Category: privacy

On the internet, the Feds know what breed of dog you are

The downfall of Silk Road’s alleged founder is a lesson on how fragile our privacy and online security are

The arrest of alleged Silk Road founder Ross Ulbricht – also known as the Dread Pirate Roberts – has attracted plenty of media attention.

What’s particularly notable is the FBI is claiming Ulbricht made a basic mistake in posting to a website under his real name that gave his identity away.

If true, Ulbricht’s trivial mistake illustrates how easy it is for any determined investigator to find someone’s identity online from the trillion points of data we all create in the connected world.

Anyone who wants to be truly anonymous on the web has to work extremely hard to protect their identity. Most of us aren’t prepared to trade convenience for security, particularly given the massive effort required.

Even if we could protect our online habits, the use of credit cards, loyalty plans and even driving our cars still it almost impossible to escape the watch of a determined investigator.

In the early days of the web, it was said “on the internet, no-one knows you’re a dog.” Today the feds can figure out not only what breed of dog you are, but what your name is and your favourite brand of dog food.

The modern panopticon we live in is a very efficient machine and it’s difficult to hide from society’s gaze. It’s why we need to rethink privacy and information security.

Image of Presidio Modelo by Friman through Wikimedia.

Crumbling cookies

Internet cookies are dying, what will replace them?

On the last ABC radio spot we looked at how our data is being tracked, in the following 702 Sydney program with Linda Mottram we looked at the role of Internet cookies and online privacy.

Cookies – tiny text files that store visitors’ details on websites – have long been the mainstay of online commerce as they track the behaviour of web surfers.

For media companies, Cookies have become a key way of identifying and understanding their readers making these web tracking tools an essential part of an already revenue challenged online news model.

Cookies also present security and privacy risks as, like all Big Data, the information held within them can be cross-referenced with other sources to create a picture of and often identify an internet users.

These online data crumbs often follow us around the web as advertising platforms and other services, particularly social media sites, monitor our behaviour and the European Union’s Directive on Privacy and Electronic Communications is the first step by regulators to crack down on the use of cookies.

Similar moves are afoot in the US as regulators start to formulate rules around the use of Cookies, in an Australian context, the National Privacy Principles apply however they are of limited protection as most cookies are not considered to be ‘identifiable data’, the same get out used by US government agencies to monitor citizens’ communications.

Generally these rules promise to be so cumbersome for online services Google is looking at getting rid of cookies altogether .

Ditching cookies gives Google a great deal of power with its existing ways of tracking users and ties into Eric Scmidt’s stated aim of making the company’s Google Plus service an identity service that verifies we are who we say we are online.

Whether Google does succeed in becoming the web’s definitive identity service remains to be seen, we are though in a time where the questions of what is acceptable in tracking our online behaviour are being examined.

For the media companies and advertising, putting the control of online analytics in the hands of one or two companies may also add another level of middle man in a market where margins are already thin if not non-existent.

It may well be that we look back on the time when we were worried about  internet cookies tracking us as being a more innocent time.

A trillion points of data

As shopping centres, social media services and police forces collect greater amounts of information about us, we need to understand and manage the risks involved.

Last night, current Affairs program Four Corners had a look of the risks to families in the age of Big Data.

Earlier in the day I had the opportunity to speak on ABC 702 Sydney with the program’s reporter, Geoff Thompson, to discuss some of the issues and take listeners’ calls about Big Data and security.

What stood out from the audience’s comments is how most people don’t understand the extent of how data is being shared. The frightening thing is the Four Corners program itself understated the extent of how information is being distributed around the internet.

Looking beyond social media

Social media sites like Facebook are an obvious and legitimate area of concern with most people not understanding the ramifications of the terms and conditions of these services, however Big Data is a far more that what you share on LinkedIn or Instagram.

A major point of the program was how the New South Wales police force’s Automatic Number Plate Recognition (ANPR) equipment stores photographs of car license plates.

One of the applications of ANPR shown during the program was how an officer can be warned that a vehicle has owned by someone potentially dangerous or used in a suspicious situation, allowing them to be more cautious if they decide to pull a car over. Probably the greatest application is getting unregistered, uninsured or unlicensed drivers off the road.

Those sorts of usage is the positive side of Big Data and its role in reducing the road toll, the example also illustrates how data points are coming together with the internet of machines as traffic lights, road signs and cars themselves are communicating with each other and those police databases.

When that information is put together there’s a lot valuable intelligence and that’s why people are concerned that the NSW Police are storing millions of apparently useless images of car number plates with the time and location of the photographs.

These technologies aren’t just being used in shopping centres; instore mobile phone tracking combined with the same numberplate recognition the police use watching who is entering the carparks makes it possible to predict buying patterns and target offers to shoppers.

Couple that information with store loyalty cards and add in rapidly developing facial recognition, retailers have a very powerful way of monitoring how their customers behave.

“What instore analytics does is it takes the same kind of capablities that e-commerce sites have had for more than a decade and apply them to brick and mortar stores,” says Retail Next’s Tim Callen. Using the store’s CCTV system the company applies facial recognition software to track shoppers’ behaviour.

Securing the data feeds

The immediate concern is the security of this data, we’ve covered the hackable baby monitor and the Four Corners program examined Troy Hunt’s exposure of security flaws in Westfield Shopping Centres’ Find My Car App. Similar security concerns surround government databases like the NSW Police’s numberplate store.

As we’ve seen with the repeated data breaches of 2011, the management of big and small organisations like Sony or Stratfor don’t take security seriously. It’s hard to recall any senior public servant being held accountable for a security breach by their department.

A billion points of data

On their own, each of these data points means little but for a motivated marketer, tenacious police officer or determined stalker pulling those separate information sources together can pull together an accurate picture of a person’s private information, habits and beliefs.

Almost all the collectors of this data claim this information is anonymised or isn’t personal information, unfortunately there’s mismatch between the definition of private data and reality as number plates and mobile phone MAC addresses are not considered private, however they provide enough insight for an individual to be identified.

That aspect isn’t understood by most people, the final caller to the ABC Radio spot asked why she should be bothered worrying about privacy – it doesn’t matter.

As French politician Cardinal Richelau said in the Seventeenth Century, If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him

Today we each have six million points of data that can hang us, in a decade it could easily be a billion. We need to understand and manage the risks this presents while enjoying the benefits.

Microsoft’s China crisis

Microsoft’s Chinese partner is blocking Skype messages and possibly passing user details onto PRC authorities. This security concern could damage both Microsoft and Skype.

That the Chinese Public Security Bureau is blocking your messages – and may even be reading them – would make anyone pause before they used a service.

Bloomberg Businessweek reports Microsoft Skype is doing exactly this with its Chinese customers. Anything deemed inappropriate is censored and referred to servers belonging to TOM Online, the company that runs the Skype service on behalf on Microsoft in China.

The Bloomberg story goes onto detail how one Canadian researcher is reverse engineering the Chinese blacklists, giving us a wonderful insight into the petty and touchy minds of China’s censors and political leaders.

What raises eyebrows about this story is how nonchalant Microsoft is about this issue, in a wonderful piece of corporate speak the software giant answered Bloomberg’s question with the following bland statement;

“Skype’s mission is to break down barriers to communications and enable conversations worldwide,” the statement said. “Skype is committed to continued improvement of end user transparency wherever our software is used.”

Microsoft’s statement also said that “in China, the Skype software is made available through a joint venture with TOM Online. As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws.”

Microsoft have to fix this problem quickly, glibly saying the Chinese government eavesdropping on conversations is a matter for partners is not going to be accepted by most customers.

It would be a shame should Microsoft’s Skype investment fail – Skype is a very good fit for Microsoft, particularly when the technology is coupled with the Linc corporate messaging platform, so squandering goodwill over protecting users’ conversation seems counterproductive.

One of the great business issues of this decade is the battle to protect users’ privacy. Those who don’t do this, or don’t understand the imperatives of doing so, are going to lose the trust of the marketplace.

Twenty years ago, Microsoft could have risked this. Today they can’t as they struggle with a poor response to their Windows 8 operating system and their mobile phone product.

Losing the trust of their customers may be the final straw.

Privacy is not someone else’s problem

Modern technology tools have made privacy an issue for everyone

Early this year a storm broke out about privacy in the United States when a computer rental company was caught spying on its customers.

Technology website Ars Technica has an excellent story describing what the company was doing and the software they were using.

What the story of PC Rental agent shows is that even small businesses have the tools to run serious surveillance on their customers and some will do so simply because they can.

The days when privacy could be dismissed as the concern for a few sensitive celebrities, sports people and politicians with something to hide are over – privacy is now your problem.

Guarding your words

Mitt Romney and Alan Jones show how smartphones are changing politics and business

US presidential candidate Mitt Romney and Australian radio commentator Alan Jones have in one thing in common – not understanding that almost every person they know is carrying a listening device.

The smartphone is a powerful tool and one of its great features is how it makes a great dictation device, you can use the built in recording applications to jot down ideas or make a record of important conversations.

Political events are a great opportunity to record the candidates’ or speakers’ talks and this is what has caught both Jones and Romney.

The 47% dependent on welfare slur has probably sunk Romney’s presidential campaign. At the very least it’s exposed the contradictions at the heart of the Republican agenda as they try to demonise those receiving government entitlements while trying to win the votes of older Americans who rely on state subsidies to survive.

In many ways the US Republicans are facing the problem of electorates that believe their entitlements are sacred that all Western politicians will be grappling with over the next quarter century.

This contradiction isn’t something either the media or the Western political classes have the intellectual capacity to deal with, so there is little chance of a rational debate on the economic sustainability of the entitlement culture.

For Romney, this contradiction now threatens to sink his campaign.

The Jones problem is somewhat different, this nasty little man was speaking to the next generation of Australian Liberal Party apparatchiks and the controversy about his tasteless comments will probably improve his standing in the sewer in which he floats. In the wider community outside Jones’ increasingly narrow circle of influence his comments only confirm the low opinion decent people have of this man.

Jones though is not naive when using the media, the real naivety is among his guests. It’s been reported that before the event the audience were asked “if there were any journalists present”.

That question being asked betrays any claim that the organisers didn’t know Jones’ comments would be offensive. It also shows how the modern political fixer misunderstands the nature of today’s media. It’s likely a recording of proceedings would have leaked out through an enthusiastic supporter showing off.

What’s really instructive is how the kindergarten apparatchiks of the Young Liberals believe that shutting down recording devices will remove the risk of being held accountable. That mentality is pervasive through government and politics – shut down discussion and lie about what happened.

All of these politicians have to understand something Alan Jones has known all along; that a microphone should be treated like a loaded weapon and never assumed to be turned off and safe.

The days of what was said to the Poughkeepsie Chamber of Commerce or the Cootamundra Country Womens Association not being reported outside the local community are long gone. If you don’t want something broadcast nationally, then don’t say it.

On balance, this is good for democracy and leadership as it makes all politicians – and business leaders – far more accountable and transparent.

Accountability and transparency are anathema to the apparatchiks who run the political parties of the Western world. These people, despite their access to power, are ultimately going to be found wanting in a world where there is a recording device in almost every person’s pocket.

There are genuine privacy concerns with smartphones but for business and political leaders the days of “speaking with a forked tongue” are over. This is not a bad thing.

Facebook’s final fail

Has Facebook gone to far with its address changes

We’ve come to expect Facebook storing and manipulating our personal data, but is changing our contacts’ email addresses the final straw for the social media service?

Last week Facebook started changing users’ default email addresses to their inbuilt @facebook accounts.

This was irritating for many users, but now it appears the social media service has gone too far with changing the address books of their users.

If you have connected your iPhone, Android or Windows smartphone address books to the Facebook App, there is a chance that your contacts’ email addresses are now set to send to the user’s Facebook address rather than their “normal” email account.

When you synch your phone with your PC or laptop these changes will also be made in your main address book.

Given most people don’t use their Facebook supplied email this means many people won’t see messages sent to that address. This is a serious problem

You can check if your address book has been changed by simply looking at your contacts’ email addresses.

If it has, let your contacts know their addresses may have been changed as they can change the settings on their accounts. Read Write Web has instructions on fixing the address book problem.

Facebook’s behaviour on this is seriously worrying, it’s bad enough they store all of our data but altering our personal information is for me a bridge too far.

Given most mobile phone users would rather have their wallet stolen than lose their handset, Facebook’s messing with phones address book is going to shake their confidence in the service far more than the myriad privacy issues.

If the IPO was Facebook’s peak, it could well be this poorly thought out tactic that marks the beginning of the company’s decline.

Triangulating privacy out of our lives

Social media sites will have to deal with increased government regulation.

Lost among the noise of Facebook’s rumoured plans to launch a kids’ network, there’s quiet pressures developing as consumers start to realise the value of their data – the pressure to regulate social media.

In his Rethinking Privacy in an Era of Big Data, New York Times writer Quentin Hardy raises some of the issues about the data which is being collected about us.

One of the big areas is triangulation – building a picture of somebody based upon seemingly unrelated data. Quentin explains it in the example of somebody who might be looking for a job.

There other ways in which we can lose control of our privacy now. By triangulating different sets of data (you are suddenly asking lots of people on LinkedIn for endorsements on you as a worker, and on Foursquare you seem to be checking in at midday near a competitor’s location), people can now conclude things about you (you’re probably interviewing for a job there) that are radically different from either set of public information.

The key word of course is “conclude” – we base an assumption on what we think we know. It could turn out those LinkedIn endorsements could be part of a performance review and the competitor’s location could right next door to a hot new lunch spot.

We should also keep in mind the value of this data is asymmetric as the value of this data to a third party is low, if anything. But to the individual it could mean losing a job and other major consequences.

A good example of this is the story of how a UK hospital trust lost highly sensitive health records of thousands of patients, including those being treated for HIV.

The trust ended up being fined £325,000 but that fine is trivial compared to the massive individual cost from just one of those records being released.

Fines are a lousy way of enforcing privacy anyway, as the financial penalties are just passed onto shareholders or taxpayers.

The only meaningful sanction for failures like the Brighton General Hospital breach are holding individuals, particularly managers, personally responsible.

As we saw in the successive Sony security breaches last year, most organisations aren’t interested in holding their senior managers responsible for even the most egregious data failures.

This failure of the corporate sector to protect consumer data will almost certainly drive calls for government regulation and sanctions.

Microsoft researcher Danah Boyd  flags this regulation issue in Quentin Hardy’s New York Times piece, saying “Regulation is coming,” she says. “You may not like it, you may close your eyes and hold your nose, but it is coming.”

Danah also makes an important point that users – particularly kids – have developed tactics to obscure their ‘digital footprints’.

For Danah, and others trying to understand what is happening online, this causes a problem, “When I started doing my fieldwork I could tell you what people were talking about. Now I can’t.”

These tactics of creating dummy social media profiles and using euphemisms are a huge threat to the business plans of social media services and the “identity services” desired by Google’s Eric Schmidt.

As data becomes less reliable, or more difficult to triangulate, the value of it to advertisers falls.

It may well be that regulation of social media and web services ends up not being necessary as users become more net savvy. For medical and other personal data though, it’s clear we have to rethink the way we use and store it.

Do you want to be the personal lubricant guy?

A reminder why you need to be careful with your Facebook likes.

Nick Bergas is a multimedia producer in Iowa City, but to Facebook he’s a live advertisement for personal lubricant.

As the New York Times reports, last Valentines Day Nick saw an Amazon listing for a 55 gallon drum of personal lubricant, ticked the product’s Facebook “Like” button  and added a witty comment to his friends.

Shortly afterwards, Nick’s face started appearing in Facebook sponsored posts for big drums of personal lubricant.

Last year I wrote The Privacy Processors on how Facebook is using our personal data and Nick’s story is a good example of how every like, relationship or comment is potential fodder for Facebook’s marketing platform.

While Nick seems pretty chilled about his Facebook celebrity, for some it might not be so benign.

As we’ve seen for student teachers and others, an innocent or even funny posting may be a problem to those without perspective or a sense of humour.

For Facebook and other social media services, Nick’s story also illustrates a problem – that of “Garbage In, Garbage Out”.

While one of Facebook’s major assets is its huge user database, there’s no guarantee the data is accurate or useful.

Selling Nick’s details to a bulk medical lubricant wholesaler is pretty pointless, but that sort of intelligence is key to the future value of Facebook.

That much of the data gathered is the flaw at the heart of Facebook’s bid data aspirations and Google’s hopes to become an identity engine with Google+.

For us mere individuals, the lesson is we need to be a little bit careful about pressing those “like” buttons; explaining your affinity with bulk lubricants could be a bit tricky with your mum or partner.

Leaving Facebook

Shutting down an account with the popular social media service isn’t easy but can be done.

In our social media segment for December 2011’s ABC Nightlife a listener asked about closing down their Facebook account.

Leaving Facebook isn’t easy, but it can be done and we’ve covered closing down a Facebook profile on the Netsmarts website.

The December Nightlife spot looked at a lot of social media issues and answered other listener’s questions about some of the challenges online. Some of those questions are listed on the page and the program

December’s spot was the last for 2011 and next scheduled Nightlife spot will be on February 9 however we will probably have some segments over the Christmas period and we’ll let newsletter subscribers know as we find out.

Technology with Carol Duncan on ABC Newcastle

On ABC 1233 Newcastle with Carol Duncan we discuss privacy and security on social media after Facebook’s privacy changes.

In the occasional tech spot with Carol Duncan, we looked at Facebook’s new changes and what they mean to users.

The immediate changes to Facebook are the News Feed at the top of the page where updates and posts will be ranked according to what Facebook thinks are your interests, to the left of the screen is “the ticker” which will give summaries of updates.

Coming in the next few weeks will be the Timeline feature which will give show the history of all your posts.

A great summary of the changes with a hands on review is Jason Kincaid’s article on the Facebook changes in Tech Crunch. The official Facebook blog goes into the detail of all the new features.

The purpose of these changes is to increase Facebook’s value as an advertising platform and it raises the question of the viability of these networks.

One of the interesting features of these changes is that users will start seeing increased advertising, if you’re not happy with this our Netsmarts site goes through the process of shutting down your Facebook account.

Join us on ABC Newcastle with Carol Duncan to discuss these issues and more.