B12 Solipsism

Spreading confusion over the internet since 1994

Archive for the ‘surveillance’ tag

Experian Sold Consumer Data to ID Theft Service

without comments

We Finally Came To Realize

We Finally Came To Realize

A troubling tale via Krebs on Security

An identity theft service that sold Social Security and drivers license numbers — as well as bank account and credit card data on millions of Americans — purchased much of its data from Experian, one of the three major credit bureaus, according to a lengthy investigation by KrebsOnSecurity.

Contacted about the reader’s claim, U.S. Info Search CEO Marc Martin said the data sold by the ID theft service was not obtained directly through his company, but rather via Court Ventures, a third-party company with which US Info Search had previously struck an information sharing agreement. Martin said that several years ago US Info Search and CourtVentures each agreed to grant the other company complete access to its stores of information on US consumers.

Founded in 2001, Court Ventures described itself as a firm that “aggregates, repackages and distributes public record data, obtained from over 1,400 state and county sources.” Cached, historic copies of courtventures.com are available through archive.org.

THE ROLE OF EXPERIAN

In March 2012, Court Ventures was purchased by Costa Mesa, Calif.-based Experian, one of the three major consumer credit bureaus. According to Martin, the proprietors of Superget.info had gained access to Experian’s databases by posing as a U.S.-based private investigator. In reality, Martin said, the individuals apparently responsible for running Superget.info were based in Vietnam.

Martin said he first learned of the ID theft service after hearing from a U.S. Secret Service agent who called and said the law enforcement agency was investigating Experian and had obtained a grand jury subpoena against the company.

While the private investigator ruse may have gotten the fraudsters past Experian and/or CourtVentures’ screening process, according to Martin there were other signs that should have alerted Experian to potential fraud associated with the account. For example, Martin said the Secret Service told him that the alleged proprietor of Superget.info had paid Experian for his monthly data access charges using wire transfers sent from Singapore.

“The issue in my mind was the fact that this went on for almost a year after Experian did their due diligence and purchased” Court Ventures, Martin said. “Why didn’t they question cash wires coming in every month? Experian portrays themselves as the databreach experts, and they sell identity theft protection services. How this could go on without them detecting it I don’t know. Our agreement with them was that our information was to be used for fraud prevention and ID verification, and was only to be sold to licensed and credentialed U.S. businesses, not to someone overseas.”

Experian declined multiple requests for an interview.

(click here to continue reading Experian Sold Consumer Data to ID Theft Service — Krebs on Security.)

Or Pay The Price
Or Pay The Price

so if your account was one of the unlucky ones, what was stolen?

These services specialized in selling “fullz” or “fulls,” a slang term that cybercrooks use to describe a package of personally identifiable information that typically includes the following information: an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords. Fulls are most commonly used to take over the identity of a person in order to engage in other fraud, such as taking out loans in the victim’s name or filing fraudulent tax refund requests with the IRS.

All told, findget.me and superget.info acquired or sold fullz information on more than a half million people, the government alleges.

Why exactly do we as a society allow Experian and similar organizations collect this data in the first place? They accumulate the data, and sell it to advertisers, or to scammers, and what benefit does it bestow on us? Other than headache and grief…

There was much gnashing of teeth when we discovered just how many hard disks the N.S.A. has filled with our personal data, why does Experian and other similar corporations get a pass from the public?

Revolution of The Innocent
Revolution of The Innocent

especially when Experian will skip away from this investigation with nothing more than a slap on the wrist with a wet noodle…

Meanwhile, it’s not clear what — if any — trouble Experian may face as a result of its involvement in the identity theft scheme. This incident bears some resemblance to a series of breaches at ChoicePoint, a data aggregator that acted as a private intelligence service to government and industry. Beginning in 2004, ChoicePoint suffered several breaches in which personal data on American citizens was accessed by crooks who’d used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. ChoicePoint was later sued by the U.S. Federal Trade Commission, an action that produced a $10 million settlement — the largest in the agency’s history for a violation of federal privacy law.

Experian makes about $500,000,000 in profit a year, btw.

Written by Seth Anderson

October 27th, 2013 at 11:05 am

Posted in Business

Tagged with , , ,

N.S.A. Gathers Data on Social Connections of U.S. Citizens

without comments

Eye see u Willis
Eye see u Willis

Oh, nothing to worry your pretty heads about

A series of agency PowerPoint presentations and memos describe how the N.S.A. has been able to develop software and other tools — one document cited a new generation of programs that “revolutionize” data collection and analysis — to unlock as many secrets about individuals as possible.

The spy agency, led by Gen. Keith B. Alexander, an unabashed advocate for more weapons in the hunt for information about the nation’s adversaries, clearly views its collections of metadata as one of its most powerful resources. N.S.A. analysts can exploit that information to develop a portrait of an individual, one that is perhaps more complete and predictive of behavior than could be obtained by listening to phone conversations or reading e-mails, experts say.

Phone and e-mail logs, for example, allow analysts to identify people’s friends and associates, detect where they were at a certain time, acquire clues to religious or political affiliations, and pick up sensitive information like regular calls to a psychiatrist’s office, late-night messages to an extramarital partner or exchanges with a fellow plotter.

(click here to continue reading N.S.A. Gathers Data on Social Connections of U.S. Citizens – NYTimes.com.)

PRISM
PRISM

except, as reported by Maureen Dowd of all people, the NSA has built a monster in Utah

The Bluffdale sinkhole, which has quietly started sucking in mountains of data in the shadow of mountains, is the lockbox. This squat, ugly complex of four buildings is the creepy symbol of the N.S.A.’s remorseless reach deep into our lives. I drove onto the Utah National Guard’s Camp Williams base to see the concrete data cloud up close.

Never mind puny terabytes. Or even exabytes, a handful of which can hold all knowledge from the dawn of man, according to estimates.

James Bamford, the chronicler of the untrammeled powers of the “Puzzle Palace,” as he calls the N.S.A., wrote in Wired that the Utah tower of Babel may be able to store a yottabyte. That is equal to a septillion bytes or about 500 quintillion (500,000,000,000,000,000,000) pages of text.

“It’s basically the N.S.A.’s external hard drive,” Bamford told me, noting that our phone call was no doubt being logged by the Bluffdale computers. “It holds more private information than anyplace else on earth.”

Bamford believes that the N.S.A. has transmogrified from an agency that “watched the Soviet Union to make sure it didn’t blow us up with nuclear weapons,” to one “that keeps collecting and collecting and collecting but doesn’t seem to do us any good.”

“They saw 9/11 and all these other terrorist attacks on CNN. They didn’t have a clue. The more electronic hay they stack on their haystack, the more difficult it is to find the needle.”

(click here to continue reading Creeping Cloud – NYTimes.com.)

Revolution of The Innocent
Revolution of The Innocent

because, in truth, the NSA doesn’t have to tell the truth about what it does, allegedly in our names:

Democratic Senator Ron Wyden of Oregon told me ruefully that on Thursday, “Alexander put in a lockbox information that he’s told the public he doesn’t have. This is what we’re dealing with.

“They think it’s O.K. to repeatedly say one thing to the public about domestic surveillance and do something completely different in private,” continued Wyden, who pressed Alexander about whether they’re collecting cellphone location information.

The senator is skeptical that the N.S.A. is open to reform, noting, “They’re just putting the same wine in a new bottle.”

We’ve always been at war with Eurasia, right?

Written by Seth Anderson

September 29th, 2013 at 9:45 am

Posted in government,politics

Tagged with ,

Big Data Owns You And You Cannot Opt Out

without comments

Electric Eye
Electric Eye

So Big Data is not only collecting, and selling your information online, but in retail stores too. I know we are being trained to just shrug our shoulders and chalk it up to living in the 21st C.E., but I can’t quite get comfortable with the idea that corporations have accumulated so much information about me and you that the information is a commodity. We’ve discussed how prevalent this activity is, a few times, or more.

The technology that allows stores to track shoppers’ cellphones, for instance, works even when customers do not log on to the Wi-Fi networks of stores. The only way a cellphone user can avoid being tracked is to turn off the Wi-Fi feature on their phones, which few are likely to do if they are unaware of the monitoring in the first place. While a few retailers like Nordstrom have posted signs telling customers that they were being monitored in this way, many others do not do so. (Nordstrom stopped tracking cellphones in May, partly as a result of complaints from customers.)

If stores want to track their customers, they should tell the public what they are doing and give people the ability to opt out of monitoring. Many shoppers say they are willing to give information about themselves in exchange for special deals and promotions. But some consumers go to physical stores because they want to protect their privacy. Traditional retailers would be smart not to alienate customers by surreptitiously tracking them.

(click here to continue reading You (and Your Cellphone) on Candid Camera – NYTimes.com.)

Eyeing John Marshall Law School
Eyeing John Marshall Law School

especially since technology to track us is advancing quickly:

Pam Dixon, executive director of the World Privacy Forum, says that although most of the focus in the media has been on how companies are tracking us through Internet browsers and smart phones, there is actually more danger of invasions of privacy occurring in physical retail outlets, mostly because consumers are unaware of the extent to which they are being tracked. “This is an entire business model that has sprung up that I think maybe three people in the entire country know about outside the industry,” she says.

And though analytics firms and retailers claim they aren’t using technology to personally identify shoppers or pair that information with financial histories, it is very much possible to do so. In 2010, the Association of Marketing in Retail produced a voluntary code of conduct for marketers and retailers to use as a guide in their tracking and marketing efforts. The code outlines the various tracking capabilities available and rates them on a scale from low risk to high risk. According to the code of conduct, a low-risk tracking method would include “infrared or laser or laser beam motion detectors” that can give retailers an idea of how many people are in a store and where they are traveling but “are not able to track or record individual consumer paths.” The high-risk end of the spectrum includes methods that allow retailers to individually track consumers by recognizing a smart phone wi-fi signal or through interpreting visual data from facial-recognition technology.

That kind of tracking is, according to Dixon, unethical and contrary to shoppers’ expectation of privacy. “Legally, stores have the right to put up security cameras, but the consumer expectation of privacy is being circumvented here,” she says. “Because when a consumer looks into that camera, they expect it’s being used for security, not marketing purposes.”

According to Mark Eichorn of the Division of Privacy and Identity Protection at the Federal Trade Commission, the FTC has been monitoring this type of consumer tracking but hasn’t found that firms are using facial-recognition software to create individual profiles of customers. Last December, the FTC held a workshop on facial-recognition technology in the retail space

(click here to continue reading Are Retailers Using Facial-Recognition Software to Track Customers? | TIME.com.)

Continuous Video Recording in Progress
Continuous Video Recording in Progress

To me, a government agency such as the FTC saying “we haven’t seen this activity” does not make me confident. The federal government is not proactive in most instances, preferring to Not Know, so that nobody can complain that Nothing Is Being Done. In other words, I’m guessing some corporations are using facial recognition software and merging that with databases of financial history and who knows what else. The NSA is one thing, but do you really want Home Depot or Macy’s to be able to profit off of you in this way? Where do you opt out? Nowhere, other than moving to Frostpocket and going off the grid…

Written by Seth Anderson

July 22nd, 2013 at 8:35 am

Posted in Business

Tagged with , ,

Biometric Database of All Adult Americans Hidden in Immigration Reform

without comments

Continuous Video Recording in Progress

Continuous Recording in Progress 

This does not make me warm and fuzzy…

The immigration reform measure the Senate began debating yesterday would create a national biometric database of virtually every adult in the U.S., in what privacy groups fear could be the first step to a ubiquitous national identification system.

Buried in the more than 800 pages of the bipartisan legislation (PDF) is language mandating the creation of the innocuously-named “photo tool,” a massive federal database administered by the Department of Homeland Security and containing names, ages, Social Security numbers and photographs of everyone in the country with a driver’s license or other state-issued photo ID.

Employers would be obliged to look up every new hire in the database to verify that they match their photo.

This piece of the Border Security, Economic Opportunity, and Immigration Modernization Act is aimed at curbing employment of undocumented immigrants. But privacy advocates fear the inevitable mission creep, ending with the proof of self being required at polling places, to rent a house, buy a gun, open a bank account, acquire credit, board a plane or even attend a sporting event or log on the internet. Think of it as a government version of Foursquare, with Big Brother cataloging every check-in.

 

(click here to continue reading Biometric Database of All Adult Americans Hidden in Immigration Reform | Threat Level | Wired.com.)

I imagine that if people hear of this proposed plan, there will be bipartisan, vehement objection to it. 

Written by Seth Anderson

May 11th, 2013 at 7:36 pm

Acxiom Consumer Data Unavailable to Consumers

with one comment

Old Number Two
Old Number Two

Funny how this works: databases containing all sorts of data about you is compiled by giant, somewhat secretive corporations, and then rented out to corporations so marketers can sell their goods and services to you, and yet you have no access to the data. For what it’s worth, I took the time to opt out of Acxiom’s system, based on my email address, but who knows if they really removed me. I doubt it, but there is no way to verify or confirm in any case. We are just numbers to them, not people.

I recently asked to see the information held about me by the Acxiom Corporation, a database marketing company that collects and sells details about consumers’ financial status, shopping and recreational activities to banks, retailers, automakers and other businesses. In investor presentations and interviews, Acxiom executives have said that the company — the subject of a Sunday Business article last month — has information on about 500 million active consumers worldwide, with about 1,500 data points per person. Acxiom also promotes a program for consumers who wish to see the information the company has on them.

As a former pharmaceuticals industry reporter who has researched all kinds of diseases, drugs and quack cures online, I wanted to learn, for one, whether Acxiom had pegged me as concerned about arthritis, diabetes or allergies. Acxiom also has a proprietary household classification system that places people in one of 70 socioeconomic categories, like “Downtown Dwellers” or “Flush Families,” and I hoped to discover the caste to which it had assigned me.

But after I filled out an online request form and sent a personal check for $5 to cover the processing fee, the company simply sent me a list of some of my previous residential addresses. In other words, rather than learning the details about myself that marketers might use to profile and judge me, I received information I knew already.

It turns out that Acxiom, based in Little Rock, Ark., furnishes consumers only with data related to risk management, like their own prison records, tax liens, bankruptcy filings and residential histories. For a corporate client, the company is able to match customers by name with, say, the social networks or Internet providers they use, but it does not offer consumers the same information about themselves.

(click here to continue reading Acxiom Consumer Data, Often Unavailable to Consumers – NYTimes.com.)

Numbers Add Up to Nothing
Numbers Add Up to Nothing

and I’m totally in favor of the FTC forcing these companies to become more transparent, based upon the historical precedent of the credit card industry’s standard practice:

Now federal regulators are pressuring data brokers to operate more transparently. In a report earlier this year, the Federal Trade Commission recommended that the industry set up a public Web portal that would display the names and contact information of data brokers, as well as describe consumers’ data access rights and other choices.

Julie Brill, a member of the Federal Trade Commission, said consumers should have access to all the details that data brokers collect on them, as well as any analyses that the companies sell about their behavior.

“I include in that not just the raw data, but also how that information has been analyzed to place the consumer into certain categories for marketing or other purposes,” she said. “I believe that giving consumers this kind of granularity will greatly increase consumer trust in the information flow process and will lead to more accurate marketing.”

At the moment, however, information brokers have wildly different policies. Acxiom lets people opt out of its marketing databases, while Epsilon, another marketing services firm, allows people to opt out of having their data rented to third parties. Epsilon says it will also furnish individuals, upon request, with general information about their past retail transactions — including the categories and years of purchase. But it does not include exact product or retailer names.

Commissioner Brill of the F.T.C. said she could not comment on specific companies. But she said the reluctance of the data broker industry to show consumers their own records reminded her of an earlier era, when consumer reporting agencies — companies that track and sell information about people’s credit histories — protested that it would be too expensive and time-consuming for them to show individuals the same reports that creditors could see. In 1996, Congress updated the Fair Credit Reporting Act of 1970, giving people greater access to the files that those agencies held about them. Today, consumers can easily gain access to their credit reports online.

“What the credit reporting industry did was change their point of view from client-oriented to consumer-oriented, and develop the tools and technology to allow consumers to see what’s in their reports and ensure it is accurate,” Ms. Brill said. “The data broker industry could do the exact same thing.”

(click here to continue reading Acxiom Consumer Data, Often Unavailable to Consumers – NYTimes.com.)

Written by Seth Anderson

July 23rd, 2012 at 6:07 am

FTC Should Pursue Case Against Google

with 4 comments

Electric Eye
Google’s Electric Eye sees all

Google really has lost whatever ethics it may have once had1 and should really have to pay a price for their latest lapse. Especially since Google and the Federal Trade Commission had an arrangement already, and Google violated it within weeks…

The Stanford privacy researcher who first uncovered Google evading the default privacy settings for all users of Apple’s Safari web browser believes that the Federal Trade Commission has a “slam dunk” case that Google violated its privacy agreement with the government.

“The facts in this case are unusually clear cut,” Jonathan Mayer, a grad student in computer science and law and a researcher at the Stanford Law Center for Internet and Society, in a phone interview with TPM.

…Aside from further tarnishing Google’s image in the press and public at a crucial time (the search giant was at the time getting ready to roll out a controversial new privacy policy), the news led many writers, including TPM, to speculate that Google could be found in violation of a privacy settlement it agreed to with the Federal Trade Commission.

The settlement, first struck in October 2011 , was the result of the FTC’s year-long privacy investigation into Google over its failed Google Buzz social network. The FTC concluded that Google had indeed misled users and violated their privacy and subjected Google to 20 years worth of privacy audits and ordered that Google no longer “misrepresent” its privacy settings to users. If Google violates any of the terms of the settlement, the FTC can slap the company with a $16,000 civil fine for every day that the company violated any of the terms.

On Thursday night, The Journal reported that the FTC “is examining whether Google’s actions violated last year’s legal settlement,” and another regulatory body in France (the CNIL) and several states attorneys general were also investigating Google over the practice and could levy fines of their own.

 

(click here to continue reading FTC Has ‘Slam Dunk’ Case Against Google, Privacy Researcher Says | TPM Idea Lab.)

Or Pay The Price
Or Pay The Price

and from the WSJ:

In the U.S., the Federal Trade Commission is examining whether Google’s actions violated last year’s legal settlement with the government in which Google pledged not to “misrepresent” its privacy practices to consumers, according to people familiar with the investigation.

The fine for violating the agreement is $16,000 per violation, per day. Because millions of people were affected, any fine could add up quickly, depending on how it is calculated. The FTC declined to comment.

A group of state attorneys general, including New York’s Eric Schneiderman and Connecticut’s George Jepsen, are also investigating Google’s circumvention of Safari’s privacy settings, according to people familiar with the investigation. State attorneys general can have the ability to levy fines of up to $5,000 per violation.

In Europe, the French Commission Nationale de l’Informatique et des Libertés, or CNIL, has added the Safari circumvention technique to its existing pan-European investigation into Google’s privacy-policy changes, according to a person close to the investigation. The CNIL is the agency that levied a €100,000 ($130,960) fine on Google last year for collecting passwords and other personal information when Google vehicles were gathering information for its Street View map service.

(click here to continue reading Google Faces New Privacy Probes – WSJ.com.)

Google power and deep pockets shouldn’t be enough to evade the law, the FTC should make an example of Google, and really bring the hammer down.

Footnotes:
  1. perhaps it never had ethics and was just better at covering up its questionable decisions. No matter []

Written by Seth Anderson

March 20th, 2012 at 7:56 am

Illinois’ eavesdropping law under attack

with 2 comments

Continuous Video Recording in Progress
Continuous Video Recording in Progress

I’ve been following the Chris Drew travesty fairly closely. Why should police be treated differently than other citizens? If Illinois law was on the books in California, for instance, would Scott Olsen be a household name? Or other Occupy incidents, like the various pepper spraying videos? If police are doing their job, they shouldn’t be worried about a spectator videoing their actions, and if they are doing something questionable, citizens should be able to collect evidence of police wrongdoing.

Anyway, there are rumblings that the law could be thrown out as vague, or unconstitutional.

When a Cook County jury in August acquitted a woman of violating Illinois’ strict eavesdropping law, an unassuming man with wire-rimmed glasses and wispy white hair sat in the gallery, quietly taking notes.

Chris Drew had good reason to keep an eye on the case — he’s facing trial on the same felony charge of eavesdropping on a public official, which carries up to 15 years in prison.

An artist whose ’60s upbringing instilled a deep respect for questioning authority, Drew, 61, is accused of making an illegal audio recording of Chicago police during a 2009 arrest for selling art on a downtown street without a permit.

Drew intended the incident to be a test of the city’s permit laws. But now his case has wound up at the forefront of a much bigger effort to challenge the constitutionality of Illinois’ eavesdropping law, which makes it illegal to audio-record police without their consent, even when they’re performing their public duties.

“He’s become the accidental eavesdropping activist,” Drew’s lawyer, Joshua Kutnick, joked in a recent interview.

Illinois is one of a handful of states in which it is illegal to record audio of public conversations without the permission of everyone involved and has one of the strictest eavesdropping laws in the country.

Opposition to Illinois’ law has been gaining traction for months as several cases have been tossed out of court.

In August, while Drew watched, Tiawanda Moore, 21, was acquitted of illegally recording two Chicago police internal affairs investigators whom she believed were trying to dissuade her from filing a sexual harassment complaint against a patrol officer. One juror later told the Tribune that he and his fellow panelists considered the case “a waste of time.”

The next month, a Crawford County judge ruled the law unconstitutional and dismissed eavesdropping charges against a man accused of recording police and court officials without their consent.

 

(click here to continue reading Illinois’ eavesdropping law under attack – chicagotribune.com.)

Officer with Blackberry
Officer with Blackberry

For instance, Ralph Braseth, a Loyola University journalism professor had a run-in with the Chicago Police while filming a documentary. The officers arrested him, and erased his footage.

Braseth has since filed a complaint with the Independent Police Review Authority, which forwarded the case to Chicago police internal affairs investigators.

While Braseth said he understands why some police officers don’t like to be recorded, he said Illinois’ eavesdropping law “should have been done away with a long time ago.”
“The citizens of Chicago employ the police officers, and they are acting as agents for our government,” Braseth said. “I don’t necessarily think it’s my job to police the police, but I think it’s a good idea for them to know that that can happen at any time. It’s one of the checks and balances that we have. It’s so fundamental.”

Even the Faux Walls have eyes
Even the Faux Walls have eyes

Meanwhile, the court has ruled it is ok for corporations to spy on you:

SAN FRANCISCO — A federal appeals court has ruled as constitutional a law giving telecommunications companies legal immunity for helping the government with its email and telephone eavesdropping program.

Thursday’s unanimous ruling by a three-judge panel of the 9th U.S. Circuit Court of Appeals affirmed a lower court decision regarding the 2008 law.

The appeal concerned a case that consolidated 33 different lawsuits filed against various telecom companies, including AT&T, Sprint Nextel, Verizon Communications Inc. and BellSouth Corp. on behalf of these companies’ customers.

The court noted comments made by the Senate Select Committee on Intelligence regarding the legal immunity’s role in helping the government gather intelligence.

“It emphasized that electronic intelligence gathering depends in great part on cooperation from private companies … and that if litigation were allowed to proceed against persons allegedly assisting in such activities, ‘the private sector might be unwilling to cooperate with lawful government requests in the future,'” Judge M. Margaret McKeown said.

The plaintiffs, represented by lawyers including the San Francisco-based Electronic Frontier Foundation and the American Civil Liberties Union, accuse the companies of violating the law and the privacy of its customers through collaboration with National Security Agency on intelligence gathering.

(click here to continue reading Court OKs immunity for telecoms in wiretap case – CBS News.)

Written by Seth Anderson

January 2nd, 2012 at 10:35 am

Marketing Data Gathered in Malls

without comments

Eye see u Willis

Eye see u Willis

Sort of disturbing, but sadly inevitable. All of our behavior is grist for the marketing mill.

Online retailers have long gathered behavioral metrics about how customers shop, tracking their movements through e-shopping pages and using data to make targeted offers based on user profiles. Retailers in meat-space have had tried to replicate that with frequent shopper offers, store credit cards, and other ways to get shoppers to voluntarily give up data on their behavior, but these efforts have lacked the sort of data capacity provided by anonymous store browsers — at least until now. This holiday season, shopping malls in the U.S. have started collecting data about shoppers by tracking the closest thing to “cookies” human beings carry — their cell phones.

The technology, from Portsmouth, England-based Path Intelligence, is called Footpath. It uses monitoring units distributed throughout a mall or retail environment to sense the movement of customers by triangulation, using the strength of their cellphone signals. That data is collected and run through analytics by Path, and provided back to retailers through a secure website. On March 31, Path CEO Sharon Biggar presented the tech at the ICSC Fusion conference in Los Angeles. She discussed how data collected by Footpath could be used by retailers to boost revenue. Options include tracking response to mailers and other advertising by providing the equivalent of web metrics like unique visitors, “page impressions” (measuring how many people walked past a display or advertisement), and “click-through” (determining how many people who passed an advertisement then visited the store associated with it). “Now we can produce heat maps of the mall and show advertisers where the premium locations are for their adverts,” she said, “and perhaps more importantly we can price the advertising differently at each location.”

(click here to continue reading We’re Watching: Malls Track Shoppers’ Cellphone Signals to Gather Marketing Data | Epicenter | Wired.com.)

update 2:06 pm

Hmm, maybe not quite yet:

You may now shop two malls again without fear of individualized tracking—at least by your cell phone signal. Privacy concerns raised by US Senator Charles Schumer (D-NY) have ended plans by malls in southern California and Virginia to “survey” customers’ shopping habits by tracking their cell phone signals.

… Forest City had planned to conduct the trial until the end of December. However, just a day after the trial began, Sen. Schumer contacted Forest City to raise his concerns. In a press conference on Sunday, Schumer said that the malls should have allowed customers to opt into the survey, rather than having to “opt out” by turning off their cell phones. “A shopper’s personal cell phone should not be used by a third party as a tracking device by retailers,” Schumer said in a press conference on Sunday. “Personal cell phones are just that — personal. If retailers want to tap into your phone to see what your shopping patterns are, they can ask you for your permission to do so.”

Schumer also sent a letter to Federal Trade Commission chairman Jon Leibowitz asking the FTC to look into whether Path’s technology was legal in the U.S.

Forest City has not abandoned plans for the survey, however.

(click here to continue reading Mall Owners Pull Plug on Cellular Tracking (For Now) | Epicenter | Wired.com.)

Written by Seth Anderson

November 29th, 2011 at 11:45 am

Posted in News-esque

Tagged with ,

GPS and the 4th Amendment

without comments

Shoveling snow apparently optional
Shoveling snow apparently optional

Our erosion of civil liberties continues apace, the police increasingly don’t even bother to get warrants before they put you in their surveillance net. For instance, in the case of suspect Antoine Jones, the police installed a GPS tracking device on his (or his wife’s) Jeep.

Jordan Smith reports on this troubling case:

When are electronic or other forms of surveillance of an individual considered a search under the Fourth Amendment — thus requiring a valid warrant to conduct such surveillance in a manner that protects the individual from “unlawful search and seizure”?

How the U.S. Supreme Court answers that question, in a case on its docket for the term starting in October, will have far-reaching implications for the power of government and for the privacy of individuals, according to lawyers and privacy rights advocates.

If the Court holds that warrants are not required for this type of surveillance, it could mean “the technological death of the Fourth Amendment,” warns Arkansas-based attorney John Wesley Hall, a leading Fourth Amendment expert…

The officers obtained a judicial warrant providing for a 10-day tracking period inside the District of Columbia. However, they actually installed the device after the 10-day window had expired — the reasons have not been brought out in court — and they did so while the Jeep was parked in a public lot in Maryland. The GPS data provided a 24/7 record of all of Jones’ movements in the Jeep over the next month — including, at times, the movements of his wife and family.

(click here to continue reading Big Brother is tracking you: GPS and the 4th Amendment – Obama’s Supreme Court Nominees | Supreme Court Justices – Salon.com.)

ACLU Constitution Free Zone
ACLU Constitution Free Zone

I’d be very surprised if the Roberts Court rules against the police, shocked in fact. Even the fact that some gun rights organizations have filed briefs decrying this destruction of the Fourth Amendment will probably not sway the Court, if history is any guide.

As Leckar1 told the Crime Report, a beeper is a “simple sense-augmenting device,” while a GPS tracking device, designed by the government for military use and only made available since 2000 for civilian applications, is “not sense augmenting; it’s sense supplanting.”

And that is one of the main reasons that in order to pass the Fourth Amendment’s legal standard a warrant is needed to conduct GPS surveillance, Leckar argues.
The “D.C. Circuit was correct to hold that pattern information is dramatically more intrusive than mere information about an individual’s discrete journeys,” his brief argued. “Indeed, the distinction between discrete bits of information and patterns of conduct is well-accepted.”

To privacy and Fourth Amendment advocates, the distinction is crucial.

In a brief supporting Jones before the D.C. Circuit, the Electronic Freedom Foundation and the ACLU, and which they are expected to revive before the Supremes, argued that GPS technology now gives police extraordinary new powers to remotely track individuals over long periods in both public and private realms.

“Without a warrant requirement, an individual’s every movement could be subject to remote monitoring, and permanent recording, at the sole discretion of any police officer,” the brief said.
Gun Owners of America, Inc., Gun Owners Foundation, and several other conservative groups have already filed an amicus brief with the Supreme Court urging it to restore “the Fourth Amendment to its original text and purpose.”

Footnotes:
  1. veteran attorney Stephen Leckar, who represents Jones []

Written by Seth Anderson

August 9th, 2011 at 8:14 am

Milly Dowler Hacking Puts Pressure on News Corp

with one comment

Jogging After the End of Times

About fracking time. Rupert Murdoch’s criminal enterprise has avoided prosecution for way too long, in this matter, and others due to political influence. Isn’t justice supposed to be impartial?  ((ha ha))

LONDON — Political pressure is bearing down on Rebekah Brooks, a top executive of the News Corporation in Britain, following allegations that one of the company’s newspapers hacked the cellphone of a 13-year-old girl who was abducted and murdered in 2002, when Ms. Brooks was its editor.

Prominent politicians chastised the company and Ms. Brooks, and Ford Motor Company suspended advertising in News of the World, the tabloid that has faced a long-running scandal over the widespread interception of voice mail messages of celebrities and other public figures.

Ed Miliband, leader of the opposition Labour Party, said Tuesday that Ms. Brooks should “consider her conscience and consider her position” after the disclosures.

“It wasn’t a rogue reporter,” Mr. Miliband said. “It wasn’t just one individual. This was a systematic series of things that happened and what I want from executives at News International is people to start taking responsibility for this.” News International is the News Corporation’s British newspaper division, and Ms. Brooks is now its chief executive.

Prime Minister David Cameron took time out from a visit to British troops in Afghanistan to lament what he called a “truly dreadful situation.” The police, he added, “should investigate this without any fear, without any favor, without any worry about where the evidence should lead them.”

Adding to the pressure, Ford Motor Company said it was suspending advertising until the newspaper concluded its investigation into the episode. “We are awaiting an outcome from the News of the World investigation and expect a speedy and decisive response,” Ford said in a statement released to news agencies. Under an onslaught of Twitter messages demanding a boycott of the paper, several other companies said they were reviewing their advertising policies.

(click here to continue reading Milly Dowler Hacking Puts Pressure on Rebekah Brooks of News Corp. – NYTimes.com.)

Rupert Murdoch is scum, and his disease has spread through his entire “news” empire: Fox News, News of the World, New York Post, etc. etc., Ad nauseam…

Eye see u Willis
Eye see u Willis

I guess the real test will be if News Corporation’s criminal activity leads to legal action in the near future.

The allegation that investigators working for The News of the World may have had ordinary people like the Dowlers, not just celebrities, in their sights has raised the level of alarm in Britain over tabloid newspaper excesses.

“The Milly Dowler story has taken this from an issue for people who are concerned about media ethics to one that is of broader concern to the general public,” said Tim Luckhurst, a journalism professor at the University of Kent. “News Corporation thought they could put a lid on this, and this has blown the lid right off.”

According to Mark Lewis, a lawyer for the Dowler family, The News of the World not only intercepted messages left on Milly Dowler’s phone by her increasingly frantic family, but also deleted some of those messages when her voice mailbox became full — thus making room for new ones and listening to those in turn. This confused investigators and gave false hope to Milly’s relatives, who believed it showed she was still alive and deleting the messages herself, Mr. Lewis said.

In a statement, Mr. Lewis called the newspaper’s actions “heinous” and “despicable”, and said the Dowler family had suffered “distress heaped upon tragedy” upon learning that the News of the World “had no humanity at such a terrible time.”

Perched

From The Guardian U.K.

The private investigator at the centre of the News of the World phone-hacking scandal has issued a public apology to all those who have been hurt or upset by his activity.

In a statement released exclusively to the Guardian, Glenn Mulcaire made no direct reference to the hacking of Milly Dowler’s phone, but he said he had never intended to interfere with any police inquiry.

“I want to apologise to anybody who was hurt or upset by what I have done,” he said, adding that he had worked at the NoW under “constant demand for results”.

He released the statement at the Guardian’s request after experiencing what he described as “vilification” following the revelation of the hacking of the missing schoolgirl’s phone.

“Much has been published in the media about me. Up to now, I have not responded publicly in any way to all the stories but in the light of the publicity over the last 24 hours, I feel I must break my silence.

“I want to apologise to anybody who was hurt or upset by what I have done. I’ve been to court. I’ve pleaded guilty. And I’ve gone to prison and been punished. I still face the possibility of further criminal prosecution.

“Working for the News of the World was never easy. There was relentless pressure. There was a constant demand for results. I knew what we did pushed the limits ethically. But, at the time, I didn’t understand that I had broken the law at all.

“A lot of information I obtained was simply tittle-tattle, of no great importance to anyone, but sometimes what I did was for what I thought was the greater good, to carry out investigative journalism.

“I never had any intention of interfering with any police inquiry into any crime.

“I know I have brought the vilification I am experiencing upon myself, but I do ask the media to leave my family and my children, who are all blameless, alone.”

(click here to continue reading Phone hacking: Glenn Mulcaire blames ‘relentless pressure’ by NoW for actions | Media | The Guardian.)

Written by Seth Anderson

July 5th, 2011 at 8:52 pm

CTA Unaware of Its Photography Policy

without comments

CTA Gleaming

The Chicago Transit Authority apparently does not ensure that its own employees are aware of CTA photography policy, which reads:

The general public is permitted to use hand-held cameras to take photographs, capture digital images, and videotape within public areas of CTA stations and transit vehicles for personal, non-commercial use.

Large cameras, photo or video equipment, or ancillary equipment such as lighting, tripods, cables, etc. are prohibited (except in instances where commercial and professional photographers enter into contractual agreements with CTA).

All photographers and videographers are prohibited from entering, photographing, or videotaping non-public areas of the CTA’s transit system.

All photographers and videographers are prohibited from impeding customer traffic flow, obstructing transit operations, interfering with customers, blocking doors or stairs, and affecting the safety of CTA, its employees, or customers. All photographers and videographers must fully and immediately comply with any requests, directions, or instructions of CTA personnel related to safety concerns.

For everyone’s safety, do not use a camera’s flash if facing a person who is operating a train or bus.

Be respectful of others – CTA customers and employees.

Don’t stand (or cause others to stand) in the way of stairs, aisles, escalators or doorways.

Be careful! Your safety is very important to us, so stay away from platform edges and moving vehicles.

Be safe! Don’t inch backward with your camera to get a wider view – always look where you’re going.

While on CTA premises, all photographers and videographers must comply with all applicable rules, including but not limited to, this policy, all applicable laws, ordinances, municipal regulations, standard operating procedures, and administrative procedures. CTA personnel may evaluate the actions of a photographer or a videographer, and if a determination is made that the actions of a photographer or videographer are not in compliance with any applicable rule, CTA personnel may terminate the permission granted by this policy.

 

CTA facilities and vehicles are for the exclusive use of the CTA, its employees, and its customers. Any and all permission granted to photograph and videotape in connection with this policy is subordinate to the CTA’s obligations to its customers, employees and to the general public. Loitering at CTA stations for extended periods for the purpose of taking photographs or video is prohibited.

 

(click here to continue reading Photography & Video Policy | CTA.)

Cab 6570

Geoff mentioned (on Facebook) that he was told not to photograph in the El during his recent visit here:

I got hassled in Chicago because I took a photo in the subway station.

…The employee who accosted me said “We just took another tourist in the back for an hour. Please don’t make us do it again.” Do they really detain people?

I doubt very much the CTA even has a back room they use to browbeat tourists, but who would want to risk it?

Mysteries of time

This isn’t a new problem, but sadly, it keeps occurring. Olivia Leigh wrote about her experience with CTA harassment for the Chicagoist, back in 2007:

Take a quick look through Flickr, and you’ll see that the CTA is one of the most popular subjects for photographers’ lenses. Interesting architecture, intriguing people, and a nice dose of urban decay all beg to be photographed. We were similarly inspired last weekend while waiting for a brown line train at the Belmont “L” stop. After taking a photo of the view toward the end of the platform, and two snapshots of a glimpse down Belmont in between train cars, we were approached by a CTA employee who told me that us to stop taking photographs, as they were not allowed. We politely said we would stop, but we believed he was incorrect about the photography policy. His tone turned gruff quite quickly, and he said, “I know the rules. You can’t take pictures here. I work for the CTA.” We once again politely stated said that we understood, but said I did not believe that was the policy. The employee then said, “I could send you to jail for taking these pictures, so stop arguing with me!”

…We also asked Gaffney1 for her recommendations for photographers who encounter harassment while photographing the CTA. She replied that the “customer should ask for a supervisor or contact customer service if the employee does not know the procedures regarding photography. Additionally, if photographers “encounter an employee who is not as well versed in the policy as he or she should be…photographers should report the location, date, time and employee id # (if possible) to CTA customer service so that the employee can be retrained.” After hearing of an employee threatening to take a camera from a photographer, we asked if employees would ever have the recourse to seize cameras. Gaffney replied that employees “should not take any cameras,” and instead should notify the control center to call the police if there is “suspicious behavior” (so perhaps we could have gone to jail?).

If you think this sounds a trifle confusing, you’re not alone. While we applaud the CTA for never proposing a ban on photography, unlike some other major metropolitan transportation services, the policy is extremely vague, left to the subjective views of CTA employees who may not be properly trained on identifying suspicious behavior. Gaffney noted that people “take photographs all the time without incident”; however, the number of people who have had difficulties, nearly all of whom we would venture to guess are merely photography enthusiasts, are not insignificant.

(click here to continue reading Getting to the Bottom of the CTA Photography Policy: Chicagoist.)

Are We Really Free

The CTA system has a great attraction for photographers, both tourists, and residents. The tracks, trains, buses and stations define the city, both good and bad, and it is a shame that the CTA employees are giving the city a bad name by being jerks. For the record, I’ve taken hundreds2 of photos of various aspects of the CTA infrastructure and employees/passengers, and have not yet gotten more than a dirty look or two. I guess my time will come, eventually, we’ll see what happens when employees are contradicted by facts. They are not always pleased.

Station hopping shuffler

Footnotes:
  1. CTA Vice President of Marketing and Communications, Noelle Gaffney []
  2. or more – after a while, hard to keep track []

Written by Seth Anderson

June 2nd, 2011 at 12:23 pm

Netizens Gain Some Privacy

without comments

Eye see u Willis

A small step, yet significant. I would like these to get stronger: even though the Do Not Call list is not perfect (too many loopholes, especially for political communications/surveys/etc.), it has cut down on the number of unsolicited telephone calls. Having a similar sort of list for online tracking would be welcomed.

Last week, Google and Mozilla announced new software for their Web browsers that would allow consumers to permanently opt out of the online tracking used by many advertisers to follow online activities, build consumer profiles and deliver tailored ads.

Last year, the Federal Trade Commission recommended ways to protect online privacy, including giving consumers a clear, simple way to opt out of data tracking — something akin to the do-not-call registry.

Hoping to pre-empt action from a Congress in which privacy protection is one of the very few items with strong bipartisan support, companies involved in online advertising have rushed to issue their own proposals.

The efforts are welcome. The fact that Google and Mozilla get most of their revenue from online advertising is a strong rebuttal to claims that allowing consumers to opt out of tracking would undermine ad-driven businesses and endanger the free Internet.

Still, these initiatives fall short of what is ultimately needed. The privacy plug-in for Google’s Chrome browser merely lets users opt out permanently from tracking by companies from the coalition of companies that already allow surfers to opt out. It allows them to keep their opt-out settings even if they clear their cookies.

Mozilla’s feature, which will be added to new versions of its Firefox browser, will broadcast users’ preference not to be tracked to the Web sites they visit and the tracking companies that deliver cookies from these sites. But it will be up to these companies to comply with customers’ wishes. Many advertising networks that offer opt-outs still track surfing, just not for marketing.

To close these loopholes, Congress should require all advertising and tracking companies to offer consumers the choice of whether they want to be followed online to receive tailored ads, and make that option easily chosen on every browser.

(click here to continue reading Netizens Gain Some Privacy – NYTimes.com.)

 

Written by Seth Anderson

January 31st, 2011 at 9:19 pm

Illinois Eavesdropping Act Should be Overturned

without comments

Let Me Show You How to Eagle Rock

Police should be held to the same standards as citizens: and not allowed to hide behind this archaic, pre-digital law. I fail to see why the police are afraid of being recorded, unless they plan on bending the law in some way and don’t want to be caught. Other states don’t have this same law, and seem to be doing just fine…

The Illinois Eavesdropping Act has been on the books for years. It makes it a criminal offense to audio-record either private or public conversations without the consent of all parties, Mr. Schwartz said. Audio-recording a civilian without consent is a Class 4 felony, punishable by up to three years in prison for a first-time offense. A second offense is a Class 3 felony with a possible prison term of five years.

Although law-enforcement officials can legally record civilians in private or public, audio-recording a law-enforcement officer, state’s attorney, assistant state’s attorney, attorney general, assistant attorney general or judge in the performance of his or her duties is a Class 1 felony, punishable by up to 15 years in prison.

The A.C.L.U. filed its lawsuit after several people throughout Illinois were charged in recent years with eavesdropping for making audio recordings of public conversations with the police. The A.C.L.U. argued that the act violates the First Amendment and hinders citizens from monitoring the public behavior of police officers and other officials.

On Jan. 10, a federal judge in Chicago dismissed the suit for the second time. Mr. Schwartz said the A.C.L.U. would appeal. Andrew Conklin, a spokesman for Anita Alvarez, the Cook County state’s attorney, said, “We did feel the A.C.L.U.’s claims were baseless and we’re glad the court agreed with us.” Beyond that statement, Mr. Conklin said, “we have no comment because we have these two cases pending.”

(click to continue reading Eavesdropping Laws Mean That Turning On an Audio Recorder Could Send You to Prison – NYTimes.com.)

 

Written by Seth Anderson

January 23rd, 2011 at 3:12 am

E-Mail and Letters Should Have Equal Legal Protection

without comments

Soviets Lithuania

Seems like a simple question, but law enforcement doesn’t want to accept that electronic communications have replaced handwritten documents. There shouldn’t be a distinction based solely on the medium the communication uses. If I have a safe in my house with personal documents,1 the police need a warrant to open it. Why should my email folder be any different?

The question boils down to this: Should personal information that people store online, from e-mail messages to photos to location updates, be treated the same as telephone calls or paper documents stored in a person’s home?

Right now, they often aren’t, in part because the Electronic Communications Privacy Act, which governs surveillance of what people do online, was written in 1986 — well before Twitter direct messages, Facebook status updates or Foursquare check-ins.

And Web users generally do not understand when and how law enforcement can access their information, said Ryan Calo, director of the consumer privacy project at Stanford Law School’s Center for Internet & Society.

“People have no idea that with a relatively small amount of process, people can get all this information that they’ve been storing for more than 180 days,” Mr. Calo said. “If they were to go and look at a privacy policy, it would say, ‘We comply with lawful requests for your information,’ but you don’t know what that means.”

(click to continue reading Should E-Mail and Letters Have Equal Legal Protection? – NYTimes.com.)

Unfortunately, the Supreme Court of the US currently has a reactionary majority, and will predictably side with the police over civil liberties, every time. There’s always hope…

So far, updates to the law have been piecemeal. For example, last month, the Sixth Circuit Court of Appeals, considering a fraud case, ruled that law enforcement cannot access e-mail messages stored online without a warrant because they are protected by the Fourth Amendment, which guards against unreasonable searches.

Footnotes:
  1. which I actually don’t, but I want one to store my passport and some similar papers in case of fire or other calamity []

Written by Seth Anderson

January 13th, 2011 at 5:32 pm

1986 Privacy Law Inadequate For 2011 Digital Society

with one comment

Popo Starry Pants

The mentality of law enforcement is that since there is information available about suspects, law enforcement officers should have free reign to sift through it, no matter what. However, if one is a suspect, and a warrant is executed for one’s home, the officers are usually limited to certain areas as precisely described by the warrant, they are not1 allowed to look through every single nook and cranny, unless the warrant has been constructed this broadly. Why isn’t digital data treated the same way?2

SAN FRANCISCO — Concerned by the wave of requests for customer data from law enforcement agencies, Google last year set up an online tool showing the frequency of these requests in various countries. In the first half of 2010, it counted more than 4,200 in the United States.

Google is not alone among Internet and telecommunications companies in feeling inundated with requests for information. Verizon told Congress in 2007 that it received some 90,000 such requests each year. And Facebook told Newsweek in 2009 that subpoenas and other orders were arriving at the company at a rate of 10 to 20 a day.

As Internet services — allowing people to store e-mails, photographs, spreadsheets and an untold number of private documents — have surged in popularity, they have become tempting targets for law enforcement. That phenomenon became apparent over the weekend when it surfaced that the Justice Department had sought the Twitter account activity of several people linked to WikiLeaks, the antisecrecy group.

Many Internet companies and consumer advocates say the main law governing communication privacy — enacted in 1986, before cellphone and e-mail use was widespread, and before social networking was even conceived — is outdated, affording more protection to letters in a file cabinet than e-mail on a server.

(click to continue reading Privacy Law Is Outrun by Speed of Web’s Progress – NYTimes.com.)

For some reason, The New York Times didn’t actually link to this Google tool, I’m not sure why. Anyway, after a few minutes of searching3, found it.

Like other technology and communications companies, we regularly receive requests from government agencies around the world to remove content from our services, or provide information about users of our services and products. This map shows the number of requests that we received in six-month blocks with certain limitations.

(click to continue reading Google Transparency Report: Government Requests.)

As of the current moment, Google has received 4287 requests for information in the United States alone4 from law enforcement in the last six months (an average of 714.5 requests a month, or nearly 24 requests a day).

Footnotes:
  1. officially []
  2. I am not a lawyer, and all my information comes from stupid television shows, so don’t laugh too loudly if I’m wrong []
  3. longer than I thought, actually []
  4. that Google is allowed to mention – perhaps not including some alleged participants in the War on Terror []

Written by Seth Anderson

January 11th, 2011 at 11:48 am