NY Times Letter to the Editor: Protecting Privacy Online
Cookie management is not the solution for invasive practices by online service providers to track web use by users. Requiring customers of government information to take some action to protect themselves from being tracked or monitored while online is not the way consumer protection has or should work. Often the government is the only source of accurate reliable information. The White House is considering a change in federal agency practices that prohibit agencies from using web tracking technology such as cookies. EPIC on proposal to change government cookie policy.
Military Recruiters Probably Know Much More About Your Kids Than You Think
No Child Left Behind became a catch phrase for making sure that every child has access to a good education. However, what most parents probably do not know is that it also means that military set up recruitment databases containing information on every child 16-25 years of age. The databases were created without following Privacy Act requirements for transparency. Recruiters are on school campuses and have unfettered access to young people and vast amounts of personal information them to enhance recruitment efforts. Recruiters setup shop in schools and actively recruit young people without parental consent. Students and parents have the right to opt-out, but they must make the request before it will be honored. Service in the military may be the best option for some youth, but the collection and use of personal information contrary to fair information practices is not a good idea under any circumstance.
Facebook Looking at Canadian Privacy Commissioner's Concerns
The Canadian Privacy Commission has stated that it is engaging in constructive talks with Facebook over privacy concerns raised in mid-July. The Commissioner's Office had recommended that Facebook limit application developers' access to user information, and inform users specifically about the nature and use of shared information. The Office also said that deactivated account information should be deleted, and that the privacy policy be amended to include all intended uses of personal information. Facebook was given 30 days. Facebook updated its privacy policy last week and has asked application developers to respect user privacy settings. See also EPIC's page on Facebook.
Austin, Texas has started its fusion center. "Fusion centers" are a means of bringing together information from distributed sources for the purpose of collection, retention, analysis, and dissemination. Sources include federal, state as well as local law enforcement agencies. These intelligence databases collect information on ordinary citizens and have raised substantial privacy concerns. For more information, see EPIC's page on Information Fusion Centers and Privacy.
The Transportation Security Administration (TSA) has announced that it will begin testing two types of advanced imaging technology at George Bush Intercontinental Airport, Houston. Millimeter wave and backscatter imaging technologies are designed to capture, record, and store detailed images of individuals undressed. Previously, the Privacy Coalition had asked that the use of the devices should be suspended pending an investigation. The House of Representatives recently passed legislation that would establish clear privacy safeguards for the devices. See also EPIC's page on Whole Body Imaging.
The Recovery Accountability and Transparency Board was created by the American Recovery and Reinvestment Act has proposed to implement both the Privacy Act and the Freedom of Information Act. The FOIA rule sets the policy and procedures for the board to respond to requests, including the amount of time it can take to respond to requests, the fee schedule and describes what materials already are available publicly. The Privacy Act rule sets for policies and procedures for requesting information from the board. It also establishes the timeframe for responses, and payments for copying records and obtaining information.
Hackers at the Black Hat conference and the DefCon convention showed how easy it was to exploit security loopholes within popular browsers even when encryption (SSL) is used. The researchers placed a "net" between a user and a secured Web site and was able to capture personal information. "By tweaking with the URL, a hacker could trick the Web browser into thinking that an unprotected site is secure. The hacker then could redirect traffic to the Web site the user meant to access and steal any information exchanged." EPIC has a list of softwares that aid in protecting privacy online.
White House Campaign on Healthcare Raises Data Privacy Issues
The White House blog asking users to report "fishy" information on the debate on healthcare reform has raised data privacy issues. The White House is obligated under the law to maintain all correspondence it receives. Claims have been raised that such action on the part of the White House violates the First Amendment rights of those spreading disinformation. Senator John Cornyn (R-TX) has written a letter to President Obama stating that it seems "inevitable that the names, email addresses, IP addresses, and private speech of U.S. citizens will be reported to the White House. You should not be surprised that these actions taken by your White House staff raise the specter of a data collection program." See also EPIC's page on The FBI File Controversy.
California Court Creates Exception in Workplace Privacy Rule
A California Supreme Court ruled that workplace privacy was not violated in spite of useof hidden cameras at workplace because camera was turned on only when the workers were away. The Court said that surveillance, intended to catch someone who was downloading pornography late at night, was not "highly offensive" and did not amount to an "egregious violation of prevailing social norms." The two workers, Abigail Hernandez and Maria-Jose Lope, were not informed of the camera in the office they shared while working for Hillsides Inc.
A researcher, Alex Stamos, raised questions about the security of cloud computing and warned that issues of encryption, security policy control and the human factor need to be answered by cloud computing providers. Stamos points out that most providers do not offer true encryption, and there are inherent challenges in producing sufficiently random encryption keys. Also, many cloud providers fail to offer the kind of granular policy control that many organizations require, and there is no way of knowing who has access to the data in the cloud.
Recent reports have shown how victims of a medical identity theft can face financial ruin. Medical identity theft occurs when an identity thief uses social security number of a victim to obtain medical care, services, products, insurance benefits or insurance. The victim is saddled with a huge bill. To prevent this, consumers are being advised to review their medical records annually including their Medical Information Bureau (MIB) consumer profile as well as medical bills and health care statements looking for treatments and procedures that they did not receive. EPIC has testified before Congress urging that safeguards against medical identity theft be implemented because the damage arising from the crime is severe, and recent efforts to digitize all medical records exposes increasing numbers of Americans to risk.
FTC Chairman Leibowiz Taking a Look at Targeted Ads
Jon Leibowiz who Chairs the Federal Trade Commission wants to regulate Web marketers that serve ads based on Web users page visits and browser search requests. The practice is called behavioral targeting, which is a technique used by advertisers that involves the secret collection of information about individual's interests, actions, habits, and traits in both the offline and online worlds. Cookies, small software applications, are essential to behavioral targeting.
Two Kindle user sued Amazon after their copies of George Orwell's book "1984" were remotely deleted from their digital readers by the online retailer. Justin Gawronski and Antouine Bruguier are suing Amazon on the grounds of breach of contract, intentional interference with their belongings, and violations of the Computer Fraud and Abuse Act. Amazon deleted the book remotely in mid-July over "licensing issues." To learn more about privacy of book readers, see EPIC's page on Google Book Search Settlement.
Privacy Opposition to Google Books Settlement Grows
August 21, 2009 is the deadline for organizations, authors, and individuals to express their views on the erosion of the freedom to read anonymously. Civil liberties and privacy organizations are urging Internet users to tell Google to adopt privacy protections for the Google Book Search. A judge in New York will determine later this year whether to approve the proposed settlement that would establish the service and give Google access to detailed personal information without any privacy safeguards. The settlement would also allow the collection of revenue by parties that are not the writers or owners of "orphaned" works. For more information, see EPIC Google Books Settlement and Privacy.
Cookies That are Not So Sweet: New Tactics for Selling Online
Cookies are the names given to small software applications that are stored on web users' computers when they visit many commercial websites. Cookies are often placed on users' computers without their permission or knowledge. These software applications do not limit there surveillance of users to the time that they are on a company's website or to a session (i.e.until the web browser is closed or the computer is turned off). Cookies can remain activity for days, weeks, months or years and routinely report back to companies on user activity. Marketers are now collecting individual web user cookie information and merging it with off-line sources of information (income, education, marital status, etc) to change what is presented to visitors that come to their web sites. Customers looking for bargains, may only see items at the highest cost that a company feels it can charge based on a cookie supported consumer profile. In other news, the Federal government is reconsidering its ban on the use of cookies and is seeking public comments.
