 2016, article that the report from Berkeley’s Center for Long-Term Cybersecurity envisions five scenarios, the most alarming of which is social-network profiles and other private data sold on the open market to all comers by big-name Internet services desperate for cash after having lost 90 percent of their stock value.
Those services whose terms of service state they will never sell your personal data usually include an exception for bankruptcy or sale. Waddell quotes from the Facebook privacy policy:
If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.
As Waddell points out, the Federal Trade Commission got involved in the fate of Radio Shack’s customer data when the electronics retailer went bankrupt. Should big-name tech companies go belly-up en masse, it’s questionable whether the FTC and other government agencies could restrict the dispersal of sensitive information about their customers.
Welcome to the ‘Golden Age of Surveillance’
Imagine everything you interact with in the slightest connected to the cloud. The mailbox on the corner knows you. The stop sign greets you by name. The street lights recognize you and light your way home. Now consider that everything you own will be cloud-enabled: your clothes, your gadgets, even your groceries. All this data about your activities and preferences stored on cloud servers owned by who-knows-who. In a May 10, 2016, article on Harvard Law Today, Elaine McArdle predicts that the Internet of Things will be just as disruptive – and pervasive – as the Internet itself.
According to Peter Swire and Kenesa Ahmad from the Center for Democracy and Technology, we have entered the Golden Age of Surveillance. Claims of intelligence and law-enforcement agencies that end-to-end encryption lets bad guys “go dark” start to ring hollow. McArdle points out that most data remains unencrypted and readily accessible: telephone metadata; email headers; and the personal data companies such as Microsoft and Google collect and sell to advertisers.
Add to this smorgasbord the detailed personal information being reported by IoT devices and sensors, and you’ve got more private data than even the most sophisticated intelligence networks could ever use. All that data has to be protected to ensure it doesn’t become the property of cybercriminals.
It all comes down to what McArdle calls the “competing policy interests between innovation and consumer protectionism.” You don’t want to regulate a promising industry out of existence, but neither do you want to allow IoT to become what Harvard researcher David O’Brien calls “the Wild, Wild West of the Internet.”
You gotta fight for your right to privacy
There’s a legal principle that says when you waive a right, it can be difficult or impossible to get it back. In a May 4, 2016, post on the Digi Mi blog, Emma Firth writes that our privacy “is being taken away from us without our consent.” What’s developing is a two-class system: the people who can afford to pay for the right to use a service without having to surrender private information; and the people who can’t pay up so must trade their privacy for access to the service.
Here we are, back in the murky deep end of the privacy-right monster. In this corner, the gang who believe no such privacy right exists; and in that corner, the ladies and gents who know for a fact that no one has a right to collect, store, reuse, and resell their private information without them knowingly and voluntarily consenting to it. (This is what the American Civil Liberties Union has to say about the legal underpinnings of a right to privacy.)
People are wising up about the threat to their privacy posed by unrestrained data-grabbing of Internet services. A recent survey by the Department of Commerce’s National Telecommunications and Information Administration found that half of the respondents chose not to post on Facebook, express an opinion on a forum, or make an online purchase because of worries about privacy. The Washington Post’s Andrea Peterson reports on the study in a May 13, 2016, article.
One out of five of the 41,000 people who completed the survey report being the victim of identity theft, an online security breach, or similar problem in the prior year. That’s the same percentage who said government data collection was one of their biggest concerns. Two-thirds of respondents cited fear of identity theft, and half named credit-card and bank fraud as top concerns.
A Commerce Department spokesman pointed out the “chilling effect” privacy worries can have on the unfettered expression of ideas, not to mention the potential damage to commercial Internet activity.
The Internet could become like that restaurant Yogi Berra was talking about: “Nobody goes there anymore. It’s too crowded.”
You see, it’s all my buddy Chris’s fault. He comes to town, and he’s all “Let’s go to Yosemite!” And I’m all “I got so much work it’s completely unfunny.” And he’s all “C’mon, nobody’ll notice.” So I’m like, well, maybe it’s an experiment, but I don’t even believe myself, ‘cause I’m like “Yosemite – yeah, buddy!” So we’re off, and the Weekly is left dangling like a participle.
Which brings us to here, where there’s too much going on to fit in the confines of a thousand-or-so words. First, there’s what Stanford researchers found when they looked into the power of metadata. TechCrunch’s Natasha Lomas writes in a May 17, 2016, article that cross-referencing public data sets with basic phone logs provides intelligence and law-enforcement agencies with the ability to create detailed profiles of private citizens.
The researchers combined Facebook profiles, Yelp reviews, Google Places entries, and other publicly available people data with metadata volunteered by 800 Android phone users – the kind of information that the NSA, CIA, FBI, and other government agencies gather in bulk. They write that “telephone metadata is densely interconnected, susceptible to reidentification, and enables highly sensitive inferences.”
One inference that can be drawn from such research is the need to regulate access to and use of telephone metadata.
What becomes of your data when the tech industry hits its next rough patch?
Another bunch of researchers imagined what would happen if the tech bubble were to burst. The Atlantic’s Kaveh Waddell writes in a May 13, 2016, article that the report from Berkeley’s Center for Long-Term Cybersecurity envisions five scenarios, the most alarming of which is social-network profiles and other private data sold on the open market to all comers by big-name Internet services desperate for cash after having lost 90 percent of their stock value.
Those services whose terms of service state they will never sell your personal data usually include an exception for bankruptcy or sale. Waddell quotes from the Facebook privacy policy:
If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.
As Waddell points out, the Federal Trade Commission got involved in the fate of Radio Shack’s customer data when the electronics retailer went bankrupt. Should big-name tech companies go belly-up en masse, it’s questionable whether the FTC and other government agencies could restrict the dispersal of sensitive information about their customers.
Welcome to the ‘Golden Age of Surveillance’
Imagine everything you interact with in the slightest connected to the cloud. The mailbox on the corner knows you. The stop sign greets you by name. The street lights recognize you and light your way home. Now consider that everything you own will be cloud-enabled: your clothes, your gadgets, even your groceries. All this data about your activities and preferences stored on cloud servers owned by who-knows-who. In a May 10, 2016, article on Harvard Law Today, Elaine McArdle predicts that the Internet of Things will be just as disruptive – and pervasive – as the Internet itself.
According to Peter Swire and Kenesa Ahmad from the Center for Democracy and Technology, we have entered the Golden Age of Surveillance. Claims of intelligence and law-enforcement agencies that end-to-end encryption lets bad guys “go dark” start to ring hollow. McArdle points out that most data remains unencrypted and readily accessible: telephone metadata; email headers; and the personal data companies such as Microsoft and Google collect and sell to advertisers.
Add to this smorgasbord the detailed personal information being reported by IoT devices and sensors, and you’ve got more private data than even the most sophisticated intelligence networks could ever use. All that data has to be protected to ensure it doesn’t become the property of cybercriminals.
It all comes down to what McArdle calls the “competing policy interests between innovation and consumer protectionism.” You don’t want to regulate a promising industry out of existence, but neither do you want to allow IoT to become what Harvard researcher David O’Brien calls “the Wild, Wild West of the Internet.”
You gotta fight for your right to privacy
There’s a legal principle that says when you waive a right, it can be difficult or impossible to get it back. In a May 4, 2016, post on the Digi Mi blog, Emma Firth writes that our privacy “is being taken away from us without our consent.” What’s developing is a two-class system: the people who can afford to pay for the right to use a service without having to surrender private information; and the people who can’t pay up so must trade their privacy for access to the service.
Here we are, back in the murky deep end of the privacy-right monster. In this corner, the gang who believe no such privacy right exists; and in that corner, the ladies and gents who know for a fact that no one has a right to collect, store, reuse, and resell their private information without them knowingly and voluntarily consenting to it. (This is what the American Civil Liberties Union has to say about the legal underpinnings of a right to privacy.)
People are wising up about the threat to their privacy posed by unrestrained data-grabbing of Internet services. A recent survey by the Department of Commerce’s National Telecommunications and Information Administration found that half of the respondents chose not to post on Facebook, express an opinion on a forum, or make an online purchase because of worries about privacy. The Washington Post’s Andrea Peterson reports on the study in a May 13, 2016, article.
One out of five of the 41,000 people who completed the survey report being the victim of identity theft, an online security breach, or similar problem in the prior year. That’s the same percentage who said government data collection was one of their biggest concerns. Two-thirds of respondents cited fear of identity theft, and half named credit-card and bank fraud as top concerns.
A Commerce Department spokesman pointed out the “chilling effect” privacy worries can have on the unfettered expression of ideas, not to mention the potential damage to commercial Internet activity.
The Internet could become like that restaurant Yogi Berra was talking about: “Nobody goes there anymore. It’s too crowded.”