Data protection, anonymity and copyright

Posted on by

I talk a great deal on this blog about data issues, privacy and ownership, anonymity and copyright, however is there a clear connection between them? Should we care about who has access to our data, who we are and control over our access to data?

I think that these issues are so connected that we need to do something about how they are managed at a federal level. Currently, it’s rather easy for governments to request data from internet sites. Some times they require warrants or court orders other times the companies simply hand over the data. Savvy users understand how their data is collected and used by companies. I’ll be the first to admit that I’m learning about this as I’m going. It’s not easy because some times it’s really inconvenient to really protect your data. The more sites that are connected together the more likely one of your accounts are to be hacked. Linking sites also creates other problems. Specifically Facebook and Google. Twitter isn’t as bad, but it easily could be.

Why are Facebook and Google bad though? First Facebook is the worst by far. Both Zuckerbergs have made statements proclaiming privacy a bad thing.We can see this erosion with the creation of Facebook’s OpenGraph and seamless information sharing. We’ve all see the increase in the amount of information that our friends are sharing. Such as Spotify and articles they’ve read. Which now no longer click through, but end up going to some app from that company. All of this information is being stored and sold to customers with your name on it. Effectively you’ve lost your ability to view websites freely without it being stored on multiple servers by multiple companies at the same time.
Google comes in a close second with their privacy problems. They aren’t any better with Google+ as they require names at this time. We also don’t know what Google does with the information that you give them when you link accounts together. By giving access to Google when you sign into another website Google is learning more about you which will likely be used to adjust your filter bubble.

Without anonymity or at least pseudonymity it’s significantly more difficult to control access to your data. Putting a buffer between you and the people that are interested in learning about you as a person can protect you from a lot of bad people. However, whenever there are discussions about anonymity or pseudonyms some one almost always makes the argument that it will increase the safety for child molesters or terrorists.

The Copyright industry is one of the most vocal advocates of this tactic. In fact, this is one of the arguments being used for SOPA. They argue that if you don’t have anything to hide then you have nothing to worry about. Well, I don’t buy that argument. People have privacy fences for a reason around their yard. Why not do the same thing for your data? Being anonymous doesn’t mean your bad, it just means your being safe.

Anonymity makes it more difficult for copyright holders to come after people who download movies without buying the movie. They want to know if your downloading it regardless of the fact that you might actually own the movie in some other physical medium and are using the digital copy as a back up. They also don’t really care if you go out and buy the movie after watching it. In fact the Swiss government came out and said that buying a movie or song after downloading is extremely common.

Based on these three points, I believe that everyone should be pushing leaders to increase the ability for users to be anonymous on the internet. This will protect users data from identity theft, allow users better control over their data and decrease the impact of the filter bubble. We must accept the fact that people may use the freedom in unethical ways. However, this doesn’t mean that it’s unethical for people to be anonymous online and doesn’t mean that they are unethical. It means that we need to define clear laws and procedures to deal with unethical or illegal activities in these systems. Without these guidelines we are likely to have no control over our data.

Phone Trackers

Posted on by

A few days ago news came out about a company called “Carrier IQ” installing data on phones that will report usage to carriers to improve service. Initially, it was reported that this software was a keystroke logger, which would have been nearly as bad as this, but apparently it doesn’t actually track keystroke. What’s a keystroke logger? Well, it’s a pretty common way to get access to information. Essentially, it tracks every since keystroke you make while typing and stores it as well as the software you’re using. So, if you get this type of software onto the computer of, say, a business competitor, you can get access to all the information related to a given product. You’d have to get it on the right computer and you’d probably get some information you don’t care about. How would this impact you as a user? Well, if it had been on there, basically every single email, text, website or instant message would have been logged and sent to whatever company cared about it.

In the video above a developer walks through the functions of Carrier IQ on an HTC device. It appears, in this case, that CIQ can, in fact, operate as a key logger. However, there are some additional points of concern with this bit of software. First it reads a great deal of information from incoming and outgoing data. It’s indicated that SMS information goes to CIQ BEFORE the user is notified that an SMS has come through. An additional point of concern is the fact that CIQ is able to get information from HTTPS, at least over WiFi. This should be a serious concern as the point of HTTPS, the stuff your bank data is sent with, is supposed to be encrypted and is the safest way to handle data.

I checked my phone and it’s not on the Samsung Galaxy. If you rooted your phone, then you are safe. Otherwise you should be aware your location and other data may be set to your phone manufacturer or your service provider.

Richard Stallman, the founder of GNU/Linux license, noted that these types of applications are created when users aren’t able to actively see what’s going on with software. It’s a loss of control over your data that is really the danger here. I agree with Stallman, but don’t go as far, that we need to have more transparency with the software that we use. Users should be able to have more control over what is going on with the devices they purchase. Users should be outraged that data can be tracked with no method of stopping the tracking. This is a huge invasion of our privacy and these companies should be fined heavily for this.

I have no reason to trust Carrier IQ or any company that uses this software. I’m disappointed in HTC. Apple does have it in some of the earlier versions of iOS, however it only operated during diagnostic mode. It has also been indicated that, unlike what the video claims, that this software isn’t on Nokia devices.

Al Franken has called for Carrier IQ to explain how this software works and what it does. I think there needs to be a call for something a step farther and that is a patch to allow users to turn off the program and remove it as soon as possible.

As consumers we need to be aware of the fact that companies are trying to use software and technology to control and track our behavior. Currently we still feel outraged by this and at times feel that we should be reaping the benefit of firms collecting our data. However, unless something changes this will become the norm and we won’t feel like our privacy is being invaded. It will become, that’s how it’s always been.

Further Reading:
http://arstechnica.com/tech-policy/news/2011/12/carrier-iq-hit-with-privacy-lawsuits-as-more-security-researchers-weigh-in.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

http://www.androidcentral.com/carrieriq-qa

Owning your data

Posted on by

Yesterday Facebook and the FTC came to an agreement on privacy settings. This will require Facebook to undergo privacy audits twice a year by a third party firm. In Europe Facebook users are already able to download their data as I mentioned in a previous post. I think we’re living in an age where users will need to be well educated on the impact of the privacy policies of websites on the users personal data. However, how can we do this? I personally never look at the privacy policy on a website. Why? Because I don’t really trust them. Effectively, just by going to the website I agree to these policies and effectively whatever is stated in the privacy information I’m bound to. However, I have to go to the website before I can read it, thus creating a catch-22.

If I did disagree with something written in the privacy policy, I’ve already agreed to accept their terms and if they said “we’re going to steal all your cookies and sell them for profit” and I object to that it’s too late. They already did it.

This puts us users in a bind. We enjoy the benefits of cookies. We don’t have to always remember our passwords, we automatically get logged into our favorite websites. Personal settings pop up as soon as we log in. There are plenty of benefits from using cookies. We lose all of these as soon as we use services like Incognito from Google Chrome. Some of my readers have commented that they have switched to using an Incognito window, but it’s much more of a pain to log into Facebook and they have actually started using the service less. In terms of Facebook to compensate I use TweetDeck which pulls my news feed from both twitter and Facebook. However, it doesn’t get everything including messages from friends, which is annoying, but not the end of the world.

To deal with these privacy issues, the EU is proposing a pan-European standard for privacy policies that a website has to get approved. Companies like Facebook are actively fighting against this rule. I think that this is a great step. I know a lot of people don’t like new government regulations. However, in this case the public is woefully uninformed and find getting informed on these topics cumbersome. A lot of money is being made off of people’s ignorance. Now, many people would say that’s their fault for not properly investigating this topic.

There are a few resources out there to help with getting a better understanding of how to protect yourself. The EFF has an entire section of their website devoted to privacy issues. The ACLU has a Technology and Liberty section which includes topics like privacy.

So why should we care about this? If you aren’t doing anything wrong you don’t have anything to worry about. I’m sorry, but this is a really naive way of looking at privacy issues. Some of you readers out there have fences in your back yard. Many of them are called privacy fences, if you aren’t doing anything wrong why do you have a fence? Others will have a safe to store valuables and important documents, why do you need a safe, if you aren’t doing anything wrong you shouldn’t need a safe.

Putting this into a physical context highlights the absurdity of the not doing anything wrong argument. It also highlights the differences between privacy in the physical world and in the digital world. It’s really easy to understand how to increase your privacy at home build a fence, better curtains better locks, bars on your windows etc.. Fixing privacy on your computer is much more difficult. Security experts have tried to make things as simple as possible by using names like Virus scanner, Firewall etc.  Most people don’t really know how to use these properly.

Adding a Firewall to your computer can make using it difficult and clunky. Services that you use frequently suddenly stop working correctly and it’s not always obvious why at first. There needs to be a movement within security companies to make everything as simple as possible for the broader population. There should be advanced settings for the people who really want to control their data. Basically we need the firewall to turn into a fence for most people but with settings to turn it into the Berlin Wall if an advanced user wants it.

All users need to understand the risks, just like they need to understand risks of burglary, they shouldn’t need to be a security expert though.

Other potential resources (I have no idea if they are any good, I just searched for privacy resources)
http://www.privacyresources.org/
http://epic.org/privacy/privacy_resources_faq.html
https://www.privacyinternational.org/article/ephr-privacy-resources

AT&T deal is most likely dead

Posted on by

We all should be extremely happy that this deal failed. Even those that don’t live in the US. Two major US agencies were investigating the eventual impact of a merger between AT&T and T-Mobile. From a consumer point of view what would have been the impact of the merger?

Well, there could be benefits, for instance T-Mobile users will get access to a much larger network. They will have higher quality signal connection in more cities and in more areas through out the US. T-mobile has one of the smaller network area coverage of the 4 remaining cellphone providers in the US. (Verizon, AT&T, Sprint, T-Mobile). AT&T users may get some relief in large cities like San Francisco and New York. It is likely that the combination of the two companies’ networks will increase the total capacity in a given city.

AT&T and T-Mobile claim that not only will these things be better for the customers of both providers but there will also be an increase in investment in the network. However it really doesn’t seem to be the case. Based on their own documents they show that it would actually reduce the yearly investment in the cell networks for the new network overall, reduce the number of employees and likely increase the prices of cell service.

Why is this expected? Well, if the networks are combined there will likely be a reduced need for RF Engineers. These guys are effectively the “Can you hear me know guy” from Verizon commercials. They both design the interaction between the cell sites and look into where the coverage, how much capacity there is for calls/text/data in a given area and if there will be dead spots within their expected coverage area. If a group of engineers for both T-Mobile can cover all of NYC and there’s a group at AT&T to cover the same area, well some of them will have to go.

What about the investment though? Well, if capacity suddenly increases in areas that are cramped for capacity, then there will be less investment. Additionally, if there is excess capacity in areas that don’t have the growth potential for fully meeting that capacity the new merged company would be stupid not to redeploy those areas that have less capacity. This means that AT&T could potentially go a few years without actually buying new equipment to meet capacity demands.

Why would prices go up? I wrote an article about how monopolies at the Urban Times. Effectively, when there are not pressures driving a company to lower prices to attract more customers prices will rise or stay the same. Which will be significantly higher than the costs of the company. With only two other competitors, which most people assume Verizon would buy Sprint, there is little pressure to innovate and keep prices low. Additional the cost of switching keep prices higher too.

Because of these reasons it’s a very good thing that the US government stepped in to prevent this merger. It also indicates that the government is still willing to step in and act in the best interest of the people. In fact, the collapse of this merger could be a good thing for T-Mobile users as the company will get a settlement of $4 Billion. This should be invested in their network and will increase their ability to compete. Another reason we should be happy for this collapse, is that T-Mobile is a very innovative company in terms of adoption of new types of cell phones. T-Mobile has also had excellent customer service compared to the other cell phone providers.