Preetisha Sen – Medill National Security Zone http://nationalsecurityzone.medill.northwestern.edu A resource for covering national security issues Tue, 15 Mar 2016 22:20:28 +0000 en-US hourly 1 Analyzing Privacy in Phone Applications http://nationalsecurityzone.medill.northwestern.edu/blog/2014/03/17/analyzing-privacy-in-phone-applications/ Mon, 17 Mar 2014 18:35:36 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=18484 Continue reading ]]> by Preetisha Sen and Jeanne Kuang

Nine of out 10 American adults use cell phones, but many may not know about the privacy issues that come with them – especially the 56 percent of American adults who own smartphones. As such, we looked at several different phone applications we use on a regular basis to see what kinds of information each application collects, what measures the applications outlined in their policy and what recent privacy issues have come up with the products.

venmo

VENMO

Information collected: Venmo is a mobile social payment app that allows users to connect their bank accounts and pay friends, similar to Paypal. Upon registration it collects your IP address, phone number, name, street address, date of birth and social security number for identification purposes (and to verify the account through the Treasury Department). You can also authorize Venmo to collect your Facebook connect information and other linked social media which would give it access to your Facebook friends’ contact information and friends’ phone numbers. It also collects your bank account numbers, routing numbers and credit card numbers for every account linked to the app.

How it’s handled: Venmo collects so much personal information because it is necessary to access bank accounts, but also to verify your identity to avoid fraud. All information is stored on third party servers that are guarded physically as well as with firewalls and data encryption. Venmo shares some information with other users, such as the number of payments or transactions you have made, but not the monetary amount or the bank account information. Your email and phone number may be shared with Venmo’s parent company Braintree (now owned by Paypal) or companies it might merge with in the event of bankruptcy, but Venmo does not share this information with third parties for marketing purposes. It also doesn’t try to collect information from users under the age of 13.

In the news: Venmo recently introduced a new feature: Venmo Nearby. This feature allows users to find nearby Venmo users for payments (the user does not have to be friends with you). The development has the potential to replace cash in the future—all in-person payments can likely be made on the app. However, the feature raises concerns about privacy. You can choose to turn off the Nearby function, but if left on the app is likely to collect location information wherever you go. Any collected information is usually stored on the phone or on the app’s servers. Additionally, bank information security can be threatened if transactions are made more and more frequently across various mobile devices.

 twitter

TWITTER

 Information collected: Twitter publicly lists names and usernames on its services, such as its search feature. On top of that, Twitter prompts users to include personal information in their Twitter biographies, like current city, website and a photo. Twitter also records all 140-character tweets and direct messages, and knows who you interact with, who you follow and who follows you. Twitter users can choose to have location on in their tweets, which permits Twitter to use and store location information for purposes such as adding more relevant content in each user’s timeline, like local trends or local people to follow.

How it’s handled: Third party services, such as Google Analytics, may collect information to help Twitter improve services such as tailoring advertisements to each user. In addition, when users choose to log in to other websites, such as Instagram, with their Twitter account informations, Twitter has the right to share any information with that third-party. Unlike some companies (such as Apple), Twitter allows users to delete their accounts and in turn, all the information collected. According to Twitter policy, account information will start being permanently deleted after 30 days of a user’s deactivation request.

In the news: Twitter has not had any major breaches of privacy since its founding in 2006, although accounts are often hacked with spam messages. Students at Cornell University were recently faced with a challenge at a case competition last weekend: create a revenue-generating plan for Twitter without violating the privacy of its users. The winning team created a project in which Twitter creates tailors, time-sensitive advertisements for its users. Anticipating negative backlash, the team also included mandatory webisodes that all Tweeters would have to watch so that they understood the new privacy policy.

google

GOOGLE MAPS

Information collected: The Google Maps mobile app collects standard user information from the user’s Google account, as well as the phone number of the device it is installed on. It also collects location information whenever you use it so it can give you directions. This location is determined through nearby phone tower signals, WiFi and GPS information. This information is stored on the device but if you are signed in through your Google account, it can be linked to your name and email address. Of course, most people’s entire cities, including homes, road, offices and other city spaces are displayed on Google Maps’ Street View feature.

How it’s handled: The main thing Google does with your location history is use it to give you more tailored content when you’re searching for other things. If you search for many locations in Washington, D.C., your other search results might be more tailored to Washington, D.C. Your personal information is processed in servers in another country and if signed in, you can review and control what information Google can share. Aside your social shares and the information Google passes along to the domain administrator who manages your account, Google can also share your information with “our affiliates or other trusted businesses or persons to process it for us.”

In the news: There are no publicized data breaches involving the mobile Google Maps, but Google is developing an entirely new Android phone that brings up its own privacy questions. The phone, called Project Tango, is equipped with sensors that “track the full 3D motion of the device, while simultaneously creating a map of the environment,” according to the Google press release. Essentially this phone would be able to map the room around you in 3D. While this may be useful to those who are lost in a building or on an unfamiliar street, or need to remember the dimensions of a room, unanswered questions about the phone remain–where will Google keep the 3D maps of everywhere you go? How would Google share the information for marketing purposes? Is there any way to stop someone from collecting information about the inside of your building?

snapchat

SNAPCHAT

Information collected: On top of standard information such as username, phone number and password, Snapchat temporarily records the contents of each Snap sent and received. Until the recipient of a Snap opens the image, the photos, videos and/or captions are stored on Snapchat’s servers. While Snapchat says each Snap is deleted after that time, the privacy policy also states that it “cannot guarantee that deletion always occurs within a particular timeframe.” Additionally, each time a message is sent, Snapchat collects data such as the time, date sender and recipient of the Snap. It also knows which users most frequently interact with each other and publicly tracks this, as each Snapchat user has a list of best friends that is viewable by any of their Snapchat friends.

How it’s handled: Snapchat says information collected can be used to maintain and improve services, provide customer service and communicate about products, offers and promotions, among other uses. However, the policy includes a blanket statement that Snapchat can use collected information to “carry out any other purpose for which the information was collected,” and with the vague language in the policy this could lead to a variety of data analyses. The privacy policy also states that aggregated data can be shared because the information provided “cannot reasonably be used to identify you.”

In the news: Snapchat had a large data breach at the beginning of this year, when as many as 4.6 million users’ phone numbers and usernames were hacked by a website called SnapchatDB.info. Founder and CEO Evan Spiegel initially refused to apologize for the breach, saying his company was the victim of abuse. But two days after the breach, Snapchat apologized through a blog post, discussing a new feature that “allows Snapchatters to opt-out of linking their phone number with their username.”

]]>
Journalists, lawyers debate national security, privacy rights; Obama reforms may fall short http://nationalsecurityzone.medill.northwestern.edu/blog/2014/01/25/national-security-privacy-rights-discussed-at-panel-of-journalists-and-lawyers-friday/ Sat, 25 Jan 2014 19:31:35 +0000 http://nationalsecurityzone.medill.northwestern.edu/site/?p=17697 Continue reading ]]> WASHINGTON – President Barack Obama’s planned reforms for the National Security Agency’s data collection and surveillance may not be enough to protect Americans’ privacy, several First Amendment experts said during a panel discussion, while veteran journalists worried that the government’s surveillance is hindering reporters’ ability to cover national security issues.

The group of journalism, legal and technology experts discussed the report from the president’s Review Group on Intelligence and Communications Technologies, which included 46 recommendations to reform government surveillance practices; Obama’s speech outlining his plans for reform; and a report released the day before by the independent Privacy and Civil Liberties Oversight Board that called the NSA telephone data collection program illegal.

University of Chicago Professor Geoffrey Stone, a panelist, First Amendment scholar and member of the president’s Review Group, said the five-member group’s recommendations were unanimous.

→ Medill News Service reporters share their favorite moments from the panel discussion.

→ Highlights reel from the panel, bottom of this page.

“We feel very strongly that the recommendations we put forth are sound,” Stone said at the panel discussion, held Jan. 24 at the National Press Club in Washington and sponsored by Medill National Security Journalism Initiative and the Reporters Committee for Freedom of the Press.

Stone said a terrorist attack has not been successfully executed since 9/11 in part because of the work of the intelligence community. However, he said we must “strike the right balance” between protecting the country and civil liberties.

Obama ordered Attorney General Eric Holder to find a way for telephone companies or third parties to store the telephone metadata rather than the NSA, a key recommendation of the Review Group.

But Sascha Meinrath, director of the Open Technology Institute, said that the amount of government surveillance is setting the world on “a very bleak trajectory.”

He predicted that in the future many Americans whose information is gathered as part of the national security efforts in the could be charged with other offenses, part of “mission creep” that can occur if the government has access to huge amounts of personal data.

“As long as we’re collecting all this information, why not also enforce these other laws?” Meinrath said. “I don’t want it [the world] to be one of endless security, where the hardware can’t be trusted.”

Obama said the NSA uses signals intelligence only for  “legitimate national security purposes,” but that is a very broad term, according to Karen Kaiser, associate general counsel at the Associated Press for newsroom legal matters. Kaiser said that in a Department of Justice investigation of an AP article, private phone numbers and those of AP bureaus not related to the article were swept up.

Kaiser said such investigations make it hard for journalists to report on national security issues.

“I think we’re seeing a very real threat to journalism,” Kaiser said. “And a need for greater protection.”

Siobhan Gorman, an intelligence correspondent for the Wall Street Journal, said journalists need to take steps to protect sources, such as interviewing them in person rather than on the phone to ensure they are not being surveilled.

Gorman reported on the Snowden revelations in 2013 and said that having such documents leaked made the government more accountable.

“It really forces the government hand, when the evidence is black and white,” Gorman said.

Barton Gellman, who broke the NSA story in The Washington Post using information from Edward Snowden along with the Guardian newspaper, said the president left a lot of unanswered questions.

“The president addressed only a small fraction of the discussion of the review group,” Gellman said.

For example, Gellman said the Foreign Intelligence Surveillance Act of 1978 does not account for recent technological developments and should be revisited.

Highlights from the discussion, below.

]]>