Tag Archives: Twitter

Minimizing your digital trail

WASHINGTON — In popular culture, going “off the grid” is generally portrayed as either unsustainable or isolated: a protagonist angers some omniscient corporate or government agency and has to hole up in a remote cabin in the woods until he can clear his name or an anti-government extremist sets up camp, also in the middle of nowhere, living off the land, utterly cut off from society at large.

But is there a way to live normally while also living less visibly on the grid? What steps can you take to reduce your digital footprint that don’t overly restrict your movements?

What is a digital footprint?

Your digital footprint is the data you leave behind when you use a digital service—browse the web, swipe a rewards card, post on social media. Your digital footprint is usually one of two classifications: active or passive.

Your active digital footprint is any information you willingly give out about yourself, from the posts you put up on Facebook to the location information you give to your local mass transit system when you swipe your transit pass.

By contrast, your passive digital footprint is information that’s being collected about you without your express knowledge or authorization, for example, the “cookies” and “hits” saved when you visit a website. When you see personalized ads on Google, for example, those are tailored to you through collection of your personal preferences as inferred through collection of your passive digital footprint.

To assess my digital footprint, I looked through my wallet, my computer and my phone.

The footprint in your wallet

First, the wallet: I have several rewards cards, each representing a company that has a record of me in its database that shows how often I shop and what I buy, which is linked to my name, address, email and birthday—plus a security question in case I forget my password, usually my mother’s middle name.

While I would consider this information fairly benign—they don’t have my credit card information or my Social Security number—these companies can still make many inferences about me from my purchases. CVS, for example, could probably say fairly accurately if I’m sick based on my purchase of medications, whether I’m sexually active based on birth control purchases and any medical conditions I may have based on my prescription purchases.

If I wanted to minimize my digital footprint, I could terminate all my rewards accounts and refrain from opening any more. For me, though, it’s worth allowing these companies to collect my information in order to receive the deals, coupons and specials afforded me as a rewards member.

Next up is my transit pass, which is linked to my name, local address and debit card. The transit authority has a record of every time I swipe my way onto a city bus or train, a record of my movements linked to my name.

A minimal-footprint alternative to a transit pass is single-use fare cards. If purchased with cash, they would leave no record of my travels linked to my name. While this, like the rewards cards, is feasible, it’s far less convenient than the pass —so much less so that again I’m willing to compromise my privacy.

My debit card and insurance card are the two highest-value sources of personal information, but both are utterly necessary—living half a country away from my local credit union, I need my debit card to complete necessary transactions. My medical insurance card, relatively useless to identity thieves unless they have an ID with my name on it, does represent another large file in a database with my personal information—doctors’ visits, prescriptions and hospital stays for the past several years. People with just the physical card, not my license or information, can’t do much with that, but if a hacker gets to that information it could be very damaging.

No driver’s license? No credit card?

To minimize my digital footprint, then, I could pare down my wallet to just the absolute necessities—my insurance card, debit card and my license. You didn’t talk about your license

Computer footprint

If I’m guilty of leaving a large digital footprint, all my worst infractions probably happen across the Web.

Between Facebook, Twitter and Pinterest, I’ve broadcast my name, picture, email, hometown and general movements, if not my specific location, on each of those sites. Of the three, Facebook certainly has the most comprehensive picture of my life for the past seven years—where I’ve been, with whom, what I like and what I’m thinking.

If I wanted to take myself as far off the grid as feasible, simply deactivating the accounts wouldn’t work—Facebook keeps all your information there for you to pick up where you left off. You can permanently delete it with no option for recovery, but some information isn’t stored just on your account—messages exchanged with friends, for example, or any information shared with third-party apps.

If you keep using social networking sites, privacy policies change frequently, meaning that even if you choose the most restrictive privacy settings, you often have to go back and re-set them whenever the company changes its policy. Apps complicate things even further, farming out much of your information to third-party companies with different privacy policies.

Even if you’re vigilant about your privacy settings and eschew apps, your profile is only as private as your most public Facebook friend, said Paul Rosenzweig, a privacy and homeland security expert.

When shopping online, it’s important to check the privacy statements and security policies of the companies you’re using. If possible, purchase gift cards to the specific retailer or from credit card companies and use those to shop, so you don’t leave your credit card information vulnerable to breaches like that of Target.

I know that email is not my friend when it comes to online privacy, but I can’t operate without it.  I use Gmail on Google Chrome for my email, so I installed Mymail-Crypt. It’s one of several “pretty good protection,” or PGP, encryption programs. Using it, my messages appear to be a jumbled bunch of letters until the recipient decrypts it using their private key, which I can save to a key server, like the aptly named Keyserver, where it’s searchable by my email or key ID. I can then link to it on my personal profiles such as Facebook or LinkedIn. People can then send an encrypted email to me using my public key that cannot be read without my private key to unlock it. I’ve also started encrypting my G-Chats using Off the Record chat.

Email can be used against you. Phishers have started to send more sophisticated emails imitating individuals or companies you trust in order to convince you to give up information like your social security number or credit card data. Drew Mitnick a junior policy counselor at digital rights advocacy group Access Now, said you need to be vigilant no matter what you’re doing on the internet.

“Ensure that whoever you’re dealing with is asking for appropriate information within the scope of the service,” he said. In other words, Gap shouldn’t be asking for your Social Security number.

To limit cookies and other data collection during your Internet use, you can open incognito windows in Google Chrome. In incognito mode, the pages you view don’t stay in your browser or search histories or your cookie store—though your Internet service provider and the sites you visit still have a record of your browsing.

Finally, encrypt your hard drive. Privacy laws vary from state to state and country to country so the best way to ensure that you’re protected no matter where you are is to encrypt your computer and be careful not leave it where someone can mess with it, said Mitnick.

Phone footprint

Another source of vulnerability for many people is a smartphone. As long as you have a phone, you’re on the grid—phone companies can triangulate your position using cell phone towers and location services, and they log your calls. Beyond that, though, there are steps you can take to limit information people can access about you using your phone.

First, be judicious when installing apps. Carefully read the permissions an app requires for installation, and if you’re uncomfortable with them, don’t install it! Read privacy policies and terms of use so you know what data the app keeps on you.

Because I have a Windows phone, many of the basic apps (alarms, maps, Internet Explorer, music, and Microsoft Office) are Microsoft apps and use their terms of use and privacy policy, which is pretty good about not sharing my information with third parties. They also delete your account data after you delete their app, though it may take a few weeks.

I have several social apps, such as the aforementioned Facebook and Pinterest, for which the privacy settings are fairly similar to their desktop counterparts—not very private—with the added bonus of them now having access to my location and phone number. It’s entirely possible—and advisable, if you’re trying to leave a minimal footprint—to live without these apps, but I choose not to.

I’m selective about the apps I install on my phone. Aside from the apps that come with the phone and my social media apps, I only have Uber—and that has a lot of access to my phone. According to the app information, Uber can access my contacts, phone identity, location, maps, microphone, data services, phone dialer, speech and web browser. That’s a lot, and not all of it seems necessary—why does Uber need my contacts? Again, though, I chose to compromise my privacy on this one because the convenience, for me, outweighed the risk.

A precaution I’ve always taken is turning off my location service unless I need it. While my cell phone company can still track me, this prevents my apps from accessing my location. I don’t need Pinterest or Facebook to know where I am to get what I want out of the app, so I don’t provide that information to them.

One of the projects Access Now has been working on is “super cookies”—when you use your cell phone, the cell companies can attach unique identifiers to your browsing as you go across multiple sites. Many companies don’t even offer opt-outs. AT&T has now stopped using super cookies, but other companies still do so.

If you don’t already, use two-step verification whenever possible to ensure that no one but you is logging onto your accounts. This process, used by Gmail, has you enter your password and a one-time numerical code texted to a phone number you provide.

Set a passcode to your phone if you haven’t already, and make it something people couldn’t easily guess—don’t use your birthday, for example. I’ve started using random numbers and passwords generated for long-defunct accounts like my middle school computer login that I memorized years ago but that can’t be linked back to me.

Amie Stepanovich of Access Now suggested using four unrelated words strung together for online account passwords—they’re even harder to hack than the usual suggestions of capital and lowercase letters, symbols and numbers.

One final precaution you can take is to encrypt your device. Apple has already started encrypting its phones by default, and Google has promised to do so. Regardless, you can turn on encryption yourself. I have a Windows phone, which does not allow for easy encryption—in fact, I can’t encrypt my SD card at all. To encrypt my phone, I need to log in to Office 365 on my laptop and change my mobile device mailbox policies to require a password, encryption, and an automatic wipe after a number of passcode fails I choose. I then log into Office 365 on my phone to sync the new settings. It’s much more straightforward for an Android—just go to settings, security, and choose “Encrypt phone.”

Off the grid? Not even close

For me – and most people, it’s not feasible to live entirely off the grid. Between my debit card, various online accounts and smartphone, I pour my personal data into company and government databases every day. The trick is to live on the grid intelligently, only providing the information that is necessary and taking steps to protect your devices from unauthorized access.

Weapons of mass instruction: Governments learning to use social media for security purposes

WASHINGTON – “URGENT CALL Wounded desperately need medical supplies…and transport to hospital…”

“2nd Explosion. sounds like tank fire”

“If this isn’t the end, it certainly looks and smells like it.”

These announcements and cries for help were made via Twitter during the Egyptian revolution in January 2011. Despite the government’s attempt to cut off the Internet, protesters still managed to be heard using their phones and other mobile devices.

Political unrest throughout the world has only increased visibility for platforms like Twitter and Facebook. These and other social media tools have become critical elements of conflict – for rebels as well as governments themselves.

Networking equipment manufacturer Cisco estimates that the number of mobile-connected devices will exceed the global population in 2012. The increasing amount of online activity has put countries around the world in a “cyber arms race,” according to James Jay Carafano, author of Wiki at War: Conflict in a Socially Networked World.

“People get it that the Internet was changing how we do business, and the Internet was changing how we date,” Carafano said. “I think after the [2009] Iranian revolution people got it that the Internet was going to change national security. [It] can affect the stability of states.”

Steven Bucci agrees. After 28 years in the Army and a stint with the Department of Defense, Bucci joined IBM to work with the company’s cybersecurity team. He said spending a majority of his professional life “being a threat rather than trying to stop the threat” has given him a unique perspective on cybersecurity.

“Cybersecurity touches everybody – every agency in government and every business that’s out there,” Bucci said. “Social networks and social media are the way we operate today, not just the way we communicate.”

However, Bucci said, the U.S. government is not set up well to deal with it. Because of the fast pace of global technology, “we can fall behind very quickly,” Bucci said.

“The people who know how to use social media use it to their advantage and are more productive,” he continued. “The United States needs to empower [these] people, keeping them within certain limits so we do it correctly.”

 

Government riding the ‘Loop’

One person the government has already inspired is Steve Ressler. A former employee at the Department of Homeland Security, Ressler was frustrated with the lack of connectivity between departments when he tried to complete audits and other tasks.

Out of frustration came creativity – Ressler founded GovLoop, famously known as “Facebook for government.” He now serves as the site’s president.

“We really needed a social network for knowledge sharing,” Ressler said. “LinkedIn, for people, is a Rolodex; Twitter is very interactive. People are going [to GovLoop] to do their job better, which is a very different functionality and engagement level.”

Since it began in 2008, GovLoop has gained more than 50,000 members. Ressler said he hopes that his site will help the government in getting on the cutting edge of social media and using it as a force for good.

“We need to think really strategically about these social networks because we’re not fighting hierarchical wars anymore, we’re working with networks,” Ressler said.

Once he created the site, Ressler received membership requests from some foreign friends. Since connecting with him, groups in Australia, Israel and the Netherlands have created sites similar to GovLoop in their own countries.

“Every country seems to have the same problem [I had when creating GovLoop]– trying to solve problems and work to connect people in government,” Ressler said. “The things we criticize the U.S. government for are the exact same across the globe. It’s been interesting to see how social media works that way.”

 

“The jungle is neutral”

Another thing that remains fairly consistent across the globe is that the Internet exists to be used by all  – no matter the intent.

“Once you have the technology, you use it any way you darn well please,” Bucci said. “Technologies can be used by people with fewer scruples to oppress their people rather than protect them.”

Many dubbed the 2011 uprising against Egyptian President Hosni Mubarak a “Twitter revolution.” The government, unprepared to deal with the amount of online activity surrounding the uprising, tried to solve its problem by shutting off the Internet. The move proved to work against the government, which then was unable to run the country.

Advanced cyber techniques also provided ammunition for WikiLeaks, an online project to leak classified information organized by Australian Internet activist Julian Assange.

“He’s the most prolific spy we’ve ever had by volumes,” Bucci said. “Espionage is still the same as it’s always been, it’s just that you can do it much more quickly, efficiently and therefore damagingly given the cyber techniques.”

Leaks and cyber terrorism have become the facts of life in the 2.0 world. Transnational terrorist networks as well as state actors exist that use the Internet as infrastructure, recruiting, fundraising and otherwise organizing online. Experts agree that the U.S. may have to prepare for a combination of cyber warfare and physical attacks in the future.

“I still think we are going to see cyber terrorism,” Bucci predicted. “I can’t believe that terrorists are not going to try and use this. It’s too elegant, and there’s too much potential there.”

 

Predictive analysis

Can government use social media to predict this kind of activity – and perhaps even prevent it from happening?

Groups inside and outside the government have started some of these “predictive analysis” projects. The Office of the Secretary of Defense, for example, examines Tweets, status updates and blog posts from months preceding events like the Arab Spring, searching for trends or clues that could have predicted the event.

“There is a lot of effort to take advantage of this additional information that’s out there,” Bucci said. “Are we ever going to get it perfectly right? No, we’re not, but we’ve got to keep working at it. Our citizenry demands it.”

Carafano said that these projects are worthwhile, but the government should consider using other tools in conjunction with social media to solve the problem.

“The science isn’t good enough to do the kind of analysis on these large crowds that people want,” he said. “But rather than just accept that, we’re going to spend millions and billions of dollars building tools that aren’t ready for prime time yet, rather than just figuring out what the tools are actually good for, and using them for that.”

 

What does the future hold?

Bucci noted that social media experts are needed to help the government understand the platforms, including members of both older and younger generations.

“Young people generally have no particular concept of security. It’s not in their DNA,” Bucci said. “That requires the ‘old guys’ to understand the issue because, at least for a little while longer, they’ll be making the decisions of how we do things.”

Privacy concerns arise over DHS’ monitoring of social media

WASHINGTON— Social media sites like Facebook and Twitter have a new audience: the Department of Homeland Security.

After a Freedom of Information Act request by the Electronic Privacy Information Center revealed that the government has hired a contractor to monitor social media for potential threats and public opinion, privacy advocates and government officials are butting heads on the implications on whether the program oversteps privacy boundaries.

The documents obtained by EPIC, which total nearly 300 pages, center around a Department of Homeland Security contract with General Dynamics to provide information on “potential threats” as well as “media reports that reflect adversely on DHS and response activities.”  The company will monitor content from social media websites such as Facebook, Twitter, Youtube and MySpace as well as comments posted on news websites such as Drudge Report, Newsweek and The New York Times blogs.

In an interview with The Washington Post, officials of EPIC highlighted their concerns about the program’s legality, saying it does not meet the DHS’s mission to “secure the nation.”

“This is entirely outside the bounds of the agency’s statutory duties, and it could have a substantial chilling effect on legitimate dissent and freedom of speech,” Ginger McCall, director of EPIC’s open government program, told The Washington Post.

The Republican chairman and top Democrat onf the House Subcommittee on Counterterrorism and Intelligence —  Reps. Patrick Meehan of Pennnsylvania and Jackie Speier of California, respectively —  submitted a letter to the DHS stating that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging  threats to our homeland.”  The letter did, however, include the representatives’ privacy concerns, explaining that any actions must have oversight “stringent enough to protect the rights of our citizens.”

The documents requested by EPIC include a section titled “Privacy Compliance Review,” which outlines steps General Dynamics must take to protect individuals’ privacy.  The section’s newest revisions from January 2011 state that personally identifiable information can be collected only in explicit circumstances.  These include extreme situations involving “potential life or death circumstances,” government and private sector officials who make public statements, members of the media who “use traditional and/or social media in real time to keep their audiences informed, anchors and on-scene reporters, and terrorists or “other persons known to have been involved in major crimes of Homeland Security interest who are killed or found dead.”

According to the memo, DHS will not collect personally identifiable information on those suspected or charged in crimes, private citizens in any capacity and high-profile people “such as celebrities, sports figures or media members who are victims” unless they served as public officials.

U.S. Peace Institute takes Afghanistan discussion to web viewers

WASHINGTON–The majority of the public moments of Hamid Karzai’s recent four-day visit to the United States consisted of little more than ceremony, photographs, hand-shaking and smiles. The press had few opportunities to ask questions of the Afghan president or gain insight into what he and U.S. officials discussed during sessions held behind closed doors.

However, on May 13, the last day of his visit, Karzai and Secretary of State Hillary Clinton not only took questions, they had a public discussion before an audience of hundreds–both in person and on the web. The United States Institute of Peace (USIP) hosted the conversation between Clinton and Karzai, moderated by William Taylor, vice president of the organization’s Center for Post-Conflict Peace and Stability Operations.

Not only was the structure of the event more casual than any of the events earlier in his visit, it was open and on display. The government-affiliated organization estimates that an audience of approximately 180 in-person attendees and hundreds of viewers of the real-time webcast of the event were party to the discussion.

“I think using the webcast was hugely important,” said Dida Atasi, online communications specialist at USIP. “[Karzai] having agreed to speak at a think-tank like USIP opens up [the conversation of peace] to begin with. Online is one small part. Proliferating that through different channels- reporters, people tweeting, members of the Afghan delegation watching- these factors come together to make it communication.”

Member of USIP were also live-tweeting the event. Many of the organization’s Twitter followers posted and re-tweeted questions and comments about the discussion and began analyzing and criticizing the conversation as it happened, and USIP was listening.

“People were interacting real-time on Twitter,” Atasi said. “When our moderator mentioned a report and we immediately put up a link to that report and sent it out through Twitter. A lot of people were re-tweeting and putting in their own commentary.”

Atasi said the online engagement was a really interesting way for people to feel engaged in discussions of peace strategy instead of watching from the outside. From issues of womens’ rights in Afghan culture to the controversial issue of reintegrating Taliban fighters into Afghan society, Twitter users across the web interacted with the conversation as it happened in DC.

“Short answer: they’re good boys, really! they were just misled! I think I saw this movie. It was called ‘west side story’,” said one commenter of Taliban reintegration. The comment spurred several responses and criticism.

“If you’re flipping through a channel and you see Karzai, you don’t think there’s anything you can do about it,” Atasi said. “When people see they can participate without having to leave their chair they do.”

USIP plans to continue providing webcasts of its events in the hope of providing a forum for a peace-centric discussion of national security. Their website http://www.usip.org/events has links to upcoming events and they can be found on Twitter at @USIP.

Tweet-off: Public health agencies try to quiet social media rumors

Twitter H1N1

Propaganda and and rumors about the H1N1 pandemic were spread through social media sites like Twitter

CHICAGO — Is Twitter spreading rumors? Are Facebook status updates accurate?

On social media sites, anyone can say anything with little to no repercussions. Through real-time messaging and instantaneous updates, social media has created an environment ripe for misinformation and inaccuracies.

It’s a challenge for public health officials worldwide, who use or plan to use social media in public health emergencies. Public health agencies are in the early stages of developing a social media identity; many local and state agencies don’t have Facebook or Twitter accounts. As they develop social media strategies, public health agencies are grappling with ways to drown out the rumors and propaganda spread through social media.

Pandemic Joe

Anyone can tweet about a health emergency, and often times their credibility is unknown

“One of the wonderful things about social media is that it can be used by anyone,” said Holli Seitz, CDC social media specialist. “It does present some challenges about accuracies.”

World Health Organization officials have said anti-vaccination campaigns on social media impeded public health response to the H1N1 pandemic, according to reports from international news agency AFP. The WHO and the CDC used social media actively during H1N1, but they had to compete with other individuals and groups spreading rumors through Twitter and Facebook.

“[Social media] is a platform and anyone can use it who wants to,” said Margo Edmunds, instructor of Emergency and Risk Communication at John Hopkins University in Maryland.

Misperceptions and conflicting messages were rampant during the H1N1 pandemic. One Twitter user wrote that H1N1 is a “deadly trap” invented by the government and the H1N1 vaccine “it is one of the most dangerous vaccines ever devised.” In January, Natural News, an online natural health publication, tweeted, “The great swine flu hoax of 2009 is now falling apart at the seams.” Other social media users tried to capitalize on the pandemic, such as one Twitter account that advertised a “Swine Flu Survival Guide” for $74.

To ensure their messages are heard, public health agencies have to first establish their credibility on social media sites, Edmunds said. Traditionally, public health agencies have avoided media interaction. Once agencies become known to the social media community and brand themselves as the authorities, the public will more likely turn to them for information during a pandemic or emergency.

“I think that public health has to be much more interactive,” Edmunds said. “It’s about relationship building before you have a crisis.”

Communicating with a mobile population through social media will allow agencies to maintain an open dialogue, providing information not just when health officials think it’s salient, but when the public demands it. And – particularly important to a cash-strapped industry like public health – social media is free.

“I think it’s the future for making people aware of what’s going on,” Edmunds said.