The return of Total Information
Awareness. Now DHS will be able to FISS on citizens whenever they
like. Assuming they are still authorized to purchase commercial data
(e.g. data collected by “Behavioral Advertising” like in the next
article) they could have quite a bit of detailed information on us...
The
Department Of Homeland Security Wants All The Information It Has On
You Accessible From One Place
November 30, 2011 by Dissent
Kashmir Hill reports:
Information
sharing (or lack thereof) between intelligence agencies has been a
sensitive topic in the U.S. After 9/11, there was a push to create
fusion centers so that local, state, and federal agencies could
share intelligence, allowing the FBI, for example, to see if the
local police have anything in their files on a particular individual.
Now the Department of Homeland Security wants to create its own
internal fusion center so that its many agencies can aggregate the
data they have and make it searchable from a central location. The
DHS is calling it a “Federated Information Sharing System” and
asked its privacy advisory committee to weigh in on the repercussions
at a public meeting in D.C. last month.
Read more on Forbes.
(Related) Continuing the sad saga for
Carrier IQ
BUSTED!
Secret app on millions of phones logs key taps
November 29, 2011 by Dissent
Dan Goodin reports:
An Android app
developer has published what he says is conclusive proof that
millions of smartphones are secretly monitoring the key presses,
geographic locations, and received messages of its users.
In a YouTube video
posted on Monday, Trevor Eckhart showed how software from a Silicon
Valley company known as Carrier IQ recorded in real time the keys he
pressed into a stock EVO handset, which he had reset to factory
settings just prior to the demonstration. Using a packet sniffer
while his device was in airplane mode, he
demonstrated how each numeric tap and every received text message is
logged by the software.
Read more on The
Register.
(Related) They didn't want to know
what the advertising application was doing...
Jp:
App sends user GPS data to ad firm in U.S.
November 29, 2011 by Dissent
The Yomiuri Shimbun reports:
A smartphone
application that gathers information on the location of its users was
downloaded by more than 1.5 million people, and the data was sent to
an advertising company in the United States, according to experts.
The application in
question is a goldfish catching game that does not require any
information about the user’s location to play.
As the GPS data
makes it possible to identify a user’s location with a margin of
error of several meters, it would be possible to presume the user’s
home or office address if such information was accumulated, they
said.
An image showing
what type of information is collected appears on the screen before
installation, but only a small number of users correctly understand
the explanations, the experts said.
[...]
According to an
analysis by KDDI R&D Labs in Fujimino, Saitama Prefecture, at the
request of The Yomiuri Shimbun, the free application
released on the Internet last month was designed to send Global
Positioning System information from smartphones to a U.S. advertising
firm at a rate of about once per minute.
When the
application is installed, an image appears on the screen with a
message reading “the range of access authority and positional
information.” Approval of the reading of
positional information is requested but there is no mention of its
purpose and whether the information will be transmitted remotely.
… “When we
created the application, we built in the programs sent from a U.S.
advertising company, with which we had made a contract for ad
placement, without confirming their contents,” the president of the
app development company said. “We had no idea that private
information was being transmitted, because the game’s content has
no connection with positional information.”
The U.S.
advertising firm insists that information about users’ locations is
collected to provide more convenient advertisements and that no
problems will arise because information is treated anonymously.
Read more on Daily
Yomiuri Online
Brilliant. A little privacy by design
wouldn’t have killed the app developer, now would it? And what
will they do now that they know?
Local. Not a good day for the former
Arapahoe County Sheriff either...
CO:
Former police chief accused of ID theft
November 29, 2011 by admin
Associated Press reports:
The former police
chief in Platteville is accused of using Social Security numbers from
fellow police officers to buy gas for his personal vehicle.
Classy.
Read more on The
Gazette.
Quelle
surprise , dudes.
Facebook
Settles FTC Charges That It Deceived Consumers By Failing To Keep
Privacy Promises
November 29, 2011 by Dissent
From their press release:
The social networking service Facebook
has agreed to settle Federal Trade Commission charges that it
deceived consumers by telling them they could keep their information
on Facebook private, and then repeatedly allowing it to be shared and
made public. The proposed settlement
requires Facebook
to take several steps to make sure it lives up to its promises in the
future, including giving consumers clear and prominent notice and
obtaining consumers’ express consent before their information is
shared beyond the privacy settings they have established.
The FTC’s eight-count complaint
against Facebook is part of the agency’s ongoing effort to make
sure companies live up to the privacy promises they make to American
consumers. It charges that the claims that Facebook made were unfair
and deceptive, and violated federal law.
“Facebook is obligated
to keep the promises about privacy that it makes to its
hundreds of millions of users,” said Jon Leibowitz, Chairman of the
FTC. “Facebook’s innovation does not have to come at the expense
of consumer privacy. The FTC action will ensure it will not.”
The FTC complaint lists a number of
instances in which Facebook allegedly made promises that it did not
keep:
- In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
- Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
- Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
- Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
- Facebook promised users that it would not share their personal information with advertisers. It did.
- Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
- Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.
The proposed settlement bars Facebook
from making any further deceptive privacy claims, requires that the
company get consumers’ approval before it changes the way it shares
their data, and requires that it obtain periodic assessments
of its privacy practices by independent, third-party auditors for the
next 20 years.
Specifically, under the proposed
settlement, Facebook is:
- barred from making misrepresentations about the privacy or security of consumers’ personal information;
- required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;
- required to prevent anyone from accessing a user’s material no more than 30 days after the user has deleted his or her account;
- required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and
- required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.
The proposed order also contains
standard record-keeping provisions to allow the FTC to monitor
compliance with its order.
Facebook’s privacy practices were the
subject of complaints filed with the FTC by the Electronic Privacy
Information Center and a coalition of consumer groups.
… The FTC will publish a
description of the consent agreement package in the Federal Register
shortly.
“...and the proper response to
meeting a Microsoft representative is a full kowtow.”
Microsoft
software would detect, score and report obnoxious workplace habits
November 29, 2011 by Dissent
Todd Bishop reports:
Is Microsoft taking inspiration from
Dwight Schrute these days?
It almost seems that way based on a
newly
surfaced patent application from the Redmond company. The filing
describes a computer system that would monitor behavior in the
workplace with the goal of stopping bad habits such as co-workers
cutting each other off during meetings and bosses bugging their
direct reports on their lunch breaks — but at no small cost to
workplace privacy.
Read more on GeekWire.
[From the article:
[In addition] to an email or voice
conversation, other forms of interaction such as gestures,
mannerisms, etc. in a video conference may also be analyzed and
reported (e.g. nodding one’s head in agreement, shaking one’s
head indicating disagreement, hand gestures, and similar ones).
Additionally, patterns of communication may also be detected (in
addition to distinct phrases or mannerisms).
No comments:
Post a Comment