Tag Archives: privacy

FTC reports mobile apps collecting personal data on minors

WASHINGTON—Mobile apps marketed toward kids are no longer just fun and games—in fact, the Federal Trade Commission says some apps are illegally or, at minimum, unethically infringing on privacy.

According to a Feb. 16 report released by the FTC, developers and vendors of mobile apps are violating the privacy of young consumers by collecting their personal information without parental consent. The FTC is specifically targeting smartphone providers Google and Apple to create more transparency in their data collection methods. This would provide parents with upfront information about the apps used by their children.

“Companies that operate in the mobile marketplace provide great benefits, but they must step up to the plate and provide easily accessible, basic information so that parents can make informed decisions about the apps their kids use,” FTC Chairman Jon Leibowitz said in a statement.

The report, titled Mobile Apps for Kids: Current Privacy Disclosures are Disappointing, said that a majority of the apps promoted by Google and Apple target minors. The ability of seemingly harmless puzzles and memory games to access and transmit users’ information is of “greatest concern.”

“In most instances, staff was unable to determine from the information on the app store page or the developer’s landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection and who collected or obtained access to such data,” the report said.

As the mobile app marketplace continues to expand, more people are turning to smartphones and tablets to entertain their children. However, many consumers don’t realize that app developers can share collected data with third parties such as advertisers and social media outlets. This information includes, according to the report, precise geolocation, phone number, contact lists, call history and “unique device identifiers.”

“Consumers, especially children, should not have to contend with mobile spies,” Jeff Chester, executive director of the privacy advocacy group Center for Digital Democracy, told The Washington Post in an interview. “Both Google and Apple, the two leading mobile app companies, must do a much better job protecting children’s privacy.”

The New York Times reported a statement issued by Google in response to the FTC’s criticism. Google said it is reviewing the report.

“From the beginning, Android has had an industry-leading permission system, which informs consumers what data an app can access and requires user approval before installation,” said Google spokesman Randall Sarafa.

The release of the FTC report follows news that app developers are bypassing privacy policies and taking data from smartphone address books, a controversial move that has left technology companies and privacy advocates split.

Privacy concerns arise over DHS’ monitoring of social media

WASHINGTON— Social media sites like Facebook and Twitter have a new audience: the Department of Homeland Security.

After a Freedom of Information Act request by the Electronic Privacy Information Center revealed that the government has hired a contractor to monitor social media for potential threats and public opinion, privacy advocates and government officials are butting heads on the implications on whether the program oversteps privacy boundaries.

The documents obtained by EPIC, which total nearly 300 pages, center around a Department of Homeland Security contract with General Dynamics to provide information on “potential threats” as well as “media reports that reflect adversely on DHS and response activities.”  The company will monitor content from social media websites such as Facebook, Twitter, Youtube and MySpace as well as comments posted on news websites such as Drudge Report, Newsweek and The New York Times blogs.

In an interview with The Washington Post, officials of EPIC highlighted their concerns about the program’s legality, saying it does not meet the DHS’s mission to “secure the nation.”

“This is entirely outside the bounds of the agency’s statutory duties, and it could have a substantial chilling effect on legitimate dissent and freedom of speech,” Ginger McCall, director of EPIC’s open government program, told The Washington Post.

The Republican chairman and top Democrat onf the House Subcommittee on Counterterrorism and Intelligence —  Reps. Patrick Meehan of Pennnsylvania and Jackie Speier of California, respectively —  submitted a letter to the DHS stating that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging  threats to our homeland.”  The letter did, however, include the representatives’ privacy concerns, explaining that any actions must have oversight “stringent enough to protect the rights of our citizens.”

The documents requested by EPIC include a section titled “Privacy Compliance Review,” which outlines steps General Dynamics must take to protect individuals’ privacy.  The section’s newest revisions from January 2011 state that personally identifiable information can be collected only in explicit circumstances.  These include extreme situations involving “potential life or death circumstances,” government and private sector officials who make public statements, members of the media who “use traditional and/or social media in real time to keep their audiences informed, anchors and on-scene reporters, and terrorists or “other persons known to have been involved in major crimes of Homeland Security interest who are killed or found dead.”

According to the memo, DHS will not collect personally identifiable information on those suspected or charged in crimes, private citizens in any capacity and high-profile people “such as celebrities, sports figures or media members who are victims” unless they served as public officials.

Online Privacy: Is it even possible in today's networked world?

WASHINGTON–On July 4th, 1776, the founders of our country adopted the Declaration of Independence, and forever altered the course of history. But at heart of that document is one line that stands out above all others: “We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable rights, that among these are life, liberty and the pursuit of happiness.”

Life, liberty and the pursuit of happiness: three ideas, three unalienable rights that have come to define our country and our country’s mindset. But there’s another idea that is thought to be in line with those: privacy. The Fourth Amendment to the Constitution, part of the Bill of Rights, guards against unreasonable searches and seizures. But is privacy a right, or is it just assumed to be a right? In a modern world where Facebook and targeted ad campaigns based on ¬¬internet surfing patterns reign supreme, can we even assume that our information is being kept private and safe?

In the wake of recent congressional hearings on online privacy, major players such as Facebook, Apple and Google were questioned on that very topic: Is their consumers’  information safe and private?

At the hearing, Facebook chief technology officer Bret Taylor assured Senate leaders that they “never sell data to third parties or advertisers” and that “in every aspect of a product’s design, privacy is an aspect of the discussion.”

However, one day after these hearings, multiple media outlets reported that a hacker had compiled information from 100 million Facebook users—including email addresses, individual websites, and phone numbers—and made all of this information available for download.

This flies in the face of exactly what Taylor said, that such information is private and not  available to hackers. Facebook will counter with an argument centering on user privacy controls, but does the company believe that everyone who uses their product is aware of these controls?

In a recent E-Business and ForeSee Results customer satisfaction index report, Facebook scored in the lowest five percent of private sector companies.

“Our research shows that privacy concerns, frequent changes to the website, and commercialization and advertising adversely affect the consumer experience,” said Larry Freed, president and CEO of ForeSee Results, in a press release.

Google, meanwhile, has faced similar problems concerning privacy. More than two months ago, Google admitted it collected date on users of its Google Maps Street View program. And in a move that will surely raise some eyebrows, Examiner.com reported Monday that a German company recently sold GPS-controlled surveillance drone cameras to Google. The reported purchase of these drones is that they will be used with other mapping projects.

In a world of increasing surveillance and by default, less privacy, is there a reasonable right to expect privacy?

According to the Wall Street Journal, in 2008, Microsoft had plans to unveil its Internet Explorer 8 with a “privacy by default” setting, as opposed to Facebook’s opt-in privacy mantra. But Microsoft’s plan was quickly scrapped in favor of a track-and-sell targeted ad program aimed at its users. The reported reasoning for such a change: “Executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads.”

So the question becomes: If the companies in charge of so much of our so-called “private” information have no incentive to protect what we do online, should demand more control over our privacy?

U.S. surveillance to follow in footsteps of the UK?

The United Kingdom is light years ahead of the U.S. in terms of surveillance, but will we soon be seeing a similar push stateside?

In mid-July, the Telegraph newspaper reported that the UK is using covert surveillance to monitor conversations in an effort to detect behavior that could be conceived as threatening. In addition, it was announced that the country’s police traffic network camera system is being used to monitor drivers’ movements and to keep a database of all relevant information for up to two years.

Add those two to an already controversial decision to require all Internet records to be stored for a year and tracking devices used to covertly track citizens and the UK would seem to have the makings for a perfect storm of privacy concerns. That doesn’t even take into account the more than 4 million surveillance cameras already in place.

The possibility of similar measures coming across the pond may seem highly unlikely, according to experts, especially under an Obama administration that praises transparency. But is it really? Just over a year ago, a bill was proposed to stop a program called the National Applications Office from ever starting up. The NAO was a program designed to use military satellites to keep tabs on Americans whether in their home or in the public and then share that information with law enforcement officials at all levels.

However, Department of Homeland Security Secretary Janet Napolitano ended the program, after a five-month review, before it came to fruition.

At the time of her decision, she said in a news release that, “This action will allow us to focus our efforts on more effective information sharing programs that better meet the needs of law enforcement, protect the civil liberties and privacy of all Americans, and make our country more secure.”

But even the idea of a program such as the NAO raises the question of whether the U.S. is headed down the same road as the UK, with increased surveillance as we never seen before.

In some ways, that has already started, with various cities across the country taking measures into their own hands when it comes to surveillance. Chicago has more than 10,000 public and private cameras used for surveillance, with plans to add more. New York City has about 4,200 surveillance cameras. None of the U.S. efforts come close to the UK, but the foundation has been laid. And it is being laid at the local level.

“In the U.S., we see signs of increasing numbers of cameras in cities between governments and private parities,” said John Verdi, senior counsel at the Electronic Privacy Information Center. “You’re seeing a push and pull across the country. Now, there is no move to federalize it, it is a local issue. It is driven by local groups, politicians. They are getting some federal money, but it’s all at the municipal level.”

While cities may be leading the charge, could it be only a matter of time before the federal government takes the lead?

“It is a concern,” Verdi said. “But I don’t see it happening for two reasons: it is fairly expensive and it is fairly ineffective. As we saw in Times Square, one of the most densely populated camera areas, with the bomb just over a month ago, it was vendors on the street who noticed the van before the cameras did, even though it was on camera for quite awhile.”

Steven Aftergood, who directs the Project on Government Secrecy for the Federation of American Scientists, added, “In the UK, in cases of crime and public misconduct, you’re more likely to be on visual record. Here in the U.S., we value the sense of not always being monitored by some official surveillance. It’s part of the American preference for freedom from official intrusion. It’s part of our national character.”

But should American’s citizens be concerned that a government agency is listening in to their conversations or watching their every action?

“Still quite a gap separates us from the UK,” Aftergood said. “But there’s a perceptible temptation in increase surveillance, especially in areas of high crime or perceived threat.”

Social networking websites: the next cyber war zone?

WASHINGTON — The Government Accountability Office reported April 12 that federal agencies remain vulnerable to cyber attacks and security breaches because they’ve failed to take the required steps to secure Internet connections and computer systems. Experts say cyber attack could come from anywhere—an individual American or someone overseas, a terrorist group, or a country. But the number of ways a cyber attack could infiltrate American systems is growing—and the ever-expanding web of social networking sites could prove problematic for national cyber security.

Social networking technologies are creating potential new challenges for government transparency and security As more agency employees use Twitter, Facebook and similar external sites, officials at all levels of government are reviewing their policies.

Elayne Starkey, chief security officer of Delaware and FOIA coordinator for the state’s Department of Technology and Information, said her organization is cracking down on the problem from the inside.

“Websites like Facebook are blocked from our computers,” Starkey said. “It’s too great a risk and who or what actually gets that information is still quite unknown.”

Starkey said there is a long list of precautions that need to be taken at all levels of government and the private sector to prevent a cyber attack. She said she is working with other groups and agencies in Delaware to raise awareness and educate others on the “very real” dangers that a cyber attack could cause.

“We do a lot of trainings to drill and simulate with other state and federal employees on their IT resources,” said Starkey. “Using the right technical tools is important to have the top level of security we need.”

Among the many things that can help in thwart future cyber terror, Starkey said, would be new legislation. She said that the right legislation would take time though. “There is a gap that needs to be filled—but the proper legislation with the proper partners would need a multi-year window.”

“As more people move into the Web 2.0 phase, they become more comfortable with the websites like Facebook and Twitter,” Starkey said. “There is a false sense of security people have once they enter their password. They feel comfortable that they do things they might not have done elsewhere.”

Targeted ads are drawing more clicks by naïve social media users, increasing the potential for scammers and hackers.  “People are much more likely to click some ad that is tailored to them, and then who knows what is behind that ad.”

Starkey said viruses from social networking sites could work in a similar way that an e-mail virus works, sometimes immediately attacking user’s system­ at other times lurking for months before any damage is noticeable.

“That’s why at our offices, those sites are pretty much blocked,” she said.

Patrick Wells, a participant in the U.S. Cyber Challenge, a competition to find individuals who could be future cyber security practitioners and researchers, said he thinks it is unlikely that social networks will become a target of cyber terror is unlikely.

Wells said the information technology teams at the major social networking sites are more prepared than the government simply because they are individual sites, and as such only to worry about hardening their own target.

“Government websites are more interconnected, yet with different security systems and levels which allow for overlooked loopholes,” said Wells. “Sites like Facebook, although they have a huge amount of traffic, are more secure.”

Wells said Facebook, for one example, was a victim of cyber attacks through its applications, add-ons that could contain games, quizzes or other attractions. Applications are made by outside groups, and in the past anyone could create one. Wells said that was the most common way a hacker could hack through the website. “Now, Facebook has a stronger identification process for those creating applications to prevent that.”

For legal and tracking purposes, there is no sound way to currently archive communication done in social networking site, Starkey said. “The problem is that agencies don’t know how to archive the many forms of communications made on those popular websites.”

As citizens become increasingly accustomed to accessing more types of communication archives, Starkey says that social network archives will be a logical expectation.

Wells said that he doesn’t foresee social networking sites being a target of cyber terrorists, but more of a jumping off point. “Social networking sites are mainly used for information… as a tool to find an employee of a company, to get as much information about the person, and then hack into their system.”

Wells said the more security measures the better, but that social network users should be careful of every bit of information they list, not just inappropriate pictures.

Giving It Up to Cyberspace

CHICAGO — As I type my credit card number into the blank space on Target’s online store, I’m strangely aware of how much of myself I’m relinquishing. With a click of a button, the card number, my address, and the wedding gift I purchased vanish into cyberspace. And yet, when a box pops up, asking if I want to share my thoughts of my online experience in a survey, I’m bothered.

Perhaps it’s the articles earlier this month in the New York Times and MarketingVOX about how coupons can be traced directly back to the person who used it. Or a story that Orayb Aref Najjar, a journalism professor at Northern Illinois University who specializes in cyber-communities and freedom of the press, said she recently read about how the information collected from a person is then interpreted and can be used against them.

“If you buy certain products … that means you are likely to pay your mortgage on time,” Najjar said in an e-mail. “So the information they collect about you is not neutral, and is not there to serve you … but to be bundled and sold …

“What worries me most is not the information gathered (governments always do that), but the extent and volume of information gathered and collated from different sources, and the way it may be interpreted. I worry about the competency of the interpreters. The issue becomes more crucial when it comes to information gathered internationally.”

Jay Stanley, public education director of ACLU’s Technology and Liberty Program, said Americans do not understand “the extent to which the information they give to one institution is stored, used, traded and combined.”

Yes, people willingly give out information to online stores and social networks. But some people also give out information unwillingly, Stanley said. They would rather not share their Social Security number and other personal information just because it’s required on some form.

Either way, Stanley says the consequences of that information sharing is mostly invisible to the individual. But over time, it is becoming more apparent how that information is being used, he said.

The ACLU is part of the Digital Due Process coalition, along with Google, AT&T, Microsoft, and technology and privacy groups, to get Congress to update the Electronic Communications Privacy Act. Though the changes are not expected to drastically affect information gathering for the purposes of national security and marketing, Stanley said it is a stop toward making sure there is a proper process in place to broadly protect online privacy.

“With changes in technology, the substantive privacy we’ve always enjoyed is rapidly eroding,” Stanley said.