Tag Archives: Electronic Privacy Information Center

Have an iPhone? The apps you use may collect unnecessary data, experts say

WASHINGTON—Every time you use an app on you iPhone, the app is collecting data on you– that’s lots and lots of data. And experts say those bytes of information detailing your life, may not be needed to operate the application.

Initially, developers likely didn’t consider what information was needed to run the app,said Alan Butler, senior counsel at the Electronic Privacy Information Center. Instead, they built their programs to collect all of the data they could possibly need.

But that is the wrong approach, Butler said.

Beyond the type of information collected, app developers need to determine how long the information will be stored and how will it be kept secure, he said. The more data that is collected and stored, the great the threat for data breaches, Butler said.

So what data is being collected? Well, it depends on the company.

Some companies, like cell phone providers, automatically collect consumer information such as called numbers, times of calls, locations and cellular data usage.

Cell phone companies are limited in acting on automatically collected data. Companies can choose to archive and never use information or discard it after a certain amount of time said Paul Rosenzweig, author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World.

With all of the information collected in addition to how frequently users bring their phones with them, Rosenzweig said, “your cellphone is you.”

Rosenzweig likened the process to something called the mosaic theory. According to the theory a collection of small data points can create a picture more representative than each piece of information individually.

Smartphones play into this mosaic by contributing to the information available about a user, especially one who chooses to use social media.Rosenzweig said a comprehensive image can be created of any individual, in part by just interacting with some of iPhone’s applications.

With data collection comes increased responsibility

The relationship that an iPhone user has with the company’s application is a business one.“Sharing is something we do in kindergarten,” Butler said. But when a user gives information access to apps such as Snapchat, they are doing so under the assumption that their data is going to be used properly.

But when it’s not, what then?

Ensuring companies are using data for the right reasons is not an easy task, Butler said. That’s why EPIC supports a strong consumer bill of rights, guaranteeing consumers online protections, he added.

President Barack Obama has supported such legislation since 2012, but none of his efforts have made it out of Congress.

The administration’s 2015 proposal is scaled back in comparison to its 2012 approach, EPIC said in a March statement.  Not only does the proposal lack adequate consumer protections but may also burden businesses, EPIC said.

EPIC has a code of fair information practices, which is rooted in five principles–no personal record-keeping systems can be kept private, a person must be able to find out information recorded about them, prevent it from being used incorrectly, amend incorrect  information and organizations with collected data must protect against its misuse. EPIC suggests crafting better legislation that aligns  with its code.

WILLIAMSGILMOREAPPS(1)

Google standing by hotly contested change in privacy policy

WASHINGTON — Google is maintaining that a privacy policy implemented Thursday is not the dangerous change civil liberties experts are claiming it could become.

The new approach combines the privacy policies of more than 60 Google products into a uniform code that emphasizes what the search giant considers a “more intuitive user experience.”

In an official Google blog post Thursday, Alma Whitten, the company’s director of privacy, product and engineering, wrote that the policy adjustment makes Google’s privacy controls easier to understand. Beyond that, nothing has been drastically modified, she said in the blog post.

“The new policy doesn’t change any existing privacy settings or how any personal information is shared outside of Google,” Whitten wrote. “We aren’t colleting any new or additional information about users. We won’t be selling your personal data. And we will continue to employ industry-leading security to keep your information safe.”

The company has contended a more universal policy will work to its users’ advantage in the long run. For example, under the new privacy policy, one Google product could generate traffic conditions if another Google product pinpoints the user in a certain geographic location.

Since the altered privacy policy was disclosed earlier this year, it has touched off a wave of international criticism from everyone from civil liberties watchdogs to elected officials.

In late February, 36 attorneys general signed an open letter dinging Google for not allowing users to opt out of the new privacy policy. The message, addressed to Google CEO Larry Page, addes that the privacy shift allows a user’s personal information to be shared across multiple services even if the user signs up on only one service.

The privacy policy revamping basically results in personal data being “held hostage in the Google ecosystem,” the members of the National Association of Attorneys General said in the letter.

The association’s missive came several days after the Electronic Privacy Information Center sued the Federal Trade Commission as a way of persuading it to curb Google’s impending policy change.

And on Thursday, European Union Justice Commissioner Viviane Reding declared the consolidated privacy policy goes against European law. She told the BBC that the search giant is not following transparency rules as it collects personal information across Google’s dozens of platforms, including YouTube and Blogger.

Google has greeted each challenge with the same defense: Its new, unified privacy policy follows all applicable laws and makes using its services easier for all users.

The company told a reporter for The Washington Post’s Post Tech blog that it remains “happy to discuss this approach with regulators globally.”

Thursday’s Google blog post confirmed the company’s confidence in its privacy policy revision.

“As you use our products one thing will be clear: It’s the same Google experience that you’re used to, with the same controls,” Whitten wrote.

 

Privacy concerns arise over DHS’ monitoring of social media

WASHINGTON— Social media sites like Facebook and Twitter have a new audience: the Department of Homeland Security.

After a Freedom of Information Act request by the Electronic Privacy Information Center revealed that the government has hired a contractor to monitor social media for potential threats and public opinion, privacy advocates and government officials are butting heads on the implications on whether the program oversteps privacy boundaries.

The documents obtained by EPIC, which total nearly 300 pages, center around a Department of Homeland Security contract with General Dynamics to provide information on “potential threats” as well as “media reports that reflect adversely on DHS and response activities.”  The company will monitor content from social media websites such as Facebook, Twitter, Youtube and MySpace as well as comments posted on news websites such as Drudge Report, Newsweek and The New York Times blogs.

In an interview with The Washington Post, officials of EPIC highlighted their concerns about the program’s legality, saying it does not meet the DHS’s mission to “secure the nation.”

“This is entirely outside the bounds of the agency’s statutory duties, and it could have a substantial chilling effect on legitimate dissent and freedom of speech,” Ginger McCall, director of EPIC’s open government program, told The Washington Post.

The Republican chairman and top Democrat onf the House Subcommittee on Counterterrorism and Intelligence —  Reps. Patrick Meehan of Pennnsylvania and Jackie Speier of California, respectively —  submitted a letter to the DHS stating that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging  threats to our homeland.”  The letter did, however, include the representatives’ privacy concerns, explaining that any actions must have oversight “stringent enough to protect the rights of our citizens.”

The documents requested by EPIC include a section titled “Privacy Compliance Review,” which outlines steps General Dynamics must take to protect individuals’ privacy.  The section’s newest revisions from January 2011 state that personally identifiable information can be collected only in explicit circumstances.  These include extreme situations involving “potential life or death circumstances,” government and private sector officials who make public statements, members of the media who “use traditional and/or social media in real time to keep their audiences informed, anchors and on-scene reporters, and terrorists or “other persons known to have been involved in major crimes of Homeland Security interest who are killed or found dead.”

According to the memo, DHS will not collect personally identifiable information on those suspected or charged in crimes, private citizens in any capacity and high-profile people “such as celebrities, sports figures or media members who are victims” unless they served as public officials.

U.S. surveillance to follow in footsteps of the UK?

The United Kingdom is light years ahead of the U.S. in terms of surveillance, but will we soon be seeing a similar push stateside?

In mid-July, the Telegraph newspaper reported that the UK is using covert surveillance to monitor conversations in an effort to detect behavior that could be conceived as threatening. In addition, it was announced that the country’s police traffic network camera system is being used to monitor drivers’ movements and to keep a database of all relevant information for up to two years.

Add those two to an already controversial decision to require all Internet records to be stored for a year and tracking devices used to covertly track citizens and the UK would seem to have the makings for a perfect storm of privacy concerns. That doesn’t even take into account the more than 4 million surveillance cameras already in place.

The possibility of similar measures coming across the pond may seem highly unlikely, according to experts, especially under an Obama administration that praises transparency. But is it really? Just over a year ago, a bill was proposed to stop a program called the National Applications Office from ever starting up. The NAO was a program designed to use military satellites to keep tabs on Americans whether in their home or in the public and then share that information with law enforcement officials at all levels.

However, Department of Homeland Security Secretary Janet Napolitano ended the program, after a five-month review, before it came to fruition.

At the time of her decision, she said in a news release that, “This action will allow us to focus our efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of all Americans, and make our country more secure.”

But even the idea of a program such as the NAO raises the question of whether the U.S. is headed down the same road as the UK, with increased surveillance as we never seen before.

In some ways, that has already started, with various cities across the country taking measures into their own hands when it comes to surveillance. Chicago has more than 10,000 public and private cameras used for surveillance, with plans to add more. New York City has about 4,200 surveillance cameras. None of the U.S. efforts come close to the UK, but the foundation has been laid. And it is being laid at the local level.

“In the U.S., we see signs of increasing numbers of cameras in cities between governments and private parities,” said John Verdi, senior counsel at the Electronic Privacy Information Center. “You’re seeing a push and pull across the country. Now, there is no move to federalize it, it is a local issue. It is driven by local groups, politicians. They are getting some federal money, but it’s all at the municipal level.”

While cities may be leading the charge, could it be only a matter of time before the federal government takes the lead?

“It is a concern,” Verdi said. “But I don’t see it happening for two reasons: it is fairly expensive and it is fairly ineffective. As we saw in Times Square, one of the most densely populated camera areas, with the bomb just over a month ago, it was vendors on the street who noticed the van before the cameras did, even though it was on camera for quite awhile.”

Steven Aftergood, who directs the Project on Government Secrecy for the Federation of American Scientists, added, “In the UK, in cases of crime and public misconduct, you’re more likely to be on visual record. Here in the U.S., we value the sense of not always being monitored by some official surveillance. It’s part of the American preference for freedom from official intrusion. It’s part of our national character.”

But should American’s citizens be concerned that a government agency is listening in to their conversations or watching their every action?

“Still quite a gap separates us from the UK,” Aftergood said. “But there’s a perceptible temptation in increase surveillance, especially in areas of high crime or perceived threat.”