Category: privacy

Dispelling the internet of snoops

For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.

Last October New York lawyer Michael Price bought a new TV and what he read in the accompanying paperwork disturbed him.

In “I’m terrified of my new TV: Why I’m scared to turn this thing on” Price described how Samsung’s privacy policy worried him, particularly the way the voice recognition data was handled, “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.”

Disgraced former CIA director David Petraeus told a venture capital conference in 2012 that security agencies will track people through their dishwashers and Price pointed out a smart TV listening to a room’s conversations fits Petraeus’ vision nicely.

At the time of its publication at the end of October Price’s story received some coverage among the information security, privacy and internet of things community then sank until last weekend when a tech site picked it up.

At that stage, the story took on a new life with media outlets around the world running stories on how Samsung TVs are spying on customers.

For Samsung the story is was major embarrassment and they were quick to point out they don’t actually collect data.

To be fair to Samsung, they aren’t alone in having products that can listen to their users; almost every voice activated device has this capability and we can expect everything from smartphones to TVs and connected cars to be able to record voice and, through cameras, our movements.

The marketing and social media industries, like General Petraeus, are enthusiastic about the surveillance opportunities of these devices; Facebook’s  Share and Discover feature for instance opens the microphone when a user starts typing an update to determine what music is being played.

In the internet of things, it’s not just a smart TVs microphone that’s a potential problem as pretty much every connected device is generating information that can be used by government agencies, insurance companies and plaintiffs to track hapless users.

Collecting this data also presents a range of risks beyond subpoenas from government agencies and angry litigants, for the vendors of smart devices there is also the problem of complying with various privacy rules, securely storing customers data and ensuring their business partners also respect user information.

Samsung tried to manage this risk by adding a ‘don’t say stuff near our TV’ clause in the term and conditions, something that backfired dramatically and illustrates the impossibility of managing risk out of your business.

While companies will struggle with the legalities of capturing massive amounts of customer data, the public in general have to face the risks of allowing everything from their kettles to their cars collecting information on them.

The predicament for users is that turning off the ‘smart’ functions – assuming that is possible – remove much of the device’s functionality so the trade off between convenience, security will be a difficult compromise for many people.

For the Internet of Things industry the task now is to convince the public their devices are trustworthy, stories like the Samsung TV snooping on people isn’t going to help their efforts.

In tech we trust

How much can we trust technology? A World Economic Forum panel discusses the issues.

“There is a big problem with trust today,” says cable operator Liberty Global’s Micheal T. Fries.

He was sitting on a fascinating panel at the World Economic Forum this week with Yahoo! CEO Marissa Mayer, Salesforce founder Marc Benioff and World Wide Web creator Tim Berners-Lee looks at the issue of trust in the tech world.

In a world where everyone wants access to our data, it’s a pertinent and timely discussion from people at the front line of where these issues of ethics and privacy are being dealt with.

Burning user trust

How Whisper burned its users trust with false security and privacy promises

The Guardian today has a stunning expose on the Whisper social media network and its practice of tracking users.

In trying to sell its services to the Guardian, the company showed that it was betraying their promises of anonymity to its users.

Whisper’s behaviour is particularly disgraceful given the service’s promise of user confidentiality and their changing of their terms of service only shows the company’s struggle to understand ethics.

No social media service can afford to burn user trust in the way Whisper has.

If you’re going to promise users anonymity and security then you better deliver. Whisper has failed

 

You’re being scanned

Recognition technology is advancing rapidly, creating opportunities for marketers and privacy concerns for consumers.

A  cute little story appeared on the BBC website today about the Teatreneu club, a comedy venue in Barcelona using facial recognition technology to charge for laughs.

In a related story, the Wall Street Journal reports on how marketers are scanning online pictures to identify the people engaging with their brands and the context they’re being used.

With the advances in recognition technology and deeper, faster analytics it’s now becoming feasible that anything you do that’s posted online or being monitored by things like CCTV is now quite possibly recognise you, the products your using and the place you’re using them in.

Throw all of the data gathered by these technologies into the stew of information that marketers, companies and governments are already collecting and there a myriad of  good and bad applications which could be used.

What both stories show is that technology is moving fast, certainly faster than regulatory agencies and the bulk of the public realise. This is going to present challenges in the near future, not least with privacy issues.

For the Teatreneu club, the experiment should be interesting given rich people tend to laugh less; they may find the folk who laugh the most are the people least able to pay 3o Euro cents a giggle.

Metadata and privacy on ABC overnights

On ABC Radio Overnights we discussed privacy and metadata

In the early hours of this morning I spoke with Rod Quinn on ABC Overnights about what exactly is metadata in light of current Australian government plans to mandate a data retention law for internet service providers.

Part of the problem in the debate is defining exactly what metadata is, something I’ve attempted to do previously.

The attempt to bring clarity to the discussion isn’t being helped by the confusing explanations of politicians as shown in this interview with Malcolm Turnbull, the communications minister, shows.

One of the things that kept coming up in the conversation, which we hope to have available shortly, was people who have nothing to hide should have nothing to fear.

These two videos — Don’t Talk To Cops Parts I and II — feature a law professor and police prosecutor speaking about how innocent people can be caught out by the law.

First the law professor;

Then the police prosecutor;

A question the law professor asks, “did you know it’s a Federal offence to posses a lobster?” The answer is ‘yes’ and in every country there’s almost no way any individual can be confident they haven’t committed a crime under some obscure or archaic law.

This is why an adult discussion on laws that change the burden of proof and how government agencies conduct themselves is important.

Another key point from this morning’s conversation is how we need to reconsider the boundaries of privacy and personal information.

The messy business of metadata

At present we’ve defined metadata too broadly and private information too narrowly which allow governments and businesses to overreach

“We kill people based on metadata,” former US National Security Agency director Michael Hayden told a panel at John Hopkins University last year.

That statement brings sharply into focus the current Australian debate about Telcos being mandated to retain metadata. This information is powerful and can be used in ways not expected by the community.

How metadata is used depends upon how it is defined; one of the worrying parts of the Australian debate is just how nebulous the definition of ‘metadata’ is.

Defining metadata

The basic definition of metadata is that it is ‘data about data’, every packet of data that’s transmitted across the internet is wrapped in information to help the network deliver it to its intended location in a useful form.

Strictly speaking this is where the glib ‘address on the envelope’ line so beloved by clueless politicians promoting data retention comes in; this information is useful but not private as anyone can see it.

That view underlies the defining metadata case, the 1979 US Supreme Court’s Smith v Maryland case, that held telephone numbers are not private information as they’ve been disclosed to the phone company.

Metadata everywhere

With the rise of digital technologies, metadata became much more than just phone numbers and addresses; digital cameras encode photographs with EXIF information that includes details of the date, time camera, shutter speed, focal length and increasingly the location where the photo was taken.

The smartphone you might take that photo with is logging into base stations which telcos are tracking, this is one of the applications law enforcement agencies regularly use to catch criminals, and increasingly near field communications like BlueTooth are being logged by everything from toll gates to bus shelters to track phone usage.

Every email sent has dozens of lines of metadata describing the servers, routing and software used in sending it. Only a tiny fraction of a Twitter message is the 140 character content, the rest is metadata.

This site has hundreds of lines of metadata to tell your browser how to display it and your browser itself is storing dozens of cookies that tell other sites where you’ve been – all of this is metadata.

When we add the Internet of Things to the metadata debate things get even more complex. As home devices, smartcars and wearable technology generating packets of data, it becomes far easier for governments and private enterprise to stitch together a complete picture of an individual even without looking at the actual content of the packets.

The risks for service providers

As Australian ISP iiNet raised in an excellent submission to the Senate committee on data retention, collecting all of this data creates costs and risks for service providers as they have to store, manage and protect massive amounts of data.

Most of that data will never be looked at, but agencies want the information stored because they can. The bizarre thing is that under Australian law, specifically section 313 of the Telecommunications Act, is that a public servant – not just a a law enforcement officer – only has to ask for the information.

For most people the dangers of government surveillance are remote however all of this information is also available to private organisations ranging from health insurers to credit checking bureaus; the real debate is just how much data do we want others to have on our private lives.

At present we’ve defined metadata too broadly and private information too narrowly.

What’s notable in every discussion about increasing government or police powers is the mantra of getting the laws to catch up with technology.

In the case of metadata it may well be the definition of individual rights has to catch up with modern technology, not the powers of government.

Respecting the user – Drummond Reed of the Respect Network

The Respect Network’s Drummond Reed sees personal clouds as the future of online privacy

Drummond Reed, CEO of the Respect Network, is the latest guest on the Decoding the New Economy channel.

The Respect Network offers ‘private clouds’ for individuals and companies where users can choose to trust others to share information.

After over twenty years of working in the IT security industry, Drummond founded the Respect Network after becoming worried at the power social networks are having over individuals’ privacy.

Drummond explains how a network designed to be private may be the future of online services.

“The internet is only 18 years old,” says Drummond. “We want to bring it into adulthood.”

Privacy and mutual respect

Privacy and mutual respect – the assumption underlying the Respect Network and online trust

Tonight was the Australian launch of the Respect Network in Sydney which followed similar events in London and San Francisco. I’ll be writing more on this over the next few days.

One of the key questions when considering the Respect Network is how much the average internet user values privacy; the business model of the service relies upon people being prepared to pay to preserve their privacy.

Another question is how many lies people will tell to get free or cheap stuff – respect is a two way thing.

ABC Nightlife – security, dropping off the grid and 4D printing

Apple Security, the Heartbleed bug and dropping off the grid are the topics of the May 2014 ABC Nightlife spot

Paul Wallbank joins Tony Delroy on ABC Nightlife across Australia from 10pm Australian Eastern time tonight to discuss how technology affects your business and life.

For the May 2014 spot we looked at computer security, specifically Apple ransomware and The Heartbleed bug along with dropping off the grid, 4D printing and the future of design.

To protect from the Oleg Pliss ransomware – or any similar problems – have a strong password, enable the screen passkey and enable two factor authentication.

Join us

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on the night on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

Tune in on your local ABC radio station from 10pm Eastern Summer time or listen online at www.abc.net.au/nightlife.

You can SMS Nightlife’s talkback on 19922702, or through twitter to @paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.

Privacy by design

How can businesses protect customers’ privacy, Intel Security’s Michelle Dennedy discusses how to bake privacy into your organisation

“Know your data” is the key tip for businesses concerned about privacy says Michelle Dennedy, Chief Privacy Officer for Intel Security, formerly McAfee.

“It’s really important to go back to basics,” says Michelle. “We’re trying to do bolt-on privacy, just like we did with security years ago. I think it’s time to take a good look at the policy side, which id called Privacy By Design, thinking about it at early states and being consumer-centric.”

“We at McAfee call it ‘Privacy Engineering’; looking at the tools. methodologies and standards from the past, adding current legislative requirements and business rules then turning them into functional requirement.”

Michelle, who is also co-author of the Privacy Engineering Manifesto, was speaking to Decoding The New Economy as part of Privacy Awareness Week.

A key part of the interview is how Michelle sees privacy evolving in a global environment, “if you’d asked me in 2000 where we’d be today I’d have told you it would be like the 1500s when we were dealing with shipping lanes. We would have treaties, it would harmonised and we’d understand that global trade is a hundred percent based upon sharing.”

“We have instead decided to become a set of Balkanized nations.”

For individual businesses “know thy data,” is Michelle’s main advice. “Know what brings you risk, know what brings you opportunity.”

In Michelle’s view, businesses need to balance the opportunities against the risks and treat customers data with respect as the monetisation policies of many online platforms don’t recognise users’ costs in time and data sold.

As businesses find themselves being flooded with data, protecting it and respecting the privacy of customers, users and staff is going become an increasing important responsibility for managers.

It’s worthwhile understanding the privacy laws as they apply to you and making sure your systems and staff comply with them.

Dropping off the grid

Can you drop off the grid and hide from Big Data? The results of one lady’s experiment aren’t encouraging.

Just how hard is it to hide from big data? ABC Newcastle’s Carol Duncan and I will be discussing this from 2.40 this afternoon.

Princeton University assistant professor of sociology Janet Vertesi decided she’d find out by trying to conceal her pregnancy from the internet.

She describes her experiences to Think Progress and the lessons are startling on how difficult it is to drop off the Internet and business databases.

While it’s easy to tritely say ‘don’t use the internet’, Janet found that using cash to avoid being picked up by bank databases raises suspicions while not using discount voucher or store cards meant she missed out on valuable savings.

For many people though dropping off the internet is not an option – not having a LinkedIn profile hurts most job hunters’ chances of finding work while if you want to participate in communities, it’s often essential to join the group’s Facebook page.

The amazing part of all is that Janet herself became a Google conscientious objector two years ago after deciding the company’s data collection methods were too intrusive. Yet she still found it hard to keep the news of her baby off the internet.

Ultimately her friends were the greatest risk and she had to beg them not to mention her pregnancy on Facebook and other social media channels lest the algorithms pick that up.

For Janet, it proved possible but it was really hard work;

Experience has shown that it is possible, but it’s really not easy, and it comes with a lot of sacrifices. And it requires some technical skill. So to that end, it’s my concern about the opt-out idea. I don’t actually think it’s feasible for everyone to do this.

So can you drop off the net? Do you know if you’re on it at all. Join us on ABC Newcastle with Carol Duncan from 2.40 to discuss these issues and more.

Filing cabinet image by ralev_com through SXC.HU

“He looks like a geek”

The media scrum around alleged Bitcoin founder Dorian Nakamoto is based on some flimsy thinking

The unseemly media scrum around alleged Bitcoin inventor Dorian Nakamoto has not been the press’ finest hour.

What’s more worrying though is a Business Insider interview with Sharon Sargent a ‘forensics analyst’ who was part of the Newsweek investigative team.

A systems engineer by training with experience in computing security, military protocol analysis, and artificial intelligence, Sergeant said everything she found converged on an individual with a background apparently similar to hers — and who ended up sharing a name with Bitcoin’s creator.

“I said, ‘I think I know this guy — he wears a pocket protector, he has a slide rule, he comes from that genre,’ which was very different from other characterizations,” she told BI by phone Friday.

He wears a pocket protector and uses a slide rule? Hell yeah, not only did he create Bitcoin but he’s probably a witch as well.

One hopes Newsweek have found the right man.

Picture courtesy of forwardcom through sxc.hu