[Quote]:

Anyone who uses Skype has consented to the company reading everything they write. The H’s associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.

[Bruce Schneier]:

I don’t believe that the NSA could save every domestic phone call, not at this time. Possibly after the Utah data center is finished, but not now. They could be saving the all the metadata now, but I’m skeptical about that too.

Posted for balance.

[Quote]:

On Wednesday night, Burnett interviewed Tim Clemente, a former FBI counterterrorism agent, about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It’s not a voice mail. It’s just a conversation. There’s no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It’s not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: "So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."

"All of that stuff" – meaning every telephone conversation Americans have with one another on US soil, with or without a search warrant – "is being captured as we speak".

[Quote]:

However, since the bill hasn’t been challenged in the court of public opinion, others are now beginning to follow suit. Such is the case in Illinois, where the state House passed a bill this week, sponsored by Jim Durkin, that gives employers there the same rights. And, of course, it’s all done in the name of protecting the workplace.

The Illinois House passed a bill today that would allow employers to request access to employees’ personal web accounts used for business purposes, like Facebook and other social networking sites. As if people aren’t paranoid enough already. To be clear, the bill does not mandate that employees supply the information, and no one could be fired or penalized for noncompliance. The idea is to allow employers the opportunity to investigate employee misconduct, protect trade secrets, and prevent workplace violence by monitoring online activities. Even without it being mandatory to share your login and password, you could imagine a boss putting a subordinate under some uncomfortable pressure.

A challenge to everyone, if I may. If you were able to somehow catalog and characterize every single instance of employee misconduct, trade secret revealing, and workplace violence, exactly what percentage of them would you guess could have been prevented by proactive investigation of social media? Further, what percentage of such cases are such that the key evidence that would conclude any investigation into them would be only made available with a social media password? These are the kinds of answers with which I would expect proponents of such laws to be beating us over the head, yet you never seem to see any data in the reports. It all essentially comes down to, “We need to give employers the right to ask for social media passwords, because violence, scary internet, and children.”

[Quote]:

The Internal Revenue Service doesn’t believe it needs a search warrant to read your e-mail.

Newly disclosed documents prepared by IRS lawyers say that Americans enjoy “generally no privacy” in their e-mail, Facebook chats, Twitter direct messages, and similar online communications — meaning that they can be perused without obtaining a search warrant signed by a judge.

That places the IRS at odds with a growing sentiment among many judges and legislators who believe that Americans’ e-mail messages should be protected from warrantless search and seizure. They say e-mail should be protected by the same Fourth Amendment privacy standards that require search warrants for hard drives in someone’s home, or a physical letter in a filing cabinet.

An IRS 2009 Search Warrant Handbook obtained by the American Civil Liberties Union argues that “emails and other transmissions generally lose their reasonable expectation of privacy and thus their Fourth Amendment protection once they have been sent from an individual’s computer.” The handbook was prepared by the Office of Chief Counsel for the Criminal Tax Division and obtained through the Freedom of Information Act.

[Quote]:

A new proposal in California, supported by a diverse coalition including EFF and the ACLU of Northern California, is fighting to bring transparency and access to the seedy underbelly of digital data exchanges. The Right to Know Act (AB 1291) would require a company to give users access to the personal data the company has stored on them—as well as a list of all the other companies with whom that original company has shared the users’ personal data—when a user requests it. It would cover California residents and would apply to both offline and online companies.

Not enough – there’s no provision to force a company to correct or erase data.

[Quote]:

Despite the pervasiveness of law enforcement surveillance of digital communication, the FBI still has a difficult time monitoring Gmail, Google Voice, and Dropbox in real time. But that may change soon, because the bureau says it has made gaining more powers to wiretap all forms of Internet conversation and cloud storage a “top priority” this year.

[Quote]:

The Internet is a surveillance state. Whether we admit it to ourselves or not, and whether we like it or not, we’re being tracked all the time. Google tracks us, both on its pages and on other pages it has access to. Facebook does the same; it even tracks non-Facebook users. Apple tracks us on our iPhones and iPads. One reporter used a tool called Collusion to track who was tracking him; 105 companies tracked his Internet use during one 36-hour period.

[..]

Sure, we can take measures to prevent this. We can limit what we search on Google from our iPhones, and instead use computer web browsers that allow us to delete cookies. We can use an alias on Facebook. We can turn our cell phones off and spend cash. But increasingly, none of it matters.

There are simply too many ways to be tracked. The Internet, e-mail, cell phones, web browsers, social networking sites, search engines: these have become necessities, and it’s fanciful to expect people to simply refuse to use them just because they don’t like the spying, especially since the full extent of such spying is deliberately hidden from us and there are few alternatives being marketed by companies that don’t spy.

And 99.99% of tracking is done to custom tailor the ads we block.

[Quote]:

An education technology conference this week in Austin, Texas, will clang with bells and whistles as startups eagerly show off their latest wares.

But the most influential new product may be the least flashy: a $100 million database built to chart the academic paths of public school students from kindergarten through high school.

In operation just three months, the database already holds files on millions of children identified by name, address and sometimes social security number. Learning disabilities are documented, test scores recorded, attendance noted. In some cases, the database tracks student hobbies, career goals, attitudes toward school – even homework completion.

[..]

The database is a joint project of the Bill & Melinda Gates Foundation, which provided most of the funding, the Carnegie Corporation of New York and school officials from several states.

[..]

Federal officials say the database project complies with privacy laws. Schools do not need parental consent to share student records with any “school official” who has a “legitimate educational interest,” according to the Department of Education. The department defines “school official” to include private companies hired by the school, so long as they use the data only for the purposes spelled out in their contracts.

The database also gives school administrators full control over student files, so they could choose to share test scores with a vendor but withhold social security numbers or disability records.

That’s hardly reassuring to many parents.

“Once this information gets out there, it’s going to be abused. There’s no doubt in my mind,” said Jason France, a father of two in Louisiana.

I liked it a lot better when Bill was trying to fight the musquito.

[Quote]:

The world’s largest airlines have agreed to adopt a new standard for distributing airfare information that could significantly compromise the privacy of customers and allow carriers to charge travelers different prices for the same trip. Airlines, of course, already charge different fares based on when a ticket is purchased, whether a Saturday stay is included and so on, but they are now looking to go much further by seeking to differentiate among fliers based on personal characteristics.

The new standard, which was agreed to at a meeting of the International Air Transport Association in October, will allow airlines to ask customers searching for airfares through travel agents or Web sites to first provide their names, frequent flier numbers, contact details and other information before presenting them with prices. A few airlines are expected to test this approach this year, and it could be widely adopted in a few years, according to the trade group. A majority of the group’s 240 members, which include most American airlines though not Southwest, voted for the standard.

[..]

Many airlines have struggled with high fuel costs and aggressive competition from low-fare carriers. They may be counting on the new airfare pricing standard to increase revenue and profits. It is hard to see how this approach could result in more competition or anything but higher costs for many travelers.

[Quote]:

The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device’s microphone to record the user’s phone calls.

[Quote]:

Google has been told by a group of EU regulators that it faces “a coordinated repressive action” before this summer, due to the fact that the online search advertising giant has ignored their order to make changes to and provide information about its privacy policies.

[Quote]:

The leaders of the House Intelligence Committee plan to re-introduce on Wednesday a controversial cybersecurity bill that has faced pushback from the White House.

House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) said Friday that they plan to re-introduce the Cyber Intelligence Sharing and Protection Act (CISPA) next week during a speech at the Center for Strategic and International Studies in Washington. The bill is aimed at improving information-sharing about cyber threats between government and industry so cyberattacks can be thwarted in real time.

The bill that Rogers and Ruppersberger plan to introduce next week will be identical to the version of CISPA that passed the House last spring.

[..]

In a speech earlier this week, Rogers attempted to head off the privacy concerns raised about the bill last year.

“We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred millions times a second,” he said. “So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that.”

Oh, and those files you get through PirateBay? We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred millions times a second, so some notion that this is a horrible theft of intellectual property is wrong. It is not even close to that.

Right?

[Quote]:

You may recall that in its quixotic attempt to go after Wikileaks, the US government has been snooping through the private communications of a bunch of folks they’re trying to connect to the organization, including Icelandic politician Birgitta Jonsdottir and Jacob Appelbaum, who gets detained and harassed every time he re-enters the country. All of this came to light only because Twitter actually stood up to the US government and refused to just hand over info that was requested using the obscure 2703(d) process. Twitter also got the court to allow it to reveal the existence of the order (something that every other company which has received one has kept secret). A court eventually ruled that Twitter had to hand over the requested info.

Following this, Jonsdottir, Appelbaum and one other person, Rop Gonggrijp, (represented by the ACLU and the EFF), chose not to challenge that ruling, but did appeal concerning the secrecy around the order — asking the court to have the specific 2703(d) order unsealed — arguing that they have the right to access judicial documents about themselves. However, last week, an appeals court rejected that appeal, and basically said that the feds can sniff through your digital data without your knowledge, and, well, too bad if you don’t like it.

Even though the court did find that 2703(d) orders are “judicial records,” which could make them subject to a right to access, they then claimed that, well, when the government investigates things, it should be able to do so in absolute secrecy, and who really cares about pesky little things like oversight or a right to know about it.

The USA urgently needs an amendment to the Constitution that forbids unreasonable, dragnet searches like this. Let me suggest some language:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

[Quote]:

Want to know the White House’s key propaganda lines for refusing to allow proper oversight into how the NSA is spying on us all? Well, sit back and read on, because the White House’s “talking points” on why the Senate should reject four key amendments to try to roll back some of the excesses of the broad and massive secret program to collect tons of data on Americans, has been leaked.

If only there were a progressive Democrat constitutional law scholar President, then this kind of shenanigans would be unthinkable.

[Quote]:

The Obama administration overruled recommendations from within the US Department of Homeland Security and implemented new guidelines earlier this year that allow the government to gather and analyze intelligence on every single US citizen.

Since the spring, a little-know intelligence agency outside of Washington, DC has been able to circumvent the Fourth Amendment to the US Constitution and conduct dragnet surveillance of the entire country, combing massive datasets using advanced algorithms to search and seize personal info on anyone this wish, reports the Wall Street Journal this week.

There’s no safeguard that says only Americans with criminal records are the ones included, and it’s not just suspected terrorists that are considered in the searches either. The National Counterterrorism Center (NCTC) has been provided with entire government databases and given nearly endless access to intelligence on everyone in the country, regardless of whether or not they’ve done anything that would have made them a person of interest. As long as data is “reasonably believed” to contain “terrorism information,” the agency can do as they wish.

[Quote]:

Verizon has filed a patent for a DVR that can watch and listen to the goings-on in your living room. In the application, the company proposes to use the technology to serve targeted ads appropriate to whatever you’re doing in the, uh, privacy of your own home—fighting, cuddling, or hanging out with your cats.

Verizon is far from the first company to think of this unassailably creepy use for a set-top box. Comcast patented similar monitoring technology in 2008 for recommending content based on people it recognizes in the room; Google proposed yet another patent for Google TV that would use audio and video recorders to figure out how many people in a room are watching the current broadcast.

Verizon filed for the application in May 2011, and it was just published last week. (By law, all patent applications are published after 18 months.) In the document, which was first noticed by FierceCable, Verizon gives two examples of the context-sensitive DVR’s use in a couple’s living room: sounds of arguing prompt ads for marriage counseling, while sounds of “cuddling” prompts ads for contraceptives. Charming.

[Quote]:

“Now we would like you to send us this file, delete it, tell us if you have given a copy of it to someone, give us the website from which you bought it including all transactions with it and the payment system and remove a couple of things from your blog. Oh and by the way, you are not allowed to disclose any part of this conversation; it is a secret that we are even having this conversation”.

[Quote]:

Verizon Wireless has begun selling information about its customers’ geographical locations, app usage, and Web browsing activities, a move that raises privacy questions and could brush up against federal wiretapping law.

The company this month began offering reports to marketers showing what Verizon subscribers are doing on their phones and other mobile devices, including what iOS and Android apps are in use in which locations. Verizon says it may link the data to third-party databases with information about customers’ gender, age, and even details such as “sports enthusiast, frequent diner or pet owner.”

“We’re able to view just everything that they do,” Bill Diggins, U.S. chief for the Verizon Wireless marketing initiative, told an industry conference earlier this year. “And that’s really where data is going today. Data is the new oil.”

[Quote]:

So that data you’re giving away online is worth something, but have you ever taken a stab at figuring out how much? A just-released privacy add-on for Firefox and Chrome, Privacyfix, gives it the old college try. Both Congress and the executive branch have been talking more about online privacy in the past couple years.

The estimates for Google and Facebook are imprecise, as the program’s creator, Privacy Choice founder Jim Brock, readily admits. “We wanted people to understand, it is a value exchange” when they use these sites, said Brock.

[..]

Brock says his estimated annual Facebook value was a mere $1.68. His daughter, perhaps unsurprisingly, is at $12. His Google value checks in at more than $700 per year, though.

The add-on also tells you how many of the websites you visit feed data back to Facebook and Google. I was surprised to see that Facebook is tracking me across 87 percent of the Internet, despite the fact that I’m a minimal user of Facebook.

[Quote]:

There’s a good reason that ‘telling tales’ is looked down on – and a good reason why it’s generally only been oppressive regimes (both real and fictional) that have encouraged people to report on their neighbours – from the worst of the Roman Emperors such as Tiberius and Caligula to the KGB, the Stasi and so forth. It’s creepy – and it helps build at atmosphere of distrust, breaking down the very things that make social networks good. The social relationships that are the heart of Facebook are meant to do ‘good’ things – not be a route by which bad things are spread.

Taking it a step further, look at the nature of the questionnaire. You’re being asked to report on a ‘friend’. If you say ‘I don’t want to answer’ that will be recorded – that’s the whole nature of Facebook – and it’s not hard to see that there could be a list of ‘people who don’t want to answer about their friends’. Indeed, under the terms of the Snoopers Charter, it wouldn’t just be Facebook who could access this kind of information: the authorities could potentially set up a filter to gather data on people who don’t confirm the names of their friends. It could be viewed as suspicious if you don’t answer – or even suspicious if you are friends with people who don’t answer. Again, this is the nature of Facebook’s social data – and how it could be misused.

[Quote]:

A software engineer in my Facebook community wrote recently about his outrage that when he visited Disneyland, and went on a ride, the theme park offered him the photo of himself and his girlfriend to buy – with his credit card information already linked to it. He noted that he had never entered his name or information into anything at the theme park, or indicated that he wanted a photo, or alerted the humans at the ride to who he and his girlfriend were – so, he said, based on his professional experience, the system had to be using facial recognition technology. He had never signed an agreement allowing them to do so, and he declared that this use was illegal. He also claimed that Disney had recently shared data from facial-recognition technology with the United States military.

Yes, I know: it sounds like a paranoid rant.

Except that it turned out to be true. News21, supported by the Carnegie and Knight foundations, reports that Disney sites are indeed controlled by face-recognition technology, that the military is interested in the technology, and that the face-recognition contractor, Identix, has contracts with the US government – for technology that identifies individuals in a crowd.

[Quote]:

“Personalization” is another word for discrimination. We’re not discriminating if we tailor things to you based on what we know about you — right? That’s just better service.

In one case, American Express used purchase history to adjust credit limits based on where a customer shopped, despite his excellent credit limit:

Johnson says his jaw dropped when he read one of the reasons American Express gave for lowering his credit limit: “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.”

We’re seeing the start of this slippery slope everywhere from tailored credit-card limits like this one to car insurance based on driver profiles. In this regard, big data is a civil rights issue, but it’s one that society in general is ill-equipped to deal with.

[Quote]:

When Microsoft shipped its Release Preview of Windows 8 in June, it announced that the default browser, Internet Explorer 10, would have the Do Not Track (DNT) signal enabled by default. That action unleashed a heated debate in the Tracking Protection Working Group of the World Wide Web Consortium (W3C).

To the advertising and analytics companies that make up the tracking industry, this issue is an existential one. If the default browser in the world’s most popular operating system is set to disallow tracking, the effect would be profoundly disruptive to companies that live and die by their ability to follow users around the web.

After much discussion, the working group agreed that DNT could only be turned on by a browser if that decision “reflects the user’s preference.” The result was a consensus by the working group that a browser (technically, a user-agent) should not enable DNT by default.

Today, Microsoft answered those critics by saying it still intends to enable DNT in Internet Explorer in IE 10. But the final released version will make one concession, according to Microsoft Chief Privacy Officer Brendon Lynch, who announced the decision in a blog post

[Quote]:

Google Inc said on Friday it had not kept its promise to delete all the personal data, such as emails, its Street View cars collected in Britain and other countries in 2010.

[Quote]:

Historically, Skype has been a major barrier to law enforcement agencies. Using strong encryption and complex peer-to-peer network connections, Skype was considered by most to be virtually impossible to intercept. Police forces in Germany complained in 2007 that they couldn’t spy on Skype calls and even hired a company to develop covert Trojans to record suspects’ chats. At around the same time, Skype happily went on record saying that it could not conduct wiretaps because of its “peer-to-peer architecture and encryption techniques.”

Recently, however, hackers alleged that Skype made a change to its architecture this spring that could possibly make it easier to enable “lawful interception” of calls. Skype rejected the charge in a comment issued to the website Extremetech, saying the restructure was an upgrade and had nothing to do with surveillance. But when I repeatedly questioned the company on Wednesday whether it could currently facilitate wiretap requests, a clear answer was not forthcoming. Citing “company policy,” Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only that the chat service “co-operates with law enforcement agencies as much as is legally and technically possible.”

So what has changed? In May 2011, Microsoft bought over Skype for $8.5 billion. One month later, in June, Microsoft was granted a patent for “legal intercept” technology designed to be used with VOIP services like Skype to “silently copy communication transmitted via the communication session.” Whether this technology was subsequently integrated into the Skype architecture, it’s impossible to say for sure.

[Quote]:

EFF Staff Attorney Jennifer Lynch testified that although “many Americans may not realize it, they are already in a face recognition database.” The Judiciary Subcommittee on Privacy, Technology and the Law held a hearing about facial recognition in regards to privacy and civil liberties. Between Facebook scanning 300 million photos a day and the FBI’s nationwide face search, real-time face recognition is coming and we desperately need privacy protections in place.

[Quote]:

So imagine your reaction when the police confiscate your entire collection of vacation photos, claim that your vacation photos contain hidden encrypted messages (which they don’t), and sends you off to jail for five years for being unable to supply the decryption key?

[Quote]:

Over the weekend Mark Zuckerberg’s recently floated company began quietly displaying @Facebook email addresses on all of its users’ Timelines.

The move immediately sparked anger from Facebookers, who complained that their third party email account names – such as Gmail or Hotmail – had been unceremoniously replaced without their say-so on the site.

As a result people may reply to your facebook email instead of YOUR email. A perfect man-in-the-middle attack on your mail